Privacy and data protection

As experts in the digital transformation of businesses, we are fully aware that one of the greatest challenges posed by digitalization is privacy.

At Generaition, we offer our clients a wide range of services and products, from designing a digital strategy to developing websites, applications, and software. In doing so, we carry out various personal data processing activities, sometimes as data controllers and other times as data processors on behalf of our clients.

Through this privacy policy, we aim to inform the affected parties with complete transparency about who is responsible for processing the data, what personal information we process, the purposes of each processing activity, the legal grounds for processing, data retention periods, and the rights that data subjects have and how they can exercise them.

1. Who is responsible for processing your data

The entity responsible for processing your personal data is One2One Generaition SL. (“Generaition”), with Tax ID B75984773, headquartered in Madrid (28036), Avda. de Burgos, 8-A, 15th Floor.

For any matters related to the processing of your data, you can contact us by postal mail, via email at [email protected], or by phone at (0034) 910 609 514.

Generaition also has a Data Protection Officer (DPO) who can be reached at [email protected].

2. What data processing activities do we carry out

Contact Database

Purpose: Contact interested parties to inform them of the products, services and activities that Generaition organizes or takes part in either directly or indirectly, including by electronic means.

Lawful basis: Our data processing is based on the consent given by the persons concerned or, otherwise, on our legitimate interest.

Data categories: Identification data, contact data and professional data.

Disclosure and transfer of data: Data are not disclosed to third parties.

Storage: Data will be stored for as long as contact is maintained with the interested parties and will be erased within a maximum period of six (6) years dating from the last contact.

Clients, Suppliers, and Collaborators

Purpose: The purpose of this data processing is to manage our pre-contractual and contractual relationship with our clients, providers and with other persons and entities with which we reach collaboration agreements.

Lawful basis: The legal grounds for data processing for this activity is based on the contract, on the complementary consent of the persons concerned where appropriate and our legitimate interest in maintaining the business relationship.

Data categories: We process identification and contact data, financial and bank data, commercial information, data on transactions of goods and services and professional data.

Disclosure and transfer of data: Tax authorities, banks and data processors that provide their services to Generaition.

Storage: We store the data that we use for this activity for a maximum period of six (6) years after the termination of the corresponding contracts and collaboration agreements.

Human Resources

Purpose: In our human resources activity we use the data for the purposes of personnel selection, management and training, processing social benefits, promotion and management of employment and workplace monitoring.

Lawful basis: The legal grounds for the data processing for this activity are based on the work contract, on employment law and Social Security regulations, on the complementary consent of the persons concerned whenever the data provided are not strictly necessary to maintain the labour relationship and, finally, on our legitimate interest in issues of regulatory compliance and internal monitoring.

Data categories: We process identification and contact data, financial and bank data, commercial information, data on transactions of goods and services, professional data and data on training and employment.

Disclosure and transfer of data: Social Security Bodies, Mutual Provident Societies, Tax Authorities, Insurance companies, banks and any entities responsible for processing that provide services to Generaition.

Storage: We store any data we use for this activity for a maximum period of five (5) years after the termination of the work contracts. CVs of candidates are destroyed after the respective selection process, unless the candidate is hired by Generaition.

Video Surveillance

Purpose: We have a video surveillance system that we use for security and monitoring purposes.

Lawful basis: This is based on our legitimate security and monitoring interests.

Data categories: Identification data (image and voice)

Disclosure and transfer of data: Data transfers are not provided for, except where appropriate to State security bodies and forces, the Public Prosecutor’s Office and the Courts and Tribunals of Justice.

Storage: We store the recordings for a maximum period of one (1) month.

Generaition Images

Purpose: Publication on the webpage of the company, in Generaition’s advertising and promotional material and/or dissemination on social media, including newspapers, magazines, television and Internet.

Lawful basis: This is based on the consent given by the persons concerned.

Data categories: Identification data.

Disclosure and transfer of data: Public dissemination.

Storage: The images will be stored for an indefinite period.

Ethical channel

Purpose: Management of internal queries and reports system on the alleged committal of unlawful acts inside the company or against the same and alleged violations of our ethical code and other internal regulations.

Lawful basis: This is based on our legitimate interest for internal monitoring.

Data categories: We process identification and contact data, and the data used to formulate the corresponding queries and internal reports.

Disclosure and transfer of data: The data processed in the ethical channel may be disclosed to the State security bodies and forces, the Public Prosecutor’s Office and the Courts and Tribunals of Justice.

Storage: The data from the ethical channel will be stored for a maximum period of three (3) months.

We protect your data

At Generaition we use the appropriate technologies and procedures to protect your data from accidental loss and unauthorised access, use, destruction or publication. We perform data backup in order to be able to recover information if an incident occurs. And we also implement the appropriate physical and technological measures to store and transfer your data securely.

3. What are the rights of data subjects and how can they exercise them

In addition to the right to be informed transparently through this privacy policy, you have the following rights:

  • Right to access your data to understand what data we are processing, for what purpose, where we obtained it, and whether it is communicated or has been communicated to third parties.
  • Right to rectify inaccurate personal data concerning you. Considering the purposes of the processing, you also have the right to have incomplete personal data completed.
  • Right to request the deletion of your data, for example, when it is no longer necessary for the purposes for which it was collected or when required by a legal obligation.
  • Right to request the limitation of processing, for example, when the accuracy of your data is in doubt or when the data is no longer needed for its original purpose but cannot be deleted for legal reasons.
  • Right to object to processing for reasons related to your particular situation and to not be subject to automated individual decisions, including profiling.
  • Right to revoke the consent given, in whole or in part.

If you wish to exercise any of your rights, please write to us at [email protected] or by postal mail to the company’s address listed above. In either case, we will need a copy of your ID or passport to verify your identity, and we will respond within a maximum period of one (1) month.

We inform you that we have a Data Protection Officer, whom you can contact via email for any incidents related to your data at [email protected].

Additionally, you have the right to file a complaint with the Spanish Data Protection Agency, located in Madrid (28001), C/ Jorge Juan, No. 6.

For more comprehensive and detailed information about your rights, we recommend visiting the Spanish Data Protection Agency’s website or contacting them through their citizen service line at 901.100.099.