Trebide Privacy Policy

ico trebide

1. Introduction

At Trebide, we are committed to protecting people’s privacy and to processing personal data lawfully, fairly and transparently.

This Privacy Policy explains how IKUSI, SLU and IKUSI SIS, SA, companies operating under the name TREBIDE, process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).

2. What is personal data?

Personal data is defined as any information relating to an identified or identifiable natural person, such as their name, national identity number, email address, employment details or geolocation data associated with time and attendance records.

3. Responsables del tratamiento

Data controllers:

    • IKUSI, SLU – CIF B20165486
      IKUSI SIS, SA – CIF A20545984
    • Registered office: Pº Mikeletegi, 75A – 3rd Floor, Unit A3.03, Building A22, 20009 Donostia / San Sebastián

Contact email: protecciondedatos@trebide.com.

4. Data Protection Officer

Trebide has a Data Protection Officer (DPO).

Contact email: dpo@postetxea.eus

5. Why do we process personal data?

Personal data is processed for the following purposes:

    • Management of recruitment processes and applications.
    • Employment, administrative and human resources management.
    • Recording of working hours, including geolocation data at the start and end of shifts.
    • Provision of technical and operational services.
    • Commercial management and maintaining relationships with customers and suppliers.
    • Sending corporate and commercial communications.
    • Analysis of web browsing and the use of cookies.

6. What is the legal basis for the processing?

The processing of personal data is based on:

    • Compliance with legal obligations.
    • The performance of a contract or the implementation of pre-contractual measures.
    • The organisation’s legitimate interests.
    • The data subject’s consent, where necessary.
    • Article 90 of the LOPDGDD regarding digital rights in the workplace.

7. To whom is the data disclosed?

Personal data may be disclosed, where necessary and in accordance with current legislation, to:

    • Public administrations and competent authorities.
    • Employment agencies and professional advisers.
    • Mutual insurance companies and occupational health and safety organisations.
    • Technology providers and external consultancy firms.
    • Financial institutions.
    • These third parties act, where applicable, as data processors, under the relevant contracts in accordance with Article 28 of the GDPR.

8. How long do we retain data?

Personal data will be retained for the following periods:

    • Employment data: for the periods established by law.
    • Time and attendance records: 4 years.
    • Job applications: up to 3 years.
    • Commercial data: for the duration of the relationship or until a request is made for its erasure.

Once these periods have expired, the data will be blocked or deleted in accordance with current regulations.

9. Data security

Trebide implements the necessary technical and organisational measures to ensure the security of personal data and to prevent its loss, alteration, unauthorised access or disclosure.

Furthermore, security controls aligned with the National Security Scheme (ENS) are in place.

10. Rights of data subjects

Data subjects may exercise the following rights:

    • Access
    • Rectification
    • Erasure
    • Objection
    • Restriction of processing
    • Portability
    • Withdrawal of consent

These rights may be exercised by writing to: dpo@postetxea.eus

They may also lodge a complaint with the Spanish Data Protection Agency (AEPD).

11. Cookie policy

Information on the use of cookies is available in the Cookie Policy on the Trebide website.

12. Policy updates

This Privacy Policy may be updated to reflect changes in legislation or modifications to data processing practices.