Privacy polity, data processing and protection
This business privacy declaration made by BIDEA (hereinafter, “the declaration”) is issued on behalf of the data controller, Bidea Automotive S.L., with its business address at C/ Mejía Lequerica 8, (local) 08028 Barcelona, Spain (hereinafter “BIDEA” or “we”). It is addressed to any party with whom Bidea interacts, including visitors to and users of BIDEA’s websites, applications (in web and mobile formats) and online services (hereinafter, “the online services”), current and potential customers, members of suppliers’ managements and personnel, corporate customers and BIDEA’s personnel. When we include the words “you” in this declaration we collectively refer to all the parties whose personal data we process. In the carrying out of its function as data controller Bidea will process information concerning you in both printed and electronic formats, which we refer to as “personal data”. You assume responsibility for and guarantee that the personal data you provide to BIDEA are true and, as appropriate, that you have received the owner’s corresponding authorization.
BIDEA will process your personal data in compliance with the requirements of the current legislation, particularly the following:
A new Data Protection Regulation has been in force since 25 May 2018. EU Regulation 2016/679 harmonizes the legislation on data protection throughout the European Union, increasing the protection of natural persons owning personal data and giving them greater control over them. The data collected by BIDEA via its different channels (the website, email and electronic and paper forms) within the framework of its commercial activity and the provision of its services are incorporated into a processing file managed by BIDEA itself.
Purposes for which the data are collected:
Provision of training services: BIDEA records the data of the companies to which it provides training services, the employees who apply for BIDEA’s training activities and the contact persons in customers’ organizations responsible the formalization of the pre-enrolment and enrolment processes, the sending of useful information and the processing and issuance of qualifications and certificates. BIDEA’s customer company with regard to the provision of a training service assumes liability for and guarantees that the personal data concerning its personnel supplied to BIDEA are true and, as appropriate, have received the owners’ due authorization.
Provision of other customer services: BIDEA records the data of new customers that procure services and manages any additional data that may be generated as a result of the commercial relationships with said customers. The essential data are requested during the procurement process, which should include the bank payment data. These relationships entail further processing, such as the incorporation of the data into the accounting and invoicing and the sending of information to the tax authorities.
Personnel management: BIDEA processes the data of its workforce in order to perform proper human resource management and to comply with any resulting administrative, tax and legal obligations. Similarly, we collect and safeguard the CVs sent to us by people interested in working for us and we process personal data when we conduct personnel selection processes in order to analyse the suitability of candidates’ profiles for vacant or newly-created positions.
The personal data provided to BIDEA for the provision of a service shall be solely those required for drawing up the contract and those enabling us to provide the procured services in compliance with any legal obligations.
The purpose of the personal data collected via the form on the website provided to request information is to enable us to send commercial information on our products and services.
In this case, the processing of the data is legitimized by the express consent you grant when you accept the sending of the information provided on the form.
Suppliers: We record and process the data of the suppliers from whom we obtain services and goods. These may be the data of people who act as self-employed workers or data of representatives of legal persons. We obtain the data essential for preserving the commercial relationship. Said relationship involves further processing, such as the incorporation of the data into the accounting and invoicing and the sending of information to the tax authorities.
Conservation of the data:
The period for the conservation of the data chiefly depends on whether they are necessary for fulfilling the purposes for which they have been collected in each case. In addition, they are retained to cover potential liabilities resulting from the processing of the data by BIDEA and to attend to the requirements of the public administrations and judicial bodies. Consequently, the data must be retained for the time required to preserve their legal or informative value and to demonstrate compliance with legal obligations. In the case of information that certifies the training received by the students, the data shall be retained on a permanent basis in order to preserve the rights of said students. In the case of data that are processed exclusively upon the basis of the consent of the person in question, they shall be retained until the person withdraws said consent.
Legitimation of the processing:
The data processed by BIDEA include those obtained with the consent of the interested party and those voluntarily provided by the interested party by any means: data necessary for the maintenance of a contractual relationship (service provision contracts, labour and commercial contracts, etc.), for the provision of training services (registrations, enrolments, files, qualifications, etc.), for compliance with a pre-contractual or contractual relationship, for compliance with legal and tax obligations, for requirements of the public administration and for a legitimate interest.
Generally speaking, BIDEA only assigns data in compliance with its legal obligations. The personal data of the students who attend BIDEA’s training activities may be assigned to the training institutions that BIDEA cooperates with for the purpose of the issuance of certificates and qualifications and the registration of accreditations related to the training received by the students. These institutions are as follows:
Qualitäts Management Center im Verband der Automobilindustrie e.V.
Fédération des Industries des Equipements pour Véhicules (FIEV)
TopQM-Systems GmbH & Co. KG
In addition, BIDEA obtains the services of companies or people that provide us with their experience and specialization for certain tasks, and on occasions the latter have to access personal data. In the terms of the General Data Protection Regulation, this does not involve a transfer of data but rather a processing order. We only procure services from companies that guarantee compliance with this regulation. Their confidentiality obligations are formalized and their actions are monitored at the time of the procurement. This may occur in the case of data hosting services on servers, computer support services and legal, accounting and tax consultancy firms.
Rights of data holders:
Everyone has the right to know whether BIDEA is processing their data or not and whether it has the right to access their personal data, to request the rectification of any inaccurate data, to request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they are collected, to oppose the processing of their data for reasons related to their particular situation, requesting that they should not be processed by BIDEA, and to withdraw the consent they have granted, without the above affecting the lawfulness of the processing which has been performed prior to said consent being withdrawn.
When the rights of suppression, opposition, limitation and withdrawal of consent are exercised, BIDEA shall cease to process the data, unless there are compelling legitimate reasons for doing so or unless it does so in the exercise or defence of potential claims.
The owner of the data may exercise the rights envisaged in Chapter III of the General Data Protection Regulation, as well as those in the LOPD (the Spanish Data Protection Act) by writing to BIDEA at email@example.com. Whenever the above rights are exercised, a copy of the applicant’s ID card or an equivalent document proving his/her identity must be attached to the application.
Similarly, a claim may be sent to the Spanish Data Protection Agency via its website (www.agpd.es).
Provenance of the data:
In most cases the data come directly from the interested parties and we obtain them chiefly via the forms prepared for said purpose. We also obtain data on open days, during informative sessions and by means of face-to-face relationships, exchanges of business cards and other channels, such as the receipt of emails, our website, telephone calls, subscriptions to blogs and our profiles on social media.
The data collected by BIDEA are basically identification data, electronic addresses, commercial information, financial data and the data of users of our website (*). Specially protected data are not processed.
Sending of commercial correspondence:
In accordance with the Law on Information Society Services and Electronic Commerce you can unsubscribe from any of the services and exercise your right of opposition to receiving commercial information by sending a request to firstname.lastname@example.org, accompanied by a copy of the applicant’s ID card or an equivalent document proving his/her identity.
BIDEA hereby informs you that it implements the security measures required to prevent the theft or alteration of the data or unauthorized access to them, taking into account the state of the art, the implementation costs and the nature, scope, context and purposes of the processing, as well as risks of varying probability and seriousness concerning the rights and freedoms of natural persons, while, in the case of the outsourcing of services, it shall require and ensure that the data controller implements the appropriate technical and organizational measures to guarantee a level of security suited to the existing risks, as set forth in Article 32 of the General Data Protection Regulation.