Bilerro | Privacy policy
Trabaja con nosotros Contacto Buscar
ES | EN

Privacy policy

1. Introduction to the Privacy Policy

Welcome to VELATIA’s Group privacy policy. Hereinafter, the name VELATIA refers to any of the companies that form part of VELATIA, a list of which can be found at here.

Contact details for any matter relating to data protection:

  • Business address: Parque Científico y Tecnológico de Bizkaia, Edificio 104, 48170 Zamudio (Bizkaia).
  • Email address for matters relating to the exercise of data protection rights:
    dataprivacy@velatia.com

For more information about contacting VELATIA or its companies, please read our legal note.

The aim of this website’s Privacy Policy is to comply with the duty to provide information and transparency as set out in Article 12 of Regulation (EU) 2016/679 on the protection of personal data. As well as in cases where the duty to provide information has been fulfilled through basic “first layer” information in accordance with Article 11 of Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, this privacy policy corresponds to the additional information known as “second layer”, whose required elements are those described in Articles 13 and 14 of Regulation (EU) 2016/679 on personal data protection.

2. The Meaning of ‘personal data’

‘Personal data’ means any information relating to an identified or identifiable natural person. This means any person who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. an IP address – if it can be used to identify the person) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

In short, this includes data that, either by itself or with other data in our possession or available to us, can be used to identify you.

3. Processing of Personal Data

“Processing” means any operation or set of operations performed on your personal
data. VELATIA sets out below the detailed information on each processing operation
in accordance with the guidelines established by the Spanish Data Protection
Agency.

  1. Job Application Processing whose purpose is to manage the CVs of
    job applicants as well as the operations involved in the recruitment process.

    1. Data category: identifiers including contact details, national identification number and personal image; employment history.
    2. Legal basis: the data subject’s consent (art. 6.1.a GDPR) in the case of spontaneous applications and, in all other cases, pre-contractual relationship (art. 6.1.b GDPR).
    3. Data validity period: the data remain valid for three years.

  2. Entry Control Processing whose purpose is to register the persons who wish to enter our premises.

    1. Data category: identifiers.
    2. Legal basis: legitimate interest based on the need to maintain the safety of persons on the premises (art. 6.1.f GDPR).
    3. Data validity period: the data remain valid for 30 days. Once this period has expired, the data are deleted.

  3. Contact Management Processing whose purpose is to record the details of the contact persons who work for our customers and suppliers, as well as those of the persons with whom we have a business or institutional relationship.

    1. Data category: identifiers such as first name and last name(s); contact details such as telephone and fax number, email address and postal address; professional details such as job title or position.
    2. Legal basis: legitimate interest based on the need to maintain business relations (art. 6.1.f GDPR).
    3. Data validity period: the data remain valid for the duration of the relationship that gave rise to their collection. Once the relationship has ended, the data may be kept blocked pursuant to Article 32
      of Organic Law 3/2018 in the event that legal liabilities may arise.

  4. External Personnel Processing whose purpose is to perform the set of operations established in the coordination of business activities defined in Spanish Law 31/1995 on the Prevention of Occupational Risks, developed in Royal Decree 171/2004.

    1. Data category: identifiers such as first name and last name(s); professional details such as job title or position and type of contract; salary details included in Social Security forms TC1, TC2 and ITA; data relating to assigned PPE; data recorded on entering premises.
    2. Legal basis: fulfilment of legal obligations established for the prevention of occupational risks (art. 6.1.c GDPR).
    3. Data validity period: the data remain valid for the duration of the relationship that gave rise to their collection. Once the relationship has ended, the data may be kept blocked pursuant to Article 32
      of Organic Law 3/2018 in the event that legal liabilities may arise.

  5. Video Surveillance Processing whose purpose is to ensure the perimeter security of the facilities, as well as of the goods and persons located therein.

    1. Data category: images recorded using cameras.
    2. Legal basis: legitimate interest based on the need to
      maintain the safety of the premises (art. 6.1.f GDPR).
    3. Data validity period: the data remain valid for 30 days.
      Once this period has expired, the data are deleted.

  6. Communication and Marketing Processing whose purpose is to maintain business relations with customers, future customers, current or potential suppliers and anyone interested in the activities and products of VELATIA’s companies.

    1. Data category: identifiers such as first name and last name(s); contact details such as email address, phone number, work address and job title or position.
    2. Legal basis: legitimate interest based on the marketing activities in which the data subject has shown an interest (art. 6.1.f GDPR), or consent to receive newsletters and emails (art. 6.1.a GDPR).
    3. Data validity period: the data remain valid for the duration of the business relationship provided that the data subject does not withdraw consent or request erasure. Outdated or obsolete data will be erased as soon as this circumstance is detected.

  7. Website Browsing Information. There may be cookies used for monitoring purposes or to produce statistical information about the use of our platforms, as well as to analyse and improve their functionality. To find out more about the information collected, type of data and data validity periods, you should read our Cookies Policy .
4. Disclosure of Personal Data to Third Parties

We may disclose your personal data to third parties, including, among others, the following:

  1. Jointly responsible companies within our group, maintaining the purposes and legal bases of the processing.
  2. Third parties that provide us services and that help us and our group of companies to operate our business. For example, sometimes a third party may have access to your personal data in order to support our information technology or handle mail on our behalf. We have concluded appropriate data processor agreements with these third parties.
  3. Our legal advisers and other professional advisers and auditors.
  4. As and when necessary to meet a legal requirement, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this website, or to take precautions against legal liability.
  5. Regulatory authorities, courts and administrative bodies, in order to meet legal and administrative obligations, such as tax or labour obligations, for example.

International Transfers of Personal Data:

There are no plans to transfer personal data to countries outside Europe.

5. Security of Personal Data

We strive to use appropriate technical and physical security measures to protect the personal data transmitted, stored or otherwise processed from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include IT safeguards and protected files and facilities. Our service providers are carefully selected and must also use suitable protective measures. Industry-standard SSL encryption is used on the website to protect data transmissions.

6. Your Rights under Current Data Protection Legislation

You have various rights under data protection laws. These may include (where applicable):

  • The right to obtain confirmation as to whether or not VELATIA is processing personal data concerning you.
  • The right to request access to your personal data, meaning to know which of your personal data we hold.
  • The right to rectification, including requesting that inaccurate personal data be corrected.
  • The right to request restriction of processing or to object to the processing of your personal data.
  • The right to request erasure of your personal data when they are no longer necessary for the purposes for which they were collected.
  • The right to object to processing unless you have given prior consent or unless we demonstrate compelling legitimate grounds or the defence of legal claims.
  • The right to data portability, including receiving personal data in a commonly used and machine-readable format in certain circumstances, provided that the processing is automated.
  • The right to withdraw your consent to any processing to which you previously gave consent.

Please note that the exercise of some of these rights may be subject to legal or other limitations, which the organisation must justify when responding to your request. You may exercise your rights by writing to the email address provided for this purpose or by using the contact channels identified in the introduction.

In order to process your request, it will be necessary to verify your identity and confirm that you are the data subject. Your request should include your first name, last name(s), national identification number, the specific request, and the address where you wish to receive the response. If necessary, we may request a copy of a document proving your identity.

If you wish, we can provide you with a suitable form to help you submit your request in accordance with Organic Law 3/2018 on Personal Data Protection and the Guarantee of Digital Rights.

If your request is not satisfactorily addressed, you may contact the competent supervisory authority, the Spanish Data Protection Agency, whose website is www.aepd.es/en and whose postal address is Calle Jorge Juan 6, 28001 Madrid, Spain.

7. Links

The VELATIA website may include hyperlinks to other websites that are not operated or controlled by VELATIA. Therefore, VELATIA neither guarantees nor assumes responsibility for the legality, reliability, usefulness, accuracy or timeliness of the content of such websites or their privacy practices. Before providing your personal information to such websites, please note that their data protection compliance may differ from ours.

8. Updates and Changes to this Privacy Policy

This privacy policy was last updated in March 2021.

VELATIA may amend this Privacy Policy without prior notice in accordance with the applicable legislation in force at any given time and in line with changes to its privacy management system.