VASS COMPANY WEBSITE PRIVACY POLICY

 

1.      WHO IS THE DATA CONTROLLER FOR THE PROCESSING OF YOUR PERSONAL DATA.

    a.       Contact details for the data controller:

            i.     Name: VASS CONSULTORIA DE SISTEMAS, S.L. (“VASS”)

            ii.    Registered Office: Avenida de Europa 1, edificio B, CP 28108, Alcobendas (Madrid)

            iii.   UTR: B82422015    

    b.       Contact details for the Personal Data Protection Committee: you may raise any data protection issues using the email address: dataprotection@vasscompany.com. 

2.      SCOPE OF THE POLICY

By accessing and using this website, taking part in any activity organised by us or using any medium that entails the processing of personal data you accept this Privacy Policy and the provision of the Legal Notice and Cookies Policy.

VASS provides you information to enable you to view the Privacy Policy and any other information relating to the Protection of Personal Data prior to providing your personal data.

This Privacy Policy may be amended by the owner of the website as required. Notice will be given via the website or other means of communication so that you may be aware of any changes and continue to use our Services. The fact of continuing to use our Services after being notified of any such changes will be deemed to constitute acceptance of any such changes except when express consent is required.

3.      BASIC PRINCIPLES

• We will never ask you for personal information unless it is genuinely necessary to the provision of the services requested.
• We will never share the personal information of our users with anyone except as provided in this Privacy Policy, to comply with the law or with you express consent.
• We will never use your personal data for a purpose other than the purpose set out in this Privacy Policy.

4.      THE PURPOSES FOR WHICH YOUR PERSONAL DATA WILL BE USED

VASS may process personal data collected through this website and/or from the users of any other websites of the VASS GROUP for the following purposes:

1.  Contact: to process the personal data of users who make contact with VASS through the contact form made available by VASS to users. Your personal data will be processed for the purpose of managing such contact, arrange meetings, provide information about products and solutions, provide information to communication media that request it, and to handle any other enquiries, questions, requests or comments that you may send to us via the channels provided for that purpose on our website.
   
   Please not also that such personal data will be disclosed when strictly necessary to the member of the VASS GROUP to whom an enquiry or incident raised is addressed. The lawful basis for that disclosure of personal data is compliance with legal obligations to which VASS is subject.
   
   
2. Talent: The personal data of users of our website who wish to take part in our recruitment processes are collected via the section entitled ‘Work with us’ which is available to the general public through the Group’s websites. The personal data provided will be processed for the purpose of handling CVs sent to VASS and for the purpose of reviewing the qualifications and experience of candidates and, where applicable, managing their participation in the recruitment processes of VASS and of any relevant member of the VASS GROUP. That section of the website provides detailed information about the processing of personal data, to which your consent will be specifically requested.
   
   
3. Registration for Events. The personal data of users of the website who wish to participate in any events, whether online or in-person, will be processed by VASS or a third party involved in such events, for the purpose of handling participation requests and, where applicable, to complete the procedures involved in the organisation of and management of registrations for each event.
   
   
4. Training: VASS provides training services through VASS University and other means. Personal data collected in that connection will be processed for the purpose of managing registration and student administration at VASS University and for the purpose of recording participation of students in activities organised by VASS in educational activities, workshops, trips, open days, etc and the publication of such recordings in the Websites of VASS and on the social media accounts of VASS.
   
   
5. Satisfaction surveys. VASS carries out tailored surveys to determine customer satisfaction levels with the services provided by VASS or any other member of the VASS GROUP and of attendees at any event organised by VASS.
   
   
6. Promotions: The personal data of users of websites collected through registration to participate in any Promotions (e.g., competitions, prize draws, etc.) made available by VASS through its websites will be processed for the purpose of managing each promotion, notifying the winner(s) of competitions, awarding the relevant prize(s) to the winner(s) and to manage compliance by VASS with its legal and tax obligations as the organiser of each promotion.
   
   The processing of such personal data will in any event in accordance with the terms and conditions for each Promotion which may include other specific purposes for processing in function of the nature of each promotion. VASS will make the terms and conditions for promotions available to users of its websites to consult prior to taking part in any promotion. Prior acceptance of the applicable terms and conditions will be a pre-condition of participation in any promotion.
   
   When someone chooses to register for a Promotion through a link on the profile of the individual on social media (e.g., Facebook, X (formerly Twitter), Instagram) the personal data and information authorises social media to provide to VASS by clicking on the appropriate Accept button will be processed by VASS to prepare and assess user profile and implement segmentation for commercial, promotional and publicity purposes, cross-checking with the customer and website user database and inclusion in that database, for the purpose of optimising and improving the sending of publicity, promotional or commercial information by VASS, and in order to provide users with appropriate information in function of their tastes, interests and preferences.
   
   
7. Commercial, promotional and publicity communications concerning products and services of VASS and the companies in the VASS GROUP: The personal data of website users may be processed by VASS for the purpose of providing publicity or promotional information or information that may be of interest to users by post, email, SMS, instant messaging and other electronic means of communication, only when a user may have given their consent to processing for that purpose by express acceptance through checking the box for commercial, promotional and publicity communications.
   
   Please note that such communications may relate to VASS and to any member of the VASS GROUP.
   
   Please note also that VASS may, for the purpose of optimising and improving the dispatch of publicity, promotional and commercial information by VASS and in order to provide appropriate information to website users in function of their tastes, interests and preferences, carry out processing of personal data to create profiles and implement segmentation for commercial and publicity purposes using not only personal data provided by data subjects through registration forms but also data derived from browsing and the use made by that data subject of the websites of VASS (internal data) and data collected through social media when a data subject consents to the provision of such data to VASS by social media platforms (e.g., Facebook, X (formerly Twitter), Instagram) through which the data subject may log on or register (external data).
   
   Data subjects may object at any time to the processing of their personal data for promotional or publicity purposes by VASS, including the creation of profiles as described, via any of the channels made available by VASS. 

5.      WHO WE SHARE YOUR PERSONAL DATA WITH

As a business with global reach, VASS manages the disclosure of users’ personal data both internally and with specific third parties. That disclosure of information includes external service providers, other external parties and is carried out in situations associated with commercial transactions and statutory requirements.

The personal data of users are shared in the following circumstances:

1.       Working with External Service Providers: VASS shares personal data with external entities to manage requests, answer queries, meet orders, validate coupons, offer sample, facilitate in draws and to facilitate various functionalities through online platforms. Those providers perform tasks on behalf of VASS, such as hosting and operation of websites, payment processing, data analysis, customer service, postal and delivery services and to manage promotions. Although they access the personal data necessary to their tasks, they are not authorised to use such data for other purposes. They are required to follow the instructions in this Publicity Policy and with laws and regulations that from time to time regulate the protection of personal data.

2.       Relationships with Other Third Parties: The personal data of uses will be used or shared by VASS with sponsors, advertisers, advertising networks, advertising providers, social media platforms, analytics providers and other third parties whose businesses relate to marketing, promotions, data enrichment and dissemination of product information.

3.       Transfers in the course of business: VASS may use or share personal data of users within the VASS Group for business and operational purposes. In carrying out its business VASS may acquire or dispose of assets, subsidiaries and business units. In those transactions, the personal data of users are generally considered to be transferable assets, albeit they remain subject to existing Privacy Polices unless the relevant data subjects give their explicit consent.

4.       Disclosure required by Law: VASS may disclose the personal data of users to third parties:

a.       To meet legal obligations.

b.      When it has a good faith belief that a provision of law requires it to do so.

c.       At the request of competent authorities in the course of ongoing investigations.

d.      To confirm or enforce of the Terms of Use or other important policies.

e.       To detect and protect against fraud and technical or security vulnerabilities.

f.        To respond to an emergency.

To protect rights, property, security or third party, visitors to the website of VASS, VASS or the general public.

6.      WHERE THE PERSONAL DATA THAT WE PROCESS COME FROM

The personal data that VASS processes as a result of its interactions with users through our website come from the following sources:

·        Personal data provided by users by completing the forms made available by VASS or that data subjects authorise social media platforms to disclose to VASS when they use links on social media to register by filling the places made available for participation in promotions managed by VASS by sending emails or by any other means of communication by which a data subject may make contact with VASS.

·        Personal data generated as a result of browsing and use by a data subject of any website of the VASS GROUP.

·        Personal data generated through the implementation, operation and maintenance of the relationships between VASS and individual data subjects.

·        Personal data of third parties provided by website users.

·        Personal data obtained from external sources (e.g., social media).

VASS may process personal data of the following types, in function of the relationship established with an individual user:

·        Identifying information (e.g., name and surnames, email address, postal address, telephone number, IP address, image).

·        Academic and professional information and/or details of employment (e.g., information in CVs).

·        Personal information and sociodemographic information (e.g., age, date of birth, tastes, interests, and lifestyle).

·        Browsing and location data (e.g., use of pages of the VASS website, sections visited, information provided by the user through social media when confirming their location).

·        Health and/or other kinds of information. Such classes of personal data will be processed only when the data subject shall have voluntarily such personal data when they have a food intolerance and are going to attend an event where food or refreshments will be provided. Please note that in any event VASS will adopt appropriate security measures in function of the class of personal data processed in each case.

Other types of personal data. Only when a data subject registers via a link on social media, the types of personal data will be processed provided by the data subject may have made public via the relevant social media platform and that the data subject has agreed should be accessed and processed by VASS.

7.      LAWFUL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA

VASS processes personal data provided by users of its websites on the following legal bases, in function of the type of personal data provided by users and the interactions that a user may establish with VASS.

·        The processing of users’ personal data for the purpose of Contact is based on the management and conduct of the legal relationship established between the user and VASS, in other word the management of the user’s request, maintaining contact between the parties and, where relevant, the provision of any service requested by the user.

·        The processing of users’ personal data for the purposes listed under Talent, Registration for Events, Promotions, Satisfaction Surveys, Commercial, promotional and publicity communications and services provided by VASS and members of the VASS Group, appropriate to users’ tastes, interests and preferences as identified by the creation of profiles and user segmentation, is based on the consent of the user.

Please note that VASS will only undertake the processing of personal data for the purposes of processing based on user consent where a user has consented to such processing through one of the mechanisms for the obtaining consent made available by VASS.

The processing of users’ personal data for the purpose set out under Training is based on the management and maintenance of the legal relationship established between the data subject and VASS and to comply with legal obligations to which VASS is subject.

8.      PERIOD OF RETENTION OF PERSONAL DATA

The period of retention of users’ personal data will vary in function of the service/processing that users may contract. Personal data will in any event be retained during the subsistence of the commercial/contractual relationship. When that relationship comes to an end, we will retain users’ personal data blocked for so long as legal obligations that may have arisen from processing may exist and/or during the periods prescribed by law so as to keep such personal data available for any competent authority to deal with any liabilities that may have arisen from the processing.

For illustration and without limitation, some retention periods are described below.

·        When there is a contract between VASS and a user, VASS will retain the personal data provided for the time necessary to operate the contractual relationship and, in any event, for limitation periods under current legislation. Personal data will as a general principle subsequently be destroyed, except when it is necessary to retain personal data to comply with a statutory obligation or a competent court or administrative order.

·        In circumstances when we receive a user’s CV in support of an application to work with us, VASS will process the personal data strictly during the recruitment process, except where the user authorises more extended processing for subsequent recruitment processes. The personal data of an unsuccessful candidate will be retained for a maximum period of (2) years from the end of the recruitment process or from the time at which a user voluntarily provides their CV.

·        To the extent consistent with law, we will process your contact information for the time required to handle and respond to users’ queries submitted through the Contact section of the Website and in the case of the sending of information about our products and services, for so long as the user does not object to such sending.

VASS will retain users’ personal data processed as a result of browsing the Website during such time as the user does not withdraw their consent to such processing, as provided in the Cookies Policy and in any event for the period of one year. At the end of that time, we will request fresh consent from the user to the use of Cookies on accessing the Website.

9.      EXERCISE OF RIGHTS

As data subject, you have control of your personal data. Thus, we also ensure that information is accurate and correct.

The rights that you can exercise are:

§  Right of Access: you can check whether VASS is processing your personal data.

§  Rights of Rectification and Erasure: you may access your personal data and request its rectification or erasure when your personal data are incorrect, or you believe that they are no longer required for the purposes for which they were collected.

§  Right of objection: You may object to the processing of your personal data except where for an overriding reason or when required to bring or defend any claim, we will retain your personal data blocked for such time as the relevant legal obligations may exist.

§  Right of Restriction of Processing: you can request restriction of the processing of your personal data whilst any inaccuracy or the lawfulness of your personal data is investigated during the bringing or defence of any claim or litigation.

§  Right of Data Portability: you can request the portability of your personal data that you have provided to us to another data controller in certain circumstances.

You can exercise your rights at no cost.

Complaining to the Supervisory Authority

When a data subject believes that there is a problem with how VASS is processing their personal data, the data subject may make a complaint to the Data Protection Committee (dataprotection@vasscompany.com) or to the relevant personal data protection authority which in the case of Spain is the Agencia Española de Protección de Datos.

10.    SECURITY

VASS implements the highest levels of security required by Law to protect your personal data against accidental loss and access, unauthorised processing or disclosure, in light of the state of technology, the nature of the personal data stored and the risks to which such personal data are exposed. When we receive your personal data, we use rigorous procedures and security functions to prevent any unauthorised access.

The measures described in this section to ensure an adequate level of security to the risk detected will, when necessary, include the following measures:

1.       Pseudonymisation and encryption of your personal data.

2.       Measures capable of ensuring the confidentiality, integrity, availability and permanent resilience of the processing systems and services.

3.       Measures capable of restoring the availability of and access to personal data rapidly in the event of a physical or technical incident.

4.       Existence of a process of regular verification, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the security of processing.

5.       Periodic evaluation of the risk of destruction, less or accidental or improper alteration of the personal data provided, retained or processed in any other way or the unauthorised disclosure of or access to such personal data.

6.      Measures to ensure that anyone acting on the authority of VASS who has access to personal data can only process such personal data in accordance with the instructions of VASS..

11.    CONFIDENTIALITY

Any personal data collected will be processed in absolute confidentiality, and we undertake to maintain the confidentiality of such personal data and to ensure they are retained under the protection of all measures necessary to avoid their alteration, loss or unauthorised processing or access as required by law.

12.    ACCEPTANCE AND CONSENT

The user states that they have been informed as to the terms of protection of personal data and accepts and consents to the processing of their personal data by VASS in the manner and for the purposes stated in this privacy policy.

13.    CHANGES TO PRIVACY POLICY

VASS reserves the right to change this privacy policy to take account of statutory changes and new case law and industry practice. Where any change is made, VASS will give reasonable prior notice of the changes on the website before their implementation.

14.    LIABILITY

The user will have sole liability in connection with completion of forms with false, incorrect, incomplete or out of date personal data.

15.    COOKIES

Our website uses cookies to collect information about use of the Website. If you would like to have more information about how VASS uses cookies, please see the Cookies Policy.

16.    TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES

Where VASS has service providers that have access to your personal data and will process such personal data in the name and on behalf of VASS, we will follow an exhaustive process to verify compliance in order to ensure appropriate oversight in relation to the protection of personal data. We will also enter into a contract under which such providers will be obligated to implement appropriate technical and organisational measures and process personal data solely in accordance with the documented instructions of the joint data controllers. If a data processor is located outside the European Economic Area, the joint data controllers will enter into an agreement with them containing the Standard Contract Clauses to provide adequate safeguards and that will at all times protect the access that such third parties could have to your personal data.

Latest version: December, 2023