Privacy Policy
Privacy and data protection are a commitment acquired by Arabat, Arabako Bideak Vías de Álava, S.A. (hereinafter ARABAT), which is deployed both in the development of its activity with clients, users and suppliers, as well as within its own organization with respect to its personnel.
Stakeholder Rights
Know and exercise your rights regarding personal data protection in accordance with the GDPR.
1. Scope
ARABAT-VÍAS DE ÁLAVA, S.A. is committed to the protection of privacy and the correct use of the personal data that we process and that you provide to us, both online on this website and, if applicable, any of its subdomains and/or microsites, as well as off-line.
Important: Please read this policy carefully and make sure you understand and agree with it before you provide us with your personal information. If you do not agree with it, do not use this website or its services or provide us with your data.
2. Data Controller
ARABAT-VÍAS DE ÁLAVA, S.A.
VAT ID: A-01361237
Address:
C/ Vicente Goikoetxea, 1 -1. Office 4
CP 01008 Vitoria-Gasteiz (ÁLAVA)
Phone: 945 134690
Email: dpd@arabat.org
3. How We Have Obtained Your Information
3.1. Obtained by the interested party himself
Identification and Contact Information
- Name and surname
- DNI/NIE
- Mailing Address
- Phone and email
- Date of birth
Financial and Turnover Data
- Banking information
- Credit card information
- Transaction history
- Fiscal data
Communication Data
- Communications history
- Consultations performed
- Reported incidents
- Contact preferences
3.2. Automatic retrieval via web browsing
Connection Data
- IP Address
- Date and time of access
- Source URL
- Pages visited
- Time of permanence
Device Data
- Browser type
- Operating system
- Screen resolution
- Device information
3.3. Communication of data by third parties
Responsibility of the communicator: With respect to other people’s data, you must respect their privacy, taking special care when communicating or publishing their personal data. Only the owner can authorize the processing of their personal data.
If you provide data of third parties, you warrant that:
- It has the prior and express consent of the owner.
- Has informed the owner about the processing of his data
- Respects the fundamental rights of the individual
- Assume liabilities arising from claims
4. Purposes of Processing
Contractual and commercial management: If you are a current or potential customer or supplier, we process your data to manage the contractual and/or commercial relationship, including warranty and after-sales services.
Management of web inquiries: If you use our website, we process your data to manage the requests you make to us online.
Institutional communications: To maintain contact and send information about our services, activities and regulatory obligations.
Recruitment processes: In case of providing curricular data, we use them to contact and manage personnel selection processes.
5. Conservation Periods
Customers and Suppliers
The data will be kept for as long as the contractual or commercial relationship is maintained and, once concluded, for the time necessary to comply with legal obligations and until the interested party requests its deletion.
Website Users
The data will be retained as long as you do not request its deletion. Even after the request for deletion, we may keep them with limited processing when there are legal obligations that require it.
6. Legal Basis for Processing
The processing of your personal data is based on the following legal bases set out in the GDPR:
- Contractual performance (Art. 6.1.b RGPD): When it is necessary for the performance of a contract to which you are a party.
- Consent (Art. 6.1.a RGPD): When you have given your consent to the processing.
- Legitimate interest (Art. 6.1.f RGPD): To send communications about our activities and services.
- Legal compliance (Art. 6.1.c RGPD): When the processing is necessary to comply with a legal obligation.
7. Addressees and Communications
Your personal data may be disclosed to the following categories of recipients:
- Group companies: For internal administrative purposes and provision of services
- Financial institutions: For the management of collections, payments and banking operations.
- Public administrations: When there is a legal obligation of communication.
- Service providers: Acting as processors under contract.
- Insurance companies: For the underwriting of operations and collections
International transfers: Some suppliers may be located in third countries. In these cases, we verify that they have an adequacy decision from the European Commission or we implement the appropriate safeguards provided for in the GDPR.
8. Stakeholder Rights
As the data subject, you have the following rights recognized by the RGPD:
Fundamental Rights
- Right of access: Obtain information on whether we process your data and, if so, access it.
- Right of rectification: Request the correction of inaccurate or incomplete data.
- Right of deletion: Request the deletion of your data when the circumstances foreseen in the regulations are met.
Complementary Rights
- Right to restriction: Request the restriction of the processing of your data in certain circumstances.
- Right to portability: Receive your data in structured format and transmit it to another data controller.
- Right to object: To object to the processing of your data for reasons related to your particular situation.
Exercise of Rights
To exercise your rights, you can contact the data controller by:
- Written and signed request addressed to the postal address indicated in paragraph 2.
- Electronic communication to the address: dpd@arabat.org
Required documentation: In both cases you must attach a copy of your ID card or equivalent identification document.
9. Right of Claim
If you consider that the processing of your personal data does not comply with the regulations in force, you can file a complaint with the Spanish Data Protection Agency.
Last updated: [Date of last modification].