Factorial 2025 is here. The same platform but redesigned to be better than ever. More intuitive, insightful, and human.
|
Check it out now →

FACTORIAL INTERNAL CHANNEL PRIVACY POLICY

All the information regarding our Internal channel Privacy Policy. 

Date of last amendment: January 2024

In accordance with the provisions of articles 13 and 14 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR"), as well as and Act 2/2023 of 20 February, regulating the protection of persons who report regulatory and anti-corruption offences, we inform you of the following:

1. Who is responsible for the processing of your personal data?

EVERYDAY SOFTWARE, S.L. a Spanish company with registered office at Carrer d'Àlaba, 61, 5-2, 08005 Barcelona, Spain and CIF B66854530 (hereinafter, "Factorial HR" or "Factorial") is committed to protecting your personal data. This privacy policy (hereinafter, the "Privacy Policy") will inform you about how we take care of your personal data when you decide to interact with any of our available channels and carry out a communication.

Contact details: Telephone (+34 932 205 976), e-mail (privacy@factorial.co).

If you have any doubts or queries related to data protection, you can contact our Data Protection Officer by sending your request to: legal@pridatect.com.

DPO contact details: email (legal@pridactect.com), postal address (Av. de Josep Tarradellas, 8-10, 5º 08029 Barcelona)

2. What personal data do we collect?

Through Factorial's internal channel we may collect personal data of different types. Sometimes, the personal data we collect could be data of special or sensitive category. These data may be associated with the person who reports certain facts or with the persons about whom the communication is about (which may be the person directly affected or third parties involved in the communication).

The personal data that we may collect in the context of receiving a communication through the channels as a responsible party are as follows: 

In the case of the communicator:

a) Identification data: name and surname, voice (except in the case of anonymity).

b) Contact details: email, telephone and/or postal address (except in case of anonymity).

c) Evidence: description of the facts, photographs or attached documents that can prove the reported facts.

In the case of affected persons or third parties involved in the communication:

a) Identification data: name and surname.

b) Contact details: email, telephone and/or postal address.

c) Data associated with the reported conduct: employment data, tax data, financial data, if provided or collected in the course of the investigation.

d) Evidence: attached documents that can prove the reported facts.

In case of third parties involved:

a) Identification data: name and surname.

b) Contact details: email, telephone and/or postal address.

c) Data associated with the reported conduct: employment data, tax data, financial data, if provided or collected in the course of the investigation.

d) Evidence: photographs or documents that can prove the alleged facts.

3. For what purposes do we process your data?

Factorial may process personal data for the purpose of:                           

  • Receive and manage incoming communications and provide a response.
  • Investigate and propose resolutions on communications received in accordance with the company's internal procedure and in accordance with the established deadlines.
  • Impose disciplinary sanctions on Factorial staff members in accordance with the company's disciplinary system.
  • Where appropriate, initiate legal action against the persons concerned and/or third parties involved.
  • In the case of verbal communications, document them and, with the informants' authorisation. In case of verbal communication, you, as the informant, have the possibility to check, rectify and agree with the transcription of the conversation by signing it.
  • To keep evidence of the proper functioning of the internal Factorial System.

4. On what basis do we process the data?

The processing of Users' data is based on one or more of the following legal bases:

a) Legal obligation (art. 6.1.c RGPD): Pursuant to the provisions of Article 30 of Law 2/2023, on the Protection of the Informant.

b) Public interest (art. 6.1.e RGPD): In the event that the data are considered to be of special category, the prohibition of the processing of such data is exempted in accordance with the provisions of article 30 of Law 2/2023, on the Protection of the informant, in relation to article 9.2.g) of the RGPD, as necessary for reasons of essential public interest.

c) Legitimate interest (art. 6.1.f RGPD): For the case of responding to certain complaints, doubts or queries that do not fall within the material scope of Factorial's Internal Channel, for self-defence or for the preservation of evidence that proves the proper functioning of Factorial's Internal System.

5. How long do we keep your data?  

The processing of the data for the purposes described will be maintained for the time necessary to manage and take a decision on the communications received, as well as to comply with the legal obligations deriving from the processing of the data.

In general, communications and other personal data associated with the communication may not be kept for a period of more than ten years.

In the event that it is decided to initiate an investigation process, personal data shall be retained for the duration of the investigation of the facts, which shall last no longer than 3 months (plus 3 months extendable, depending on the circumstances of the communication), unless the investigation results in the adoption of certain measures against the person concerned by the communication, in which case it would be possible to retain the data for a longer period.

Without prejudice to the foregoing, once the necessary retention period has expired, the data will be duly blocked and will only be available for the formulation, exercise or defence of potential claims and/or whenever permitted by the applicable legislation.

6. Do we share your data with third parties?

Personal data collected in the context of the internal channel will not be transferred, sold, rented or made available in any other way to any recipient or third party, except to those service providers for the management and performance of the necessary research on the communications received in the channel, who will act as data processors and will in no case process the data for their own purposes.

Without prejudice to the foregoing, the personal data of the communications may be communicated to the security forces and bodies, Judges or Courts, the Public Prosecutor's Office, the European Public Prosecutor's Office, as well as any other competent body in the event of being required to do so in compliance with the legislation in force.

No international transfers of data will take place. However, it is possible that in some cases it may be necessary to transfer personal data outside the EEA or EU territory, to manage a communication through the channel. Where appropriate, Factorial will take all appropriate measures to ensure that your personal data remains with an equivalent level of protection and applying the mechanisms that apply in each case in accordance with the applicable data protection regulations (GDPR). These measures may include the signing of Standard Contractual Clauses approved by the European Commission.

In the event that you have reported facts, we inform you that your identity will in any case remain confidential and will not be disclosed to the persons to whom the reported facts refer or to third parties.

7. What rights do you have and how can you exercise them?

You can contact us to learn more about the choices you have to place restrictions on how we use your information or to exercise any of your rights by sending an email request to: privacy@factorial.co.

Under the GDPR, you have certain rights in relation to the processing of your personal data:

  • Right to be informed: You have the right to receive clear, transparent and easily understandable information about how we use your personal data and your rights.
  • Right of access: You have the right to obtain access to your personal data.
  • Right of rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete.
  • Right of erasure: this right allows you to request the deletion or removal of your personal data where there is no compelling reason for us to continue to use it. This is not an absolute right of erasure and exceptions may apply.
  • Right to restrict processing: You have the right to "block" or delete further use of your personal data. When processing is restricted, we may continue to store your personal data, but we may no longer use it.
  • Right to data portability: You have the right to obtain and re-use your personal data for your own purposes in different services.
  • Right to object to processing: You have the right to object to certain types of processing. However, if you are a data subject and you exercise your right to object, we will presume that, unless we have evidence to the contrary, there are legitimate grounds for us to continue to process your personal data.
  • Right to withdraw consent: If you have given your consent for a specific purpose of data processing, you have the right to withdraw your consent at any time.
  • Right not to be subject to an automated decision: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal (or similarly important) effects for you.

Factorial normally acts on requests and provides information free of charge, but we may charge you a reasonable fee to cover our administrative costs of providing the information to you:

  • unfounded or excessive/repeated requests; or
  • more copies of the same information.

You can address your communications and exercise your rights by sending a communication to the following e-mail address privacy@factorial.co.

In addition, if you have a complaint about the processing of your data, you can lodge a complaint with the relevant data protection authority.

8. Changes to the Privacy Policy  

Factorial may, at its sole discretion, modify or update this Privacy Policy. If the changes are material, we will notify you accordingly.