The personal data that is provided when interacting with Azkoyen, S.A. (NIF A-31065618), whether through the corporate websites or within the scope of a contractual or pre-contractual relationship with said company, will be processed by them in their capacity as Data Controller.
What is the basic legislation applicable in spain regarding the protection of personal data?
In the private sector, the basic regulations that apply are:
Within the scope of commercial relations, Azkoyen, S.A. will process personal data for the following purposes and legitimate reasons:
Within the context of relations with job candidates, Azkoyen, S.A. may process personal data included in the CVs it receives directly or through the e-Preselec platform or other similar platforms. The purpose of this processing is to manage the personnel selection processes and the candidate pool. Basis of legitimacy: application of pre-contractual measures at the request of the data subject (Art. 6.1 b) GDPR), express consent of the data subject linked to the fact that the CV has been submitted (art. 6.1 a) GDPR).
Furthermore, based on the existence of legitimate interest (art. 6.1 f) RPD), Azkoyen may carry out due diligence checks to verify the veracity of the qualifications, certifications and other relevant employment information included in the CVs provided.
Your personal data may be provided to external ancillary service providers, with access to personal data, engaged by Azkoyen, S.A., such as IT service providers with access to personal data (technical/computer maintenance service providers, cybersecurity, hosting), environmental management companies, accountancy firms, administrative agencies, personnel recruitment companies, advertising and marketing companies and other auxiliary service providers who will act as data processors under the instructions of Azkoyen, S.A.
The purchase of our products and services will normally be carried out through our distribution network. Your personal data will therefore be passed on to the official distributor nearest to your headquarters/work centre and, where applicable, to the transport or courier companies hired to deliver the products.
If you give your express consent, your data may be transferred for marketing purposes to the other companies of the Azkoyen Group and to organisations that have signed a marketing partnership agreement with Azkoyen, S.A.
Where legally applicable, your data may also be disclosed to public administration bodies, auditors, notaries, legal experts, lawyers, solicitors, courts and tribunals and law enforcement agencies in the performance of their duties.
Your personal data will be kept only for as long as is necessary to fulfil the purpose for which it was collected. In this regard, when your personal data is no longer necessary for the fulfilment of these purposes, it will be deleted. However, they may be blocked beforehand, remaining exclusively at the disposal of Judges, Courts, Public Prosecutors' Offices or the competent Public Administrations, in particular the personal data protection authorities, for the purpose of dealing with possible liabilities deriving from the processing and only for the applicable statutory period.
The processing of the personal data provided will be carried out applying the necessary physical, logical and organisational security measures to prevent the loss, improper use, alteration and unauthorised access to the data, taking into account the state of technology, the nature of the data and the risk analysis carried out.
Furthermore, Azkoyen carries out its business activities in accordance with a management model based on continuous improvement, in line with the ISO 27001 standard.
Azkoyen has two corporate Data Processing Centres (DPC) which are located in Navarra (Spain). International transfers of personal data, i.e. outbound transfers of personal data from the EU to territories or international organisations outside the European Economic Area (EEA), may occur only in certain cases.
In cases where this applies, Azkoyen will always ensure that one of the following conditions is met: (i) an Adequacy Decision exists which attests to an adequate level of protection (ii) standard clauses have been drawn up in accordance with the Commission's Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the international transfer of personal data to a third country (iii) neither of the above two conditions applies, but one of the exceptions set out in art. 49 GDPR is applicable. In this regard, it should be clarified that some Azkoyen services involve the hosting of personal data in the Microsoft Azure cloud, which entails transfers of personal data to the United States, which, following the cancellation of the Privacy Shield, cannot rely on the formalisation of standard clauses, so until the EU and the United States reach a new agreement, it is necessary to resort to the application of the exceptions of Art. 49 RGPD; and more specifically in the application of the conditions established in Art. 49.1 b) and c) GDPR:
“b) the transfer is necessary for the performance of a contract between the data subject and the controller or for the performance of pre-contractual measures adopted at the request of the data subject;
c) the transfer is necessary for the conclusion or performance of a contract, in the interest of the data subject, between the controller and another natural or legal person.”
To revoke the consents granted, where applicable, as well as to exercise the rights of access, rectification, deletion, opposition, limitation, portability and non-submission to automated individual decisions, you may send a written request to:
Avda. San Silvestre s/n, 31350, Peralta (Navarra-Spain)
If the data subject considers it opportune, they may contact our Data Protection Officer (DPO) via the same e-mail account shown above, as well as submit the appropriate claim for the protection of rights to the Spanish Data Protection Agency.
The obligatory data in each form are identified as such by means of an asterisk (*). The refusal to provide such information will prevent communication with the user and, if applicable, the impossibility to provide the requested information and/or service.