GENERAL TERMS OF USE OF THE AZKOYENVENDING.COM

At Azkoyen VPS and subsidiaries, we are committed to protecting the privacy and personal data of users of our websites, services, and digital platforms, in accordance with the applicable data protection regulations, in particular Regulation (EU) 2016/679 (GDPR) and the legislation in force in each country.

This privacy policy describes how we process personal data.

 

 

WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

Data Controller: Azkoyen Vending & Payment Solutions, S.L.U.
 Tax ID: B71541411
 Registered address: Avda. San Silvestre s/n, 31350 Peralta (Navarra – Spain)
 Email: responsableseguridad@azkoyen.com

 

 

FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA?

The aforementioned Azkoyen VPS subsidiary, acting as the Data Controller, will process personal data for the following purposes and on the following legal bases:

  • Handling requests for general corporate information, as well as enquiries regarding our products and services. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
  • Exercise of rights and privacy management. Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).
  • Conclusion and performance of commercial contracts (sale, distribution, maintenance services, etc.): the processing of the professional contact details of persons involved in the formalisation and performance of contracts – whether they are sole traders or persons acting in a representative or managerial capacity on behalf of legal entities to which they provide services – shall be processed on the legal basis of legitimate interest (Art. 6(1)(f) GDPR).
  • Compliance with legal obligations in tax, accounting and administrative matters arising from the contractual relationship established with the data subject. Legal basis: compliance with a legal obligation (Art. 6.1(c) GDPR).
  • Management of the corporate whistleblowing channel, joint responsibility for processing carried out by the subsidiaries comprising Azkoyen VPS. Legal basis: compliance with a legal obligation (Art. 6.1(c) GDPR).
  • Sending of commercial information by the data controller at Azkoyen VPS to its own customers, by any means – including electronic communications – regarding products and/or services similar to those previously contracted. Legal basis: legitimate interest (Art. 6.1(f) GDPR).
  • Management of the technical support service (SAT). Should you need to access the SAT platform, you may register by providing your email address, first name and surname. Legal basis: existence of a legitimate interest (Art. 6.1(f) GDPR).
  • Where your express consent is obtained, the sending of commercial information, by any means – including electronic means – by the data controller, Azkoyen VPS. Legal basis: Consent of the data subject (Art. 6.1(a) GDPR).
  • In the event of consent to the use of “non-exempt” cookies, information regarding browsing on our website will be collected in order to measure activity on the site and, where appropriate, improve the user experience and the functioning of the website. Legal basis: Consent of the data subject (Art. 6.1(a) GDPR).
  • Access to guest Wi-Fi: information regarding IP address, MAC address and browsing history will be collected during the connection in order to provide the service. Legal basis: Legitimate interest (Art. 6(1)(f) GDPR).
  • In the context of relations with job applicants, the data controller at Azkoyen VPS may process personal data contained in the CVs it handles. Legal basis: implementation of pre-contractual measures at the data subject’s request (Art. 6(1)(b) GDPR).

To demonstrate that processing activities based on the Organization’s legitimate interest in accordance with Art. 6.1(f) GDPR do not harm the data subject’s interests in the protection of their personal data, a “legitimate interest balancing test” has been carried out. The data subject has the right to obtain additional information regarding these processing activities and the content of this legitimate interest, as well as to object to the processing of their data for this purpose by contacting our DPO responsableseguridad@azkoyen.com.

 

 

TO WHOM WILL WE DISCLOSE YOUR PERSONAL DATA?

Your personal data may be disclosed to external auxiliary service providers with access to personal data contracted by the data controller, a subsidiary of Azkoyen VPS, such as IT service providers with access to personal data (technical/IT maintenance service providers, cybersecurity, hosting), environmental management companies, consultancy firms, administrative agencies, recruitment agencies, advertising and marketing companies, and other auxiliary service providers who will act as data processors under the instructions of the contracting entity.

Where we have your express consent, your data may be transferred for commercial purposes to the other subsidiaries of Azkoyen VPS.

For the purpose of managing the procurement of our products and services, your data will be disclosed to subsidiaries of Azkoyen VPS; likewise, to official distributors of the responsible entity who have signed a commercial collaboration agreement.

Where legally required, your data may also be disclosed to public administration bodies, auditors, notaries, court experts, lawyers, solicitors, courts and tribunals, and law enforcement agencies in the course of their duties. In addition, your data may be transferred to Azkoyen Vending & Payment Solutions, S.L.U., the parent company of Azkoyen VPS, for administrative purposes within the business group.

 

 

HOW LONG WILL WE RETAIN YOUR PERSONAL DATA?

Your personal data will be retained only for as long as is necessary to fulfil the purpose for which it was collected. In this regard, once your personal data is no longer necessary for the fulfilment of such purposes, it will be deleted. However, it may be blocked beforehand, remaining available only to judges, courts, public prosecutors or the competent public authorities – in particular the data protection authorities – for the purpose of addressing any potential liabilities arising from the processing, and only for the duration of the applicable limitation period.

  • Personal data obtained via the contact form will be retained only for the time necessary to respond to the request for information.
  • Personal data obtained via the registration form for recruitment processes will be retained whilst such processes are ongoing. Thereafter, it will be retained for a period of two years, except in the case of candidates who are ultimately hired, whose CVs will be incorporated into their personnel files (in which case the data protection policy applicable to the workplace will apply).
  • Personal data obtained via the whistleblowing channel will be retained in that channel’s system for a maximum period of three months, after which the data will be deleted or anonymised, without prejudice to the fact that, should an investigation be initiated, the data may be processed in the information system of those assigned control and compliance functions.
  • Personal data relating to commercial transactions with customers and suppliers operating as self-employed individuals, as well as the data of the legal and commercial representatives of customers and suppliers, shall in all cases be retained for the duration of the contractual relationship and for a further six years following its termination; this period may be extended whilst limitation periods for legal actions remain in force.
  • Personal data of a professional nature that has been included in databases for commercial purposes will be retained unless we are notified of your objection or withdrawal of consent.

 

 

WHAT SECURITY MEASURES WILL BE APPLIED TO YOUR PERSONAL DATA?

The processing of the personal data provided will be carried out by adopting the necessary physical, logical and organisational security measures to prevent loss, misuse, alteration and unauthorised access to such data, taking into account the state of technology, the nature of the data and the risk analysis carried out.

 

 

WILL INTERNATIONAL TRANSFERS OF PERSONAL DATA TAKE PLACE?

International transfers of personal data may only occur in certain cases; that is, transfers of personal data from the EU to territories or international organisations located outside the European Economic Area (EEA).

Where this occurs, the Azkoyen VPS subsidiary responsible for processing will always ensure that one of the following conditions is met: (i) there is an Adequacy Decision certifying an adequate level of protection; (ii) standard contractual clauses have been formalised in accordance with Commission Implementing (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the international transfer of personal data to third countries; (iii) neither of the above conditions applies, but one of the exceptions set out in Article 49 of the GDPR is applicable.

 

 

HOW CAN YOU EXERCISE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA AND CONTACT OUR DATA PROTECTION OFFICER?

To withdraw any consent you may have given, or to exercise your rights of access, rectification, erasure, objection, restriction, data portability and not to be subject to automated individual decision-making, you may submit a written request to:

Avda. San Silvestre s/n, 31350, Peralta (Navarra, Spain), or

responsableseguridad@azkoyen.com

Should the data subject deem it appropriate, they may contact our Data Protection Officer (DPO) via the email address provided above, as well as lodge the relevant complaint regarding the protection of their rights with the competent data protection authority.

 

 

MANDATORY OR OPTIONAL NATURE OF THE DATA REQUESTED

The mandatory fields on each form are marked with an asterisk (*). Refusal to provide such information will prevent communication with the user and, where applicable, make it impossible to provide the requested information and/or service.