Privacy Policy

ENTITY RESPONSIBLE FOR DATA PROCESSING

Data controller identity: Álava Agencia de Desarrollo S.A. (hereinafter “AAD”), Tax Identification Number (NIF) A-01103118, operating at C/Joaquín José Landazuri, 13-15 Bajo, 01008, Vitoria-Gasteiz (Álava). E-mail: agencia@aad.eus

This privacy policy applies to all personal data provided to AAD by users of our site, as well as to any individual interested in the activities and services offered by AAD via its web pages or any other means of communication. The aim of AAD’s Privacy Policy is to provide transparency regarding how we treat your personal data in compliance with current data protection regulations.

RPTE is a group made up of the three technology parks in the Basque Country promoted by the Basque Government with the mission to promote the diversification of industry, innovation, and the transfer and dissemination of technology in the Basque Country.

Any interested party may contact RPTE through the information provided in the data controller identity.

RECORD OF PROCESSING ACTIVITIES

AAD has a Record of Processing Activities detailing each of the following processing operations carried out by the company:

  1. RGPD Processing: APPLICATIONS.

Purpose of processing: management of the curricula vitae of people who apply for selection processes, self-application and job listings.

Category of applications: people who aspire to work at the company.

Category of personal data:

  • Personally identifiable data: name and surname, Tax Identification Number (NIF), Social Security number, postal address, telephone numbers, e-mail address.
  • Professional data: employment history, curriculum vitae.

Category of personal data recipients: HR consultant, if applicable.

Retention period for the various categories of data: according to that established by tax legislation regarding the statute of limitations for liability.

  1. RGPD handling: CUSTOMERS

Purpose of processing: customer relationship management.

Category of customers: persons with whom a business relationship is maintained as customers.

Category of personal data:

  • Invoicing.
  • Those necessary for the maintenance of the business relationship.
  • Personally identifiable data: name and surname, Tax Identification Number (NIF), Social Security number, postal address, telephone numbers, e-mail address.
  • Bank details: for direct debit of payments and/or bank transfers.

Category of personal data recipients: Tax Administration.

Retention period for the various categories of data: according to that established by tax legislation regarding the statute of limitations for liability.

  1. GDPR processing: PERSONNEL

Purpose of processing: management of employee relations.

Category of personnel: persons working at the company.

Category of personal data:

  • Payroll management.
  • Communication of Social Security registration and deregistration.
  • Personally identifiable data: name and surname, Tax Identification Number (NIF), Social Security number, postal address, telephone numbers, e-mail address.
  • Further personal details: marital status, date and place of birth, age, sex, nationality, number of children and percentage of disability.
  • Professional data: employment history, curriculum vitae.
  • Bank details: for direct debit of paychecks and/or bank transfers.

Category of personal data recipients: Social Security and Tax Administration.

Retention period for the various categories of data: according to that established by tax legislation regarding the statute of limitations for liability.

  1. GDPR processing: SUPPLIERS

Purpose of processing: supplier relations management.

Category of suppliers: persons with whom a business relationship is maintained as suppliers of products and services.

Category of personal data:

  • Those necessary for the maintenance of the business relationship.
  • Personally identifiable data: name and surname, Tax Identification Number (NIF), Social Security number, postal address, telephone numbers, e-mail address.
  • Bank details: for making payments.

Category of personal data recipients: Tax Administration.

Retention period for the various categories of data: according to that established by tax legislation regarding the statute of limitations for liability.

  1. RGPD processing: VIDEO SURVEILLANCE

Purpose of processing: grounds security management.

Category of surveillance: recording and display of images using cameras for the security of the company’s offices and infrastructures.

Category of personal data:

  • Videos and images.

Category of personal data recipients: regional or local police, and tenants or owners entitled to request the data.

Retention period for the various categories of data: image recordings may be stored for a maximum of 30 days, unless special circumstances arise, such as a police or judicial investigation.

SECURITY MEASURES

AAD is committed to fulfilling its duty to uphold the confidentiality, secrecy and protection of personal data, and take the necessary measures to prevent any alteration, loss, or unauthorised handling or access of data, in accordance with that established in the applicable legislation.

AAD has implemented the necessary technical and organisational security measures to ensure the security of your personal data and prevent its alteration, loss and unauthorized handling and/or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether caused by human activity or the physical or natural environment, in accordance with that established in the applicable legislation.

MODIFICATIONS TO THE PRIVACY POLICY

AAD may modify its Privacy Policy in accordance with the applicable legislation at any given time. Nonetheless, any modification of the Privacy Policy will be duly notified to the affected party so that he or she is informed of the changes made in the processing of his or her personal data and, if the applicable legislation so requires it, the affected party may be requested to give his or her consent.

Last update applied to AAD’s Privacy Policy: May 19, 2021.