Privacy policy

FUNDACIÓN AZTI – AZTI FUNDAZIOA (hereinafter, “AZTI”) informs users of the website (hereinafter, the “WEBSITE”) about its privacy policy applicable to personal data that may be collected through the WEBSITE or other duly identified data collection systems.

AZTI provides the necessary technical resources for users to access this privacy policy and comply with the information obligations established in the applicable regulations.

The use of the WEBSITE does not imply that the user must provide personal information. However, if personal data is provided, it will be treated in accordance with the principles and rights established in the current data protection regulations.

AZTI may modify this privacy policy to adapt it to new regulatory, jurisprudential, or administrative provisions, as well as to the practices it may develop through the WEBSITE, always guaranteeing the protection of users’ rights.

Índice de contenidos

1. Who is responsible for processing your personal data?

Website owner: AZTI – Fundación Azti – Azti Fundazioa
NIF: G-48.939.508
Registered office: Txatxarramendi Irla, no number. 48395 Sukarrieta (Vizcaya)
Contact phone: +34 94 657 40 00
Email: rgpd@azti.es
Registration data: Registered in the Basque Country Foundations Registry with number F-38

2. Principles related to processing

In the processing of personal data carried out, the principles required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, GDPR), are respected:
- Principle of lawfulness, fairness, and transparency: the data we collect is processed lawfully, fairly, and transparently, with the prior consent of the data subjects when necessary or, where applicable, for the execution of a contract to which the data subject is a party or for the application at the request of the data subject of pre-contractual measures, or if the processing is necessary for compliance with a legal obligation applicable to the controller or for the satisfaction of legitimate interests pursued by the controller or by a third party, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, particularly when the data subject is a child.
- Principle of purpose limitation: the personal data we process is used for the purposes indicated in the section “For what purpose do we use your personal data?”.
- Principle of data minimization: in accordance with this principle, the only personal data we collect from users is strictly necessary to manage the contractual relationship or to respond to the queries and/or information requests they make.
- Principle of accuracy: the personal data we collect will be kept accurate and, if necessary, updated. To this end, if there is any change in personal data, the user must inform us so that we can make the appropriate update.
- Principle of storage limitation: the personal data we process will be kept for the periods indicated in the section “How long will we keep your personal data?”.
- Principle of integrity and confidentiality: to respect this principle, personal data will be processed in a way that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by applying appropriate technical and organizational measures.

3. For what purpose do we use your personal data (whether or not you are a website user)?

Customer data: for the proper maintenance, development, fulfillment, and control of the contractual relationship and the provision of the services they demand. We will also use your identification and contact data to conduct satisfaction surveys and to send, by electronic or other means, technical, operational, and/or commercial information about news and commercial information about offers, activities, products, and services of our company.
Supplier data: for the proper maintenance, development, fulfillment, and control of the contractual relationship with our suppliers and the services they provide us.
Employee data: for the maintenance, development, fulfillment, and control of the contractual relationship with our employees, as well as compliance with the current labor, social security, and occupational risk prevention regulations that apply.
Candidate data: to manage the participation of interested parties in the personnel selection processes carried out by the company.
Data collected through the contact form: to manage and respond to queries or information requests made by interested parties.

4. What is the legal basis for processing your personal data?

Candidate data: the legal basis for processing your personal data is that it is necessary for the execution of the contract to which they are a party. Regarding the conduct of satisfaction surveys and the sending of commercial information, the legal basis for processing your personal data is the satisfaction of legitimate interests pursued by AZTI, as provided for in Article 6.1.f) of the GDPR, based on the provisions of Report 195/2017 of the AEPD. This is without prejudice to your right to object to the sending of such commercial information.
Supplier data: the legal basis for processing your personal data is that it is necessary for the execution of the contract to which they are a party.
Employee data: the legal basis for processing your personal data is that it is necessary for the execution of the contract to which they are a party.
Candidate data: the legal basis for processing your personal data is the consent you give us by providing your CV to participate in the personnel selection processes we carry out.
Data collected through the contact form: the legal basis for processing the personal data provided by interested parties when completing the form is the consent given by contacting us through it and, therefore, the necessity of such processing to attend to and respond to the query or information request made.

5. How have we obtained your data?

The data we process at AZTI has been obtained directly from you, through:
- The various forms you complete during your navigation on our websites and/or through other channels (e.g., registration as a user of the WEBSITE – where applicable –, contact forms, event registration, etc.);
- By sending a query email; or
- Through other duly identified data collection systems, such as the registration of visits to our facilities.
If the personal data provided belongs to a third party, you assure that you have informed that person about our PRIVACY POLICY and have obtained their consent to provide their data to AZTI for the purposes established below.
We also inform you about the possible processing of your data from social networks through the corporate profiles that AZTI maintains on the various platforms where we are present, all in accordance with the terms and conditions established in each social network.
When indicated (fields marked with an “*”), the provision of the requested personal data will be mandatory, and the refusal to provide it or the provision of incorrect data could prevent us from attending to your request and/or providing the required services.

6. What type of data do we process?

At AZTI, we process the data you have provided during your navigation on www.azti.es, through the corresponding forms we use to formalize our communication with you and/or by email, as well as those we may obtain through AZTI’s corporate profiles on the social networks where we are present.
Specifically, at AZTI, we manage the following categories of data:
- Identification and contact data (e.g., name, surname, ID, postal and email address, phone, etc.).
- Professional and employment data (e.g., company and position).
- Images taken at activities and events organized by AZTI in which you participate.
- Codes and credentials of identification as a registered user of the WEBSITE.
- Internet browsing data (e.g., IP address, visited web pages, Wi-Fi connections, etc.).
- Data related to personal characteristics, education, and employment, in the case of applications and selection processes of AZTI in which you voluntarily decide to participate.

7. To whom will your personal data be communicated?

The personal data of customers, suppliers, and employees will be communicated, where appropriate, to the tax administration for compliance with legal and tax obligations, as well as to the financial entities through which AZTI manages collections and payments.
In the rest of the processing, data will not be communicated to third parties unless necessary for compliance with legal obligations.
Additionally, for some other matters, we use third-party services that act as data processors, with whom we have signed the corresponding data processing contract in accordance with the provisions of Article 28.3 of the GDPR.

8. International data transfers

For some information management matters, AZTI uses third-party services located outside the European Economic Area. In these cases, international data transfers are carried out based on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection.

For some information management matters, services from Google are used, a company that acts as a data processor and, despite being outside the European Union and the European Economic Area, is covered by the EU-US Privacy Shield, as stated in the following link: Participant Search (dataprivacyframework.gov)

Google Privacy Policy: https://policies.google.com/privacy?hl=en

Similarly, to manage more efficiently, dynamically, and operationally and to better control the informative communications we send by email, we use MailChimp, a platform developed by The Rocket Science Group LLC, an entity certified under the EU-US Privacy Shield. Information available at: Participant Search (dataprivacyframework.gov)

In this regard, we inform you that the use of this platform involves the installation by the service provider of tracking devices in these emails to monitor the opening of emails and the clicking of links contained in the emails, and to compile reports on the campaigns with the information collected.

9. How long will we keep your personal data?

Customer, supplier, and employee data: personal data will be kept for the duration of the corresponding contractual relationship and, once it has ended, for the necessary periods to comply with legal obligations.
Regarding the sending of commercial information to customers, your identification and contact personal data will be kept until you express your opposition or revoke your consent for this purpose.
Candidate data: personal data of candidates will be kept for a maximum period of two years.
Data collected through the contact form: personal data provided by users when filling out the form will be kept only during the management of the queries or information requests they make, so that once their processing is completed, they will be deleted.
Data of users of our social media profiles: the retention periods of the personal data of our followers on social media depend on the policies of each social network, although we will only process them until they stop following us.

10. What are your rights when you provide us with your personal data?

Right to request access to your personal data: in order to know and verify the lawfulness of the processing, you may request confirmation at any time whether AZTI is processing your personal data and, if so, we will inform you, among other things, about what data we are processing, its purpose, the origin of the data, the expected retention period of the data, and, if applicable, recipients or categories of recipients.
Right to request rectification: you may request the rectification of inaccurate personal data or the completion of incomplete data, including through an additional statement. In such a case, you must indicate in your request which data you are referring to and the correction to be made, and, if applicable, provide supporting documentation of the inaccuracy or incompleteness of the data being processed.
Right to request erasure (“right to be forgotten”): you may request that your personal data be deleted and no longer processed if they are no longer necessary for the purposes for which they were collected or otherwise processed, you withdraw your consent, they have been unlawfully processed, or they must be deleted to comply with a legal obligation.
Right to request the restriction of processing of your personal data: in this case, AZTI will only keep your personal data for the formulation, exercise, or defense of claims, or to protect the rights of another natural or legal person or for reasons of important public interest.
Right to data portability: you may request that we provide your personal data to you or another controller you indicate, in a structured, commonly used, and machine-readable format.
Right to object to processing: AZTI will stop processing your personal data in the manner you indicate, unless we must continue processing them for compelling legitimate reasons or for the formulation, exercise, or defense of possible claims.
How to exercise your data protection rights: to exercise your rights, you must send us a written request addressed to AZTI at Txatxarramendi Irla, no number. Sukarrieta (Vizcaya) or by sending an email to rgpd@azti.es, always accompanied by a photocopy of your ID.

AZTI will respond to all requests within the deadlines and conditions required by current personal data protection regulations.

How to file a complaint with the Spanish Data Protection Agency: if you believe that we have not properly processed your personal data or that we have not adequately addressed your data protection rights, you may file a complaint with the Spanish Data Protection Agency, either through its electronic headquarters or at its address, Calle Jorge Juan, nº 6, C.P. 28001 Madrid.

More information about data protection rights and complaints to the supervisory authority at www.aepd.es.

11. Security

In accordance with the provisions of Article 32 of the GDPR, AZTI has adopted the appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

To assess the adequacy of the security level, the risks presented by data processing have been particularly taken into account, especially as a result of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

12. Use of the website by minors

We ask users to read the policies on the use of the website by minors that we have published in the “Legal Notice” of our WEBSITE.

13. Cookies

Cookies are small text files stored on the hard drive or in the memory of the computer that accesses or visits the pages of certain websites, so that user preferences can be known when reconnecting. Cookies stored on the user’s hard drive cannot read the data contained on it, access personal information, or read cookies created by other providers.

See information about the cookies used on this WEBSITE in the “Cookies Policy” section.

Last updated: 18/02/2025

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_2802629_22	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Cookie	Duration	Description
BIGipServer~Azti~Pool_AZTI_80	session	No description
CONSENT	16 years 6 months 3 days 13 hours 14 minutes	No description
TS0192cb93	session	No description
TS0192cb93_77	session	No description
wp-wpml_current_language	1 day	No description available.
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.