Privacy policy

Additional Legal Information regarding Data Protection

  1. Who is the data controller?

Technological Institute of Energy (“ITE”)
Valencia Technology Park
Avenida Juan de la Cierva 24
46980 Paterna, Valencia, Spain
Data protection contact: protecciondedatos@ite.es

  1. Which categories of personal data will ITE process?

In accordance with the provisions of the General Data Protection Regulation (“GDPR”), ITE will process the personal data of data subjects/individuals (representatives of members, clients or potential clients of ITE or users of the website), who provide them in order to process their registration as new members, to provide the services they request, or to deal with their queries, claims or requests, as well as for other purposes detailed in this Policy. For this purpose, ITE will process the following personal data:

CategoryDatos personales
Identification data
Name and surname, ID card number.
Professional data
Entity represented by the interested party, position held in the entity.
Contact details
E-mail address, contact telephone number and postal address.
Third party data
Interested parties designated to (i) act as the member’s point of contact with ITE and (ii) attend ITE General Assemblies as a member (in the event that they are different from the representative person requesting registration): Name and surname(s), position held in the entity, postal address, contact telephone number and e-mail address.

III. For what purpose and with what legitimisation does ITE process your personal data?

The personal data provided to ITE (through the website www.ite.es -or through any other means of contact) will be processed for the purposes and in accordance with the following legitimate grounds:

  1. Based on a legitimate interest of ITE:
  • ITE will process the personal data of (i) the representatives of the members and/or customers, (ii) of the contact persons designated by such entities and (iii) only in the case of members, the persons representing them at the General Assembly, in order to fulfil the following purposes:Formalise the registration of new members who are legal entities. In this registration process, the applicant must designate a contact person and the person who will represent him/her at the General Meetings. In this respect, the new Member shall obtain the authorisation of such persons, and send them a copy of this Privacy Policy.
  • To provide the services requested from ITE, and to manage their invoicing and collection. In certain cases, this may require having to provide the data of the representative to a Control Body or a Public Administration. Additionally, if the partner or client requests training services, ITE will receive and process the data of the attendees in order to (i) if requested, register and certify their attendance and (ii) if the training is online, register them in the platform used.
  • Deal with queries, requests or complaints made through the contact form on the website, or by other means (e-mail).
  • To formalise the registration of the interested party in the user area of ITE’s website.

 

ITE will carry out the above on the basis of its legitimate interest, given that the processing of the data of these natural persons (representative, contact person or attendee at the Meetings) is necessary to formalise, maintain and execute the contractual relationship with the partner or customer they represent. In this sense, the interest of ITE lies in the correct and orderly maintenance of such contractual relationship.

In relation to this legitimate interest, ITE has carried out an internal “balancing test” to check that its legitimate interest does not harm the interests of the persons whose data it will process. As a conclusion of this test, ITE understands that its privacy is not affected because (i) its data are processed solely by reason of its position and to manage the relationship with the entity it represents and (ii) data protection regulations (specifically, Article 19 of the LOPD) establish a presumption of lawfulness of the use of the data of representatives (which are necessary for their professional location) when the purpose of the processing is, precisely, to maintain relations with the represented legal entity.

 

Additional purposes based on legitimate interest:

  • A)Satisfaction surveys: ITE will send to the contact persons of the clients and partners surveys on the quality of the services provided. This treatment is necessary to know the degree of satisfaction of customers and partners with the services or attention provided by ITE, to know which aspects of its activity should be improved, to create new products or modify the ones offered, as well as their conditions and prices. The results of the survey will be anonymous and your answers will not be linked to anyone. Therefore, your personal data will only be processed in order to send the survey.

In this case, ITE has also developed a “balancing test” to analyse whether its legitimate interest is prejudicial to the rights of data subjects. On this basis, ITE understands that their privacy is not affected, given that (i) the results of the survey will be anonymous, and because (ii) the completion of the survey is voluntary, with no individualised tracking of who has completed the survey.

  • B) Sending of commercial information about related products: ITE will send to its clients and partners (through its contact persons) commercial information about products and services that it offers and that are similar to those already contracted by them. In order to do so, it will only process the contact person’s data: their telephone number and the e-mail address they have provided to ITE.

In this case, ITE has also carried out a “balancing test” to check that its legitimate interest does not harm the interests of these contact persons. As a conclusion of this analysis, ITE understands that it has an overriding interest in carrying out this processing in order to: (i) inform customers and partners about its products and services and (ii) to be able to maintain or extend the contractual relationship between ITE and the customer or partner. Furthermore, it should be noted that this is an activity permitted and limited by the current regulations on data protection and electronic communications, as interpreted by the data protection authorities.s.

  • C) Capture and use of the image of the attendees to events and training sessions given by ITE (group photographs): in the event that ITE organises an event or a training session contracted by a partner or a client, this entity will take general images of the public that participates or attends the event. The purpose of the processing is to use these images in internal (internal news bulletin, corporate communications) and external (press releases, brochures, promotional posters, website, training advertising) media. In any case, the image of the interested party will be captured in a general way, through group photographs (that is, photographs of 5 people or more), where the specific image of a person is not particularised.


In this case, ITE has also carried out a “weighing test”. As a conclusion of this test, ITE considers that this processing does not affect the privacy of the data subjects, taking into account that their image will be captured and used in a general context of a group of persons. In the event that ITE intends to obtain and publish the image of one or more specific persons, ITE will request the express consent of the data subjects concerned.

  • D) Transfer of personal data to solvency files: in the event that, as a consequence of the provision of ITE’s services, the partner or client maintains a certain, due and payable debt with the said entity that has not been paid, ITE will transfer the personal data of the representative of the debtor company to common files of non-fulfilment of monetary obligations (solvency files). Only the data of the interested party as representative of the debtor company will be transferred to the solvency file, and in no case will this transfer affect him/her as a private individual. In particular, ITE will transfer to the solvency file “ASNEF” the identification data (name, surname, ID card number) of the debtor and/or his representative.

ITE will do the above on the basis of its legitimate interest, whose objective is the protection of the integrity and stability of the financial system, as well as for the protection of any entity that allows the financing in the acquisition of its products or services.

As in the previous cases, ITE has elaborated a “balancing test”. According to this evidence, ITE understands that this processing does not affect the privacy of the data subject, taking into account that (i) the data subject will not be affected by the transfer of the data to the solvency file, since the debtor is the entity it represents and (ii) it is a processing activity aimed at the protection of the entities that grant financing and to avoid fraud in contracting. In addition to the above, the transfer of personal data of debtors to solvency files is an expressly permitted processing regulated in the Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights. ITE guarantees that, in any case, it will respect the requirements established in the regulations in force regarding the transfer of personal data to solvency files.

With respect to all of the above processing in which ITE understands that it has a legitimate interest, the data subject shall have the right to (i) obtain further information about the legitimate interests of ITE and (ii) object to such processing, in the manner set out in section VI below.

 

  1. Compliance with legal obligations:

ITE will need to process your data in order to comply with the different legal obligations that may be required at any given time. We refer, mainly and among others, to those provided for in the following regulations:

  • Law 58/2003, of 17 December, General Taxation.
  • If we are requested by any Court or Tribunal, the State Security Forces or any other competent Public Authority or Administration, ITE will be legally obliged to provide the personal data of the representatives of the members or clients.

For this activity, the identification and contact data of the partners and clients will be processed, as well as the data related to the products or services purchased or the certifications issued by ITE, in case the competent authority so requires. These obligations of a legal nature will exist and will be fulfilled by ITE even after the end of any contractual relationship with the partner or customer, during the periods imposed on us in each case by the legislation in force.

  1. Fulfilment of a public interest mission:

In ITE’s facilities, video surveillance cameras have been installed that will obtain and process the personal image of any interested party accessing these facilities.

The purpose of this treatment is to protect ITE’s facilities and the assets inside them, as well as the indemnity and security of the people who are also in these facilities. In accordance with current data protection regulations, this processing is based on the fulfilment of a public interest mission.

The images will not be transferred to any third party and will only be kept for a period of one month from the time they were obtained. However, if requested by a competent authority (Courts and Tribunals, Security Forces and Corps), ITE will transfer these images to this authority. In other cases, the aforementioned authorities may order ITE to keep the images beyond the legally permitted period. The images will also be used by ITE, as evidence or proof, in the case that ITE has to demand responsibility from an interested party for any illicit action.

 

  1. Based on the consent of the data subject:

  2. A) Capture and use of the image of attendees at events or training sessions given by ITE (individual photographs): If ITE were to organise an event, or give a training session contracted by a partner or a client (and the latter so authorises), ITE may take individual photographs – or of groups of less than 5 people – of the attendees, for publication in internal and external media, as defined in section 2.C). In these publications, the image of the person concerned will appear, associated in certain cases with his/her name and surname (e.g. in the promotional article or in the published caption).

 

ITE will only do so if it has the prior and express consent of the persons photographed, for publication in internal and external media. This consent may be withdrawn at any time, at which point the images will be removed from the media where they have been published. However, any such withdrawal shall not affect the legality of the processing already carried out prior to the withdrawal.

B) Sending of newsletter: If the partner or client registers and requests it, ITE will periodically send them its Newsletter, with information about its products and services, upcoming events, news of the energy sector or regulatory news. ITE will send it to the e-mail address of your contact person or representative. To unsubscribe from this service and withdraw your authorisation, you can follow the procedure indicated in section VI, or by clicking on the unsubscribe link provided in each mailing you receive. This will in no way affect your status as a member or customer of ITE, although it will not affect the legitimacy of the mailings previously sent.


How long does ITE keep your data?

 

ITE will process the personal data of the representative person of the partner or customer for the time necessary to fulfil the purpose justifying its processing and essentially for as long as ITE and the partner or customer maintain their contractual relationship. However, in the event that the partner or customer informs ITE that a person is no longer his or her “contact person” or “representative”, ITE will no longer process his or her personal data.

After this, ITE will keep the personal data of the representative for the periods that may be imposed by the legislation in force and for their availability to the competent Public Administrations, Courts and Tribunals or the Public Prosecutor’s Office, keeping them in such case duly blocked and during the prescription period of the actions that may derive from their processing.

Once these periods have elapsed, ITE will proceed to their physical deletion.

 

  1. To which recipients will the user’s personal data be communicated?

The user’s personal data (i.e. the various data subjects mentioned in this Policy) may be disclosed to third parties in the circumstances set out below:

  • In the cases in which the partner or client contracts online training services, the contact details of the people registered in the training will be transferred to CISCO (Webex platform), in order to facilitate their registration in the platform and allow their access to the training. This transfer will involve an international transfer of the students’ data, which will be regulated by ITE in accordance with the guarantees established in the current regulations on data protection (by signing the Standard Contractual Clauses of the European Commission). In any case, the user shall have the right to request and obtain a copy of the guarantees applied by ITE to regulate the international transfer of his/her data.
  • The provision of ITE’s services may require the transfer of the data of the client’s representative or partner to Control Bodies or Public Administrations. The representative will be informed of the specific body to which the data will be transferred, depending on the service in question.
  • Apart from the aforementioned data communications, ITE will count on the collaboration of third party service providers who may have access to the personal data and who will process them in the name and on behalf of ITE as a consequence of their provision of services.

ITE follows appropriate criteria for the selection of service providers in order to comply with its data protection obligations and undertakes to sign the corresponding data processing contract with them, whereby it will impose on them, among others, the following obligations: to apply appropriate technical and organisational measures; to process personal data for the agreed purposes and only in accordance with ITE’s documented instructions; and to delete or return the data to the entity once the provision of the services has been completed.

Specifically, ITE may contract the provision of services by third party providers that carry out their activity, by way of example, in the following sectors: logistics services, legal advice, IT service providers, physical security companies, messaging service providers -including instant messaging-, or infrastructure management and maintenance companies.

 

  1. What are the user’s rights regarding data protection?s?
  • The user has the right to obtain confirmation as to whether or not ITE is processing his/her personal data and, if so, to access them, as well as to request the rectification of inaccurate data or, where appropriate, to request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • In certain cases and for reasons related to the user’s particular situation, as well as in those situations in which ITE processes his or her data on the basis of its legitimate interest, the user may object to the processing of his or her data. In this case, ITE will stop processing the data, except for compelling legitimate reasons or for the exercise or defence of possible claims. In this sense, and when justified in accordance with data protection regulations, the user will have the right to request the limitation of the processing of his/her data. The user may exercise all the aforementioned rights, providing a copy of his/her ID card, by writing to  protecciondedatos@ite.es
  • Finally, the user can also complain to ITE and/or to the Spanish Data Protection Agency (as such competent Control Authority), especially when they have not obtained satisfaction in the exercise of their rights, through its web page https://www.aepd.es