The company responsible for processing your personal data (data controller) and the owner of this website is PFI Group. (here in after, “PFI Group”), a trading company registered with the Company Registry of PFI Group, Inc. EIN EIN: 83-13816668079 Wales Road Northwood, Ohio 43619 (USA) However, the FERSA GROUP companies that may act as data controllers by virtue of the professional collaboration existing between them and to ensure correct business management are listed below.
- PFI Group
In addition to the above address, if you wish to contact us, you can do so via our:
- Contact Form
- Telephone: 976 333 850
- Email: email@example.com
Type, purpose and legal basis for personal data processing
We collect personal data from:
- Employee data: The purpose of such data is to employment relationships, prepare pay slips, monitor working hours and other resulting obligations. The data collected includes identification data, special categories (health/disability), personal characteristics data, academic data and professions, data on employment details, and financial data. The legal basis for data processing is the relationship between the parties, the legal obligation to collect this type of data and the consent of the data subjects. The data retention period is set at five years from the end of the employment relationship, except for pay slips and TC1 and TC2 social security forms, which must be kept for ten years.
- Data on employment applications: The purpose of this data is to manage selection processes. The data collected includes identification data, personal characteristics data, academic and professional data and data on employment details. The legal basis for data-processing is the pre-contractual relationship between the parties and the consent of the data subjects. The data retention period is set at six months from the end of the selection process.
- Supplier data: The purpose of this data is to manage business contracts for which identification data, financial or tax data and other data such as TC2 social security forms or civil insurance are collected. In this case, the execution of the contract or pre-contract itself is the legal basis for your data to be processed, which will be deleted within five years of the end of the business relationship.
- Customer data: The purpose of the data processing is to fulfil a business contract or pre-contract and provide the requested services. To this end, identification, property and financial data are requested. The legal basis data-processing is the legitimate interest of the data controller and the fulfilment of a contract. The data will be deleted within five years of the end of the business relationship.
- Partner data: The purpose of partners is to manage the company internally. The business relationship between the parties constitutes the legal basis for data-processing.
- Data relating to the exercise of rights: The purpose of the processing is to enable data subjects to exercise their data protection rights. The legal basis complies with applicable data protection regulations. This data will be kept to a minimum and will be retained at all times in compliance with the provisions of applicable data protection regulations.
- Video surveillance data: The purpose of the processing is to ensure the security of our facilities. The legal basis for processing the data is the performance of a task carried out in the public interest. This data (images) will be deleted within a maximum period of 30 days.
- Contact details are provided on the website: All the contact details with which you identify yourself in order to communicate with us will be collected through this channel, including your email address, telephone number and postal address, as well as any other information that you freely decide to give us, which we cannot specify as we do not know the content of all possible communications you may send us. We will process this personal data for the purpose of answering your enquiries and to meet your personal data protection rights. The legal basis for responding to your communications is your consent and PFI Bearings legitimate interest in responding to your enquiries. This data will be deleted within two years.
The personal data provided will be retained for as long as our relationship exists, during the legal retention periods, or until the data subject contests or requests their deletion. As a general rule, a retention period of five years from the end of the relationship between the parties is established. At the end of this period, it will be deleted or destroyed in confidence.
How do we share information with third parties?
FERSA informs the data subject that some of our suppliers may process their personal data as data controllers, for example, in the case of:
- Third-party service providers, when necessary for the provision of services, coordination of activities, internal management, supplier certification, software, systems and platform support, cloud hosting services and electronic communications. In such cases, access to your data by third parties will only take place when PFI Bearings maintains a contractual relationship with the data controller that guarantees confidentiality, the non-use of the personal information of users made available to them for purposes other than those indicated above, as well as compliance with our internal privacy and information security regulations.
- When such data transfer is covered by a legal obligation or is required by the competent authorities to respond to legal requirements, the criminal investigation of possible illegal activity or claims that certain content infringes the rights of third parties or to protect the rights, property or safety of third parties, in the event of a merger, sale, restructuring, acquisition, joint venture, assignment, transfer or other disposition, in whole or in part, of our business, assets or shares. (Example, transfers to the Spanish Tax Agency [AEAT], the Spanish General Treasury of the Social Security [TGSS], etc.).
Likewise, PFI BEARINGS, may transfer information to companies belonging to the same Group for business management purposes.
In some cases PFI Bearings uses third-party tools and services for service management. Some of these services may be owned by third parties residing outside the European Economic Area.
PFI Bearings strives to use secure tools whose servers are preferably located in Spain or, failing that, in a member state of the European Union, or which comply with European legislation in accordance with the guidelines and recommendations of the Spanish Data Protection Agency, the European Commission and the community reference agreements on international data transfer.
Specifically, PFI Bearings plans to transfer data internationally to the company belonging to the same group located in the United States as a result of the business collaboration between the PFI Bearings. International data transfers to the same destination may also be carried out in the event that IT platforms are contracted with external providers.
In such cases, since the United States has the same confidentiality guarantees as those required in Spain (“Safe Harbor”), it is a secure transfer.
Exercise of rights and complaints to the Spanish Data Protection Agency
Users may withdraw their consent at any time and/or exercise their rights of access, rectification, suppression, limitation, opposition and portability as provided for in the European personal data protection regulations by sending an email to firstname.lastname@example.org or by post to FERSA at Polígono Calle Bari nº 18, 50197, Zaragoza (Spain).
In this case, the User must indicate the right they wish to exercise and attach a copy of their National Identity Card or any other valid identification document that allows them to do so, including that which allows their electronic identification.
In the event that your rights are not effectively addressed, you may lodge a complaint with the Spanish Data Protection Agency.
Your commitment, the accuracy of the data provided to us
The User declares that the personal data provided to PFI Bearings is accurate.
As a User, you should be aware that you are the only person responsible for any damage or harm, whether direct or indirect, that may be caused to PFI Bearings as the party responsible for this website or to a third party if you send us false data or data belonging to third parties without their prior consent, causing deception, damage or harm.
In order for us to keep your data accurate and up to date, we ask the User to inform us of any changes to the data provided.
Consent of minors
PFI Bearings prohibits users under the age of 14 to send personal data through this website or through the means indicated therein. In the event that FERSA detects users who may be under the aforementioned age, it will not process their data and therefore will not respond to their requests.
P reserves the right to request a copy of the User’s National Identity Document or equivalent document as proof of age in the event of having well-founded suspicions that the User is underage.
Applicable security measures
In order to protect the personal data of users, PFI ensures, on its own behalf and that of its data controllers, the implementation of the appropriate technical and organisational measures in line with the state of the art to protect personal data, taking into account the scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of data subjects, striving to ensure the confidentiality, integrity, availability and resilience of the processing systems and services.
Our information security policies and procedures are regularly reviewed and updated to meet our business needs, technological changes and regulatory requirements.
Applicable law and jurisdiction