Privacy Policies

Consorcio Zona Franca de Vigo
This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the GDPR. This Privacy Policy aims to inform the data subjects whose personal data is being collected through the web portal, as well as to specify the particular aspects relating to the processing of their data, including, among other things, the purposes of the processing, the contact details to exercise their rights, the retention periods of the information, and security measures, among others.

Joint Data Controller

For data protection purposes, the following joint controllers must be considered Responsible for Processing, regarding the files/processings of personal data managed within the VIAGALICIA program:
  • Consorcio de la Zona Franca de Vigo, with VAT number V-36611580, located at Calle Areal 46, 36201 Vigo, phone 986 269 700.
  • Instituto Galego de Promoción Económica, with VAT number Q-6550010-J, located at Complejo Administrativo de San Lázaro, s/n, 15703 Santiago de Compostela (A Coruña), phone 900 815 151.
  • Axencia Galega de Innovación, with VAT number Q1500386F, located at Calle/Rúa Airas Nunes, 15702, Santiago de Compostela (A Coruña), phone 981 541 072.
  • Xesgalicia Sociedad Gestora de Entidades de Inversión de Tipo Cerrado, SAU, with VAT number A15674203, located at Rúa Ourense, 6, 15701 Santiago de Compostela (A Coruña), phone 981 541 621.
  • Vigo Activo Sociedad de Capital Riesgo, S.A., with VAT number A15674203, located at Calle Oporto, 3 – 3rd floor, 36201 Vigo (Pontevedra), phone 986 202 406.
To this effect and in compliance with the GDPR, you are informed that these entities have established a joint responsibility agreement regulating specific aspects for data communication, contracts with processors, general obligations, security measures and breaches, as well as the exercise of rights in data protection matters.

Purpose

The purpose of processing the data is to respond to requests received through the web portal, to publicize the development of the programs through photographs or video recordings, where applicable, as well as the analysis and measurements carried out on the web portal, with the objective of improving its operation, optimizing the user experience, and measuring visit traffic. Likewise, your data may be processed to identify you and authenticate access to the private area of the portal, which will require a username and password.

Legal basis

The processing of your data is carried out to fulfill a mission carried out in the public interest or in the exercise of official authority vested in the Controllers, as well as on the consent of the data subject, which must be given through a clear affirmative action.

Data retention

Personal data provided will be kept for the time necessary to fulfill the purpose for which it is collected and to determine any liabilities that may arise from such purpose, in addition to the periods established by archives and documentation regulations.

Data communication

As a general rule, personal data will not be communicated to third parties, except where there is a legal obligation, which may include communications to the Ombudsman, Judges and Courts, interested parties in procedures related to filed claims.

Data subjects’ rights

Data protection regulations grant a series of rights to data subjects. These rights are as follows:
  • Right of access: the right to obtain information on whether your personal data is being processed, the purpose of the processing, the categories of data processed, the recipients or categories of recipients, the retention period and the origin of such data.
  • Right to rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
  • Right to erasure: the right to obtain the erasure of data in the following cases:
    1. When the data are no longer necessary for the purpose for which they were collected.
    2. When the data subject withdraws consent.
    3. When the data subject objects to the processing.
    4. When the data must be erased to comply with a legal obligation.
    5. When the data were obtained in connection with an information society service under Article 8(1) of the European Data Protection Regulation.
  • Right to object: the right to object to a certain processing based on the data subject’s consent.
  • Right to restriction: the right to obtain restriction of processing when one of the following applies:
    1. When the data subject contests the accuracy of the personal data during a period allowing the controller to verify the accuracy of the data.
    2. When the processing is unlawful and the data subject objects to erasure of the data.
    3. When the controller no longer needs the data for the purposes for which they were collected, but the data subject needs them for the establishment, exercise or defense of legal claims.
    4. When the data subject has objected to processing pending verification whether the legitimate grounds of the controller override those of the data subject.
You may exercise your rights of access, rectification, erasure, data portability, restriction and objection to processing, as well as not to be subject to decisions based solely on automated processing of your data, where applicable, before the Consorcio de la Zona Franca de Vigo at Calle Areal 46, 36201 Vigo, or by email at lopd@zonafrancavigo.es. Should you wish to contact our Data Protection Officer at the same address. You are also informed that you can contact any of the Controllers to exercise your rights. Data subjects are reminded that, if consent has been given, it may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Furthermore, you are informed that if you consider your rights have been violated, you may contact the Spanish Data Protection Authority at www.aepd.es.

Security

The security measures adopted are those required, in accordance with the provisions of Article 32 of the GDPR. In this regard, taking into account the state of the art, implementation costs, and the nature, scope, context and purposes of the processing, as well as the varying risks of probability and severity for the rights and freedoms of natural persons, appropriate technical and organizational measures have been established to ensure a security level appropriate to the risk. In any case, the Viagalicia Program has implemented sufficient mechanisms to:
  1. Guarantee the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
  2. Restore availability and access to personal data promptly in the event of a physical or technical incident.
  3. Regularly verify, evaluate and assess the effectiveness of technical and organizational measures implemented to guarantee processing security.
  4. Pseudonymize and encrypt personal data, where appropriate.

© Vigo Free Trade Zone Consortium.

Legal notice

Privacy Policies
Cookies Policies