Transparency portal

Privacy information

In conformance with General Data Protection Regulation 2016/679 of the European Parliament and Council of 27 April 2016, the purpose of this Privacy Policy is to notify how EJIE collects, handles and protects the personal data of people who access or use the services they provide.

Controller:

  • EJIE S.A.
  • CIF A01022664
  • Postal address: Avda. El Mediterráneo, 14, 01010 Vitoria-Gasteiz Araba/Álava
  • Phone number: 945 017 300
  • Contact details of the Data Protection Officer: dpo@ejie.eus
  • Exercise of rights regarding data protection: lopd-ejie@ejie.eus
  • Communication of security incidents: seguridadcorporativa@ejie.eus

Data Protection Officer:

The Data Protection Delegate is the person in charge of ensuring respect for people in the management of their personal information at EJIE and for compliance with data protection regulations. You can contact this figure through the email account dpo@ejie.eus.

The personal data collected comes directly from the information provided by the people the data regards.

People who use EJIE services guarantee and will vouch for, as required, the accuracy, validity and authenticity of the personal data they provide and agree to keep that data up to date.

Administrative management of customers and suppliers

Data controller EJIE, S.A.
Purpose

Processing of personal data of natural contact persons for EJIE's customers and suppliers to manage orders and invoicing.

Legitimation

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in performance of a task carried out or in the exercise of official authority vested in EJIE.

Recipients

Personal data shall be disclosed to other administrations where appropriate and to the Regional Tax Office. Processing of personal data does not involve the international transfer of such data.

Data storage

Accounting documents: 6 years from the end of the financial year to which they belong.

Accounting records: 15 years. Time limits in accordance with Legislative Decree 2/2017, of 19 October, approving the revised text of the Law on Economic Control and Accounting of the Autonomous Community of the Basque Country and Decree 464/1995 that develops it, and Art. 3 of Decree 464/1995 that develops it.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Commercial actions with customers and potential customers

Data controller EJIE, S.A.
Purpose

Manage the response to the request sent by the person through the contact channel and generation of potential customers, as well as the sending of information regarding EJIE's activities.

Legitimation

Processing is necessary for the performance of a task carried out or in the exercise of official authority vested in EJIE.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and it does not entail the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Supplier contracting process

Data controller EJIE, S.A.
Purpose

Processing of personal data of employees belonging to companies applying to become suppliers in accordance with the internal procurement procedures and tendering process. Communications, notifications and incidents associated with the previous process and with respect to preliminary market inquiries.

Legitimation

Performance of a task carried out in the public interest or in the exercise of the public authority vested in the data controller.

Recipients

Personal data shall be disclosed to the Basque Government and other public administrations collaborating in recruitment processes.

For tenderers and signatories of contracts with EJIE: Basque Country contracting platform. Public contract registry.

Regarding the contact details of interlocutors collected in preliminary market inquiries, they will not be the subject of communications to recipients.

Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Management of personnel belonging to supplier companies

Data controller EJIE, S.A.
Purpose

Processing of personal data of employees belonging to supplier companies that provide services for EJIE.

Processing of personal data of employees belonging to supplier companies in order to process their registration and cancellation as users of the system to control their physical access to the facilities and logical access to the IT systems.

Processing of personal data of personnel belonging to supplier companies for the Coordination of Business Activities (CBA) in the field of health and safety at work.

Legitimation

Processing is necessary for the fulfilment of a contract between the supplier company and EJIE and in order to comply with legal obligations.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Data shall be stored for a period of 5 years in accordance with the Spanish Health and Safety at Work Law and for the time necessary to comply with the purpose for which the data was collected and to determine any possible liabilities that may arise from said purpose and the data processing therefrom.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

External recruitment processes

Data controller EJIE, S.A.
Purpose

Processing of personal data of candidates for the purposes of staff recruitment and filling of vacant positions.

Legitimation

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Recipients

Personal data shall be disclosed, where appropriate, to the corresponding Department of the Basque Government. Processing of personal data does not involve the international transfer of such data.

Data storage

Once the recruitment process ends, if the candidate is not recruited, their data shall be deleted. If there is a legitimate interest regarding current or future recruitment processes, data shall be stored for a maximum of 1 year.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Administration

Data controller EJIE, S.A.
Purpose

Processing of personal information necessary for the organisation's economic and financial activity, accounting management and budgetary control.

Legitimation

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in order to comply with legal obligations applicable to EJIE.

Recipients

Personal data shall be disclosed to the Social Security Institute, Tax Authorities, financial Institutions and Itzarri. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Internal recruitment processes

Data controller EJIE, S.A.
Purpose

Processing of personal data concerning internal calls for in-house staff to apply for vacant posts in the organisation.

Legitimation

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Management of Human Resources

Data controller EJIE, S.A.
Purpose

Processing of personal data required for the management of the employment relationship, preparation of pay slips, social security and generation of different data; planning and control of timetables (recording of working hours), working days and tasks to be performed; staff training; linguistic profiles; instruction and training processes: Monitoring of incompatibilities. Granting of permits, licences and authorisations. Building access control and security. Disciplinary proceedings. Management of internal statistics. Relationship with staff representatives. Management of fixed and mobile telephone calls for professional use and costs incurred. Management of travel related to professional activities.

Legitimation

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in order to comply with legal obligations.

Recipients

Personal data shall be disclosed to the Social Security, Tax Authorities, financial institutions and insurance companies. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Management of social benefits and loans

Data controller EJIE, S.A.
Purpose

Processing of personal data relating to the registration and management of social benefits and loans requested and granted to employees for their own or their children's studies, medical assistance and care of disabled or dependent family members.

Legitimation

The data subject consented to the processing of their personal data.

Recipients

Personal data shall be disclosed to public bodies with powers to grant subsidies and social benefits, and to financial institutions.

Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Management of language grants

Data controller EJIE, S.A.
Purpose

Processing of personal data necessary for financing external language courses for staff.

Legitimation

The data subject consented to the processing of their personal data.

Recipients

Personal data shall be disclosed to other collaborating administrations, financial institutions. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Training plan management

Data privacy clause for internal staff providing or receiving training:

Data controller EJIE, S.A.
Purpose

Processing of personal data necessary for voluntary training and commitment to learning in the Basque language training plan and the development of linguistic profiles.

Management of training plans offered by the entity for internal staff.

Registration, management, control and monitoring of participation in training activities organised by EJIE.

Recording of training sessions for internal use and dissemination. Please be advised that those with access to recordings are strictly forbidden from disseminating them externally.

Legitimation

Processing necessary for the fulfilment of the employment contract between EJIE and internal staff.

Recipients

Personal identification data shall be disclosed, where appropriate, to entities that manage training grants. FUNDAE, HOBETUZ. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Recordings of training sessions shall be kept for a maximum time of 3 years.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Training plan management

Data privacy clause for external teaching staff:

Data controller EJIE, S.A.
Purpose

Registration, management, control and monitoring of participation in training activities organised by EJIE.

Recording of training sessions for internal use and dissemination.

Legitimation

Processing necessary for the fulfilment of the contract between EJIE and the company providing the training services.

Recipients

Personal identification data shall be disclosed, where appropriate, to entities that manage training grants. FUNDAE, HOBETUZ. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Recordings of training sessions shall be kept for a maximum of 3 years.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Performance assessment

Data controller EJIE, S.A.
Purpose

Processing of personal information required to assess the performance of staff needed for internal recruitment and training programmes.

Legitimation

Processing is necessary for the fulfilment of a contract to which the data subject is a party.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Data shall be stored for as long as is necessary for the fulfilment and development of the working relationship until it ends and in order to determine any possible liabilities that may arise from said purpose and data processing therefrom.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Prevention of occupational hazards

Data controller EJIE, S.A.
Purpose

Processing of personal data concerning the prevention of occupational hazards and other workplace-related protocols, the investigation of accidents and incidents, activation of prevention mechanisms and measures, preparation of assessments, preventive measures and elimination of risks. Occupational health and safety risk assessment reports. Records of regular checks on staff working conditions. Records showing the implementation of staff health checks (Health Surveillance). Records of information and training given to staff on occupational health and safety.

Implementation of the occupational risk prevention plan: risk assessment and planning of preventive activities, information and training for personnel. Adoption of health and safety measures. Permanent monitoring of risk prevention.

Legitimation

Processing is necessary for the fulfilment of a contract to which the data subject is a party and in order to comply with legal obligations.

Recipients

Personal data shall be disclosed to the cooperating company for the purpose of occupational risk prevention in the area of health control. Mutual Insurance Companies collaborating with the Social Security Institute. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for a period of 5 years in accordance with the Law on the Prevention of Occupational Risks.

Health data storage period in accordance with the terms established by regulations.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Active health programme

Data controller EJIE, S.A.
Purpose

Processing of personal data of employees participating in the health improvement, injury and illness prevention programme.

Legitimation

The data subject consented to the processing of their personal data.

Recipients

Personal data generated by these processing activities may be disclosed to the partner company in order to carry out active health programmes. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Management of conflict resolution procedures and harassment protocols

Data controller EJIE, S.A.
Purpose

Processing of personal data concerning the reporting and investigation of abnormal cases of harassment, or queries regarding possible breaches of the organisation's internal regulations.

Legitimation

Processing is necessary for the performance of a task carried out in the public interest of EJIE. Special data categories are processed on the basis of the fulfilment of obligations in the field of labour law, social security and social protection.

Recipients

Where appropriate, data shall be disclosed to the Courts and Tribunals, Law Enforcement Agencies or other public administrations authorised to deal with the type of complaint lodged. Processing of personal data does not involve the international transfer of such data.

Data storage

Personal data of the person informing of the situation and of the employees or third parties shall only be stored for the time necessary to process the complaint.

In any case, three months after having informed of the situation and/or concluding the investigation thereof, all data shall be deleted unless disciplinary proceedings against an employee are pending or the purpose of keeping the data is to leave evidence as to the functioning of the method for the prevention of the commission of offences on the part of the data subject. Any reports that have not been followed up shall only be recorded in anonymous form.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Recording and controlling physical access to warehouses and the Data Processing Centre (DPC)

Data controller EJIE, S.A.
Purpose

Control of personnel accessing internal protected and restricted areas to ensure the protection of corporate assets.

Legitimation

The processing is necessary for the performance of a contract to which the data subject is a party, as well as for the satisfaction of legitimate interests pursued by EJIE.

Recipients

In appropriate cases, a photocopy of the ID card will be communicated to the Basque Government Security Department for access control purposes.

Where appropriate, the State Law Enforcement Agencies, Courts and Tribunals shall be notified. Processing of personal data does not involve the international transfer of such data.

Data storage

One month from the date of collection.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Recording and controlling physical access to the buildings

Data controller EJIE, S.A.
Purpose

(i) Access control of own and external personnel.

(ii) Access control for visitors.

(iii) Management of building evacuation and internal security to ensure the protection of corporate assets.

Legitimation

(i) The processing is necessary for the performance of a contract to which the data subject is a party.

(ii) and (iii) The processing is necessary for the fulfilment of legitimate interests pursued by the controller.

Recipients

Where appropriate, the State Law Enforcement Agencies, Courts and Tribunals shall be notified. Processing of personal data does not involve the international transfer of such data.

Data storage

One month from the date of collection.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Video surveillance management

Data controller EJIE, S.A.
Purpose

Processing of personal data obtained by video surveillance systems to guarantee the security of EJIE's personnel, assets and facilities.

Legitimation

Processing is necessary for the performance of a task carried out in the public interest of EJIE.

Recipients

Where appropriate, the State Law Enforcement Agencies, Courts and Tribunals shall be notified. Processing of personal data does not involve the international transfer of such data.

Data storage

Images obtained shall be stored for a period of one month from the date of their capture, except when they have to be retained to prove the commission of acts against the integrity of persons, property or installations.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Wi-Fi for visitors

Data controller EJIE, S.A.
Purpose

Processing of personal data necessary to facilitate access to the internet via a secure Wi-Fi channel for those accessing EJIE, SA's facilities.

Legitimation

Processing is necessary for the fulfilment of a contract to which the data subject is a party.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Personal data processed within the scope of this procedure shall be stored for 6 months from the date of its collection.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Transparency

Data controller EJIE, S.A.
Purpose

Processing of personal data relating to public relations concerning transparency in the application of regulations on access to public information.

Legitimation

Processing necessary to comply with legal obligations applicable to EJIE.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Board of Directors

Data controller EJIE, S.A.
Purpose

Processing of personal data of members of the governing bodies and for the management of proceedings, calls for meetings and minutes of meetings thereof.

Legitimation

Processing is necessary for the performance of a task carried out or in the exercise of official authority vested in EJIE.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Legal Advice Service

Data controller EJIE, S.A.
Purpose

Processing of personal data relating to the provision of legal advice and defence. Management of judicial and/or administrative proceedings.

Legitimation

Processing is necessary to comply with legal obligations applicable to EJIE.

Recipients

Personal data shall be disclosed to companies providing legal consultancy services. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Exercise of data protection rights

Data controller EJIE, S.A.
Purpose

Management of data protection rights relating to the processing of data under EJIE's responsibility.

Legitimation

Processing is necessary to comply with legal obligations applicable to EJIE.

Recipients

Personal data may be disclosed to the Spanish Data Protection Agency. Processing of personal data does not involve the international transfer of such data.

Data storage

Personal data shall be stored until the limitation period for any liability arising from the processing has expired.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Management of incidents and security breaches

Data controller EJIE, S.A.
Purpose

Management, assessment and reporting of data security incidents and breaches.

Legitimation

Processing is necessary to comply with legal obligations applicable to EJIE.

Recipients

Personal data may be disclosed to the Spanish Data Protection Agency, Incident Response Teams of the National Cryptologic Centre (CCN-CERT), Law Enforcement Agencies. Processing of personal data does not involve the international transfer of such data.

Data storage

Personal data shall be stored until the limitation period for any liability arising from the processing has expired.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

List of contacts

Data controller EJIE, S.A.
Purpose

Processing of personal data of natural persons who provide services to a legal entity for the purpose of maintaining any kind of relationship with the legal entity for which the data subject provides their services.

Legitimation

Processing is necessary for the performance of a task carried out or in the exercise of official authority vested in EJIE.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

For as long as the relationship of any kind with the legal entity for which the person concerned provides their services is maintained.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Common repository of digital media for internal dissemination

Data controller EJIE, S.A.
Purpose

Use of multimedia content for internal use and dissemination.

Images and videos that may contain the name, surname, face (image) and/or voice of employees and visitors may only be used for internal use and dissemination, i.e., the EJIE website, for events and presentations, corporate social networks or suchlike.

Legitimation

Processing is necessary for the purposes of the legitimate interests pursued by EJIE.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with and does not entail the international transfer of said data.

Data storage

Data shall be kept until the data subject withdraws their consent to such processing.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Common repository of digital media for external dissemination

Data controller EJIE, S.A.
Purpose

Use of multimedia content for external use and dissemination.

Images and videos that may contain the name, surname, face (image) and/or voice of employees and visitors may be used for external use and dissemination, e.g., on the EJIE website, for events and presentations, corporate social networks or suchlike.

Legitimation

The data subject consented to the processing of their personal data.

Recipients

Personal data will be published on EJIE's website, events and social media. Processing of personal data does not involve the international transfer of such data.

Data storage

Data shall be stored until the data subject withdraws their consent to such processing.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Electronic signature - Izenbox

Data controller EJIE, S.A.
Purpose

Centralised document manager that allows users to digitally sign documents.

Legitimation

Processing is necessary for the fulfilment of a contract to which the data subject is a party.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Data shall be stored for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities that may arise from that purpose and from the processing of such data.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Sending communications

Data controller EJIE, S.A.
Purpose

Sending communications of a non-commercial nature, such as, for example, Christmas and holiday greetings, among others, to groups of interested parties with contractual ties.

Legitimation

Processing is necessary for the purposes of the legitimate interests pursued by EJIE.

Recipients

The processing of personal data does not require its transfer to third parties, except in the event that it is required for the fulfilment of the legal obligations that EJIE S.A. must comply with, and does not entail the international transfer of said data.

Data storage

Data shall be stored until the data subject withdraws their consent to such processing.

Rights You may request access, rectification, deletion, portability, restriction of the processing of personal data or withdrawal of consent, as explained in the section "Rights of the data subject".

 

Project Management Next Generation Funds

Data controller EJIE, S.A.
Purpose

Management of personal information related to the group of interested parties who participate in the preparation of the specifications, who fill out and sign the Declaration of Absence of Conflict of Interest (DACI), within the framework of the Next Generation EU project management.

Legitimation

The treatment is necessary for the fulfillment of legal obligations applicable to the person in charge.

Recipients

Personal data may be communicated to European Union authorities for the purposes of auditing and control of state and European funds when appropriate. The management of personal data does not imply international transfers of such data.

Data storage

The documents will be kept for a period of five years from the payment of the balance or, in the absence of said payment, of the operation, or for three years in accordance with the provisions of EU Regulation 2018/1046.

Rights You can request access, rectification, deletion, portability, limitation of the processing of personal data or to oppose the processing, as explained in the "Rights of the interested party" section.

 

EJIE provides interested persons the possibility to exercise the following rights in regards to processing their personal data:

  • The right to request access to their personal data.
  • The right to request modification or removal.
  • The right to request restriction of processing.
  • The right to object to processing.
  • The right to data portability.
  • The right to withdraw consent.

Every person has the right to obtain confirmation about whether EJIE processes personal data concerning them. Interested persons may access their personal data and they may request correction of imprecise data or, as may apply, they may request removal of the data when, among other causes, the data is no longer necessary for the purposes it was collected for.

Under certain circumstances, interested persons may request the restriction of the processing of their data, in which event it will only be conserved for exercising or defending against complaints. Under certain circumstances, and for reasons related with their individual situation, interested persons may object to the processing of their data.

In this event, EJIE will cease processing the data, except for compelling reasons or exercising the right to defend against potential complaints.

If consent has been granted for a specific purpose, the interested person has the right to withdraw their consent at any time without effect upon the lawfulness of any processing based on consent prior to withdrawal.

EJIE may be contacted in writing at the address below for that purpose:

  • Attention Security Officer
  • Avenida del Mediterráneo 14
  • 01010 Vitoria-Gasteiz, Spain

Or you may send an email to lopd-ejie@ejie.eus

In the event you feel your rights have not been respected in regards to protecting your personal data, you may lodge a complaint with the competent Data Protection Agency: www.agpd.es.