but can be responsible, accountable and assignor of the same data at the same time? More strange things have been. Well, it is not so serious recruitment conditions are articulated as sufficiently quirky Amsterdam as to comply with the data protection act with respect to the candidate and X and is already. Now are you? That nothing, Monad. Recall that X is responsible for a file, and as such, must meet various obligations including registering a file before the AEPD, and fulfill the duty of information previous, clearly and accurately. Only duly informing, X may prove an unequivocal consent of the candidate for the treatment and possible transfers to which it plans to submit to the candidate data (imagine that X is a company that is dedicated to the recruitment of a group of companies for example). Well, okay then X to notify the filing of candidates is not so complicated and that put a clause information in the own offer of employment, as required by the Spanish Agency of data protection in their labour relations Guide because you see what problem! Unfortunately, at times, the law is not the only problem. It is that some job portals, even knowing that their clients/companies (they are responsible for a file given by the portal, they reject job offers that contain informative clauses LOPD, because such clauses, by requirement of article 5.1.
to) of the LOPD, reported that the candidate data will be incorporated into a file responsibility of X. Personally, I do not know if such narrowness is attributable to an instinct for preservation of its business, to an attempt to get more money for the same service, or simply a wrong criterion. It is true that discuss this topic with its leaders has manifested itself as the exercise in dialectics more frustrating and tiring of my life. Therefore, I can only recommend to companies to publish their job vacancies through job portals, that before you spend the money, ask if the company that manages the portal allows them to include clauses LOPD in their offerings, because where they do not allow it, your company may incur in a breach of the data protection act by proceeding with the personal affected without providing their own data collection the information that indicates the article 5 of the Act (with fines between 600 and 60,000 euros), or if your company is dedicated to making the recruitment of a group of companies, even could be considered that it has proceeded to communication or transfer of data of a personal nature, out of cases that are allowed (with fines between 300,000 and 600,000 euros). Obviously the job portal has the right to put their conditions of use of their services, and more in a dominant position; However, we should not forget that article 1255 of the Civil Code establishes that the contracting parties can establish the Covenants, terms and conditions that are suitable, provided that they are not contrary to law, morality or public order. In conclusion, if we collect personal data without complying with the duty of information, we can be sanctioned even though responsible for the data collection channel prevents us.