Privacy Policy
Data protection information
Nalanda makes available the web pages located at the URLs https://www.nalandaglobal.com and https://www.obralia.com or accessible through an application for mobile devices (hereinafter, “Web Platform ”).This Privacy Policy is generated, in order to provide information on how we treat your personal data and protect your privacy.
We kindly ask you to carefully read this Privacy Policy. It may be modified when necessary but in case of modifications, we will notify you through the web platform, or by other means, so that you can update with the new privacy conditions. Continuing to make use of the functionalities made available by the data controller after having notified the aforementioned modifications will mean that you agree with them, except for those cases in which your express consent is necessary.
The data implemented into the Web Platform for the provision of document management services are owned by the contracting entities and / or subcontractors. Between Nalanda and a client (regardless of their position as a contractor or subcontractor in the provision of services) governs a relationship of processing order in terms of data protection. Nalanda and the client are holding the position of data controllers. The responsibilities of Nalanda and the client are defined in the sections “Responsibilities of Nalanda as data controller” and “Responsibilities of the client as data controller”.
In case that the client subcontracts other companies or freelancers, both the client and Nalanda will have access to the documents of their subcontractors at different levels and in turn to the documentation of the workers involved in each project. In the event that it accesses the documentation of its lower levels according to the subcontracting chain, the client will be responsible for obtaining the relevant authorization for its lower subcontractors and / or its self-employed / workers and will guarantee that it has sufficient legitimacy, regulating its relationship in accordance with the regulations regarding the protection of personal data.
Why do we process your personal data?
The personal data that are provided by the users of this Web Platform will be processed for the following purposes:
- In case you are a client and / user of Nalanda, or are in the process of contracting a service provided by Nalanda:
- Processing of the registration process.
- Management and maintenance of the users of the Nalanda portal.
- Management and maintenance of Nalanda clients.
- In the event that your professional data is included in any of the complementary services provided by Nalanda, your data will be processed for the following purposes:
- Administration of the web directory “Orange Pages”. The processing of data for this purpose could include the publication of the professional contact data (may include name and surname) of certain interlocutors or administrators of the entities that are clients of Nalanda in order to list and classify the companies that participate in the Nalanda platform and promote relationships between them.
- Administration of the purchase tool. The data processing for this purpose could include the publication of professional contact data necessary to enable the management of the sale and purchase operations carried out through the tool.
- Administration of the electronic invoice tool. For correct sending and receiving of invoices, we will collect the data of the person in charge of sending / receiving each company and its different delegations / centers.
- Administration of the homologation service. Nalanda will request the data of the Compliance person and those responsible for Homologation / Compliance of the company to carry out the communications that, for business, are necessary.
- Document management tool. The processing of data for this purpose could include the publication of professional contact details necessary to enable the management of the validation and authorization operations carried out through the tool.
- Purposes related to commercial communications:
- Commercial communications about Nalanda products and services.
- Commercial communications from third parties with whom Nalanda has collaboration agreements.
What data is processed and from what sources do they come?
The data that Nalanda treats as a result of the interactions made by the user through our Web Platform come from the following sources:
- Data provided by the client / user, or by a third party on their behalf, by filling in the forms made available in the registration process or through the registration process by other means such as, for example, the service of Customer Support.
- Data generated as a result of the development, processing and maintenance of the relationship established between the user and Nalanda.
Nalanda may process personal data of the following types, depending on the relationship established with the client / user:
- Identification and contact data (eg: name and surname, professional telephone number, professional email, IP address, etc.).
- Economic and financial data (eg: means of payment of which you were the owner as a natural person, etc.).
- Academic and professional data (eg: your position within an organization, etc.).
To guarantee the proper management of the processing of your data, Nalanda has designated a Data Protection Delegate, who you can contact for any questions you may need and who you can contact at the email address: dpo@nalandaglobal.com .
What is the legal legitimacy for the processing of your data?
- Execution of the contractual relationship established between Nalanda and the client, in relation to the purposes of processing the registration and the management and maintenance of clients and users of the Nalanda portal.
- Compliance with legal obligations applicable to Nalanda, such as tax and billing obligations, in relation to the management and maintenance purposes of clients and users of the Nalanda portal.
- Nalanda’s legitimate interest, in relation to the purpose of sending advertising and promotional information related to Nalanda’s products and services, in the case of Nalanda’s clients.
- Legitimate interest of third parties, in relation to the purposes of the purchase tool, “Orange Pages”, approval service, document management service and electronic invoice service. Said legitimate interests of the Nalanda platform clients must with -be considered in connection with article 19 of Organic Law 3/2018, of December 5, on Protection of Personal Data and guarantee of digital rights, as long as said data is necessary for the professional location of the interested party and that the purpose is solely to maintain relations with the legal person in which the natural person provides services, or, if it is a freelance worker or professional.
- Consent, in the event that it has been provided, for the purpose of sending advertising and promotional information regarding Nalanda’s products and services, as well as third-party products with whom Nalanda has collaboration agreements.
Who are your data communicated to?
Nalanda informs interested parties that the processing of personal data described and reported in this Privacy Policy does not imply any communications or transfer of their data by Nalanda to third parties. However, to the extent that certain functionalities of the platform imply the dissemination of certain professional data (in a restricted manner), those entities that are clients / users of the platform made available by Nalanda could be recipients of the data.
We will not transfer your data to non-client companies, unless there is an explicit document or contract with authorization for the proper functioning of our services.
How long do we keep your data?
Personal data will be kept for the duration of the relationship established with Nalanda and / or to achieve the intended purpose of treatment, as well as during the required legal periods.
Subsequently, the client may require that we completely delete their information, in which case it will no longer be accessible. To process this request, you must contact our data protection officer and write to info@nalandaglobal.com. In compliance with the principle of limitation of the conservation period, we reserve the right to keep the data and documentation for the duration of the contractual relationship and subsequently for the time necessary for the specific purposes for which they have been collected in order to comply with legal obligations and the responsibilities derived from said treatments based on the applicable regulations such as the prevention of possible inspections, for which custody is agreed during a subsequent period of prudence.
The documentation relating to the workers is automatically deleted five years after their deactivation on the portal.
In the case of candidates, their data will be kept for a period of 1 year. If you do not want your data to be kept during this period, you can exercise your right of deletion or revoke your consent.
What information should you provide us?
Nalanda informs customers and users that it will be necessary to provide, at least, those data marked with an asterisk (*) in the registration form. These data are strictly necessary to acquire the status of registered customer and, eventually, user, the inclusion of data in the remaining fields being voluntary.
In case of not providing at least such data, considered necessary, Nalanda will not be able to manage the registration process or carry out the provision of the service.What must you guarantee us when providing your personal data?
The user guarantees that the data provided are true, accurate, complete and updated, being responsible for any damage or loss, direct or indirect, that may be caused as a result of the breach of such obligation.
When the user provides data belonging to a third party, they guarantee that they have informed said third party of all the aspects contained in this Privacy Policy and obtained their authorization, or have sufficient legitimacy, to provide us with their data to the purpose of the processing in question.
What do we do to protect your personal data?
In response to Nalanda’s concern to guarantee the security and confidentiality of your data, the security levels required for the protection of personal data have been adopted and the technical means at its disposal have been installed to avoid loss, misuse, alteration, unauthorized access and theft of personal data provided through the web platform.
What are your rights over your personal data?
Nalanda informs you that you have the right to obtain confirmation about whether we are treating personal data that concerns you or not.
In the same way, Nalanda informs you that you have the following rights over your personal data:
- Access your data: You have the right to access your data to find out what personal data we are dealing with that concerns you.
- Request the rectification or deletion of your data: in certain circumstances, you have the right to rectify those personal data that you consider inaccurate and that concern you, and that are subject to processing by Nalanda, as well as the right to request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- Request the limitation of the processing of your data: in certain circumstances, you have the right to request the limitation of the processing of your data, in which case we inform you that we will only keep the data on which you have requested limitation in the processing for the exercise or defense of claims.
- To the portability of your data: in certain circumstances, you have the right to receive the personal data that concern you, and that you have provided us, in a structured format of common use and mechanical reading, as well as to have them transmitted by Nalanda to another controller.
- Oppose the processing of your data: in certain circumstances and for reasons related to your particular situation, you will have the right to oppose the processing of your data in which case, we would stop processing them unless we must continue to do so for compelling legitimate reasons or for the exercise or the defense of possible claims. Likewise, we remind you that you have the right to withdraw any of the consents that you have given for the processing of your data, without affecting the legality of the processing based on the consent prior to its withdrawal.
Likewise, we remind you that you have the right to withdraw any of the consents you may have given for the processing of your data, without this affecting the legality of the processing based on the consent prior to its withdrawal.
Nalanda informs her that she may exercise her rights over her personal data by writing to NALANDA GLOBAL, S.A. To which you must attach a copy of your DNI, NIE, Passport or equivalent document, on both sides, in order to prove your identity, and which must be sent to one of the following addresses: dpo@nalandaglobal.com.
Nalanda will provide you with the requested information within a maximum period of 1 month from the receipt of the request, although we inform you that this period could be extended for another 2 months taking into account the complexity and number of requests. Finally, we inform you that you can file a claim with the competent Control Authority in matters of data protection, in Spain being the Spanish Agency for Data Protection (www.aepd.es). However, in the first instance, you may file a claim with the Data Protection Officer (dpo@nalandadaglobal.com), who will resolve the claim within a maximum period of two months.
OTHER processing OF PERSONAL DATA
Cookies and similars
Nalanda uses cookies and other similar data storage and retrieval mechanisms in terminal equipment (hereinafter, cookies).
Cookies are files that are downloaded to the User’s browser and that can be read later by Nalanda. In this way, cookies allow various functionalities, such as recognizing a User who has previously accessed the website and being able to analyze the use of the web service to improve it.
However, it is not possible to find out the identity of the User from the cookies used by Nalanda, unless the User provides additional information through other means and these could be linked to the cookies downloaded.
“Let’s talk” form:
Nalanda will process the data provided through the “Let’s Talk” Form, in order to respond to the contact request.
- Legal basis: The legal basis that legitimizes the processing is the user’s consent expressed at the time of sending their contact request.
• Upkeep period: The data will be processed for the time necessary to resolve the user’s contact request. Subsequently, they will be blocked and kept for 3 years for the attention of the possible responsibilities derived from the treatment.
Likewise, in the event that you have authorized it by checking the corresponding box in the contact form, you will receive through the means of contact provided, including electronic ones, commercial communications about products, services, promotions, news or events of Nalanda, related to the sector of management and documentary information for companies. You can obtain more information about commercial communications in the communications section of this Privacy Policy.
You may withdraw the consent given and exercise your rights at any time, as indicated in the section on the rights of interested companies or organizations in this Privacy Policy.
“Request more information” form:
Nalanda will process the data provided through the “Request more information” Form, in order to attend the request for information by the user.
- Legal basis: The legal basis that legitimizes the processing is the user’s consent expressed at the time of sending their contact request.
• Upkeep period: The data will be processed for the time necessary to resolve the user’s contact request. Subsequently, they will be blocked and kept for 3 years for the attention of the possible responsibilities derived from the treatment.
Likewise, in the event that you have authorized it by checking the corresponding box in the contact form, you will receive through the means of contact provided, including electronic ones, commercial communications about products, services, promotions, news or events of Nalanda, related to the sector of management and documentary information for companies. You can obtain more information about commercial communications in the communications section of this Privacy Policy.
You may withdraw the consent given and exercise your rights at any time, as indicated in the section on the rights of interested companies or organizations in this Privacy Policy.
“Work for us” form:
The personal data that you provide in this offer will be processed by Nalanda, in order to manage your application request in this selection process.
- The legal basis that legitimizes this treatment: it is your consent.
• Upkeep period: Your data will be kept for a period of 1 year. If you do not want your data to be kept during this period, you can exercise your right of deletion or revoke your consent. Your personal data will not be transferred to third persons except legal obligation.
You may exercise your rights of access, rectification, opposition, deletion, limitation, portability or revoke your consent at any time, by sending a written communication to the indicated postal address, providing a photocopy of your DNI or equivalent document, identifying yourself as a candidate and specifying your request. Likewise, if you consider that your right to personal data protection has been violated, you may file a claim with the Spanish Data Protection Agency (www.aepd.es) or with the Data Protection Officer dpo@nalandaglobal.com
“Contract or Extend” form:
Nalanda will process the data provided through the “Contract or extend” form in order to manage personalized basic CAE document management services, as well as homologation services aimed at suppliers, through the provision of services configured in different packs (Document Management Basic CAE, Silver, Gold or Platinum Pack), at the choice of the provider, as well as its subsequent collection and monitoring.
- Legal basis: The legal basis that legitimizes the processing is the need to manage the registration process or extension of the contract with the supplier through the acceptance of the general conditions of the requested service, and payment thereof.
• Upkeep period: The data will be processed for this purpose for the duration of the contractual relationship between the parties, without failing, the legally established prescription periods.
As well, in the event that the user has not opposed to it by marking the corresponding box, the user will receive commercial communications, either by email or by mobile phone, about Nalanda services, products, news or events related to document management services and supplier approval, among others that are specific to Nalanda’s corporate purpose, which may be of interest to you. You can obtain more information about commercial communications in the communications section of this Privacy Policy.
You may exercise your rights at any time, as indicated in the section on the rights of interested parties in this Privacy Policy.
“Help” dropdown:
Nalanda will process the data provided through the “Leave a message” drop-down and specifically in relation to the user’s choice of the respective sub-drop-down (i) contact form and (ii) commercial form, (i) in order to respond to the request of information. (ii) As well as the commercial reason for your request through your selection the request for a videoconference, commercial training visit or loyalty call.
- Legal basis: The legal basis that legitimizes the treatment is the user’s consent expressed at the time of sending their contact request based on the requested matter.
• Upkeep period: The data will be processed for the time necessary to resolve the user’s contact request. Subsequently, they will be blocked and kept for 3 years for the attention of the possible responsibilities derived from the processing.
Likewise, in the event that you have authorized it by checking the corresponding box in the help form, you will receive commercial communications about products, services, promotions, news or events of Nalanda, related to the sector of management and documentary information for companies, as services related to Nalanda’s corporate purpose. You can obtain more information about commercial communications in the communications section of this Privacy Policy.
You may withdraw the consent given and exercise your rights at any time, as indicated in the section on the rights of interested companies or organizations in this Privacy Policy.
Sending of Commercial Communications:
Nalanda informs the user that the commercial communications requested by the user or if the user has not objected to their reception by marking the corresponding boxes on the forms.
The tool used to send commercial communications by email will include links and tiny, transparent images that will be associated with your email address. In this way, when one of these images is downloaded or the links contained in the email are accessed, Nalanda can know for statistical purposes if the email has been opened or if a link has been accessed from said email. You can prevent these uses by configuring your email manager or program to prevent the automated downloading of images, as well as not accessing the links included in the emails you receive.
In each communication, the user may oppose receiving this type of information through the specific mechanisms to process the cancellation, as well as request, where appropriate, their right to revoke consent, opposition or deletion.
More information:
If the user has any questions about the information collected in our Privacy Policy, they can send an email to dpo@nalandaglobal.com