Privacy and Cookies Policy

This Privacy and Cookies Policy (hereinafter, the "Policy") provides a comprehensive explanation of how REMONDIS AGUA, S.A.U. (hereinafter, “REMONDIS” or “the Company”) collects, processes, stores and protects the personal data of users who access its corporate website www.remondis.es, use the available forms (contact or job application), browse the site, or submit information through the internal reporting channel in accordance with Law 2/2023.

REMONDIS is firmly committed to the protection of privacy and compliance with current personal data protection regulations, in particular Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD), and Law 2/2023 on the protection of persons who report regulatory breaches.

1. Data Controller Identification

• Controller: REMONDIS AGUA, S.A.U.
• Tax ID: A08593345
• Registered address: Calle Tuset, 5, 5º 4ª, 08006 Barcelona, Spain
• Contact email: info@remondis.es
• Website: www.remondis.es

2. Data Protection Officer (DPO)

REMONDIS has officially appointed a Data Protection Officer (DPO) pursuant to Articles 37 to 39 of the GDPR and Article 34 of the LOPDGDD. The DPO’s role is to oversee regulatory compliance, advise the organization, and respond to individuals regarding data protection matters.

• DPO contact: dpd@remondis.es

3. Guiding Principles of Processing

REMONDIS ensures that personal data is processed in accordance with the following principles:

• Lawfulness, fairness and transparency: Data is processed under valid legal grounds and users are informed clearly about the purposes.
• Purpose limitation: Data is collected only for specific, legitimate and informed purposes.
• Data minimization: Only the data strictly necessary is collected.
• Accuracy: Reasonable steps are taken to keep data accurate and up to date.
• Storage limitation: Data is kept only for the time necessary to fulfill its intended purpose.
• Integrity and confidentiality: Technical and organizational measures are applied to preserve the security and confidentiality of personal data.
• Accountability: REMONDIS is committed to demonstrating proactive compliance with applicable laws.

4. Purposes of Processing, Data Categories, and Legal Grounds

Purpose	Data Categories	Legal Basis
Contact via web form	Name, surname, email, message content	Consent (Art. 6.1.a GDPR) or pre-contractual measures (Art. 6.1.b)
Recruitment process	Identification, contact data, CV, education, work experience, availability, expectations, optional information	Consent (Art. 6.1.a) and pre-contractual steps (Art. 6.1.b)
Website security	IP address, access logs, browser, date/time	Legitimate interest (Art. 6.1.f)
Browsing analytics (Matomo)	Anonymized IP, visit duration, visited pages, approximate region	Legitimate interest (Art. 6.1.f)
Internal reporting channel	Identifying data, complaint content, documents submitted, employment relationship	Legal obligation (Law 2/2023), public interest and legal compliance (Art. 6.1.c and e GDPR)

5. Source of the Data

Personal data processed by REMONDIS originates from the following sources:

• Data voluntarily provided by the user via forms.
• Data generated automatically through website browsing.
• Data entered by candidates through the online job platform.
• Reports submitted through the internal whistleblowing system.

6. Recipients and Data Processors

Personal data may be processed by:

• Providers of software and IT services, including recruitment platforms, statistical tools and document management systems, acting as data processors under contract.
• External entities specialized in managing the internal reporting channel and advising on data protection compliance.
• Hosting and web maintenance service providers, for technical support, also acting as data processors.
• Public authorities, courts or law enforcement agencies, when legally required.

Under no circumstances will personal data be sold or transferred for advertising or commercial purposes. REMONDIS ensures that all third parties comply with the obligations set forth in the GDPR.

7. International Data Transfers

REMONDIS does not currently carry out international data transfers. Should such transfers be necessary in the future, they will be made in compliance with GDPR requirements, including the use of Standard Contractual Clauses, adequacy decisions by the European Commission, or binding corporate rules.

8. Data Retention Periods

• Contact form data: Up to 6 months after last communication.
• Job applications: Up to 12 months from the latest profile update.
• Browsing data: Only anonymized, non-traceable data is retained.
• Reporting channel data: Retained for the time required to handle and resolve the case, and in accordance with the legal retention periods established under Law 2/2023.

9. Data Subject’s Rights

Users have the following rights:

• Right of access: To confirm whether their data is being processed, for what purpose, and to obtain a copy.
• Right to rectification: To correct inaccurate or incomplete personal data.
• Right to erasure: To request deletion of data when it is no longer necessary, consent is withdrawn, or processing is contested.
• Right to object: To oppose processing on personal grounds unless compelling legitimate interests apply.
• Right to restrict processing: To request the suspension of processing in certain circumstances (e.g., while a claim is under review).
• Right to data portability: To receive data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
• Right to withdraw consent: At any time, without affecting the lawfulness of prior processing.

Requests should be sent to the Data Protection Officer: dpd@remondis.es

A response will be issued within one month, extendable to two months if the request is complex. If you are not satisfied, you may lodge a complaint with the Spanish Data Protection Authority: www.aepd.es

10. Cookies and Analytics Technologies

REMONDIS’s website does not use third-party cookies or persistent identifiers. Data is processed under the Company’s legitimate interest and exclusively for technical or statistical purposes.

11. Matomo

REMONDIS uses a self-hosted version of Matomo analytics software. This open-source tool provides basic statistical analysis of website visits, such as which pages are accessed, how often, and for how long, without identifying visitors.

The version deployed does not use cookies and only collects anonymized data. IP addresses are anonymized before being stored, and a temporary hash-based user ID is created and deleted at the end of each session. No profiling or behavioural analysis is performed.

The purpose is to improve functionality and user experience. The processing is based on REMONDIS’s legitimate interest (Art. 6.1.f GDPR).

12. Compliance and Legal Responsibility

REMONDIS may retain or process data when necessary to:

• Fulfill fiscal, administrative or legal obligations.
• Respond to legal or judicial requests.
• Exercise its legal defence in claims.
• Prevent or detect criminal activity or fraud.

13. Organizational Changes and Business Transfers

In the event of corporate transactions (e.g., mergers, acquisitions), data may be transferred to new data controllers, under adequate safeguards and in accordance with the legitimate interest of business continuity.

14. Internal Reporting Channel (Law 2/2023)

REMONDIS has implemented an internal reporting channel pursuant to Law 2/2023, allowing safe and confidential reporting of irregularities or misconduct.

• Access link to the channel: https://grupolaecanaldedenuncias.net/remondisagua/denuncia

The channel is managed by LAE Normativas, S.L, a specialized provider acting as data processor, and ensures:

• Protection of the whistleblower’s identity.
• Case handling within legal deadlines.
• Measures against retaliation.
• Secure, confidential and traceable registration.

15. Minors

This website is not intended for individuals under the age of 14. REMONDIS does not knowingly collect or process data from minors without parental or guardian consent. If such data is detected, it will be deleted immediately.

16. Updates and Validity

REMONDIS may update this Policy to reflect legislative changes or operational adjustments. Any changes will be published on this page and become effective immediately.

In the event of multilingual versions, the Spanish version shall prevail in case of interpretation conflicts.