了解我们所有的产品信息
隐私政策
Welcome to VELATIA’s privacy policy. Hereinafter, the name VELATIA refers to any of the companies that form part of VELATIA, a list of which can be found here. Contact details for any matter relating to data protection:
For more information about contacting VELATIA or its companies, please read our legal note.
The aim of this website’s Privacy Policy is to comply with the duty to provide information and transparency as set out in Article 12 of Regulation (EU) 2016/679 on the protection of personal data. As well as in cases where the duty to provide information has been fulfilled through basic “first layer” information in accordance with Article 11 of Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, this privacy policy corresponds to the additional information known as “second layer”, whose required elements are those described in Articles 13 and 14 of Regulation (EU) 2016/679 on personal data protection.
‘Personal data’ means any information relating to an identified or identifiable natural person. This means any person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. an IP address – if it can be used to identify the person) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In short, this includes data that, either by itself or with other data in our possession or available to us, can be used to identify you.
’Processing’ means any operation or set of operations performed on your personal data. VELATIA sets out below the detailed information on each processing operation in accordance with the guidelines established by the Spanish Data Protection Agency.
a. Data category: identifiers including contact details, national identification number and personal image; employment history.
b. Legal basis: The data subject’s consent (art. 6.1.a GDPR) in the case of spontaneous applications and in all other cases, pre-contractual relationship (art. 6.1.b GDPR).
c. Data validity period: The data remain valid for three years.
a. Data category: identifiers.
b. Legal basis: Legitimate interest based on the need to maintain the safety of persons on the premises (Art. 6.1.f GDPR).
c. Data validity period: The data remain valid for 30 days. Once this period has expired, the data are deleted.
a. Data category: identifiers such as first name and last name(s); contact details such as telephone and fax number, email address, postal address; professional details such as job title or position.
b. Legal basis: Legitimate interest based on the need to maintain business relations (Art. 6.1.f GDPR).
c. Data validity period: The data remain valid for the duration of the relationship that gave rise to their collection. Once the relationship has ended, the data may be kept blocked pursuant to Article 32 of Organic Law 3/2018 in the event that legal liabilities may arise.
a. Data category: identifiers such as first name and last name(s); professional details such as job title or position and type of contract; salary details included in Social Security forms TC1, TC2 and ITA; data relating to assigned PPE; data recorded on entering premises.
b. Legal basis: fulfilment of legal obligations established for the prevention of occupational risks (Art. 6.1.c GDPR).
a. Data category: images recorded using cameras.
b. Legal basis: Legitimate interest based on the need to maintain the safety of the premises (Art. 6.1.f GDPR).
a. Data category: identifiers such as first name and last name(s); contact details such as email address, phone number, work address and job title or position.
b. Legal basis: Legitimate interest based on the marketing activities in which the data subject has shown an interest (art. 6.1.f GDPR) by requesting information via the website contact form; or by giving consent to receive newsletters and emails (art. 6.1.a GDPR).
c. Data validity period: The data remain valid for the duration of the business relationship and provided that the data subject does not withdraw their consent or request the erasure of their data. Outdated or obsolete data will be erased as soon as this circumstance is detected.
We may disclose your personal data to third parties, including, among others, the following:
International Transfers of Personal Data: There are no plans to transfer personal data to countries outside Europe.
We strive to use appropriate technical and physical security measures to protect the personal data transmitted, stored or otherwise processed from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access thereto, in relation to our website. These measures include IT safeguards and protected files and facilities. Our service providers are also carefully selected and must use suitable protective measures. Industry-standard SSL encryption is used on the website to protect data transmissions. The majority of current browsers accept the level of security necessary to use these areas.
You have various rights under the data protection laws. These may include (where applicable). Anyone has the right to:
Please note that your ability to exercise some of these rights may be restricted in the event of legal or other limitations that the organisation must justify in responding to your request. You may apply to exercise your rights by writing to the email address provided for this purpose or by making an enquiry about your rights using the contact channels identified in the introduction.
In order to process your application, it will be necessary to check your identity and verify that you are the data subject, so your email or enquiry should include your first name, last name(s), national identification number, the specific application request, and the address where you wish to be notified of the response. If necessary, we may ask you for a copy of the document certifying your identity.
If you wish, we can send you a suitable form that will help you complete your application in accordance with Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights.
If your application were disregarded, you may contact the corresponding supervisory authority, the Spanish Data Protection Agency, whose website is www.aepd.es and postal address is Calle Jorge Juan 6, 28001 Madrid, Spain.
The VELATIA website may include hyperlinks to other websites that are not operated or controlled by VELATIA. Therefore, VELATIA neither guarantees nor assumes liability for the legality, reliability, usefulness, accuracy and timeliness of the content of such websites or their privacy practices. Before supplying your personal information to such websites, please be aware that their data protection compliance may differ from ours.
The text of this privacy policy was updated in January 2021. VELATIA may amend its Privacy Policy without prior notice in accordance with the applicable laws in force at any given time and in keeping with any changes that may occur in its privacy management system.
The parties agree that all disputes or disagreements deriving from these conditions of use shall be definitively resolved before Bilbao Chamber of Commerce, Industry and Navigation, to which the administration of the arbitration and the designation of the arbiter is entrusted, in accordance with its articles and regulations.
Global Marketing and Sales Strategy Department Parque Científico y Tecnológico de Bizkaia Edificio 614 – 48160 Derio (Bizkaia), España social@ormazabal.com