Skip main navigation
You are at: Home>UNE Privacy Policy
Privacy Policy

Privacy Policy

This privacy policy establishes the basis on which we will process any personal information we may obtain, respecting at all times the principles of legality, faithfulness and transparency, as well as the other obligations and guarantees established in the current regulations on personal data protection.

 

1. WHO IS PROCESSING YOUR DATA?

This policy will be applicable to the Spanish Association for Standardization (hereinafter UNE), with Tax ID Number G78216819 and with headquarters at C/Génova 6, 28004 Madrid and contact datos@une.org

 

2. WHY DO WE PROCESS YOUR DATA?

 

At UNE, we process personal data to manage contractual relationships and perform the services and activities of the association.

For this purpose, UNE provides information on the legitimate bases that will permit the various data processing activities:

I. Managing contractual relationships.

  • UNE will process your personal data to maintain and manage contractual relationships, including:
  • Management of customer and provider relationships, accounting, invoicing, management of accounts payable and receivable.
  • Managing the relationship with experts collaborating with UNE on different subjects and projects
  • Management of the relationship with members who take part in technical standardisation committees
  • Management of the relationship with UNE members.

II. UNE's legitimate interest.

Legitimate interest constitutes a legitimate basis for the data processing, provided that such interest in processing the data falls within the reasonable expectations of the data subject, based on the relationship you have or have had with UNE.

We will process your personal data based on our legitimate interest for the following purposes:

  • Sending you, with due observance of the Information Society Services Act, electronic communications (including the UNE Magazine) concerning the services provided by the Association, in order to keep you informed about the services related to the Association. At all times and in each of the communications received, you can clearly, freely and easily object to receiving them.
  • Managing UNE's institutional relations and communications, by sending information relating to the Association's activities to public or private institutions and journalists.
  • Inviting you to conferences that may be of interest to you, based on your previous relationship with UNE.
  • As mentioned in Section 5 of this Privacy Policy, for communications to any of the intended recipients that process Personal Data for the purposes described in this Privacy Policy.

 

III. Express consent of the data subject

Express consent constitutes a legitimate basis for processing that will allow UNE to process your personal data for the purposes described below, after obtaining the corresponding consent for this purpose:

  • UNE magazine sent monthly.
  • Managing enquiries received related to standardisation.
  • Registration for informative and educational sessions
  • Management of standardisation training
  • Processing of data from candidates who undertake a selection process through the UNE website.

Candidates who pass the initial stages of the selection process may be called upon to take a competence assessment, after which a competence profile will be created and stored for current or future selection processes compatible with the candidate.

Your consent will be obtained in a clear and unambiguous way by collecting your signature on paper, or by clicking on the "send" button in the application.

Furthermore, you are informed that you may withdraw your consent at any time by contacting UNE through the established channels that are mentioned in this Privacy Policy.

 

IV. Compliance with legal obligations

We will process your personal data in order to guarantee an optimum level of compliance with the legal obligations in force, to which UNE is subject, as well as to cooperate with legal or administrative authorities when necessary.

 

3. DATA PROCESSED The data to be processed by UNE within the framework of the relationship with the data subject and depending on the purpose of the processing will include but will not be limited to the following categories:

  • Private contact and identity data. (Name and surname, address, email, landline or mobile phone number, national ID document number or similar document, IP address).
  • Data relating to employment and the organisation. (company, department, position, responsibilities, functions).
  • Data relating to professional and training circumstances (career, position data, employment period, tasks, activities, studies, qualifications and assessments).
  • Economic data for invoicing management (bank account).
  • Data relating to photos and videos featuring personal images. When attending activities and events organised by UNE, the individual can be photographed or recorded on video. Such photographs and videos are used by UNE to announce such events, and have no marketing purposes whatsoever.

 

4. DATA STORAGE In compliance with the principle of limiting the storage period, the data collected will be processed only for the time necessary and for the purposes for which they have been collected at any given time. Data storage will be deemed justified when:

  • A legal and/or administrative standard requires that the data be stored for a specific period.
  • The data will be used for the historical records and/or statistical purposes of the Association.
  • It could cause damage to the legitimate interests of the data holder or third parties.
  • The data and documentation serve as a supporting document for an activity or service rendered, during the limitation periods of civil, criminal, administrative or other actions that may arise from the activity or service provided. In this case, UNE must keep the data blocked until the storage obligation period elapses.
  • A longer storage period has been agreed upon by the interested parties.

 

5. CATEGORIES OF RECIPIENTS

For the aforementioned purposes, the individual's data may be communicated to:

  • AENOR INTERNACIONAL, S.A.U. and companies in its group. You can see any information you require on the aforementioned companies at the following link: (https://www.aenor.com/en-el-mundo/red-exterior).
  • National, European or international standardisation bodies, including countries outside of the European Union and the European Economic Area. Your personal data may be transferred to the European Commission, to the European Parliament and other institutions of the European Union to participate in the relevant meetings and events which the individual is expected to attend.
  • To multilateral bodies providing cooperation and technical support.
  • To third party organisers or co-organisers of events and activities promoted by UNE.
  • To legal or administrative authorities, in the event of a legal obligation.

6. INTERNATIONAL DATA TRANSFERS

Occasionally, personal data may be transferred, stored and processed in a country that does not provide an adequate level of protection of personal data under European Union legislation.

UNE verifies, in all cases, the existence of adequate guarantees in accordance with applicable legal requirements in order to ensure that your data is adequately protected, based on the standard contractual clauses approved by the European Commission, or through the relationship with providers that have approved binding corporate rules in accordance with Article 47 of the GDPR.

 

7. HOW DO WE PROTECT YOUR PERSONAL DATA?

UNE undertake to keep your Personal Data safe, taking all reasonable precautions to do so. We implement all the necessary technical and organizational measures in accordance with this Personal Data Protection Policy and applicable laws and regulations to protect your Personal Data against unauthorized access, modification or disclosure. We demand and contractually oblige our service providers and collaborators to apply a level of security suitable for proper data protection.

 

8. RIGHTS OF THE INTERESTED PARTY

In accordance with the provisions of applicable regulations, UNE informs the customer or user that they enjoy the following rights derived from applicable regulations:

Access: the data subject has the right to obtain information on whether UNE is processing personal data that concern them and, where that is the case, the right to obtain a copy of the personal data that are subject to processing.

Rectification: the data subject has the right to rectify errors and modify data that are inaccurate or incomplete.

Erasure: the data subject has the right to have their data erased and no longer processed by UNE, unless there is a legal obligation to store them and/or other legitimate grounds for processing by UNE prevail. For example, if personal data is no longer needed for the purposes for which they were collected, the customer may request that we delete this data without undue delay.

Restriction: under the legally established conditions, the data subject may restrict the processing of their data, in such a way that UNE may not undertake future processing of this data, which it will only store for the purposes of exercising or defending legal claims.

Objection: under certain circumstances and for reasons related to their specific situation, data subjects may object to their data being processed. UNE will cease processing said data except in the event of overriding legal grounds, or the exercise or defence of possible legal claims. Similarly, the interested party is entitled not to be subject to decisions based solely on automated processing, including profiling, which has legal effects on the subject or similar significant effects thereon.

Portability: this enables the data subject to receive their personal data in a structured, commonly-used, machine-readable format and to send them directly to another data controller.

UNE guarantees the adoption of the necessary measures to ensure the exercise of these rights free of charge, whereby the data subject must properly identify themselves  and communicate their intention to us via the following channels:

  • By sending an email containing the information indicated in the previous section to the following address: datos@une.org
  • By means of a letter, indicating which right they wish to exercise, addressed to C/Génova nº6, 28004 of Madrid, to the attention of the UNE Legal Advisory Service.

Lastly, individuals are hereby informed that they can present a complaint related to the processing of their personal data to the controlling authority, in the case of Spain, the AEPD [Spanish Data Protection Agency] (www.aepd.es).

 

ADDITIONAL INFORMATION ON DATA PROTECTION CONCERNING TEMPORARY TEMPERATURE CONTROL AT THE ENTRANCE TO UNE FACILITIES

UNE makes available to its customers, providers, collaborators and employees, in a clear and understandable way, all the additional data protection information related to the temporary temperature control at the entrances to any of its facilities and work centres (hereinafter, the "Additional Information").

This Additional Information will be available to data subjects for as long as UNE carries out temperature controls at the entrances to its facilities. If you have any doubts or questions about this Additional Information, please contact our Data Protection Officer via the email address datos@une.org

 

WHAT IS THE DATA PROCESSING RELATED TO TEMPERATURE CONTROL?

The main purpose of implementing temporary temperature controls at the entrances to UNE's facilities is to adopt adequate protection measured designed to allow access as appropriate, and, where applicable, to deny access to people presenting with a fever (one of the main symptoms developed by those infected with COVID-19), to prevent the spread of the pandemic, and to guarantee the protection of the health of UNE's personnel and collaborators, as well as of its customers and providers.

 

As a result, and in order to guarantee the right to privacy and data protection for all employees, collaborators, customers and providers, UNE will not collect any personal data during the temperature controls, regardless of the body temperature taken. Therefore, under no circumstances will UNE store, record or keep any personal information resulting from the temporary body temperature checks at the access points to UNE's facilities and work centres.


CHANGES TO THIS ADDITIONAL INFORMATION

This Additional Information may vary over time due to possible changes in criteria followed by the supervisory authority responsible for data protection matters at any time. UNE therefore reserves the right to modify this Additional Information in order to adapt it to these criteria, as well as to new developments with regard to health, jurisprudence or legislation.

Madrid, 18 August 2020.