1. WHO IS THE DATA CONTROLLER FOR THE PROCESSING OF YOUR PERSONAL DATA.
a. Contact details for the data controller:
i. Name: VASS CONSULTORIA DE SISTEMAS, S.L. (“VASS”)
ii. Registered Office: Avenida de Europa 1, edificio B, CP 28108, Alcobendas (Madrid)
iii. UTR: B82422015
b. Contact details for the Personal Data Protection Committee: you may raise any data protection issues using the email address: email@example.com.
2. SCOPE OF THE POLICY
3. BASIC PRINCIPLES
4. THE PURPOSES FOR WHICH YOUR PERSONAL DATA WILL BE USED
VASS may process personal data collected through this website and/or from the users of any other websites of the VASS GROUP for the following purposes:
5. WHO WE SHARE YOUR PERSONAL DATA WITH
As a business with global reach, VASS manages the disclosure of users’ personal data both internally and with specific third parties. That disclosure of information includes external service providers, other external parties and is carried out in situations associated with commercial transactions and statutory requirements.
The personal data of users are shared in the following circumstances:
1. Working with External Service Providers: VASS shares personal data with external entities to manage requests, answer queries, meet orders, validate coupons, offer sample, facilitate in draws and to facilitate various functionalities through online platforms. Those providers perform tasks on behalf of VASS, such as hosting and operation of websites, payment processing, data analysis, customer service, postal and delivery services and to manage promotions. Although they access the personal data necessary to their tasks, they are not authorised to use such data for other purposes. They are required to follow the instructions in this Publicity Policy and with laws and regulations that from time to time regulate the protection of personal data.
2. Relationships with Other Third Parties: The personal data of uses will be used or shared by VASS with sponsors, advertisers, advertising networks, advertising providers, social media platforms, analytics providers and other third parties whose businesses relate to marketing, promotions, data enrichment and dissemination of product information.
3. Transfers in the course of business: VASS may use or share personal data of users within the VASS Group for business and operational purposes. In carrying out its business VASS may acquire or dispose of assets, subsidiaries and business units. In those transactions, the personal data of users are generally considered to be transferable assets, albeit they remain subject to existing Privacy Polices unless the relevant data subjects give their explicit consent.
4. Disclosure required by Law: VASS may disclose the personal data of users to third parties:
a. To meet legal obligations.
b. When it has a good faith belief that a provision of law requires it to do so.
c. At the request of competent authorities in the course of ongoing investigations.
e. To detect and protect against fraud and technical or security vulnerabilities.
f. To respond to an emergency.
To protect rights, property, security or third party, visitors to the website of VASS, VASS or the general public.
6. WHERE THE PERSONAL DATA THAT WE PROCESS COME FROM
The personal data that VASS processes as a result of its interactions with users through our website come from the following sources:
· Personal data provided by users by completing the forms made available by VASS or that data subjects authorise social media platforms to disclose to VASS when they use links on social media to register by filling the places made available for participation in promotions managed by VASS by sending emails or by any other means of communication by which a data subject may make contact with VASS.
· Personal data generated as a result of browsing and use by a data subject of any website of the VASS GROUP.
· Personal data generated through the implementation, operation and maintenance of the relationships between VASS and individual data subjects.
· Personal data of third parties provided by website users.
· Personal data obtained from external sources (e.g., social media).
VASS may process personal data of the following types, in function of the relationship established with an individual user:
· Identifying information (e.g., name and surnames, email address, postal address, telephone number, IP address, image).
· Academic and professional information and/or details of employment (e.g., information in CVs).
· Personal information and sociodemographic information (e.g., age, date of birth, tastes, interests, and lifestyle).
· Browsing and location data (e.g., use of pages of the VASS website, sections visited, information provided by the user through social media when confirming their location).
· Health and/or other kinds of information. Such classes of personal data will be processed only when the data subject shall have voluntarily such personal data when they have a food intolerance and are going to attend an event where food or refreshments will be provided. Please note that in any event VASS will adopt appropriate security measures in function of the class of personal data processed in each case.
Other types of personal data. Only when a data subject registers via a link on social media, the types of personal data will be processed provided by the data subject may have made public via the relevant social media platform and that the data subject has agreed should be accessed and processed by VASS.
7. LAWFUL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA
VASS processes personal data provided by users of its websites on the following legal bases, in function of the type of personal data provided by users and the interactions that a user may establish with VASS.
· The processing of users’ personal data for the purpose of Contact is based on the management and conduct of the legal relationship established between the user and VASS, in other word the management of the user’s request, maintaining contact between the parties and, where relevant, the provision of any service requested by the user.
· The processing of users’ personal data for the purposes listed under Talent, Registration for Events, Promotions, Satisfaction Surveys, Commercial, promotional and publicity communications and services provided by VASS and members of the VASS Group, appropriate to users’ tastes, interests and preferences as identified by the creation of profiles and user segmentation, is based on the consent of the user.
Please note that VASS will only undertake the processing of personal data for the purposes of processing based on user consent where a user has consented to such processing through one of the mechanisms for the obtaining consent made available by VASS.
The processing of users’ personal data for the purpose set out under Training is based on the management and maintenance of the legal relationship established between the data subject and VASS and to comply with legal obligations to which VASS is subject.
8. PERIOD OF RETENTION OF PERSONAL DATA
The period of retention of users’ personal data will vary in function of the service/processing that users may contract. Personal data will in any event be retained during the subsistence of the commercial/contractual relationship. When that relationship comes to an end, we will retain users’ personal data blocked for so long as legal obligations that may have arisen from processing may exist and/or during the periods prescribed by law so as to keep such personal data available for any competent authority to deal with any liabilities that may have arisen from the processing.
For illustration and without limitation, some retention periods are described below.
· When there is a contract between VASS and a user, VASS will retain the personal data provided for the time necessary to operate the contractual relationship and, in any event, for limitation periods under current legislation. Personal data will as a general principle subsequently be destroyed, except when it is necessary to retain personal data to comply with a statutory obligation or a competent court or administrative order.
· In circumstances when we receive a user’s CV in support of an application to work with us, VASS will process the personal data strictly during the recruitment process, except where the user authorises more extended processing for subsequent recruitment processes. The personal data of an unsuccessful candidate will be retained for a maximum period of (2) years from the end of the recruitment process or from the time at which a user voluntarily provides their CV.
· To the extent consistent with law, we will process your contact information for the time required to handle and respond to users’ queries submitted through the Contact section of the Website and in the case of the sending of information about our products and services, for so long as the user does not object to such sending.
9. EXERCISE OF RIGHTS
As data subject, you have control of your personal data. Thus, we also ensure that information is accurate and correct.
The rights that you can exercise are:
§ Right of Access: you can check whether VASS is processing your personal data.
§ Rights of Rectification and Erasure: you may access your personal data and request its rectification or erasure when your personal data are incorrect, or you believe that they are no longer required for the purposes for which they were collected.
§ Right of objection: You may object to the processing of your personal data except where for an overriding reason or when required to bring or defend any claim, we will retain your personal data blocked for such time as the relevant legal obligations may exist.
§ Right of Restriction of Processing: you can request restriction of the processing of your personal data whilst any inaccuracy or the lawfulness of your personal data is investigated during the bringing or defence of any claim or litigation.
§ Right of Data Portability: you can request the portability of your personal data that you have provided to us to another data controller in certain circumstances.
You can exercise your rights at no cost.
Complaining to the Supervisory Authority
When a data subject believes that there is a problem with how VASS is processing their personal data, the data subject may make a complaint to the Data Protection Committee (firstname.lastname@example.org) or to the relevant personal data protection authority which in the case of Spain is the Agencia Española de Protección de Datos.
VASS implements the highest levels of security required by Law to protect your personal data against accidental loss and access, unauthorised processing or disclosure, in light of the state of technology, the nature of the personal data stored and the risks to which such personal data are exposed. When we receive your personal data, we use rigorous procedures and security functions to prevent any unauthorised access.
The measures described in this section to ensure an adequate level of security to the risk detected will, when necessary, include the following measures:
1. Pseudonymisation and encryption of your personal data.
2. Measures capable of ensuring the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
3. Measures capable of restoring the availability of and access to personal data rapidly in the event of a physical or technical incident.
4. Existence of a process of regular verification, evaluation and assessment of the effectiveness of technical and organisational measures to ensure the security of processing.
5. Periodic evaluation of the risk of destruction, less or accidental or improper alteration of the personal data provided, retained or processed in any other way or the unauthorised disclosure of or access to such personal data.
6. Measures to ensure that anyone acting on the authority of VASS who has access to personal data can only process such personal data in accordance with the instructions of VASS..
Any personal data collected will be processed in absolute confidentiality, and we undertake to maintain the confidentiality of such personal data and to ensure they are retained under the protection of all measures necessary to avoid their alteration, loss or unauthorised processing or access as required by law.
12. ACCEPTANCE AND CONSENT
The user will have sole liability in connection with completion of forms with false, incorrect, incomplete or out of date personal data.
16. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES
Where VASS has service providers that have access to your personal data and will process such personal data in the name and on behalf of VASS, we will follow an exhaustive process to verify compliance in order to ensure appropriate oversight in relation to the protection of personal data. We will also enter into a contract under which such providers will be obligated to implement appropriate technical and organisational measures and process personal data solely in accordance with the documented instructions of the joint data controllers. If a data processor is located outside the European Economic Area, the joint data controllers will enter into an agreement with them containing the Standard Contract Clauses to provide adequate safeguards and that will at all times protect the access that such third parties could have to your personal data.
Latest version: December, 2023