Data Processing Policy in Relations with Suppliers
Rovensa, S.A., hereinafter referred to as Rovensa, legal person with NIPC 514194910, complies with the applicable Community and national legal rules in the field of personal data protection, privacy and information security of data subjects, within the scope of data processing operations carried out in the relationship with suppliers – whether the data subjects are the suppliers themselves as natural persons, or the data subjects are the suppliers’ employees – in accordance with
– the special terms of this Personal Data Processing Policy in the Relationship with Suppliers.
Rovensa collects and processes the following categories of personal data from suppliers or suppliers’ employees:
– identification data
– contact details;
– professional data and certifications;
– traffic data and access control on the premises.
Rovensa collects personal data from suppliers or suppliers’ employees by direct collection from them or by indirect collection from their employer, by filling in information registration forms.
Rovensa processes the personal data of suppliers or suppliers’ employees exclusively for the purpose of verifying the legitimacy of legal representatives, access control, safety, hygiene and occupational health and the provision of contracted services in the exercise of economic activity.
Rovensa bases the legitimacy of the processing of personal data of suppliers or suppliers’ employees, depending on the specific processing activity carried out, whether based on the management of the contractual relationship, on the fulfillment of legal obligations, or on the legitimate interests of pursuing economic activity.
Rovensa keeps the data for the period necessary for the pursuit of the purposes of the processing, complying with the applicable legal deadlines, and the candidate may request, at any time, its deletion or exercise any other right, with the conditions and limitations provided for by law, and the default period for the retention of personal data of suppliers or suppliers’ employees is one year.
The personal data of suppliers or suppliers’ employees are processed exclusively by Rovensa’s contracting and procurement, human resources management and occupational health and safety services, with no data being communicated to third parties, with the exception of situations legally provided for the mandatory communication of personal data to third parties.
In accordance with the principle of loyalty and transparency and to ensure compliance with the duty of information, Rovensa delivers directly or makes publicly available to all data subjects, depending on the form of collection of their personal data, the information sheets on the data processing operations carried out, these sheets being accessible for consultation at any service point or on request from the Data Protection Officer.
The Information Sheet on Data Processing in the Relationship with Suppliers is accessible at www.dataprotectionofficer.help/rovensa/information.
Rovensa facilitates the exercise of the rights of suppliers or their employees regarding the protection of personal data.
In addition to always being able to lodge a complaint with the respective supervisory authority, for the exercise of any type of data protection rights, namely the rights of withdrawal of consent, information, access, rectification, opposition, limitation of processing or erasure, suppliers or their employees may contact Rovensa’s Data Protection Officer by email firstname.lastname@example.org, describing the subject of the request and indicating an email address, a telephone contact address or a correspondence address for reply.
A Form for Exercising the Rights of Personal Data Subjects is accessible at www.dataprotectionofficer.help/Rovensa/forms/ or at any Rovensa service point.
Rovensa has implemented an incident management system for data protection and information security.
If any Supplier or Employee of a Rovensa Supplier wishes to report any personal data breach, which causes, accidentally or unlawfully, the unauthorized destruction, loss, alteration, disclosure or access to personal data transmitted, stored or otherwise processed, you may contact the Rovensa Data Protection Officer or use Rovensa’s general contacts.
A Personal Data Breach Incident Reporting Form is accessible at www.dataprotectionofficer.help/Rovensa/forms/ or at any Rovensa service point, and can also be requested by email, by requesting the Data Protection Officer.
Rovensa has implemented a Permanent Contact Point for the management of information security and cybersecurity incidents.
If any Supplier or Supplier’s Employee wishes to report an information security incident or a cyberspace security incident, they may contact Rovensa’s Permanent Contact Point through the communication channels available at www.dataprotectionofficer.help/Rovensa/security/.
An Information Security or Cyberspace Security Incident Reporting Form is accessible at www.dataprotectionofficer.help/Rovensa/forms/ or at any Rovensa service point, and can also be requested to be sent by email, by requesting the Permanent Contact Point.
Rovensa has implemented a Whistleblower Channel, in accordance with the legal regulations in force, guaranteeing the protection of the personal data of data subjects, under the terms of the Whistleblower Protection Policy accessible at www.dataprotectionofficer.help/rovensa/whistleblowing/.
The Rovensa Whistleblower Officer can be contacted through the contact details available at www.dataprotectionofficer.help/rovensa/whistleblowing/.
The Rovensa Whistleblowing Platform is accessible via the link available at https://www.integritycounts.ca/org/rovensa
A Whistleblowing Form is accessible at www.dataprotectionofficer.help/Rovensa/forms/ or at any Rovensa service point, and can also be requested to be sent by email by asking the Whistleblower Officer.
Rovensa has implemented a Regulatory Compliance Program in the scope of Corruption Prevention, in accordance with the legal rules in force, guaranteeing the protection of the personal data of the holders, under the terms of the Corruption Prevention Policy accessible at www.rovensa.com.
For the purpose of submitting complaints under the corruption prevention regime, any interested party may use,
– the Rovensa Reporting Platform, accessible through the link available at https://www.integritycounts.ca/org/rovensa or
– the Whistleblowing Form, accessible at www.dataprotectionofficer.help/Rovensa/forms/ or at any Rovensa service point.
The Personal Data Processing Policy for Suppliers or Employees of a Rovensa Supplier is complemented by Rovensa’s General Data Protection Policy, which is accessible at www.rovensa.com, and it is also possible to consult the other specific Data Protection and Privacy Policies,
– either through a request addressed to the Data Protection Officer at the email address email@example.com;
– or through face-to-face contact with any service point.
This version of the Data Processing Policy in the context of Supplier Management has been published with the reference Version 202306.
In order to ensure its updating, development and continuous improvement, Rovensa may, at any time, make any changes that are considered appropriate or necessary to the Data Protection Policies, being ensured its publication in the different channels to ensure transparency and information to Users, Service Recipients, Customers, Employees, Candidates or Suppliers.