In accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (“GDPR”), and Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights (“LOPDGDD”), we hereby provide the following information regarding the processing of your personal data when you participate in a recruitment and selection process.
Who is the controller of your personal data?
The controller of your personal data is:
EOS Spain, S.L. Sociedad Unipersonal (“EOS Spain”)
Tax ID no.: B- 64102072
Registered Office: C/ Manuel Guzmán 1, Esc.1, Planta 1, 15008, A Coruña, Spain
If you have any questions regarding the processing of your personal data, you may contact us at the following email address: [email protected]
We also inform you that we have appointed a Data Protection Officer (DPO), whom you may contact at the following email address: [email protected]
What personal data do we process about you?
Depending on the stage of the recruitment process, we may process the following categories of personal data:
- Identification and contact details: First name, last name, national ID number (DNI/NIE), address, telephone number, email address.
- Curriculum and professional experience information: CV/resumé, cover letter, academic background, professional experience, skills, certifications, and similar information.
- Data obtained during interviews or assessments: Interview notes, results of assessment tests (technical or competency-based).
For what purposes and on what legal basis do we process your personal data?
1. Managing your participation in recruitment processes
We process your personal data in order to manage your job application, which includes receiving and reviewing your profile, conducting interviews and assessment tests, verifying the information provided, and assessing your suitability for the position.
Legal basis: the processing is necessary to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR), and the legitimate interest of the controller in ensuring an appropriate assessment of professional profiles, the quality of the recruitment process, and its proper execution (Article 6(1)(f) GDPR).
2. Retaining your application for future recruitment processes
Only if you give us your express consent, we will retain your CV and application data in order to contact you should future vacancies arise that match your professional profile.
Legal basis: consent (Art. 6.1(a) GDPR).
Where do we obtain your personal data from?
We obtain your personal data mainly from the following sources:
- Directly from you: when you submit your application or participate in interviews and assessment tests.
- From third parties: such as job platforms (e.g. LinkedIn), recruitment companies or selection consultancies, provided that you have authorised such disclosure.
- Publicly available sources: we may consult public profiles on professional social networks (e.g. LinkedIn) in order to verify or supplement the professional information you have provided.
- Professional references: subject to your prior explicit consent, we may contact the individuals or organisations you designate in order to request references regarding your professional performance.
How long will we retain your personal data?
We will retain your personal data for the period necessary to manage the recruitment process in which you participate.
If you have given your consent for your application to be retained for future recruitment processes, we will keep your information for a maximum period of three (3) years, or until you withdraw such consent.
Where your personal data must be retained in order to address potential liabilities arising from the recruitment process, they will be duly blocked, meaning that they will only be available for the purpose of complying with legal obligations, preventing their processing for other purposes, and, where applicable, handling claims or legal proceedings, in accordance with Article 32 of the LOPDGDD.
With whom do we share your personal data and are international transfers carried out?
Your personal data will not be disclosed to third parties, except where required by law.
EOS Spain does not carry out international transfers of personal data to third countries or international organisations outside the European Economic Area.
What rights can you exercise in relation to your personal data?
In accordance with applicable data protection legislation, you may exercise the following rights in relation to your personal data:
- Right of access: you may obtain confirmation as to whether or not we are processing your personal data and, where that is the case, access such data and the information related to their processing.
- Right to rectification: you may request the correction of inaccurate or incomplete personal data.
- Right to erasure (right to be forgotten): you may request the deletion of your personal data when, among other reasons, they are no longer necessary for the purposes for which they were collected.
- Right to restriction of processing: you may request the restriction of the processing of your data in certain circumstances; in such cases, the data will only be retained for the establishment, exercise or defence of legal claims.
- Right to object: you may object to the processing of your personal data where such processing is based on legitimate interest, on grounds relating to your particular situation.
- Right to data portability: you may receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or request that they be transmitted to another controller, where the processing is based on your consent or on a contract and is carried out by automated means.
- Right to withdraw consent: where the legal basis for the processing is your consent, you may withdraw it at any time, with the same ease with which it was given, without affecting the lawfulness of processing carried out prior to its withdrawal.
You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD) if you consider that the processing of your personal data does not comply with applicable data protection regulations.
How can you exercise your rights?
To exercise your rights, please send us a request indicating the right you wish to exercise, together with your first name, last name and national ID number, which are necessary to verify your identity.
You may submit your request through any of the following means:
- Email address: [email protected]
- Postal address:
EOS Spain, S.L.
C/ Manuel Guzmán 1
Esc.1, Planta 1
15008, A Coruña
Spain
Data Security
We have adopted appropriate technical and organisational measures to ensure a level of security appropriate to the risk associated with the processing of your personal data, and to prevent their loss, alteration, misuse, unauthorised access or disclosure.
In particular, this website uses secure communication protocols that enable the encrypted transmission of information between your device and our systems.
These security measures are reviewed and updated on a regular basis, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing.
Updates to the Privacy Notice
This Privacy Notice is currently in force and was last updated in January 2026.
We may amend this Privacy Notice where necessary, for example as a result of regulatory changes, guidance or criteria issued by supervisory authorities, changes to our data processing activities, changes in our internal organisation, or where it is necessary to improve its content to make it clearer, more complete or better adapted to our services.
