Privacy Policy

1. Identification of the Data Controller

In compliance with Regulation (EU) 2016/679, General Data Protection Regulation ("GDPR"), and Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights ("LOPDGDD"), users of the website are hereby informed that the data controller of their personal data is:

  • ABEZETA, S.A.U.
  • Tax ID (NIF): A08512493
  • Registered office: Calle Valencia, 348, 08009 Barcelona (Spain)
  • Contact email: info@abezetagroup.com

ABEZETA, S.A.U. shall be responsible for the processing of personal data provided by the user through the channels made available on the website, as well as any data that may be collected as a result of browsing or interacting with it.

2. Processing Purposes and Legal Basis

The personal data provided by the user through the website will be processed by ABEZETA, S.A.U. for the following purposes, depending on the user's interaction with it:

2.1. Management of enquiries and requests for information

Purpose: To respond to requests for information, enquiries or any other requests made by the user through contact forms or other channels available on the website.
Legal basis: Consent of the data subject (Art. 6(1)(a) GDPR).

2.2. Management of relationships with clients and prospective clients

Purpose: To manage the relationship with users, including the follow-up of communications, the handling of requests and, where applicable, the provision of the requested services.
Legal basis: Performance of a contract or implementation of pre-contractual measures (Art. 6(1)(b) GDPR).

2.3. Sending commercial communications

Purpose: To send commercial or informational communications related to the products, services or activities of ABEZETA, S.A.U.
Legal basis: Consent of the data subject (Art. 6(1)(a) GDPR) or, where applicable, the legitimate interest of the controller pursuant to Article 21.2 of the LSSI.

2.4. Management of recruitment processes

Purpose: To manage applications submitted by users, as well as to assess professional profiles for potential participation in current or future recruitment processes.
Legal basis: Implementation of pre-contractual measures at the request of the data subject (Art. 6(1)(b) GDPR).

2.5. Operation and security of the website

Purpose: To ensure the proper functioning of the website, prevent misuse, and carry out statistical or technical analyses to improve the user experience.
Legal basis: Legitimate interest of the controller (Art. 6(1)(f) GDPR).

3. Categories of Personal Data

ABEZETA, S.A.U. may process the following categories of personal data, depending on the relationship established with the user and the services or functionalities used on the website:

  • Identification and contact data: name, surname, email address, telephone number and any other data provided through forms or contact channels.
  • Professional data: job position, company or organisation to which the user belongs, where such information is provided in the context of the enquiry or relationship.
  • Recruitment-related data: information included in the curriculum vitae, academic background, professional experience and any other information provided in recruitment processes.
  • Browsing data: IP address, information about the device used, browser type, language, pages visited, browsing time and other information obtained through cookies or similar technologies, where applicable.
  • Any other data voluntarily provided by the user through the channels made available on the website.

4. Source of the Data

The personal data processed by ABEZETA, S.A.U. generally originates from the data subject, who provides it directly through the forms available on the website or through communications maintained with the entity by any means, including email or other contact channels. Likewise, certain data may be obtained as a result of the user's browsing activity on the website, through the use of cookies and similar technologies, in accordance with the provisions set out in the Cookie Policy. As a general rule, ABEZETA, S.A.U. does not obtain personal data from sources other than the data subject. However, where data is provided by a third party, the party providing such data guarantees that it has the necessary legal basis to disclose it and that it has previously informed the data subject of the content of this Privacy Policy. In all cases, ABEZETA, S.A.U. undertakes to process personal data lawfully, fairly and transparently, at all times respecting the principles set out in Article 5 of the GDPR.

5. Data Retention Period

Personal data shall be retained for the time necessary to fulfil the purposes for which it was collected, as well as to determine any potential liabilities that may arise from such purposes, in accordance with applicable regulations.

In particular:

Contact and enquiry data: Data shall be retained for the time necessary to respond to the user's request or enquiry and, once completed, for the periods required to comply with legal obligations or to address potential liabilities.

Data related to contractual or pre-contractual relationships: Data shall be retained for as long as the contractual or pre-contractual relationship is maintained and, once terminated, for the applicable statutory limitation periods, which, as a general rule, shall be five (5) years in accordance with the provisions of the Civil Code, without prejudice to any other applicable periods.

Data for the sending of commercial communications: Data shall be retained for as long as the user does not withdraw their consent or object to the processing of their data for this purpose.

Job applicant data: Personal data provided in the context of recruitment processes shall be retained for a maximum period of one (1) year from its receipt or last update, unless the user requests its deletion earlier.

Browsing data: Browsing data shall be retained for the periods established in the Cookie Policy or, where applicable, for the time strictly necessary to fulfil the purpose for which it was collected.

6. Data Recipients

As a general rule, ABEZETA, S.A.U. will not disclose users' personal data to third parties, except in the following cases:

  • Where necessary to comply with legal obligations, in which case the data may be disclosed to Public Administrations, competent authorities or other bodies, in accordance with applicable regulations.
  • Where necessary for the provision of services, the data may be processed by service providers acting as data processors on behalf of ABEZETA, S.A.U., such as providers of technological services, hosting, web maintenance or other auxiliary services necessary for the operation of the website.

In such cases, ABEZETA, S.A.U. guarantees that such third parties shall access the data solely for the purpose of providing the relevant service, under its instructions and in full compliance with applicable data protection regulations, and that the corresponding data processing agreements have been entered into in accordance with Article 28 of the GDPR.

7. International Data Transfers

ABEZETA, S.A.U. does not envisage carrying out international transfers of personal data outside the European Economic Area (EEA). However, in the event that certain service providers used by ABEZETA, S.A.U. may access personal data from outside the EEA, such access shall be carried out in accordance with the provisions of the GDPR, through the execution of Standard Contractual Clauses approved by the European Commission with such providers.

8. User's Rights

In accordance with Articles 15 to 22 of Regulation (EU) 2016/679, General Data Protection Regulation ("GDPR"), as well as applicable national implementing legislation, the user has the right to obtain confirmation as to whether ABEZETA, S.A.U. is processing personal data concerning them and, where that is the case, to exercise the rights granted to them in relation to such processing.

In particular, the user may exercise the following rights:

  • Right of access: to obtain confirmation as to whether their personal data is being processed, as well as to access such data and certain information regarding its processing.
  • Right to rectification: to request the correction of data that is inaccurate or incomplete.
  • Right to erasure: to request the deletion of their data where, among other circumstances, it is no longer necessary for the purposes for which it was collected.
  • Right to restriction of processing: to request the restriction of the processing of their data in the cases provided for by law, in which case it will only be retained for the establishment, exercise or defence of legal claims.
  • Right to object: to object to the processing of their data in certain circumstances and on grounds relating to their particular situation.
  • Right to data portability: to receive the personal data concerning them in a structured, commonly used and machine-readable format, and to transmit it to another data controller where technically feasible.

Exercise of rights

These rights may be exercised at any time by submitting a request to ABEZETA, S.A.U. through the following channel: Email: info@abezetagroup.com The request must specify the right the user wishes to exercise, and it may be necessary to provide additional information to verify the identity of the applicant, in order to ensure the security of the data.

Right to lodge a complaint with the supervisory authority

The user has the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that the processing of their personal data does not comply with applicable data protection regulations.

9. Security Measures

ABEZETA, S.A.U. implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of Regulation (EU) 2016/679, General Data Protection Regulation ("GDPR"), taking into account the state of the art, the costs of implementation, as well as the nature, scope, context and purposes of the processing.

In particular, such measures are aimed at preserving the confidentiality, integrity, availability and resilience of processing systems and services, as well as preventing unauthorised access, alteration, loss or destruction of personal data.

ABEZETA, S.A.U. also adopts internal procedures for periodic monitoring and verification in order to assess the effectiveness of the measures implemented and to ensure their ongoing adequacy to existing risks.

However, the user should be aware that security measures on the Internet are not entirely secure. In this regard, ABEZETA, S.A.U. cannot guarantee the absence of security incidents arising from actions of third parties or circumstances beyond its reasonable control.

Accordingly, the user undertakes to use the website appropriately, adopting the necessary measures to protect their own systems, devices and information, including the use of appropriate security tools.

10. Amendment of the Privacy Policy

ABEZETA, S.A.U. reserves the right to modify this Privacy Policy at any time in order to adapt it to legislative developments, interpretative criteria of supervisory authorities, as well as changes in the data processing activities carried out through the website. In the event that such modifications involve substantial changes in the way users' personal data is processed, users shall be duly informed through publication on the website or, where necessary, through the usual communication channels.

In any case, users are advised to review this Privacy Policy periodically in order to remain informed about the processing of their personal data.