Transparency portal

Privacy information

In conformance with General Data Protection Regulation 2016/679 of the European Parliament and Council of 27 April 2016, the purpose of this Privacy Policy is to notify how EJIE collects, handles and protects the personal data of people who access or use the services they provide.

Controller:

EJIE handles the personal data it collects for the purposes of providing services to clients, for providing its own services to potential clients and for the security of EJIE's buildings and property.

The personal data collected comes directly from the information provided by the people the data regards.

People who use EJIE services guarantee and will vouch for, as required, the accuracy, validity and authenticity of the personal data they provide and agree to keep that data up to date.

Any personal data provided will be conserved as long as necessary for addressing the purposes for which, in every case, it has been collected, for the purposes of maintaining the relationship or link with the interested party and EJIE and while deletion of it has not been requested by the individual. The data will likewise be conserved in accordance with the legal deadlines for the fulfilment of any legal obligations that may be required of EJIE.

The legal grounds for EJIE to process the data is carried out under the terms established by article 6 of the European General Data Protection Regulations regarding ordinary data or, as may apply, article 9 of the aforementioned European regulations regarding special categories of data, and the owner of the data is informed of the lawful right or rights that apply for every provision of service, which may include consent, execution of a legal relationship in which the person is a part, compliance with a legal obligation or a legitimate interest of EJIE in providing its services and pursuing its capacities.

While processing personal data, EJIE will not share the data unless legally obligated to do so or with prior authorisation of the person of whom it would be requested if necessary, who is notified of the consequences not doing so may imply and, specifically, the impossibility of providing the relevant services.

Providing the services may require using communication with IT services companies acting as a data processor for EJIE, subject to conditions of confidentiality and security during data processing, which may be located outside the European Union under protection of the United States-European Union Privacy Shield agreement. Information is available at: https://www.privacyshield.gov

EJIE provides interested persons the possibility to exercise the following rights in regards to processing their personal data:

  • The right to request access to their personal data.
  • The right to request modification or removal.
  • The right to request restriction of processing.
  • The right to object to processing.
  • The right to data portability.
  • The right to withdraw consent.

Every person has the right to obtain confirmation about whether EJIE processes personal data concerning them. Interested persons may access their personal data and they may request correction of imprecise data or, as may apply, they may request removal of the data when, among other causes, the data is no longer necessary for the purposes it was collected for.

Under certain circumstances, interested persons may request the restriction of the processing of their data, in which event it will only be conserved for exercising or defending against complaints. Under certain circumstances, and for reasons related with their individual situation, interested persons may object to the processing of their data.

In this event, EJIE will cease processing the data, except for compelling reasons or exercising the right to defend against potential complaints.

If consent has been granted for a specific purpose, the interested person has the right to withdraw their consent at any time without effect upon the lawfulness of any processing based on consent prior to withdrawal.

EJIE may be contacted in writing at the address below for that purpose:

  • Attention Security Officer
  • Avenida del Mediterráneo 14
  • 01010 Vitoria-Gasteiz, Spain

Or you may send an email to lopd-ejie@ejie.eus

In the event you feel your rights have not been respected in regards to protecting your personal data, you may lodge a complaint with the competent Data Protection Agency: www.agpd.es.

In compliance with the European General Data Protection Regulations, EJIE has a Data Protection Officer who is in charge of defending the interests of people insofar as how their personal data is handled at EJIE and for compliance with data protection regulations. This person may be contacted at the email address: dpo@ejie.eus

Hiring

Controller EJIE S.A.
Purposes

Process personal information regarding people employed by the companies that are candidates for being suppliers, in accordance with the internal instructions for hiring and the bidding process.

Process personal information regarding physical persons who subscribe or unsubscribe from the contractor profile postings on the EJIE website.

Legality

To fulfil a mission carried out in the public interest or to exercise public powers granted to the data controller.

The consent of the interested party to process their personal data for subscribing to the contractor profile postings.

Recipients

The Basque government and other public bodies that collaborate on hiring processes.

No data will be shared with third parties in regards to processing subscriptions to contractor profile postings.

Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (155 KB)

 

Managing Staff of Supplier Companies

Controller EJIE S.A.
Purposes Process personal information regarding people employed by companies that provide maintenance and IT services to EJIE.
Legality Contractual relationship with suppliers.
Recipients The Basque government and other communications, in compliance with the legal obligations applicable to EJIE S.A..
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (150 KB)

 

Record of physical access to the building

Controller EJIE S.A.
Purposes Access control of own and external personnel and visits. Management of the evacuation of the building and internal security.
Legality Treatment necessary for the satisfaction of legitimate interests pursued by EJIE.
Recipients The data will not be transferred to third parties except to the State Security Forces, Courts and Tribunals, in case they require it.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (74 KB)

 

Warehouse and CPD physical access record

Controller EJIE S.A.
Purposes Management of personal information related to the control of people who access internal protected and restricted areas.
Legality Treatment necessary for the satisfaction of legitimate interests pursued by EJIE.
Recipients The data will not be transferred to third parties except to the State Security Forces, Courts and Tribunals, in case they require it.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (82 KB)

 

Visitor WiFi

By submitting your request you are consenting to the use of your personal data and authorising its processing for the activities indicated below.

Controller EJIE S.A.
Purposes Process the personal data required to facilitate internet access using a secure WiFi channel for people who visit the EJIE S.A. facilities.
Legality Service provided.
Recipients Data will not be shared with third parties unless it is authorised or to comply with legal obligations.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (150 KB)

 

Commercial Management with Clients

Controller EJIE S.A.
Purposes Process responses to requests submitted by a person through a channel of communication with the company and generate potential clients, in addition to sending general information about the company's activities.
Legality Consent of the interested party and the legitimate interest of EJIE S.A.
Recipients Data will not be shared with third parties unless it is authorised or to comply with legal obligations.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (150 KB)

 

Video surveillance management

Controller EJIE S.A.
Purposes Management of personal information obtained through video surveillance system to guarantee the safety of people, goods and facilities of EJIE.
Legality Treatment necessary for the fulfillment of a mission carried out in the public interest of EJIE.
Recipients The images will not be transferred to third parties except to the Security Forces, or / and Courts and Tribunals, in case they so require.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (224 KB)

 

Contact

Controller EJIE S.A.
Purposes Manage the personal information for physical persons who provide services to a legal person for the purposes of maintaining any kind of relationship with the legal person to which the concerned party provides their services.
Legality Legitimate interest of EJIE S.A.
Recipients Data will not be shared with third parties unless it is authorised or to comply with legal obligations.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (189 KB)

 

Exercising Data Protection Rights

Controller EJIE S.A.
Purposes Manage rights regarding data protection exercised over data processing identified at EJIE.
Legality Fulfils legal requirements.
Recipients Personal data may be subject to being shared with the control authority.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (189 KB)

 

Management of treatments related to the situation of COVID-19

Controller EJIE S.A.
Purposes COVID-19 Research Cases: Prevent or contain the spread of the coronavirus.
Legality Treatment necessary for the fulfillment of a legal obligation applicable to the person responsible and for the exercise of specific rights of the person responsible or the interested party in the field of labor law and social security and protection.
Recipients In cases of COVID-19 investigation, at the request of the competent health authorities, the data may be communicated to the persons with whom the affected person may have had contact, in order to guarantee their safety and health.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (183 KB)

 

Common repository of digital media for internal dissemination

Controller EJIE S.A.
Purposes Use multimedia content for internal use and dissemination. Images and videos that may contain the name and surname, the face (image) and / or voice of the employees and visitors may only be used for internal use and internal dissemination, that is, , corporate intranet, internal events and presentations or others with similar characteristics.
Legality RGPD: 6.1.f) The treatment is necessary for the satisfaction of legitimate interests pursued by the person responsible for the treatment.
Recipients They do not occur in the scope of this treatment.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (171 KB)

 

Management of the training plan

Informative clause teaching staff from an external company:

Controller EJIE S.A.
Purposes

Registration, management, control and monitoring of participation in the training activities organized by EJIE.

Recording of training sessions for their use and internal dissemination.

Legality Necessary treatment for the execution of the contract between EJIE and the company that provides the training services.
Recipients The personal identification data will be communicated, where appropriate, to entities that manage training aid.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (159 KB)

 

Management of the training plan

Information clause for internal staff who impart or receive training:

Controller EJIE S.A.
Purposes

Management of the personal information necessary for voluntary training and commitment to learning in the Basque training plan and the formation of language profiles.

Management of the training plans offered by the entity for internal staff.

Registration, management, control and monitoring of participation in the training activities organized by EJIE.

Recording of the training sessions for their use and internal dissemination. We inform people who have access to the recordings that their external dissemination is strictly prohibited.

Legality Necessary treatment for the execution of the labor contract between EJIE and internal personnel.
Recipients The personal identification data will be communicated, where appropriate, to entities that manage training aid.
Rights You have the right to access, rectify and delete your data, in addition to other rights as explained in the additional information.
Additional information You can access additional information about how your personal data is processed at the following link PDF (link) (75 KB)