Privacy Policy

Information on data protection

Nalanda makes available to users of the web pages located at the URLs https://www.nalandaglobal.com and https://www.obralia.com or accessible through an application for mobile devices (hereinafter, “Web Platform”) this Privacy Policy, with the purpose of offering information on how we treat your personal data and protect your privacy and information.

We ask the user to spend a few minutes to read this Privacy Policy carefully. This Privacy Policy may be modified when necessary. In case of modifications, we will notify you through the Web Platform, or by other means, so that you can be aware of the new Privacy conditions. The fact of continuing to use the functionalities made available by the data controller after having notified you of the aforementioned modifications will mean that you agree with them, except for those cases in which your express consent is required.

The data entered into the Web Platform for the provision of document management services are the property of the contractor and/or subcontractor entities. Between Nalanda and the client (regardless of their position as contractor or subcontractor in the provision of services) governs a treatment order relationship in terms of data protection, Nalanda holding the position of treatment manager and the client the position of treatment manager. The responsibilities of Nalanda and the client are defined in the sections “Nalanda’s responsibilities as data processor” and “Customer’s responsibilities as data controller”.

In the event that the client subcontracts other companies or As freelancers, both the client and Nalanda will access the documents of their subcontractors at different levels and, in turn, the documentation of the workers involved in each project. In the event that it accesses the documentation of its lower levels according to the subcontracting chain, the client will be responsible for obtaining the relevant authorization for its lower subcontractors and/or its self-employed/workers and will guarantee that it has sufficient legitimacy, regulating their relationship. in accordance with the regulations regarding the protection of personal data.

For what purpose do we process your personal data?

Personal data that is provided by the users of this web platform will be processed for the following purposes:

  • In the event that you are a client and/or user of Nalanda, or are in the process of contracting a service provided by Nalanda:
    • Processing of the registration process.
    • Management and maintenance of users of the Nalanda portal.
    • Management and maintenance of Nalanda clients.
    • In the event that your professional data is recorded in any of the services s provided by Nalanda, your data will be processed for the following purposes:
      • Administration of the “Páginas Naranjas” web directory. The data processing for this purpose could include the publication of the professional contact details (it may include the name and surname) of certain interlocutors or administrators of the entities that are clients of Nalanda with the aim of listing and classifying the companies that participate in the Nalanda platform and promote relationships between them.
      • Management of the purchase tool. Data processing for this purpose could include the publication of professional contact details necessary to enable the management of purchase and sale operations carried out through the tool.
      • Invoicing tool administration electronics. In order to correctly send and receive invoices, we will collect the data of the person in charge of sending/receiving of each company and its different branches/centres.
      • Administration of the approval service. Nalanda will request the data of the Compliance person and those responsible for Approval/Compliance of the company to carry out the communications that, by business, are necessary.
      • Document management tool. Data processing for this purpose could include the publication of professional contact details necessary to enable the management of validation and authorization operations carried out through the tool.
    • Relationship purposes adas with commercial communications:
        • Commercial communications about Nalanda products and services.
        • Commercial communications from third parties with whom Nalanda maintains collaboration agreements.

    What Are the data processed and from what sources do they come?

    The data that Nalanda processes as a result of the interactions carried out by the user through our web Platform come from the following sources:

      < li>Data provided by the client/user, or by a third party on their behalf, by completing the forms made available in the registration process or through the registration process by other means, such as the customer service to the client.
    • Data generated as a result of the development, processing and maintenance of the relationship established between the user and Nalanda.

    Nalanda may process personal data s of the following types, depending on the relationship established with the client/user:

    • Identifying and contact data (eg: name and surname, professional telephone number, professional email, etc.).
    • Economic and financial data (eg: means of payment of which you were the owner as a natural person, etc.).
    • Academic and professional data (eg: your position within an organization, etc.).

    To guarantee proper management in the processing of your data, Nalanda has appointed a Data Protection Officer, Who can you contact for any question you may need and who can you contact at the email address: info@nalandaglobal.com.

    What is the legal legitimacy for the processing of your data?

    Nalanda treats the personal data of the users of the Web Platform in accordance with the following legitimizing bases, depending on the type Data ology and interactions between the client/user and Nalanda:

    • Execution of the contractual relationship established between Nalanda and the client, in relation to the purposes of processing the registration and the management and maintenance of the clients and users of the Nalanda portal.
    • Compliance with legal obligations applicable to Nalanda, such as tax obligations and billing, in relation to the purposes of management and maintenance of the clients and users of the Nalanda portal.
    • Legitimate interest of Nalanda, in relation to the purpose of sending advertising, promotional information related to Nalanda products and services, in the case of Nalanda customers.
    • Legitimate interest of third parties, in relation to the purposes of the purchase tool, “Orange Pages”, approval service, document management service and electronic invoice service. Said legitimate interests of platform customers of Nalanda, must be considered in connection with article 19 of Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, as long as said data is necessary for the professional location of the interested party and that the purpose is solely to maintain relations with the legal entity in which the natural person provides services, or whether it is a self-employed worker or liberal professional.
    • Consent, in the event that there is one lent, with the purpose of sending advertising, promotional information related to Nalanda products and services, as well as third-party products with which Nalanda maintains collaboration agreements.
    • We will not transfer your data to companies non-customers, unless there is an explicit document or contract with authorization for the proper functioning of our services.

    Who are your data communicated to?

    Nalanda reports to the interested parties that the processing of personal data described and informed in this Privacy Policy does not imply the making of communications or transfers of their data by Nalanda to third parties. However, to the extent that certain functionalities of the platform imply the dissemination of certain professional data (in a restricted manner), those entities that are clients/users of the platform made available by Nalanda could be recipients of the data.

    How long do we keep your data?

    Personal data will be kept for the duration of the relationship established with Nalanda and / or to achieve the purpose of treatment pursued, as well and during the legal terms required.

    Subsequently, the client may request that we completely delete their information, in which case it will no longer be accessible. To process said request, you must contact our ro data protection officer and write to info@nalandaglobal.com. In compliance with the principle of limitation of the conservation period, we reserve the right to keep the data and documentation for the duration of the contractual relationship and subsequently for the time necessary for the specific purposes for which they have been collected in order to comply with legal obligations and the responsibilities derived from said treatments based on the applicable regulations, such as the prevention of possible inspections, for which custody is agreed during a period of prudence later.

    ¿ What data must you provide us?

    Nalanda informs customers and users that it will be necessary to provide at least those data marked with an asterisk (*) in the registration form. Said data is strictly necessary to acquire the status of registered customer and, eventually, user, the inclusion of data in the remaining fields being voluntary.

    In case of not providing at least such data, considered as necessary, Nalanda You will not be able to manage the registration process or carry out the provision of the service.

    What must you guarantee us when providing your personal data?

    The user guarantees that the data that it provides are true, exact, complete and up-to-date, being responsible for any direct or indirect damage or loss that may be caused as a result of breach of such obligation.

    In the event that the user contributes data belonging to a third party, guarantees that they have informed said third party of all the aspects contained in this Privacy Policy and obtained their authorization, or have sufficient legitimacy, to provide us with their data for the final ity of treatment in question.

    What measures do we adopt to protect your personal data?

    In response to Nalanda’s concern to guarantee the security and confidentiality of your data, the security levels required for the protection of personal data have been adopted and the technical means at its disposal have been installed to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided through the Web platform.

    What are your rights regarding your personal data?

    Nalanda informs you that you have the right to obtain confirmation as to whether we are processing personal data that concerns you or no.
    In the same way, Nalanda informs you that you have the following rights regarding your personal data:

    • Access your data: You have the right to access your data to know what data we are dealing with that concern you.
    • Request the rectification or deletion of your data atos: In certain circumstances, you have the right to rectify any personal data that you consider inaccurate and that concerns you, and that are processed by Nalanda, as well as the right to request the deletion of your data when, among other reasons, the data they were no longer necessary for the purposes for which they were collected.
    • Request the limitation of the processing of your data: In certain circumstances, you will have the right to request the limitation of the processing of your data, in which case we inform you that only We will keep the data on which you have requested limitation in the treatment for the exercise or defense of claims.
    • To the portability of your data: In certain circumstances, you will have the right to receive the personal data that concerns you, and that you have provided us, in a structured format for common use and mechanical reading, as well as for them to be transmitted by Nalanda to another data controller.
    • Object to the processing of your data: In certain circumstances and for reasons related to your particular situation, you will have the right to oppose the processing of your data, in which case, we will stop processing them unless we must continue to do so for compelling legitimate reasons or to the exercise or defense of possible claims.

    Likewise, we remind you that you have the right to withdraw any of the consents you have given for the processing of your data, without affecting the legality of treatment based on consent prior to its withdrawal.
    Nalanda informs you that you may exercise your rights over your personal data by writing to NALANDA GESTIONA, S.A. to which you must accompany a copy of your DNI, NIE, Passport or equivalent document, on both sides, in order to prove your identity, and which you must send to one of the following addresses:

    Nalanda will provide you with the requested information within a maximum period of 1 month from receipt of the request, although we inform you that this period could be extended for another 2 months taking into account the complexity and the number of requests.
    Finally, we inform you that you may file a claim with the competent Control Authority in matters of data protection, being in Spain the Spanish Agency for Data Protection (www.aepd.es). However, in the first instance, you may file a claim with the Data Protection Officer, who will resolve the claim within a maximum period of two months.

    Nalanda as data controller

    NALANDA GESTIONA, S.A, with CIF A82658030 and address at Calle Procion, 7- Edificio América II Portal 4, 2º I, 28023, Madrid is responsible for the personal data of our employees, direct customers, suppliers, etc. For any questions related to this treatment, you can contact info@nalandaglobal.com.

    Nalanda’s responsibilities as manager of the treatment

    Nalanda, as the person in charge of treatment, will carry out the processing of personal data derived from the provision of the contracted service, in accordance with the following conditions:

    • It is will limit itself to carrying out the actions that are necessary to provide the client with the contracted Service.
    • It will not carry out any other treatment of personal data, nor will it apply or use the data for a purpose other than the provision of the contracted Service.
    • Guarantees that the persons authorized to process the client’s personal data have agreed, expressly and in writing, to respect confidentiality and to comply with security measures and that they have been adequately trained in terms of data protection. data.
    • Informs It will immediately inform the client if, in its opinion, it considers that any of the instructions transmitted by the client violates the GDPR or any other data protection provision of the Union or of the Member States.
    • It will maintain a written record of the processing activities carried out on behalf of the client.
    • It will support the client in carrying out impact assessments in terms of data protection and prior consultation, where appropriate.
    • It will make available to the client the necessary information to demonstrate compliance with its obligations, as well as allow and actively collaborate in the performance of audits. In this sense, the client, prior notice of thirty (30) business days, if possible, may appear in person at the Nalanda facilities, in order to carry out the on-site controls and audits that it deems appropriate, provided that it does not exceed the limit of one on-site audit per calendar year.
    • It will implement the security measures described in the general conditions, to guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
    • It will notify the client, without undue delay, and in any case before the maximum period of 72 hours, the breaches of the security of the personal data in its charge of which it is aware.
    • It will destroy the personal data under the responsibility of the client, once the provision of the services has finished. Without prejudice to the possibility that the client expressly requests the return of the data that is the object of the order, before the end of the service.
    • Will assist the client in responding to the exercise of the interested parties, as well as in the notification to the client of the rights that are exercised directly before Nalanda, which will be notified within a maximum period of five business days.

    Customer responsibilities as data controller

    The client, as data controller:

    • Will comply with current legislation on labor matters, subcontracting and coordination of business activities in the instructions given to Nalanda as a result of the provision of services.
    • It will guarantee having sufficient legitimacy to upload, download or carry out any processing activity on documentation that contains personal data, through Nalanda’s tools.
    • It will watch, in advance via and throughout the treatment, for compliance with the GDPR and other regulations that may be applicable, as well as their obligations as data controller. Authorizes Nalanda to subcontract the services that are part of the Service to Nalanda Panama, Nalanda Colombia and Nalanda Chile. who hold the position of treatment sub-managers. The transfer The international data that could be produced by the services of these sub-processors are guaranteed by the Standard Contractual Clauses adopted in the Commission Decision of February 5, 2010. If it were necessary to subcontract any service in the future, the identification data of the provider will be incorporated into the list and previously communicated to the customer, who may express their opposition within 10 days of notification. If said opposition does not take place, the incorporation of the subcontractor as sub-processor will be understood as authorized. In any case, Nalanda guarantees that the sub-processor is subject to the same conditions established in this clause.
    • Authorizes and entrusts Nalanda with the formalization, on behalf of the client, of the Standard Contractual Clauses with the sub-processor/s (data importer/s), which regulate the International Data Transfers necessary for the correct performance of the obligations established in this treatment order entered into between the client and Nalanda (as data exporter). data).