1. Data Controller
VIVEBIOTECH S.L. (hereinafter VIVEBIOTECH), with registered office at Mikeletegi Pasealekua 81, 20009 Donostia-San Sebastián (Gipuzkoa), guarantees the protection of personal data voluntarily provided by the user when communicating with VIVEBIOTECH, filling in data collection forms, entering into a contractual relationship or using any other service involving the communication of data or access to data.
VIVEBIOTECH processes personal data pursuant to the EU General Data Protection Regulation 679/2016 of 27 April 2016 (GDPR) and with Organic Law 3/2018 of December 5 on Data Protection and Guarantee of Digital Rights (LOPDGDD), and in compliance with current legislation on data protection.
VIVEBIOTECH makes this policy public to ensure compliance with the principle of pro-active liability and transparency of information, and to demonstrate that the data subject’s explicit consent has been obtained through this policy.
2. Purpose of processing
The personal data collected and processed by VIVEBIOTECH through its website, contact, job offers, newsletter or other means shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The purposes, by way of example, but not exhaustive, are to attend to the specific request, such as answering queries, subscribing to and sending newsletters, commercial contact, registration for job offers and information related to the activity of VIVEBIOTECH and, in general, commercial and/or advertising communications.
The purpose of collecting or processing personal data is also to establish and maintain relationships, in compliance with the nature and characteristics of the relationship, be it partners, collaborators, users, etc.
In the case of training, the purpose is to manage any training activity, as well as registration, assistance and subsequent information, follow-up, etc.
In all cases, personal data shall be retained in a form in which the data subjects can be identified only for as long as is necessary for the purposes of the processing.
Such retention periods may be extended only for scientific or historical research purposes or for statistical purposes.
The legal ground or legitimacy for data processing on the part of VIVEBIOTECH depends on the processing activity, type of personal data subject and the purpose of data processing; we therefore regard the following as legal grounds:
- Acceptance or consent: Data subjects who contact VIVEBIOTECH to request information, make a query, become a member, subscribe to information notes and the newsletter, training, etc., and who voluntarily provide the personal data requested.
- Job offers: applicants accessing the VIVEBIOTECH job offers give their consent through the contact form.
- Overriding legitimate grounds of the data controller or of third parties to whom it communicates data: Such legitimate grounds arise when contact data are collected which extend beyond the forms described in the section on the purpose of processing (for example, receipt of business cards, consultation by electronic mail, etc.).
In all instances, the data subject shall be responsible for the veracity of the data provided. VIVEBIOTECH reserves the right to exclude all false or illegal data, without prejudice to any other actions that may arise in law.
VIVEBIOTECH warns that, unless there is legally constituted representation, data subjects may not use the identity of another person or communicate that person’s personal data and must bear in mind at all times that the personal data they provide to VIVEBIOTECH shall be their own data and must be adequate, relevant, up to date, accurate and true.
To this effect, the data subject shall be solely liable for any direct or indirect damage caused to third parties or VIVEBIOTECH through the use of another person’s personal data or of their own personal data when they are false, erroneous, out of date, inadequate or irrelevant. Likewise, users who communicate the personal data of a third party shall be liable to the latter for the obligation of information laid down in the regulations in force, when the personal data have not been collected from the data subject, and/or for the consequences of not having provided the information.
4. Release or Transfer
Release: VIVEBIOTECH shall release personal data to third parties solely to meet its contractual or legal obligations to service providers or public or private bodies.
In such cases, the data subject consents to such release and may exercise the right to be informed thereof.
International transfer: VIVEBIOTECH states that in the course of its activity it uses the services of suppliers to whom it communicates data (such as data processors) domiciled outside the European Economic Area, making an international data transfer.
5. Users’ rights and complaint procedure
Users may at any time exercise their legitimate rights over their personal data and may withdraw their consent to the uses described above; these rights may be exercised by writing to VIVEBIOTECH’s postal address or by email at email@example.com. In either case the user shall include a photocopy of their national identity card or similar identity document in order to exercise their legitimate rights, which are as follows:
- Access: the right to know whether VIVEBIOTECH is processing their data.
- Rectification: the right to have inaccurate personal data corrected.
- Erasure: the right to request the deletion of data in legally established cases.
- Objection: the right to cease processing personal data unless compelling legitimate grounds for the processing can be demonstrated.
- Right to restriction of processing. Data will be retained only for the exercise or defence of legal claims.
For more information on the exercise of these rights, please consult the Spanish Agency for Data Protection.
If you consider that the processing of your personal data is in violation of the rules, you may lodge a complaint:
- with the data controllers at VIVEBIOTECH; or
- with the Agencia Española de Protección de Datos (Spanish Agency for Data Protection) at: C/ Jorge Juan, 6, C.P. 28001, Madrid (Spain).
6. Data source
The data to be processed by VIVEBIOTECH are the personal data obtained, in general, from the data subjects themselves via the relevant questionnaire.
In the case of personal data not obtained directly from the data subject, VIVEBIOTECH will inform the subject in accordance with the GDPR, basically the source and category of the data.
7. Security Measures
The personal data supplied by or obtained from users and which are under the control of VIVEBIOTECH are organized in files which may or may not be automated. VIVEBIOTECH keeps a register of processing activities in accordance with the regulation in force.
In all of its data processing activities, VIVEBIOTECH implements the appropriate technical and organizational measures to ensure the confidentiality, integrity, availability and resilience of the data processed and to ensure their security, including protection against unauthorized or unlawful processing, and against loss, destruction or accidental damage.