Get to Know Us

Data Protection

Page content

In accordance with its Mission, Vision and Values, FREMAP is committed to maintaining and improving its management model based on ongoing improvement and innovation, the key factors of which are excellence of service in management, within the prevailing legislative framework.

This Policy establishes the principles inspiring the actions of FREMAP, contained in the framework that should govern the entity in relation to personal data protection.

The ultimate aim of this Policy is to guarantee compliance with EU Regulation 2016/679, the General Data Protection Regulation, the Spanish Data Protection Act and other applicable legislation. In particular, the Data Protection Policy is aimed at guaranteeing the right to data protection for all individuals interacting with FREMAP, ensuring their right to honour and privacy is respected when dealing with the personal data necessary to undertake its activity.

Scope of the Privacy Policy

This policy applies to all individuals rendering services in FREMAP and to external individuals dealing with the entity through service contracts or collaboration agreements, and it covers all of the entity's processes and resources.

Principles of action

The Principles regarding personal data processing.

  • Principle of legality, loyalty and transparency. Processing of personal data shall be legal, legitimate and lawful in accordance with applicable legislation, and persons interested must be informed of the circumstances regarding their data treatment. In those cases in which it is compulsory in accordance with applicable legislation, consent should be obtained from the interested parties before processing their data.
  • Principle of purpose limitation. Personal data will be gathered for specific, explicit and legitimate purposes, and shall not be processed for any other ulterior motives.
  • Principle of data minimisation. Only the data strictly necessary for the purposes for which they are gathered and which are suitable for these purposes will be processed.
  • Principle of accuracy. Personal data must be accurate and kept up to date. Otherwise, they should be corrected or deleted.
  • Principle of limitation of data retention period. Personal details will not be held beyond the time necessary to fulfil the purpose for which they are being processed, except in the cases of data retention provided for under law.
  • Principle of integrity and confidentiality. Personal data is treated in a manner that guarantees its proper security, adopting the technical and organisational measures necessary to protect it from unauthorised or unlawful treatment and avoiding against its loss, destruction or accidental damage. Furthermore, the personal data gathered and treated by FREMAP is stored in the utmost confidentiality and secrecy, and cannot be used for purposes other than those that justified and enabled them to be gathered, and cannot be communicated or transferred to third parties outside of the cases allowed by applicable legislation.

Legal base of the treatment of personal data.

FREMAP will only process personal data if at least one of the following conditions is fulfilled:

  • The data subject has consented to the processing of his/her personal data for specific purposes.
  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • The processing is necessary for compliance with a legal obligation.
  • The processing is required to protect the vital interests of the data subject or another individual.
  • The processing is required to perform a task carried out in the public interest or to exercise the official authority conferred upon the controller.
  • The processing is necessary to satisfy the legitimate interests pursued by FREMAP or by a third party, provided that these interests are not overridden by the interests or fundamental rights and freedoms of the data subject.

Consent of the data subject.

When the personal data processing to be done by FREMAP is based on the sent of the data subject, this must be given by means of an affirmation that reflects a statement expressing an intention that is freely given, unequivocal, specific, and informed, such as a written statement, and also confirmation given by electronic means, or verbally. Consent must be given for all data treatment activities carried out with the same or other purposes. When consent is being given for multiple purposes, these must be stated separately. It will be up to FREMAP to prove that the data subject gave their consent by any means admissible by law. The data subject is entitled to withdraw their consent at any time.

When the data treatment affects special data categories, specifically data pertaining to health, genetics or biometrics, and it is based on the consent of the data subject, he/she must give their consent explicitly, by means of a written statement.

Data subjects' rights.

Data transparency and communication to data subjects. Personal data treatment shall be transparent in relation to the interested party, providing them with the information on data treatment concisely, transparently, intelligibly and with easy access and clear and simple language. When personal data are gathered from the data subject, when they are obtained, FREMAP will provide them with the following information:

  • The identity of FREMAP as the party responsible for processing the data, and its contact details.
  • Contact details for the Data Protection Officer.
  • Reasons for processing the data.
  • Legal base of the treatment.
  • Recipients of the data.
  • The rights of the affected persons.

In the event that the data is not obtained from the data subject directly, due to a legitimate data transfer, or from sources in the public domain, FREMAP shall inform the data subject of the aforementioned circumstances and the source of the data.

Rights of access, correction, deletion and objection, limitation of data processing, data portability, as well as the right to object to being subject to automated decisions on an individual basis. FREMAP will facilitate the data subject's possibility to exercise these rights, establishing the internal procedures necessary to guarantee they can be exercised.

Data treatment by third parties.

Prior to hiring any service provider that will or may access personal data for which FREMAP is responsible, and throughout the duration of the contractual relationship, the necessary measures should be adopted to guarantee that the data treatment is in line with applicable regulations and the relationship has been entered into via contract. This contract shall list the obligations that this applicable regulation requires of the third party.

Security Breaches or loss of personal data.

When FREMAP becomes aware of an incident causing the destruction, loss or accidental or illicit alteration of personal data, or the communication or unauthorised access to these data leading to a high risk for the rights and freedoms of the data subjects, it must, without undue delay and, where possible, within 72 hours of its coming to light, notify the security violation to the Spanish Data Protection Agency. Exception to this are cases in which it is improbably that the personal data security violation involve a risk to the rights and freedoms of the individuals. If this notification cannot be made within 72 hours, the reasons for the delay will be stated, and information can be provided in phases, without further undue delay.

Similarly, in the event that the security violation may involve a high risk to the rights and freedoms of the data subjects, FREMAP will notify the data subject without undue delay of the personal data security violation, enabling them to take the necessary precautions.

These incidents must be documented and measures to settle and alleviate the possible negative effects will be adopted for the interested parties, following established internal protocols for this purpose.

Prevention and Control

Proactive responsibility.

FREMAP will keep a Record of data treatment activities with detailed information about each data treatment it carries out within the framework of its activity. The Record of activities will be kept up to date at all times

Similarly, FREMAP will carry out an Evaluation of the risk level the company is exposed to in order to determine technical and organisational measures needed, guaranteeing privacy by default and from the design stage. When the risk analysis leads to a type of data treatment that involves a high level of risk to the rights and freedoms of individuals, before processing, FREMAP will carry out an Evaluation of the impact of the treatment on personal data protection. FREMAP will check whether the treatment is still in compliance with the Impact Assessment undergone and, in any event, it will be checked when there is a change in the data treatment risk.

Data Protection Officer functions.

The Data Protection Officer is responsible for controlling and supervising the Policy, with the following functions legally set out:

  • a) Informing and advising the person responsible for or in charge of processing and the employees dealing with processing of their obligations under the RGPD and other data protection provisions of the European Union or of the Member states.
  • b) supervise the fulfilment of the provisions in the current General Data Protection Regulation, of other data protection provisions of the Union or of the Member states and of policies with regard to personal data protection, including the allocation of responsibilities, raising awareness and training of staff taking part in the data treatment, and the corresponding audits.
  • c) offering advice requested on the Impact Assessment of data protection and supervising the application thereof.
  • d) cooperating with the Spanish Data Protection Authority.
  • e) acting as a point of contact of the Spanish Data Protection Authority for matters regarding data processing, including enquiries prior to data processing, if necessary, and carrying out enquiries, where applicable, on any other issue.

The data protection officer will carry out their duties paying due attention to the risks associated with processing operations, bearing in mind the nature, extent, context and aims of processing.

Implementation and Dissemination

The Data Protection Policy must be known to all staff, as well as those collaborating with FREMAP. It must be communicated to all customers and made available on accessible mediums to all staff and other interested parties.

This Policy is understood to enter into force and be kept up to date from today, with the full commitment of the Management.

Majadahonda, 22 May 2018

Additional Information on Data Protection for Insured Workers

Controller. Who is the controller of my data?

  • FREMAP, MUTUAL SOCIETY NO. 61 COLLABORATING WITH THE SOCIAL SECURITY INSTITUTE, with registered office in Carretera de Pozuelo número 61, 28220 Majadahonda (Madrid). Contact us by postal mail at the aforementioned address or by email at the address derechos_arco@fremap.es.
  • The Data Protection Officer is the person in charge of safeguarding your privacy at our company. If you need to contact the Data Protection Officer, you can do so at dpd@fremap.es or by sending a letter to the aforementioned address, with the reference "Data Protection Officer".

Purpose. What will your data be used for?

  • In the event that you are a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres:

    To collaborate with the protective action of the Social Security Institute in healthcare, and in the management of financial benefits for occupational injury or illness, in preventive activity, in professional recuperation where applicable and in temporary disability allowances derived from non work-related injuries or illness due to risk during pregnancy and risk during breastfeeding, for cessation of the activity of self-employed workers, to care for minors suffering from cancer or another serious disease and the other activities of the Social Security Institute that are legally attributed to it under Legislative Royal Decree 8/2015, of 30 October, through which the Legislation of the Social Security Act and its implementing provisions is approved, thus fulfilling all the ends related to that collaboration.

    To conduct quality surveys and statistics, only when you provide your consent.

    To disclose, to your company or any other individual or legal entity who carries out administrative procedures on behalf of the associated company, the information required to comply with the legally established obligations in regard to social security, issuing accident reports with work leave, lists of accidents not requiring leave, disclosure of necessary economic details for the recognition of the right for benefits for temporary disability and knowledge of the start and termination of the delegated payment obligation of said provision, only when you provide your consent.

    To disclose - to the Insurance Company that is liable either contractually or by law for the costs deriving from the accident - medical information and documentation regarding the injuries resulting from the accident in excess of those provided for by the regulation, only when you provide your consent, for the sole purpose of recovering the costs incurred during your outpatient or hospital healthcare.

  • If you are not a beneficiary of the Social Security Institute and we attend you in our healthcare centres.

    To provide you emergency medical care and to administratively manage the same.

  • If you lodge a claim or complaint.

    To attend and properly manage your claim or complaint.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    To guarantee the security of people, goods and facilities through the video surveillance and controlling visits.

Retention terms or criteria. For how long will we keep your data?

  • In the event that you are a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres.

    We shall retain them while we provide the healthcare and manage the provisions deriving from your status as beneficiary of the protective action of the Social Security Institute and during the legally established terms of data retention, in accordance with provisions of article 16.5 of Act 41/2002, of 14 November, on the autonomy of patients and rights and obligations with regard to clinical information and documentation and article 16 of Royal Decree 1993/1995, of 7 December approving the Collaboration Regulations of Mutual Societies Collaborating with the Social Security Institute, unless otherwise provided for in autonomous regulations, as well as during limitation periods of the actions deriving from any claims.

  • If you are not a beneficiary of the Social Security Institute and we attend you in our healthcare centres.

    We shall retain them for five years from the provision of the healthcare, in accordance with provisions of article 16.5 of Act 41/2002, of 14 November, on the autonomy of patients and rights and obligations with regard to clinical information and documentation and article 16 of Royal Decree 1993/1995, of 7 December approving the Collaboration Regulations of Mutual Societies Collaborating with the Social Security Institute, unless a different term is provided for in autonomous regulations.

  • If you lodge a claim or complaint.

    If your claim or complaint is related to our collaboration with the protective action of the Social Security Institute, we shall keep them while we provide healthcare and manage the provisions deriving from your status as beneficiary of the protective action of the Social Security Institute. In any other case, we shall keep them for five years in accordance with article 1964 of the Civil Code.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    In the case of recording your images by video camera, the data shall be destroyed by erasure one month after it is recorded, except for recordings related to criminal or administrative offences with regard to public safety, an ongoing criminal investigation or an ongoing legal or administrative proceeding. If your data are collected at reception or during an access control at our facilities, such data shall be erased one month after its collection.

Legitimation - Why are we entitled to process your personal data?

  • In the event that you are a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres:

    We are entitled to process health-related data because we are permitted by article 9.2.b) EU Regulation 2016/679 on General Data Protection since such processing is necessary to fulfil our obligations and to exercise specific rights in the field of the security and social protection, and since you provide consent, when required, to disclose to Insurance Companies the medical information and documentation regarding injuries resulting from accidents in excess of those provided for by the regulation, for the sole purpose of recovering the costs incurred during your outpatient or hospital healthcare, pursuant to the provisions of article 9.2 a) of the aforementioned Regulation.

    And we are entitled to process the rest of your data because we are permitted by article 6.1.c) of the aforementioned Regulation, since we are required to fulfil Royal Decree 8/2015, of 30 October, approving the revised text of the General Social Security Act and Royal Decree 1993/1995, of 7 December, on the Collaboration of Mutual Societies with the Social Security Institute.

    Similarly, in the event you provide your consent under article 6.1 a) of the aforementioned Regulation, we will be entitled to disclose to your company the information necessary for it to comply with its legal obligations and the quality statistics and surveys that are conducted.

  • If you are not a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres to receive healthcare, we are entitled to process data related to your health, because we are permitted to do so by article 9.2.c) EU Regulation 2016/679 on General Data Protection), since such processing is necessary to protect your vital interests.
  • If you lodge a claim or complaint.

    If you are not a beneficiary of the Social Security Institute and we attend you at our administrative or healthcare centres, we are entitled because we are permitted to do so by article 9.2.f) EU Regulation 2016/679 on General Data Protection), since such processing is necessary to fulfil obligations and to exercise specific rights in the area of social protection and security, and we are entitled to process the rest of your data because we are permitted by article 6.1.c) of the aforementioned Regulation, since we are required to fulfil Royal Decree 8/2015, of 30 October, approving the revised text of the General Social Security Act and Royal Decree 1993/1995, of 7 December, on the Collaboration of Mutual Societies with the Social Security Institute.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    Our legitimation to process identifying data is founded on our legitimate interest, provided for in article 6.1.f) EU Regulation 2016/679 on General Data Protection) to process images using photographic cameras or video cameras and to control physical access in order to safeguard the security of people, goods and facilities, since their interests or rights and fundamental liberties do not prevail over the aforementioned interest.

Obligation to provide data. Why are you required or not required to provide your data?

  • In the event that you are a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres:

    You are required to provide your data to enable us to provide you with healthcare and financial assistance. Refusal to provide such data prevents access to financial assistance and healthcare to which you have the right based on Social Security legislation.

  • If you are not a beneficiary of the Social Security Institute and we attend you in our healthcare centres.

    You are required to provide us with your data to enable us to provide you with any healthcare you need, and because your refusal to provide us with the same prevents us from providing you with such healthcare.

  • If you lodge a claim or complaint.

    You are required to provide us with your data when lodging your claim or complaint, and because your refusal to provide us with the same prevents us from processing your claim or complaint.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    You are required to provide us with your data because we must protect people, goods and facilities, and because your refusal to provide us with the same prevents you from gaining access to our centres on the grounds of security.

To which recipients will your data be disclosed or transferred?

  • In the event that you are a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres:

    To the Ministry of Employment and Social Security, and Bodies and Companies comprising the Social Security Institute in compliance with the Social Security regulations (Royal Decree 8/2015, of 30 October, approving the revised text of the General Social Security Act and Royal Decree 1993/1995, of 7 December, on the Collaboration of Mutual Societies with the Social Security Institute). Furthermore, your data shall be disclosed or assigned to those recipients that must receive them by virtue of a legal obligation.

    Similarly, if you give your consent your data may be disclosed to your company to enable it to fulfil its legally established obligations relating to Social Security (Royal Decree 8/2015, of 30 October, approving the revised text of the General Social Security Act and Royal Decree 1993/1995, of 7 December, on the Collaboration of Mutual Societies with the Social Security Institute).

    We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

  • If you are not a beneficiary of the Social Security Institute and we attend you in our healthcare centres.

    To the corresponding public health service.

    We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

  • If you lodge a claim or complaint.

    To the Ministry of Employment and Social Security, and Bodies and Companies comprising the Social Security Institute to ensure the correct operation of our collaboration with said bodies, in compliance with the Social Security regulations (Royal Decree 8/2015, of 30 October, approving the revised text of the General Social Security Act and Royal Decree 1993/1995, of 7 December, on the Collaboration of Mutual Societies with the Social Security Institute). Furthermore, your data shall be disclosed or assigned to those recipients that must receive them by virtue of a legal obligation.

    We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    To security forces and bodies. Courts, in the event of the commission of criminal or administrative offences or in compliance with Organic Law 4/1997, of 4 August, on the use of video cameras by security forces and bodies in public places.

    We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

What are your rights when you provide us with your data and how can you exercise them?

  • Right of access: The right to obtain confirmation as to whether FREMAP, MUTUAL SOCIETY NO. 61 COLLABORATING WITH THE SOCIAL SECURITY INSTITUTE is or is not processing personal data that concern you and, in this case, to access the same.
  • Right of rectification: The right to request the amendment or rectification of your data if they are inaccurate.
  • Right of erasure: The right to request the erasure of your data due to the illegal processing of the same, because the reason behind their processing or collection no long exists, when you revoke your consent or oppose their processing or when they must be erased in compliance with a legal obligation.
  • Right of opposition: The right to oppose, at any time, for reasons related to your specific situation, the personal data that concerns you from being subject to processing, on the grounds of public interest or the legitimate interest of the controller or a third party.
  • Right of limitation of the processing: The right to limit the processing of your data, if you contest their accuracy, if the processing is illegal, if your personal data are no longer necessary for the reasons for processing, or if you have exercised your right to oppose said data processing.
  • Right of portability of the data: The right to receive the personal data that concern you in a structured, commonly-used format that can be digitally read, and to transmit them to another controller, provided that it is technically possible.
  • The right not to be subject to individual automated decisions: The right to oppose being subject to decisions solely based on the automated processing of personal data, including creating profiles, when this decision may legally or significantly affect you.

To exercise the aforementioned rights, you are required to send a written statement to FREMAP, containing:

  • Identification details.
  • A copy of your National Identity Card (DNI) or another official document that confirms your identity.
  • The claim specifying the request.
  • Address for notification purposes.
  • Date and signature of the requester.

In the event you exercise your rights through a representative, the request must be accompanied by an express authorisation and a copy of the National Identity Card (DNI) of the representative and of the principal.

You can file the statement at any of our centres or hospitals, or send it to FREMAP, by:

Similarly, you may also contact the Data Protection Officer, by:

Furthermore, you have the right to:

  • Revoke the consent you have provided: If the processing is legitimised by such consent, you have the right to revoke the same.
  • Lodge a claim: You may pursue, in any case, the Data Protection Officer, and you also have the right to lodge a claim with the Spanish Data Protection Authority (AEPD).

Origin. Where do we obtain your data from?

  • In the event that you are a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres:

    From you, when you access our administrative and healthcare centres and in the positions of benefit managers and admission, or digitally when you provide them through any forms.

    From the General Social Security Treasury, from the National Social Security Institute and from the public health services.

    From employment companies or consultancies that are responsible for managing human resources, when these fill in the healthcare request slip in the event of occupational injuries, and other cases provided by law.

  • If you are not a beneficiary of the Social Security Institute and we attend you in our healthcare centres.

    From you, when you access our administrative and healthcare centres.

  • If you lodge a claim or complaint.

    From you, when you access our administrative and healthcare centres and lodge a claim or complaint.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    From you, when you access our administrative and healthcare centres and your image or data are recorded at reception or during the access control.

Classification of data. What data will be processed?

  • In the event that you are a beneficiary of the Social Security Institute and you attend our administrative or healthcare centres:

    Name, surname, National Identity Card (DNI) or passport, postal and email addresses, telephone number and signature, family details, age, sex, date of birth, employment details, bank details, health details related to your healthcare and financial benefit and other data necessary to verify the origin of the same.

  • If you are not a beneficiary of the Social Security Institute and we attend you in our healthcare centres.

    Name, surnames, National Identity Card (DNI) or passport, postal and email address, telephone number, signature, age, sex, health details related to your healthcare benefit and insurance policy details.

  • If you lodge a claim or complaint.

    Name, surnames, National Identity Card (DNI) or passport, postal and email address, telephone number, signature and health details related to the claim or complaint you lodge.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    Data related to your image, name, surnames, National Identity Card (DNI) and the organisation or company you belong to.

Information on the Protection of the Data of Suppliers and Mutual Insurance Companies

Controller. Who is the controller of my data?

  • FREMAP, MUTUAL SOCIETY NO. 61 COLLABORATING WITH THE SOCIAL SECURITY INSTITUTE, with registered office in Carretera de Pozuelo número 61, 28220 Majadahonda (Madrid). Contact us by postal mail at the aforementioned address or by email at the address derechos_arco@fremap.es.
  • The Data Protection Officer is the person in charge of safeguarding your privacy at our company. If you want to contact him or her, you can do so at dpd@fremap.es or by written letter sent to the aforementioned address, with the reference "Data Protection Officer".

What data do we process?

    In order to fulfil our obligations as collaborator in the management of legally authorised Social Security benefits, we are required to process data related to our mutual insurance companies, individual employers adhered to the organisation and supplier companies with whom FREMAP has a business or administrative contract. If this data corresponds to a company representative, a self-employed worker or a contact person, it is determined personal data.

    At FREMAP we process the identifying data of the representatives or authorised representatives of the mutual insurance companies and of the representatives or authorised representatives of companies that are associated with the Mutual Society, by virtue of a business or administrative relationship, and their contact persons.

    Please provide this informative document on data protection to the people at your company who participate in the relationship with us (contact persons)

Purpose. What will your data be used for?

  • If you have a business or administrative relationship with us in your capacity as a company representative or individual employer.

    To uphold our administrative and business relationship.

  • In the case of contact persons from a supplier company, a mutual insurance company or an individual employer.

    In order to uphold the relationship with the company or with the individual employer on behalf of whom you act and to comply with the legal and contract obligations of the Mutual Society.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    To guarantee the security of people, goods and facilities through the video surveillance and controlling visits.

Retention terms or criteria. For how long will we keep your data?

  • If you have a business or administrative relationship with us in your capacity as company representative or as individual employer:

    Your personal data will be retained as long as necessary to fulfil the purpose for which it was collected and to determine any liabilities and handle any future claims against the company.

    The data will be retained as long as necessary in order for FREMAP to carry out legal or administrative actions arising from audits of accounts and compliance set forth in Article 98.2 Royal Legislative Decree 8/2015, of 30 October, approving the Revised Text of the General Law on Social Security.

    Royal Decree 1993/1995, of 7 December will be applied, approving the Regulations for Collaboration of Mutual Societies and Article 1964 of the Civil Code.

  • In the case of contact persons from a supplier company, a mutual insurance company or an individual employer.

    The data will also be retained as long as necessary to fulfil the purpose for which it was collected and to determine any liabilities and handle any future claims against the company.

    The data will be retained as long as necessary in order for FREMAP to carry out legal or administrative actions arising from audits of accounts and compliance set forth in Article 98.2 Royal Legislative Decree 8/2015, of 30 October, approving the Revised Text of the General Law on Social Security.

    Royal Decree 1993/1995, of 7 December will be applied, approving the Regulations for Collaboration of Mutual Societies and Article 1964 of the Civil Code.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    In the case of recording your images by video camera, the data shall be destroyed by erasure one month after it is recorded, except for recordings related to criminal or administrative offences with regard to public safety, an ongoing criminal investigation or an ongoing legal or administrative proceeding. If your data is collected at reception or during an access control at our facilities, such data shall be erased one month after its collection.

Legitimation - Why are we entitled to process your personal data?

  • If you have a business or administrative relationship with us in your capacity as a company representative or individual employer.

    Processing is lawful according to Article 6.1 b) Regulation (EU) 2016/679 on General Data Protection, as it is necessary for compliance with a legal or contract obligation, and Article 6.1 f) as it is necessary for the purposes of the legitimate interests of FREMAP.

  • In the case of contact persons from a supplier company, a mutual insurance company or an individual employer.

    Processing is lawful according to Article 6.1 b) Regulation (EU) 2016/679 on General Data Protection, as it is necessary for the performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    Our legitimation to process data is founded on our legitimate interest, provided for in article 6.2.f) Regulation (EU) 2016/679 on General Data Protection) to process images using photographic cameras or video cameras and to control physical access in order to safeguard the security of people, goods and facilities, since their interests or rights and fundamental liberties do not prevail over the aforementioned interest.

Obligation to provide data. Why are you required or not required to provide your data?

  • If you have a business relationship with us in your capacity as a company representative or individual employer.

    You are required to provide your personal data as it is necessary for the signing of the contract and/or upholding our relationship with you. If your personal data is not provided, we will not be able to enter into the contract.

    If you have an administrative relationship with us in your capacity as a company representative or individual employer.

    You are required to provide your personal data to the General Treasury of the Social Security as this is necessary for the signing of the contract and/or upholding our relationship with you. If your personal data is not provided, we will not be able to enter into the contract.

  • In the case of contact persons from a supplier company, a mutual insurance company or an individual employer.

    You are required to provide your personal data as this is necessary for upholding your relationship with the company or the individual employer on whose behalf you act and complying with our legal and contractual obligations. If you do not provide your personal data, we will not be able to uphold our relationship with your company or the individual employer on whose behalf you act or comply with our legal and contract obligations.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    You are required to provide us with your data because we must protect people, goods and facilities, and because your refusal to provide us with the same prevents you from gaining access to our centres on the grounds of security.

To which recipients will your data be disclosed or transferred?

  • If you have a business or administrative relationship with us in your capacity as a company representative or individual employer.

    Your personal data are processed at our company. To the extent permitted by law, we may transfer your data to recipients outside the Mutual Society. These recipients may include service providers (who, pursuant to contracts awarded, provide services including the processing of personal data) and public authorities, inasmuch as we are required to disclose it by virtue of a legal obligation.

    We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

  • In the case of contact persons from a supplier company, a mutual insurance company or an individual employer.

    Notwithstanding this, personal data processing is carried out in our company. To the extent permitted by law, we may transfer your data to recipients outside the Mutual Society. These recipients may include service providers (who, pursuant to contracts awarded, provide services including the processing of personal data) and public authorities, inasmuch as we are required to disclose them by virtue of a legal obligation.

    We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

  • If you visit or access our administrative or healthcare centres and we record your image or obtain your data at the reception or in access control.

    To security forces and bodies. Courts, in the event of criminal or administrative offences or in compliance with Organic Law 4/1997, of 4 August, on the use of video cameras by security forces and bodies in public places.

    We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

What are your rights when you provide your personal data and how can you exercise them?

  • Right of access: The right to obtain confirmation as to whether FREMAP, Mutual Society no. 61 Collaborating with the Social Security Institute is or is not processing personal data that concern you and, in this case, to access the same.
  • Right of rectification: The right to request the amendment or rectification of your data if they are inaccurate.
  • Right of erasure: The right to request the erasure of your data due to the illegal processing of the same, because the reason behind their processing or collection no long exists, when you revoke your consent or oppose their processing or when they must be erased in compliance with a legal obligation.
  • Right of opposition: The right to oppose, at any time, for reasons related to your specific situation, the personal data that concerns you from being subject to processing, on the grounds of public interest or the legitimate interest of the controller or a third party.
  • Right of limitation of the processing: The right to limit the processing of your data, if you contest their accuracy, if the processing is illegal, if your personal data are no longer necessary for the reasons for processing, or if you have exercised your right to oppose said data processing.
  • Right of portability of the data: The right to receive the personal data that concern you in a structured, commonly-used format that can be digitally read, and to transmit them to another controller, provided that it is technically possible.
  • The right not to be subject to individual automated decisions: The right to oppose being subject to decisions solely based on the automated processing of personal data, including creating profiles, when this decision may legally or significantly affect you.

To exercise the aforementioned rights, you are required to send a written statement to FREMAP, containing:

  • identification data,
  • a copy of your National Identity Card (DNI) or another official document that confirms your identity
  • the claim specifying the request,
  • address for notification purposes,
  • date, and requester's signature.

In the event you exercise your rights through a representative, the request must be accompanied by an express authorisation and a copy of the National Identity Card (DNI) of the representative and of the principal.

You can file the statement at any of our centres or hospitals, or send it to FREMAP, by:

Similarly, you may also contact the Data Protection Officer, by:

Furthermore, you have the right to:

  • Revoke the consent you have provided: If the processing is legitimised by such consent, you have the right to revoke the same.
  • Lodge a claim: You may pursue, in any case, the Data Protection Officer, and you also have the right to lodge a claim with the Spanish Data Protection Authority (AEPD).

Origin - Where do we obtain your data from?

  • If you have a business relationship with us, your own, when you provide your data prior to entering into a contract. If you have an administrative relationship with us in your capacity as company representative, when you fill out the application form for association. If you have an administrative relationship with us in your capacity as individual employer, of the Social Security Institute when you register in the Special Scheme for Self-Employed Workers.
  • In the case of contact persons from a company, a mutual insurance company or an individual employer. Your own or of the company or individual employer on whose behalf you are acting.
  • If you visit or access our administrative or healthcare centres and we register your image or obtain your data at reception or at access control.

    From you, when you access our administrative and healthcare centres and your image or data are recorded at reception or during the access control.

Additional information on data protection (use of images and voice)

Controller. Who is the controller of my data?

FREMAP, COLLABORATIVE MUTUAL SOCIETY WITH SOCIAL SECURITY No. 61, with registered office at Carretera de Pozuelo number 61, 28220 Majadahonda (Madrid). Contact us by postal mail at the aforementioned address or by email at the address derechos_arco@fremap.es.

The Data Protection Officer is the person in charge of safeguarding your privacy at our company. If you want to contact him or her, you can do so at dpd@fremap.es or by written letter sent to the aforementioned address, with the reference "Data Protection Officer".

What data do we process?

While carrying out its activity, FREMAP organises events, meetings, courses, seminars and interviews in which the identification data (name/national ID number/foreigner ID number) of the attendees is recorded.

Similarly, the capture and recording of images and voice of the people who attend the above-mentioned events, meetings, courses, seminars and interviews which FREMAP organises may occur.

Purpose. What will your data be used for?

The data collected from attendees at events, meetings, courses, seminars and interviews organised by FREMAP will be used for the control of the attendees, to make known the activities that FREMAP carries out, via institutional documentation, web applications and social networks and for the management of social action projects.

Retention terms or criteria. For how long will we keep your data?

The data will be kept during the time necessary to comply with the purpose for which it was collected and to determine the possible responsibilities that could result from this purpose and from the processing of the data and while the interested party does not exercise his/her right of erasure.

Legitimation - Why are we entitled to process your personal data?

The legal basis for the processing of your data is your consent, in accordance with the provisions in Article 6.1 a) and Article 9.2 a) of the General Data Protection Regulation (EU) 2016/679, which is why your data will only be processed if you have expressly given your consent for this.

If you provide your authorisation for the processing of images and voice of a child aged under fourteen, who is under your parental authority or guardianship, we are legitimised for the processing of the data of a child aged under fourteen, in accordance with the provisions in Article 8.1 of the General Data Protection Regulation (EU) 2016/679.

Obligation to provide data. Why are you required or not required to provide your data?

You do not have any obligation to provide your data. Participation in the events, meetings, courses, seminars and interviews that FREMAP organises is voluntary.

If you do not provide your data and consent expressly to the processing of your data or that of the child aged under fourteen who is under your paternal authority or guardianship, you or the minor will not be able to participate in the events, meetings, courses, seminars and interviews to prevent your image or voice or the image or voice of the child aged under fourteen from being recorded.

To which recipients will your data be disclosed or transferred?

The data will be disclosed via institutional documentation, web applications and social networks, which is why it will be passed on to third parties interested in FREMAP's activities.

We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

What are your rights when you provide us with your data and how can you exercise them?

  • Right of access: The right to obtain confirmation as to whether FREMAP, Mutual Society no. 61 Collaborating with the Social Security Institute is or is not processing personal data that concern you and, in this case, to access the same.
  • Right of rectification: The right to request the amendment or rectification of your data if they are inaccurate.
  • Right of erasure: The right to request the erasure of your data due to the illegal processing of the same, because the reason behind their processing or collection no long exists, when you revoke your consent or oppose their processing or when they must be erased in compliance with a legal obligation.
  • Right of opposition: The right to oppose, at any time, for reasons related to your specific situation, the personal data that concerns you from being subject to processing, on the grounds of public interest or the legitimate interest of the controller or a third party.
  • Right of limitation of the processing: The right to limit the processing of your data, if you contest their accuracy, if the processing is illegal, if your personal data are no longer necessary for the reasons for processing, or if you have exercised your right to oppose said data processing.
  • Right of portability of the data: The right to receive the personal data that concern you in a structured, commonly-used format that can be digitally read, and to transmit them to another controller, provided that it is technically possible.
  • The right not to be subject to individual automated decisions: The right to oppose being subject to decisions solely based on the automated processing of personal data, including creating profiles, when this decision may legally or significantly affect you.

To exercise the aforementioned rights, you are required to send a written statement to FREMAP, containing:

  • Identification details.
  • A copy of your National Identity Card (DNI) or another official document that confirms your identity.
  • The claim specifying the request.
  • Address for notification purposes.
  • Date and signature of the requester.

In the event you exercise your rights through a representative, the request must be accompanied by an express authorisation and a copy of the National Identity Card (DNI) of the representative and of the principal.

You can file the statement at any of our centres or hospitals, or send it to FREMAP, by:

Similarly, you may also contact the Data Protection Officer, by:

Furthermore, you have the right to:

  • Revoke the consent you have provided: If the processing is legitimised by such consent, you have the right to revoke the same.
  • Lodge a claim: You may pursue, in any case, the Data Protection Officer, and you also have the right to lodge a claim with the Spanish Data Protection Authority (AEPD).

Origin - Where do we obtain your data from?

From yourself when you attend our events, meetings, courses, seminars and interviews carried out by FREMAP.

Additional information on data protection for Candidates for Job Vacancies

Controller. Who is the controller of my data?

FREMAP, Collaborative Mutual Society with Social Security Institute no. 61, with registered office at Carretera de Pozuelo nº 61, 28220, Majadahonda (MADRID).

The Data Protection Officer is the person in charge of safeguarding your privacy at our company. If you need to contact the Mutual Society, you can do so at dpd@fremap.es, or through a letter sent to the previous address, including the reference "Data Protection Area".

Purpose. What will your data be used for?

As a main purpose for the management of the processes of personnel selection and provision of job vacancies in which you participate.

Additionally, for the video vigilance and the control of access to facilities for security purposes.

Term. For how long will we keep your data?

The data will be kept during the time necessary to comply with the purpose for which it was collected and to determine the possible responsibilities that could result from this purpose and from the processing of the data and while the interested party does not exercise his/her right of erasure.

Legitimation - Why are we entitled to process your personal data?

Processing necessary for the implementation of a contract which the interested party forms part of or for the application at the request of this party for pre-contractual measures (Article 6.1.b) General Data Protection Regulation (EU) 2016/679.

Processing necessary for the fulfillment of a legal obligation applicable to the person responsible for the processing. (Article 6.1.c) General Data Protection Regulation (EU) 2016/679: Legislative Royal Decree 2/2015, of 23 October, which approves the rewritten text of the Workers' Statute Law.

In relation to the special data categories (health), where applicable, processing necessary for the fulfillment of obligations and exercise of rights in the field of employment law and of safety and social protection (Article 9.2.b) General Data Protection Regulation (EU) 2016/679.

Obligation to provide data. Why are you required or not required to provide your data?

You are required to provide your data as this is necessary for the management of the applications and development of the selection process in which you participate. If you do not provide your data, we will not be able to manage your participation in selection processes.

To which recipients will your data be disclosed or transferred?

Your data will not be passed on to third parties, except for transport companies, travel agencies and hotel establishments, for necessary trips that you make during the selection processes in which you participate.

We shall not, by any means, internationally transfer your data to third-party countries or to international organisations.

What are your rights when you provide us with your data and how can you exercise them?

  • Right of access: The right to obtain confirmation as to whether FREMAP, MUTUAL SOCIETY NO. 61 COLLABORATING WITH THE SOCIAL SECURITY INSTITUTE is or is not processing personal data that concern you and, in this case, to access the same.
  • Right of rectification: The right to request the amendment or rectification of your data if they are inaccurate.
  • Right of erasure: The right to request the erasure of your data due to the illegal processing of the same, because the reason behind their processing or collection no long exists, when you revoke your consent or oppose their processing or when they must be erased in compliance with a legal obligation.
  • Right of opposition: The right to oppose, at any time, for reasons related to your specific situation, the personal data that concerns you from being subject to processing, on the grounds of public interest or the legitimate interest of the controller or a third party.
  • Right of limitation of the processing: The right to limit the processing of your data, if you contest their accuracy, if the processing is illegal, if your personal data are no longer necessary for the reasons for processing, or if you have exercised your right to oppose said data processing.
  • Right of portability of the data: The right to receive the personal data that concern you in a structured, commonly-used format that can be digitally read, and to transmit them to another controller, provided that it is technically possible.
  • The right not to be subject to individual automated decisions: The right to oppose being subject to decisions solely based on the automated processing of personal data, including creating profiles, when this decision may legally or significantly affect you.

To exercise the aforementioned rights, you are required to send a written statement to FREMAP, containing:

  • Identification details.
  • A copy of your National Identity Card (DNI) or another official document that confirms your identity.
  • The claim specifying the request.
  • Address for notification purposes.
  • Date and signature of the requester.

In the event you exercise your rights through a representative, the request must be accompanied by an express authorisation and a copy of the National Identity Card (DNI) of the representative and of the principal.

You can file the statement at any of our centres or hospitals, or send it to FREMAP, by:

Similarly, you may also contact the Data Protection Officer, by:

Furthermore, you have the right to:

  • Revoke the consent you have provided: If the processing is legitimised by such consent, you have the right to revoke the same.
  • Lodge a claim: You may pursue, in any case, the Data Protection Officer, and you also have the right to lodge a claim with the Spanish Data Protection Authority (AEPD).

Origin Where does your data come from?

From you when you deliver your CV to FREMAP, send your application via the website or, subsequently, when you provide your data in the selection interview, aptitude tests, group dynamics or exams that you do, and from the employment agencies or job sites you are subscribed to.

Information about PDF documents: To view PDF files correctly, you must have the programme Adobe Acrobat Reader This link opens in a new window installed on your computer.