Privacy information

Processing of personal data of natural contact persons for EJIE's customers and suppliers to manage orders and invoicing.

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in performance of a task carried out or in the exercise of official authority vested in EJIE.

Personal data shall be disclosed to other administrations where appropriate and to the Regional Tax Office. Processing of personal data does not involve the international transfer of such data.

Accounting documents: 6 years from the end of the financial year to which they belong.

Accounting records: 15 years. Time limits in accordance with Legislative Decree 2/2017, of 19 October, approving the revised text of the Law on Economic Control and Accounting of the Autonomous Community of the Basque Country and Decree 464/1995 that develops it, and Art. 3 of Decree 464/1995 that develops it.

Manage the response to the request sent by the person through the contact channel and generation of potential customers, as well as the sending of information regarding EJIE's activities.

Processing is necessary for the performance of a task carried out or in the exercise of official authority vested in EJIE.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and it does not entail the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data of employees belonging to companies applying to become suppliers in accordance with the internal procurement procedures and tendering process. Communications, notifications and incidents associated with the previous process and with respect to preliminary market inquiries.

Performance of a task carried out in the public interest or in the exercise of the public authority vested in the data controller.

Personal data shall be disclosed to the Basque Government and other public administrations collaborating in recruitment processes.

For tenderers and signatories of contracts with EJIE: Basque Country contracting platform. Public contract registry.

Regarding the contact details of interlocutors collected in preliminary market inquiries, they will not be the subject of communications to recipients.

Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data of employees belonging to supplier companies that provide services for EJIE.

Processing of personal data of employees belonging to supplier companies in order to process their registration and cancellation as users of the system to control their physical access to the facilities and logical access to the IT systems.

Processing of personal data of personnel belonging to supplier companies for the Coordination of Business Activities (CBA) in the field of health and safety at work.

Processing is necessary for the fulfilment of a contract between the supplier company and EJIE and in order to comply with legal obligations.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data shall be stored for a period of 5 years in accordance with the Spanish Health and Safety at Work Law and for the time necessary to comply with the purpose for which the data was collected and to determine any possible liabilities that may arise from said purpose and the data processing therefrom.

Processing of personal data of candidates for the purposes of staff recruitment and filling of vacant positions.

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Personal data shall be disclosed, where appropriate, to the corresponding Department of the Basque Government. Processing of personal data does not involve the international transfer of such data.

Once the recruitment process ends, if the candidate is not recruited, their data shall be deleted. If there is a legitimate interest regarding current or future recruitment processes, data shall be stored for a maximum of 1 year.

Processing of personal information necessary for the organisation's economic and financial activity, accounting management and budgetary control.

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in order to comply with legal obligations applicable to EJIE.

Personal data shall be disclosed to the Social Security Institute, Tax Authorities, financial Institutions and Itzarri. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data concerning internal calls for in-house staff to apply for vacant posts in the organisation.

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data required for the management of the employment relationship, preparation of pay slips, social security and generation of different data; planning and control of timetables (recording of working hours), working days and tasks to be performed; staff training; linguistic profiles; instruction and training processes: Monitoring of incompatibilities. Granting of permits, licences and authorisations. Building access control and security. Disciplinary proceedings. Management of internal statistics. Relationship with staff representatives. Management of fixed and mobile telephone calls for professional use and costs incurred. Management of travel related to professional activities.

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in order to comply with legal obligations.

Personal data shall be disclosed to the Social Security, Tax Authorities, financial institutions and insurance companies. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data relating to the registration and management of social benefits and loans requested and granted to employees for their own or their children's studies, medical assistance and care of disabled or dependent family members.

The data subject consented to the processing of their personal data.

Personal data shall be disclosed to public bodies with powers to grant subsidies and social benefits, and to financial institutions.

Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data necessary for financing external language courses for staff.

The data subject consented to the processing of their personal data.

Personal data shall be disclosed to other collaborating administrations, financial institutions. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data necessary for voluntary training and commitment to learning in the Basque language training plan and the development of linguistic profiles.

Management of training plans offered by the entity for internal staff.

Registration, management, control and monitoring of participation in training activities organised by EJIE.

Recording of training sessions for internal use and dissemination. Please be advised that those with access to recordings are strictly forbidden from disseminating them externally.

Processing necessary for the fulfilment of the employment contract between EJIE and internal staff.

Personal identification data shall be disclosed, where appropriate, to entities that manage training grants. FUNDAE, HOBETUZ. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Recordings of training sessions shall be kept for a maximum time of 3 years.

Registration, management, control and monitoring of participation in training activities organised by EJIE.

Recording of training sessions for internal use and dissemination.

Processing necessary for the fulfilment of the contract between EJIE and the company providing the training services.

Personal identification data shall be disclosed, where appropriate, to entities that manage training grants. FUNDAE, HOBETUZ. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Recordings of training sessions shall be kept for a maximum of 3 years.

Processing of personal information required to assess the performance of staff needed for internal recruitment and training programmes.

Processing is necessary for the fulfilment of a contract to which the data subject is a party.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data shall be stored for as long as is necessary for the fulfilment and development of the working relationship until it ends and in order to determine any possible liabilities that may arise from said purpose and data processing therefrom.

Processing of personal data concerning the prevention of occupational hazards and other workplace-related protocols, the investigation of accidents and incidents, activation of prevention mechanisms and measures, preparation of assessments, preventive measures and elimination of risks. Occupational health and safety risk assessment reports. Records of regular checks on staff working conditions. Records showing the implementation of staff health checks (Health Surveillance). Records of information and training given to staff on occupational health and safety.

Implementation of the occupational risk prevention plan: risk assessment and planning of preventive activities, information and training for personnel. Adoption of health and safety measures. Permanent monitoring of risk prevention.

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in order to comply with legal obligations.

Personal data shall be disclosed to the cooperating company for the purpose of occupational risk prevention in the area of health control. Mutual Insurance Companies collaborating with the Social Security Institute. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for a period of 5 years in accordance with the Law on the Prevention of Occupational Risks.

Health data storage period in accordance with the terms established by regulations.

Processing of personal data of employees participating in the health improvement, injury and illness prevention programme.

The data subject consented to the processing of their personal data.

Personal data generated by these processing activities may be disclosed to the partner company in order to carry out active health programmes. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data concerning the reporting and investigation of abnormal cases of harassment, or queries regarding possible breaches of the organisation's internal regulations.

Processing is necessary for the performance of a task carried out in the public interest of EJIE. Special data categories are processed on the basis of the fulfilment of obligations in the field of labour law, social security and social protection.

Where appropriate, data shall be disclosed to the Courts and Tribunals, Law Enforcement Agencies or other public administrations authorised to deal with the type of complaint lodged. Processing of personal data does not involve the international transfer of such data.

Personal data of the person informing of the situation and of the employees or third parties shall only be stored for the time necessary to process the complaint.

In any case, three months after having informed of the situation and/or concluding the investigation thereof, all data shall be deleted unless disciplinary proceedings against an employee are pending or the purpose of keeping the data is to leave evidence as to the functioning of the method for the prevention of the commission of offences on the part of the data subject. Any reports that have not been followed up shall only be recorded in anonymous form.

Control of personnel accessing internal protected and restricted areas to ensure the protection of corporate assets.

The processing is necessary for the performance of a contract to which the data subject is a party, as well as for the satisfaction of legitimate interests pursued by EJIE.

In appropriate cases, a photocopy of the ID card will be communicated to the Basque Government Security Department for access control purposes.

Where appropriate, the State Law Enforcement Agencies, Courts and Tribunals shall be notified. Processing of personal data does not involve the international transfer of such data.

One month from the date of collection.

(i) Access control of own and external personnel.

(ii) Access control for visitors.

(iii) Management of building evacuation and internal security to ensure the protection of corporate assets.

(i) The processing is necessary for the performance of a contract to which the data subject is a party.

(ii) and (iii) The processing is necessary for the fulfilment of legitimate interests pursued by the controller.

Where appropriate, the State Law Enforcement Agencies, Courts and Tribunals shall be notified. Processing of personal data does not involve the international transfer of such data.

One month from the date of collection.

Processing of personal data obtained by video surveillance systems to guarantee the security of EJIE's personnel, assets and facilities.

Processing is necessary for the performance of a task carried out in the public interest of EJIE.

Where appropriate, the State Law Enforcement Agencies, Courts and Tribunals shall be notified. Processing of personal data does not involve the international transfer of such data.

Images obtained shall be stored for a period of one month from the date of their capture, except when they have to be retained to prove the commission of acts against the integrity of persons, property or installations.

Processing of personal data necessary to facilitate access to the internet via a secure Wi-Fi channel for those accessing EJIE, SA's facilities.

Processing is necessary for the fulfilment of a contract to which the data subject is a party.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Personal data processed within the scope of this procedure shall be stored for 6 months from the date of its collection.

Processing of personal data relating to public relations concerning transparency in the application of regulations on access to public information.

Processing necessary to comply with legal obligations applicable to EJIE.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data of members of the governing bodies and for the management of proceedings, calls for meetings and minutes of meetings thereof.

Processing is necessary for the performance of a task carried out or in the exercise of official authority vested in EJIE.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Processing of personal data relating to the provision of legal advice and defence. Management of judicial and/or administrative proceedings.

Processing is necessary to comply with legal obligations applicable to EJIE.

Personal data shall be disclosed to companies providing legal consultancy services. Processing of personal data does not involve the international transfer of such data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Management of data protection rights relating to the processing of data under EJIE's responsibility.

Processing is necessary to comply with legal obligations applicable to EJIE.

Personal data may be disclosed to the Spanish Data Protection Agency. Processing of personal data does not involve the international transfer of such data.

Personal data shall be stored until the limitation period for any liability arising from the processing has expired.

Management, assessment and reporting of data security incidents and breaches.

Processing is necessary to comply with legal obligations applicable to EJIE.

Personal data may be disclosed to the Spanish Data Protection Agency, Incident Response Teams of the National Cryptologic Centre (CCN-CERT), Law Enforcement Agencies. Processing of personal data does not involve the international transfer of such data.

Personal data shall be stored until the limitation period for any liability arising from the processing has expired.

Processing of personal data of natural persons who provide services to a legal entity for the purpose of maintaining any kind of relationship with the legal entity for which the data subject provides their services.

Processing is necessary for the performance of a task carried out or in the exercise of official authority vested in EJIE.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

For as long as the relationship of any kind with the legal entity for which the person concerned provides their services is maintained.

Use of multimedia content for internal use and dissemination.

Images and videos that may contain the name, surname, face (image) and/or voice of employees and visitors may only be used for internal use and dissemination, i.e., the EJIE website, for events and presentations, corporate social networks or suchlike.

Processing is necessary for the purposes of the legitimate interests pursued by EJIE.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with and does not entail the international transfer of said data.

Data shall be kept until the data subject withdraws their consent to such processing.

Use of multimedia content for external use and dissemination.

Images and videos that may contain the name, surname, face (image) and/or voice of employees and visitors may be used for external use and dissemination, e.g., on the EJIE website, for events and presentations, corporate social networks or suchlike.

The data subject consented to the processing of their personal data.

Personal data will be published on EJIE's website, events and social media. Processing of personal data does not involve the international transfer of such data.

Data shall be stored until the data subject withdraws their consent to such processing.

Centralised document manager that allows users to digitally sign documents.

Processing is necessary for the fulfilment of a contract to which the data subject is a party.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Sending communications of a non-commercial nature, such as, for example, Christmas and holiday greetings, among others, to groups of interested parties with contractual ties.

Processing is necessary for the purposes of the legitimate interests pursued by EJIE.

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data shall be stored until the data subject withdraws their consent to such processing.

Management of personal information related to the group of interested parties who participate in the preparation of the specifications, who fill out and sign the Declaration of Absence of Conflict of Interest (DACI), within the framework of the Next Generation EU project management.

The treatment is necessary for the fulfillment of legal obligations applicable to the person in charge.

Personal data may be communicated to European Union authorities for the purposes of auditing and control of state and European funds when appropriate. The management of personal data does not imply international transfers of such data.

The documents will be kept for a period of five years from the payment of the balance or, in the absence of said payment, of the operation, or for three years in accordance with the provisions of EU Regulation 2018/1046.