Personal Data Protection Policy

VAXTOR TECHNOLOGIES S.L. (the “Company”) is an Organization in which personal data processing activities occur, attributing to it significant responsibility in designing and organizing procedures to align with legal compliance in this area.

In exercising these responsibilities and with the aim of establishing the general principles that should govern the processing of personal data in the Company, it approves this Personal Data Protection Policy, which it notifies to its Employees and makes available to all its Interest Groups.

Purpose

The Personal Data Protection Policy is a measure of proactive Responsibility with the purpose of ensuring compliance with the applicable legislation in this area and in relation to this, respect for the right to honor and privacy in the processing of personal data of all people who relate to the Company.

Developing what is established in this Personal Data Protection Policy, it establishes what are the Principles that govern data processing in the organization and consequently, the procedures, and organizational and security measures that those affected by this Policy commit to implementing in their area of responsibility.

For this purpose, the Management will assign responsibilities to the staff involved in data processing operations.

Scope of application

This Personal Data Protection Policy will apply to the Company, its administrators, directors and employees, as well as to all people who relate to it, including express inclusion of service providers with access to data (“Data Processors”)

Principles of personal data processing

As a general principle, the Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate it (Principle of “proactive responsibility”), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of “risk approach”).

In relation to the above, VAXTOR TECHNOLOGIES S.L. will ensure compliance with the following Principles:

  • Lawfulness, loyalty, transparency and purpose limitation. The data processing must always be informed to the affected party, through clauses and other procedures; and will only be considered legitimate if there is consent for data processing (with special attention to those provided by minors), or it has another valid legitimacy and its purpose is in accordance with regulations.
  • Data minimization. The data processed must be adequate, relevant and limited to what is necessary in relation to the purposes of the processing.
  • Accuracy. The data must be accurate and, if necessary, updated. In this regard, the necessary measures will be adopted to delete or rectify without delay personal data that is inaccurate with respect to the purposes of the processing.
  • Limitation of the conservation period. The data will be kept in a way that allows the identification of the interested parties for no longer than necessary for the purposes of the processing.
  • Integrity and Confidentiality. The data will be treated in such a way that the adequate security of personal data is guaranteed, including protection against unauthorized or illegal processing and against its loss, destruction or accidental damage, by applying appropriate technical or organizational measures.
  • Data transfers. The purchase or obtaining of personal data from illegitimate sources is prohibited or in those cases where such data has been collected or transferred in contravention of the law or its legitimate origin is not sufficiently guaranteed.
  • Hiring of suppliers with access to data. Only providers that offer sufficient guarantees to apply appropriate technical and security measures in data processing will be chosen for their contracting. With these third parties, the due Agreement in this regard will be documented.
  • International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.
  • Rights of those affected. The Company will facilitate the exercise of access, rectification, deletion, limitation of processing, opposition and portability rights for those affected, establishing for this purpose the internal procedures, and in particular the models for their exercise that are necessary and appropriate, which must satisfy, at least, the legal requirements applicable in each case.

The Company will promote that the principles contained in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all contracts and obligations they formalize or assume and (iv) in the implementation of as many systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.

Employee Commitment

The employees are informed of this Policy and declare themselves aware that personal information is an asset of the Company, and in this regard, they adhere to it, committing themselves to the following:

  • Carry out the data protection awareness training that the Company makes available.
  • Apply the security measures at the user level that apply to their job, regardless of the responsibilities in their design and implementation that could be attributed to them based on their role within VAXTOR TECHNOLOGIES S.L.
  • Use the established formats for the exercise of Rights by those affected and inform the Company immediately so that the response can be made effective.
  • Inform the Company, as soon as they become aware, of deviations from what is established in this Policy, particularly of “Violations of personal data security”, using the established format for this purpose.

Control and evaluation

An annual verification, evaluation and valuation will be carried out, or whenever there are significant changes in data processing, of the effectiveness of the technical and organizational measures to ensure the security of the processing.

Basic and additional information on data protection

Processing: Customers and suppliers

BASIC INFORMATION ON DATA PROTECTION
ResponsibleVAXTOR TECHNOLOGIES S.L.
PurposeDATA USED FOR THE PURPOSE OF MANAGING THE RELATIONSHIPS WITH THE ENTITY’S CUSTOMERS AND SUPPLIERS, BY THEIR PROCESSING AS CUSTOMERS AND SUPPLIERS
LegitimationExecution of a service provision contract
RecipientsYour data may be communicated to third parties. No data will be transferred outside the EU.
Rights Access, rectify and delete data as well as other rights, as explained in the additional information
Origin of the dataThe personal data processed at VAXTOR TECHNOLOGIES S.L. come from:
➢ The interested party or their representative
Additional information You can consult the additional and detailed information on Data Protection at www.vaxtor.com
ADDITIONAL INFORMATION ON DATA PROTECTION
Who is responsible for the processing of your data?
IdentityVAXTOR TECHNOLOGIES S.L. – B87670089
Postal AddressCALLE MIGUEL YUSTE 6, 1A, MADRID
Telephone+34 917 572 211
Emailymoral@vaxtor.es
What is the purpose of processing your personal data?
At VAXTOR TECHNOLOGIES S.L., we process the information provided to us by our stakeholder groups for the following treatments:
Data processing  Purpose of processing  Data retention period
CUSTOMERS AND SUPPLIERS➢ CUSTOMER MANAGEMENT, ACCOUNTING, TAX, AND ADMINISTRATIVE No automated decisions will be made based on this profile.  
➢ OTHER PURPOSES No automated decisions will be made based on this profile.  
The personal data processed will be retained in any case as long as necessary for the purpose of the processing, and will be deleted at the request of the interested party, or once the processing has finished, notwithstanding its preservation for the periods established in Tax Legislation to address possible liabilities.
What is the legal basis for their processing?
The legal bases for the processing of personal data at VAXTOR TECHNOLOGIES S.L. are as follows:
Data processingProcessing legitimation
CUSTOMERS AND SUPPLIERSExecution of the service provision contract. If you do not provide your data, the agreed provision cannot be carried out.
To whom will your data be communicated?
The realization of these treatments may involve the connection of your data with treatments performed by third parties. We inform you below of the provisions regarding the transfer of your data.
Data processingTransfer provisionInternational transfers
CUSTOMERS AND SUPPLIERSThe data will be communicated to: ORGANIZATIONS OR PEOPLE DIRECTLY RELATED TO THE RESPONSIBLE PUBLIC ADMINISTRATION WITH COMPETENCE IN THE MATTERNo data will be transferred outside the EU.
What are your rights when you provide us with your data?
Anyone has the right to obtain confirmation on whether VAXTOR TECHNOLOGIES S.L. is processing personal data that concern them, or not. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. VAXTOR TECHNOLOGIES S.L. will stop processing the data, except for legitimate and compelling reasons, or the exercise or defense of possible claims. Also, in certain circumstances and when technically possible, interested parties have the right for personal data to be transferred directly to another responsible party at their request.  

To exercise these rights, please contact us by writing to:  
➢ VAXTOR TECHNOLOGIES S.L., MIGUEL YUSTE 6, 1A – 28037 MADRID, or by e-mail at ymoral@vaxtor.es accompanied by a copy of your ID.  

Similarly, you can contact the Spanish Data Protection Agency, to file a complaint, especially when you have not obtained satisfaction in the exercise of your rights.