Privacy policy
At LEADING CREW, S.L. we understand that it is essential to maintain a transparent relationship with you, therefore, below, we present our Privacy Policy, so that you are duly informed at all times about how we collect and securely handle any data you provide us with.
Your data will be processed in accordance with current legislation and, in particular, in accordance with the provisions of Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Also with regard to Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights.
A careful reading of our Privacy Policy will provide you with the information you need to understand how we will use the data you provide to us.
1 – Who is responsible for the processing of your data?
If you, or an authorised person, have provided us with your data, we inform you that LEADING CREW, S.L., with CIF: ESB38608642 is responsible for the processing of the same. This data will be processed in accordance with the provisions of current regulations on personal data protection.
It is possible that there are other persons responsible for the processing that we carry out, in which case we will always inform you who is responsible for the processing of the data, as well as their identification details.
The Website may include hyperlinks or links that allow access to third party websites other than www.proflyacademy.com, and which are therefore not operated by LEADING CREW, S.L.. The owners of these websites will have their own data protection policies, being themselves, in each case, responsible for their own processing and their own privacy practices.
LEADING CREW, S.L. undertakes to comply with the obligation of secrecy of personal data and its duty to protect them. To this end, we adopt the necessary measures to prevent their alteration, loss, processing or unauthorised access in accordance with the provisions of the Regulation.
2 – Where do we report?
LEADING CREW, S.L. informs through the website www.proflyacademy.com in the section corresponding to the privacy policy. More information in “Legal Notice“.
3 – What personal data do we process?
The personal data we process are:
- Those that you choose to provide us with voluntarily
- Data derived from your communications with us.
- The information corresponding to your own browsing in the case of Online Services, (IP address or information derived from cookies or similar devices (you can see our Cookies Policy on the website).
- Information that is available in publicly accessible sources, to which we can legitimately have access.
- The data arising from the contractual or pre-contractual relationship you have with us, including your image, always informing you in this case of the possibility of capturing your image.
- Those provided to us by third parties about you, where there is a legitimate basis for doing so or where we have obtained your consent to do so.
- The data of third parties that you provide to us, subject to the consent of the third party in question.
You can find more information in the activity log section of this privacy policy.
4 – How do we process the data?
At LEADING CREW, S.L. we always treat your personal data in strict compliance with current legislation. Furthermore, we inform you that we have the appropriate technical and organisational measures in place to guarantee an optimum level of security, thereby ensuring that only authorised persons have access, that we will keep them intact, preventing any intentional or accidental loss and that we have reinforced our data processing systems and services.
However, because LEADING CREW, S.L. cannot guarantee the impregnability of the Internet or the total absence of hackers or others who fraudulently access personal data, it undertakes to notify you without undue delay when a breach of security of personal data occurs that is likely to pose a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a breach of security of personal data means any breach of security leading to the accidental or unlawful destruction, loss or alteration of, or unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed.
The operations, management and technical procedures that we carry out in an automated or non-automated way and that make possible the collection, storage, modification, transfer and other actions on personal data, are considered to be the processing of personal data.
5 – What is the legitimacy of the processing?
The basis for the legitimisation of the processing of Personal Data shall be that resulting from the contractual or pre-contractual relationship, the employment relationship or any other relationship required for the processing of data, such as express consent.
6 – How do we manage electronic communications?
In accordance with the provisions of Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce, and Directive 2002/58/EC, we inform you that you may receive communications and information of a commercial nature through this electronic communication system (e-mails, automated response messages from forms and other communication systems) when you have given us your consent or when they are commercial communications referring to products or services similar to those previously provided by the party responsible for the processing of your data.
In the event that you do not wish to receive communications and information of this nature, you can notify us by this same means indicating in the subject “UNSUBSCRIBE FROM COMMERCIAL COMMUNICATIONS” so that your personal data can be removed from our database. Your request will be acted upon within 1 month of being sent. In the event that we do not receive an express reply from you, we will understand that you accept and authorise our company to continue sending the aforementioned communications.
In the event of receiving such communications by these means, we inform you that the messages are addressed exclusively to the addressee and may contain privileged or confidential information. If you are not the intended recipient, we notify you that unauthorised use, disclosure and/or copying is prohibited under current legislation.
7 – How long do we keep your data?
The personal data relating to natural persons that LEADING CREW, S.L. collects by any means will be kept for as long as the interested party does not request its deletion. Likewise, they will be kept for as long as the relationship that gave rise to the processing of the data is maintained, respecting in any case the legal retention periods. At the end of this period, the personal data will be deleted from all LEADING CREW, S.L. systems.
8 – Will your data be communicated to third parties?
There will be no assignment, transmission or transfer of personal data, except those already reported, which are not the result of a legal obligation. If your data is requested from us by the Public Administration or Autonomous Institutions within the scope of the functions expressly attributed to them by law, your data will be transmitted.
If there is an assignment, transmission or transfer of personal data outside of the aforementioned cases, you will be previously informed so that, if necessary, you can give us your consent.
However, in order to organise ourselves correctly, to have good operations and procedures that guarantee good management, LEADING CREW, S.L. may need to hire the services of consultants, professionals or other service companies to process data under our instructions.
This processing on behalf of third parties is regulated by a contract in writing or in some other legally admissible form that allows proof of its conclusion and content, expressly specifying that the processor will process the data in accordance with our instructions and will not apply or use them for any purpose other than that stated in the contract, nor will it communicate them, not even for storage, to other persons.
9 – What are your rights?
Data protection regulations give you the following rights:
- Right of access: This is the User’s right to obtain confirmation as to whether or not LEADING CREW, S.L. is processing their personal data and, if so, to obtain information on their specific personal data and on the processing that LEADING CREW, S.L. has carried out or is carrying out, as well as, among other things, the information available on the origin of said data and the recipients of the communications made or planned for said data.
- Right of rectification: This is the User’s right to have his/her personal data amended if it proves to be inaccurate or, having regard to the purposes of the processing, incomplete.
- Right of erasure (“the right to be forgotten”): This is the right of the User, unless otherwise provided by law, to obtain the erasure of his or her personal data when the personal data are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his or her consent to the processing and the processing has no other lawful basis; the User objects to the processing and there is no other legitimate reason to continue the processing; the personal data have been processed unlawfully; the personal data must be erased in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to erasure, the Controller shall, taking into account available technology and the cost of its implementation, take reasonable steps to inform controllers who are processing the personal data of the data subject’s request for erasure of any link to those personal data.
- Right to restriction of processing: This is the User’s right to restrict the processing of his or her personal data. The User has the right to obtain the limitation of processing when he/she contests the accuracy of his/her personal data; the processing is unlawful; the Controller no longer needs the personal data, but the User needs it to make claims; and when the User has objected to the processing.
- Right to data portability: Where processing is carried out by automated means, the User shall have the right to receive from the Controller his or her personal data in a structured, commonly used and machine-readable format and to transmit it to another controller. Where technically feasible, the Controller shall transmit the data directly to such other controller.
- Right of opposition: This is the User’s right not to have his or her personal data processed or to have the processing of such data by LEADING CREW, S.L. cease.
- Right not to be subject to a decision based solely on automated processing, including profiling: This is the User’s right not to be subject to an individualised decision based solely on automated processing of his or her personal data, including profiling, unless otherwise provided for by law.
If you would like more information regarding the processing of your data, rectify any data that is inaccurate, oppose and/or limit any processing that you consider unnecessary, or request cancellation of the processing when the data is no longer necessary, please write to LEADING CREW, S.L. at Rúa de Amio, 114, 15707 – Santiago de Compostela (A Coruña) or send an e-mail to info@proflyacademy.com.
- This communication shall contain the following information: the name and surname of the user, the request, the address and supporting data.
- The exercise of rights must be carried out by the user himself. However, they may be exercised by a person authorised as the authorised person’s legal representative. In this case, the documentation accrediting this representation of the interested party must be provided.
Likewise, we would like to inform you that you can withdraw the consent given without affecting the lawfulness of the processing already carried out, by sending your request to the same address indicated in the previous paragraph. In this case, you must accompany your request with a copy of your ID card or document proving your identity.
If you believe that there is a problem or a breach of the law in the way in which your personal data is being processed, you have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular in the State in which you have your habitual residence, place of work or place of the alleged breach. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/) – C/ Jorge Juan, 6 28001-Madrid – FAX: 914483680- TELF: 901 100 099- E-mail: ciudadano@agpd.es
10 – What is the purpose and basis of legitimacy for data processing and how long will the data be kept?
The purposes of the data processing carried out by any or all of the Controllers listed above are set out below.
TREATMENT ACTIVITY | PURPOSE OF PROCESSING | BASIS OF LEGITIMACY | CONSERVATION PERIOD |
Labour management | Personnel management for the formalisation of an employment contract, file control, payroll management. | Contractual relationship | 5 years from the end of the contract |
Tax and accounting management | Processing necessary for the fulfilment of tax and accounting obligations | Contractual relationship Legal obligation for the controller Overriding legitimate interests of the controller or of third parties |
5 years from the end of the contract The time required to meet legal obligations |
Contact management | Processing of data in order to be able to communicate with data subjects | Contractual relationship Overriding legitimate interests of the controller or of third parties Express consent of the data subject |
5 years from the end of the contract Until cancellation and/or objection by the contract holder Until relevant loss of use |
Prevention of occupational hazards | Compliance with current legislation on occupational risk prevention and health surveillance. | Contractual relationship Legal obligation for the person in charge |
Until the end of the contractual relationship The period of time legally established by the specific regulations |
Job applicant management | Recruitment and filling of jobs through CV management, personal interviews and assessment tests. | Vital interests of the data subject or of other persons Express consent of the data subject |
After the deadline for which an appointment is requested has passed |
Organisation of events and activities | Management and coordination of activities and events related to the entity’s activity. Control of attendance and participants. | Contractual relationship Express consent of the person concerned |
Until cancellation and/or objection by the owner Time necessary to meet legal obligations |
Multimedia management | Processing of images and/or videos for dissemination in the media and social networks and the promotion of activities | Express consent of the data subject | Until cancellation and/or objection by the owner Until relevant loss of use |
Labour control | Monitoring of employee attendance at the workplace (holidays, absences, time recording). | Contractual relationship Legal obligation for the controller Overriding legitimate interests of the controller or of third parties |
Until the end of the contractual relationship |
Supplier management | Analysis, appraisal, contracting, order management and supplier payment management | Contractual relationship | 5 years from the end of the contract The period legally established by the specific regulations |
Management of training activities | Organisation of courses, and possible invoicing of the costs arising therefrom | Contractual relationship Express consent of the person concerned |
Until cancellation and/or objection by the owner Until relevant loss of use |
Student management | Students’ data for contact, commercial management, service offer, class management, invoicing receipts management, etc. | Express consent of the data subject | Until cancellation and/or objection by the holder |
Management of student records | Details of the student in order to be able to compile the academic record in accordance with the current regulations on the matter | Express consent of the data subject | Until cancellation and/or objection by the holder |
11 – Acceptance and Changes to this Privacy Policy
It is necessary that the User has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as that he/she accepts the processing of his/her personal data so that the Data Controller can proceed in the manner, during the periods and for the purposes indicated. The use of the Website implies acceptance of the Privacy Policy of the same.
LEADING CREW, S.L. reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. The User is recommended to consult this page periodically to keep abreast of the latest changes or updates.
This Privacy Policy was updated to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and to Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights.
This Privacy Policy document has been revised as of: 26/05/23