Data Processing Responsible
In terms of data protection, AENER ENERGÍA S.L.U., must be considered as the Responsible for the Data Processing, in relation to the files/processing identified in this policy, specifically in the Data Processing section.
The identifying details of the owner of this website are as followed:
Responsible: AENER ENERGÍA S.L.U.
Postal address: Calle Dehesa Vieja, 2 Nave 8, E-28052 Madrid (Spain).
Email address: email@example.com
The personal data requested, if any, will consist only of those strictly necessary to identify and respond to the request made by the owner thereof, hereinafter the interested party. This information will be treated faithfully, lawfully and transparent in relation to the interested party. On the other hand, the personal data will be collected for specific and explicit purposes, not being further processed in a manner incompatible with said purposes.
The data collected from each stakeholder will be adequate, relevant and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.
The owner of the data will be informed, prior to the collection of their data, of the general ends regulated in this policy in order to be able to give the express, precise and unambiguous consent for the processing of his data, in accordance with the following aspects.
Purposes of the Data Processing
The explicit purposes for which each of the Data Processing are carried out, are included in the informative clauses included in each of the data collection channels (web and paper forms, locutions or posters and informative notes).
However, the personal data of the interested party will be treated with the exclusive purpose of providing an effective response and attending the requests made by the user, specified together with the option, service, form or data collection system that the owner uses.
As a general rule, prior to the processing of personal data, AENER ENERGÍA S.L.U. obtains express and unequivocal consent from the owner thereof, through the incorporation of informed consent clauses in the different information collection systems.
Nevertheless, in case the consent of the interested party is not required, the legitimizing basis of the processing in which AENER ENERGÍA S.L.U is protected, is the existence of a specific standard or law which authorizes or demands the processing of the interested party’s data.
As a general rule, AENER ENERGÍA S.L.U. does not proceed to the cession or communication of the data to third entities, except for those legally required, however, in case it is necessary, these cessions or data communications are informed to the interested party through the informed consent clauses contained in the different ways of collecting personal data.
As a general rule, personal data is always collected directly from the interested party, however, in certain exceptions, the data can be collected through third parties, entities or services different from the interested party. In this sense, this end will be transferred to the interested party through the clauses of informed consent contained in the different ways of collecting information and within a reasonable time, once the data have been obtained, and at the latest within a month.
The information collected from the interested party will be kept as long as it is necessary to fulfill the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be canceled. This cancellation will lead to the blocking of the data, being kept only available to the Public Administrations, Judges and Courts, to attend to the possible responsibilities arising from the processing, during the prescription period of these, once the aforementioned period has elapsed, the information will be destroyed.
For information purposes, the legal terms for the conservation of information in relation to different matters are as followed:
|Documentation of labour nature or related to social insurance||4 years||Article 21, Royal Legislative Decree 5/2000, August 4th, approving the revised text of the Law on Infractions and Sanctions in the Social Order|
|Accounting and fiscal documentation for commercial purposes||6 years||Art. 30, Code Commerce|
|Accounting and fiscal documentation for tax purposes||4 years||Articles 66 to 70, General Tax Law|
|Control of access to buildings||1 month||Instruction 1/1996 of the SDPA (Spanish Data Protection Agency)|
|Video surveillance||1 month||Instruction 1/2006 of the SDPA
Organic Law 4/1997
In relation to the navigation data that can be processed through the website, in case data are collected subject to the regulations, it is recommended to consult the Cookies Policy published on our website.
Rights of the interested parties
The regulations on data protection grant a series of rights to the interested parties or owners of the data, users of the website or users of the social network profiles of AENER ENERGÍA S.L.U.
These rights that assist the interested persons are the following:
- Right of access: right to obtain information about whether their own data are being processed, the purpose of the processing being carried out, the categories of data in question, the recipients or categories of recipients, the term of conservation and the origin of these data.
- Right of rectification: right to obtain the correction of inaccurate or incomplete personal data.
- Right of suppression: right to obtain deletion of data in the following cases:
- When the data is no longer necessary for the purpose for which they were collected.
- When the owner of the same withdraws the consent.
- When the interested party opposes the processing.
- When they must be abolished in compliance with a legal obligation.
- When the data has been obtained by virtue of an information society service based on the provisions of art. 8 section 1 of the European Regulation on Data Protection.
- Right of opposition: right to object to a specific processing based on the consent of the interested party.
- Right of limitation: right to obtain the limitation of the data processing when one of the following assumptions is made:
- When the interested party challenges the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
- When the processing is illegal and the interested party opposes the deletion of the data.
- When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defence of claims.
- When the interested party has opposed the processing while it is verified if the legitimate reasons of the company prevail over those of the interested party.
- Right to portability: the right to obtain data in a structured, commonly used and machine-readable format, and to transmit it to another data controller when:
- Processing is based on consent.
- The processing is carried out by automated means.
- Right to file a claim with the competent control authority.
Interested parties may exercise the indicated rights, by writing to AENER ENERGÍA S.L.U., sending it to the following address: firstname.lastname@example.org, indicating in the subject line the right you wish to exercise.
In this sense, AENER ENERGÍA S.L.U. will respond to your request as soon as possible and taking into account the deadlines set out in the regulations on data protection.
The security measures adopted by AENER ENERGÍA S.L.U. are those required, in accordance with the provisions of article 32 of the RPPD. In this sense, AENER ENERGÍA S.L.U., taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks of variable probability and severity for rights and liberties of persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.
In any case, AENER ENERGÍA S.L.U. has enough mechanisms in place to:
- Guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
- Restore availability and access to personal data quickly, in case of physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the processing.
- Pseudonymize and encrypt personal data, if applicable.