Saltar al contenido

Data Protection Policy and Record of Processing Activities

Data Protection Policy and Record of Processing Activities 

This Data Protection Policy provides details on all the information that applies to the use that we make at BEAZ, S.A.U., of the personal data of the people who contact us or who make use of our services. 

Furthermore, given our status as a provincial trading company and in compliance with the provisions of Article 30 of the EU Regulation, 2016/679 (General Data Protection Regulation, “GDPR”), and 31 of the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (“ LOPDGDD”), we publish below our record of processing activities, through which you can find detailed information on the personal data processing that we carry out.  

Basic data protection information 

1. Who is the data controller? 

The data controller is BEAZ, S.A.U., a trading company attached to the Department of Economic Promotion of the Bizkaia Provincial Council. Its purpose is to contribute to the growth of economic activity and job creation by supporting the creation of innovative companies and the development of innovative business projects in existing companies in order to boost their growth, such as new products and services, new markets, innovation, and internationalisation. 

2. Who is the Data Protection Officer? 

The duties and position of the Data Protection Officer are carried out by the Head of the Legal Consultancy, Information Security, and Data Protection Section, attached to the Modernisation, Good Governance, and Transparency Cabinet. The creation, appointment, and regulation of the Data Protection Officer of Bizkaia Provincial Council and public sector Provincial Entities was approved via the government Council Agreement on 15 May 2018. This appointment was published in the Official Gazette of Bizkaia Number 99 of 24 May 2018, and its official communication to the Basque Data Protection Agency (BDPA) was carried out.  

You may contact the Data Protection Officer through the Legal Consultancy, Information Security, and Data Protection Section at the following postal address: Gran Vía 25, 48009, Bilbao.  

3. What are your rights when you provide us with your data? 

Data protection regulations grant data subjects a number of rights over their personal data, which we inform you of below. These rights can be exercised directly or through a legal representative or volunteer and are free of charge.  

You can exercise your rights by contacting BEAZ, S.A.U., in writing, together with a photocopy of your ID card or similar identity document, at the following address: 

C/ Sabino Arana 8, 

48013 Bilbao 

 

Once we have received your request, we will issue a decision. If you do not agree with the decision, you may lodge a prior complaint with the data protection officer (via the Bizkaia Provincial Council, located at Gran Vía, 25 – 48009, Bilbao), who will be responsible for handling its resolution within BEAZ, S.A.U., or to the Basque Data Protection Agency (www.avpd.euskadi.eus). 

The rights held by data subjects are as follows:  

  • Right to Access: the right to know whether personal data are processed and all the complete information on said processing, including: personal data, categories, purposes, recipients, storage period, origin, transfers, and communications. 
  • Right to Rectification: the right to rectify inaccurate personal data and to complete incomplete data. 
  • Right to Erasure: the data controller has the right to erase personal data in these cases: 
  • Due to the unlawful processing of data. 
  • Due to the purpose for which the data were processed or collected no longer being applicable. 
  • Due to withdrawal of consent (only if the legal basis of the processing of the data is consent). 
  • Due to an objection to processing. 
  • Right to Object: you may object to the processing of your personal data when the legitimate basis for the processing is the exercise of official authority or the legitimate interest of the Data Controller.  
  • Right to Limitation:  Limitation of the processing of personal data, which includes the aspects of suspension of processing and data retention: 
  • The suspension of processing is requested: 
  • When the accuracy of personal data is contested, during the period for verifying its accuracy. 
  • When the data subject objects to processing, stating personal reasons, while it is verified that the Controller is processing the corresponding data legitimately in the public interest or in the exercise of official authority, and it is determined that this processing by the Controller takes precedence. 
  • Retention of the data is requested: 
  • When the processing is unlawful and the request is for restriction of use and not erasure. 
  • When individuals need the data for the exercise or defence of claims, but at the same time the Controller no longer needs the data for the purposes of the processing. 
  • Right to not be the subject of automated decisions: this right guarantees that the data subject shall not be subject to decisions based solely on the processing of personal data, including profiling, and decisions that have legal effects on the individual. However, this right does not apply: 
  • If it is necessary for the conclusion or performance of a contract between the data subject and the data controller; 
  • If the legitimate basis of processing is consent. 

4. In what circumstances will we disclose your data? 

We will not disclose your data to third parties without informing you in advance and without an appropriate legal basis for doing so. 

Occasionally, we enter into contracts with companies to provide us with certain services that require access to personal data. We have entered into appropriate data processing agreements with these companies that comply with the provisions of the GDPR and the LOPDGDD. Through these agreements we ensure that these companies process the data to which they have access only to provide us with the contracted service, that they never use it for purposes for which we have not authorised them, and that they will not share personal data with third-party companies and/or administrations. Furthermore, we require them to implement a series of security measures that guarantee the confidentiality and integrity of personal data. We only enter into contracts with companies and entities that give us guarantees that they comply with the data protection provisions in force.  

As we will inform you in each case, when certain circumstances arise we are legally obliged to transfer data to different public administrations.  

Unless specified otherwise, we do not carry out international data transfers. 

5. What security measures do we apply to the processing of data? 

The security measures implemented correspond to those described in Annex II (Security measures) of Royal Decree 3/2010, of 8 January, regulating the National Security Framework in the area of e-Government. We also apply the following security measures:  

  • The data subject is informed about the details of the processing with personalised data protection clauses. 
  • The data subject is informed of his or her rights through personalised data protection clauses. 
  • The media are transported in and out of the company by personnel authorised by the data controller with security measures. 
  • Unauthorised persons are prevented from accessing the data during manual processing (documents). 
  • Unauthorised persons are prevented from viewing the data during digital processing (screens). 
  • Documentation is stored in a storage facility or secure department. 
  • There is a document destruction protocol. 
  • There is a protocol for the destruction of digital media. 
  • There is an identification and authentication procedure. 

 

Record of Processing Activities and additional information  

Below is detailed information on each of the processing activities that we carry out at BEAZ, S.A.U. 

  1. Customer management 
  1. For what purpose do we process your personal data? 

We process your personal data for the administrative, tax, and accounting management of our customers, for the management and maintenance of initial contacts, the analysis and monitoring of grant files in collaborative projects, and for the management of participation in events and the provision of services. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

We process your personal data for the purposes of contractual legal instruments (GDPR art. 6.1. b.) and the fulfilment of legal obligations applicable to BEAZ, S.A.U. (GDPR art. 6.1. c.).  

The laws that act as the legal basis of the processing of the data are as follows:  

  • Law 9/2017 of 8 November, on Public Sector Contract. 
  • Royal Decree 1514/2007 of 16 November, approving the General Accounting Plan. 
  • Provincial Regulation 2/2005, of 10 March, on General Taxation in the Historical Territory of Bizkaia. 
  • Provincial Decree-Law 5/2013 of 3 December, approving the revised text of Provincial Regulation 5/2006, of 29 December, General Budgetary, Tax, and Public Procurement Regulation. 

In addition, we also process personal data with your consent for the management of events. You may withdraw your consent at any time by contacting BEAZ, S.A.U.  

  1.  What data do we process and how did we obtain it? 

The data we process comes from customers and users.  

We process the following categories of data: 

  • Identification data: name and surname(s), ID card number, address, and telephone number; 
  • Economic, financial, and insurance information; 
  • Employment and education;  
  • Transactions of goods and services. 

  

  1. Who will receive your data? 

We disclose data to: 

  • Banks and savings banks; 
  • Administrations or public bodies with the corresponding jurisdiction: Bizkaia Provincial Council. 
  1. Management of contractors/subcontractors and suppliers. 
  1. For what purpose do we process your personal data? 

We process your personal data for administrative and operational purposes, as well as the fulfilment of legal obligations in relation to contracted and subcontracted companies: 

  • Fulfilment of obligations with various bodies (Social Security, Tax Authorities, and other public bodies); 
  • Training activities; 
  • Control of access to facilities and information systems (IT systems);  
  • Occupational health and safety (compliance with the duty to coordinate these activities). 
  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

We process your personal data for the purposes of contractual legal instruments (GDPR art. 6.1. b.) and the fulfilment of legal obligations applicable to BEAZ, S.A.U. (GDPR art. 6.1. c.).  

The laws that act as the legal basis of the processing of the data are as follows:  

  • Law 9/2017 of 8 November, on Public Sector Contract. 
  • Law 31/1995, of 8 November, on the Prevention of Occupational Risks. 
  • General Public Accounting Plan in relation to the First Final Provision of Law 16/2007, of 4 July; 
  • Provincial Decree-Law 5/2013 of 3 December, approving the revised text of Provincial Regulation 5/2006, of 29 December, General Budgetary, Tax, and Public Procurement Regulation. 
  1.  What data do we process and how did we obtain it? 

The data we process comes from the personnel of the contracted and subcontracted companies. 

We process the following categories of data: 

  • Identification data: name and surname(s), ID Card number/Tax ID number; 
  • Social Security/Mutual insurance company number; 
  • Personal characteristics; 
  • Education/employment details. 

  

  1. Who will receive your data? 

The data transfers listed below have compliance with the legal obligations of the aforementioned laws as their legal basis. 

Specifically, we disclose data to the following parties: 

  • Mutual Insurance Companies for Accidents at Work and Occupational Diseases; 
  • Administration and competent Public Bodies; 
  • External Prevention Services (Health Surveillance). 
  1. Human resource management 
  1. For what purpose do we process your personal data? 

We process your personal data for the management of the employment relationship with our employees. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

The legal basis for the processing of your personal data is the performance of a contract to which the data subject is a party (GDPR art. 6.1.b.) and compliance with the legal obligations imposed on us by the following laws (GDPR art. 6.1.c.):  

  • Royal Legislative Decree 5/2015, of 30 October, approving the revised text of the Law on the Basic Statute of the Public Employee; 
  • Law 6/1989, of 6 July, on the Basque Civil Service; 
  • Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers' Statute Law; 
  • Royal Legislative Decree 8/2015, of 30 October, approving the revised text of the General Law on Social Security; 
  • Law 31/1995, of 8 November, on the Prevention of Occupational Risks. 
  1.  What data do we process and how did we obtain it? 

The data we process comes from our employees.  

We process the following categories of data: 

  • Identification data: name and surname(s), ID Card number/Tax ID number, address, and telephone number; 
  • Social Security/Mutual insurance company number; 
  • Personal characteristics; 
  • Social circumstances; 
  • Financial: and insurance financing; 
  • Education and employment details; 
  • Special categories of data: health data, trade union membership. 
  1. To whom will we disclose your data? 

We disclose data to the following parties: 

  • Mutual insurance companies for accidents at work and occupational diseases;  
  • The corresponding competent public administration;  
  • External prevention services (health surveillance); 
  • Financial and savings institutions; 
  • Voluntary Social Welfare Entities (EPSV); 
  • Training companies and foundations. 
  1. Management of the Board of Directors 
  1. For what purpose do we process your personal data? 

We process your personal data for the administrative management and legal obligations with regard to the members of the Board. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

We process personal data for the fulfilment of legal obligations applicable to BEAZ, S.A.U., (GDPR art. 6.1. c.).  

The laws that act as the legal basis of the processing of the data are as follows:  

  • Royal Legislative Decree 1/2010, of 2 July, approving the revised text of the Capital Companies Law. 
  1.  What data do we process and how did we obtain it? 

The data we process comes from the members of the Board of Directors.  

  • Identification data: name and surname(s), ID Card number/Tax ID number, address, and telephone number.  
  1. Who will receive your data? 

We disclose personal data to the competent Public Administrations in compliance with the legal obligations imposed on us by the aforementioned laws. 

  1. Management of selection processes 
  1. For what purpose do we process your personal data? 

We process your personal data for the management of the selection processes of candidates. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

The legal basis for the processing of data is the implementation of pre-contractual measures arising from the selection process for recruitment (GDPR art. 6.1.b) and the consent of the data subject (GDPR art. 6.1.a). Consent may be withdrawn at any time by contacting BEAZ, S.A.U.  

  1.  What data do we process and how did we obtain it? 

The data we process comes from candidates in the selection processes.  

We process the following categories of data: 

  • Identification data: name and surname(s), ID Card number/Tax ID number, address, and telephone number; 
  • Personal characteristics; 
  • Social circumstances; 
  • Education and employment details. 
  1. To whom will we disclose your data? 

The data processed in the management of the selection processes will be disclosed to the Bizkaia Provincial Council. 

  1. Telematic incorporation of companies 
  1. For what purpose do we process your personal data? 

We process your personal data to carry out telematic procedures for the incorporation of new companies. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

The legal basis for the processing of personal data is the consent of the data subject (GDPR art. 6. 1. a.) and the fulfilment of legal obligations (GDPR art. 6.1.c. Specifically, the laws that act as the legal basis for the processing of data are as follows:  

  • Royal Legislative Decree 1/2010, of 2 July, approving the revised text of the Capital Companies Law. 
  • Provincial Regulation 2/2005, of 10 March, on General Taxation in the Historical Territory of Bizkaia. 

You can withdraw your consent at any time by contacting BEAZ, S.A.U. 

  1.  What data do we process and how did we obtain it? 

The data we process comes from our customers and users. 

We process the following categories of data: 

  • Identification data: name and surname(s), ID Card number/Tax ID number, address, and telephone number: 
  • Social Security/Mutual insurance company number; 
  • Personal characteristics; 
  • Social circumstances; 
  • Financial, and insurance financing. 
  1. Who will receive your data? 

We disclose data to the following parties in compliance with the aforementioned legal obligations: 

  • Public Registries; 
  • Tax Revenue Administration. 
  1. Dissemination activities 
  1. For what purpose do we process your personal data? 

We process your personal data for the promotional dissemination in our own and other media of our activities and the promotional activities of our customers. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

 

  1. What is the legal basis for processing the data? 

The legitimate basis for the data processing is the consent of the data subjects (GDPR art. 6.1. a.) You can withdraw your consent at any time by contacting BEAZ, S.A.U.  

  1.  What data do we process and how did we obtain it? 

The data we process comes from the data subject or their legal representative.  

We process the following categories of data: 

  • Identification data: name and surname(s), address, and telephone number, and email. 
  • Images and recordings. 
  1. Who will receive your data? 

We disclose data to: 

  • Press and media; 
  • Bizkaia Provincial Council. 
  1. Contact management  
  1. For what purpose do we process your personal data? 

We process your personal data for the management of BEAZ, S.A.U.'s institutional relations. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

We process your personal data for the fulfilment of legitimate interests pursued by the data controller (GDPR art. 6.1.f) as provided for in article 19.1 of Organic Law 3/2018, of 5 December, on the protection of personal data and guarantee of digital rights.  

  1.  What data do we process and how did we obtain it? 

The data we process comes from the contact persons of institutions. 

We process the following categories of data: 

  • Identification data: name and surname(s), address, email, and telephone number. 
  1. Who will receive your data? 

No data communications take place.  

  1. Access control and video surveillance  
  1. For what purpose do we process your personal data? 

We process your personal data to manage the security of BEAZ, S.A.U. facilities. 

  1. For how long will we keep the data? 

The data collected for video surveillance purposes will be kept for a period of one month in accordance with article 22.3 of Organic Law 3/2018 on the protection of personal data and guarantee of digital rights.  

The data collected for the purpose of controlling access to the building will be kept for the period necessary to fulfil the purpose for which they were collected, and to determine any possible liabilities that may arise from said purpose and from the processing of the data. 

  1. What is the legal basis for processing the data? 

We process your data for completion of a task carried out in the public interest or in the exercise of official authority conferred upon the controller (GDPR art. 6.1.e). 

Law 5/2014, of 4 April, on Private Security acts as the legal basis for the processing of data. 

  1.  What data do we process and how did we obtain it? 

The data we process comes from the employees of BEAZ, S.A.U., and from those who access our facilities.   

We process the following categories of data: 

  • Identification data: name and surname(s), ID card number, and signature. 
  • Images. 
  1. Who will receive your data? 

The data will be communicated to the State Security Forces and Corps. 

  1. Management of legal proceedings  
  1. For what purpose do we process your personal data? 

We process your personal data for the management of legal proceedings opened by the company. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

We process your personal data for the performance of a contract to which the data subject is a party (GDPR art. 6.1. b.).  

  1. What data do we process and how did we obtain it? 

The data we process comes from our customers, users, and employees. 

We process the following categories of data: 

  • Identification data; 
  • Personal characteristics; 
  • Social circumstances; 
  • Economic, financial, and insurance information. 

  

  1. Who will receive your data? 

We disclose data to: 

  • Public Registries; 
  • Courts and tribunals. 
  1. Incoming and outgoing correspondence 
  1. For what purpose do we process your personal data? 

We process your personal data to register and monitor incoming and outgoing documents. 

  1. For how long will we keep the data? 

They shall be stored for the period of time necessary to fulfil the purpose for which they were collected and to determine the possible liabilities that may derive from said purpose and the processing of data. 

  1. What is the legal basis for processing the data? 

We process your personal data to comply with the legal obligations (GDPR art. 6.1.c) imposed by Law 39/2015, of 1 October, on the Common Administrative Procedure of the Public Administrations. 

  1. What data do we process and how did we obtain it? 

The data we process comes from the data subject or their legal representative. We only process the identification data and contact details of people who submit documents to BEAZ, S.A.U. 

  1. To whom will we disclose your data? 

We do not disclose your data. 

  • Twitter
  • YouTube
  • LinkedIn
  • Flicker
  • Sindicación RSS

Beaz

GRATIS
VER