AINIA / Privacy Policy

Privacy Policy

Corporate Commitment to Data Protection

1.Purpose

The purpose of this Privacy Policy is to inform individuals (hereinafter, users or data subjects) visiting our Website (hereinafter, website, site or web) about the way in which we collect, process and protect the personal data that they choose to provide to us by any means (forms, emails, telephone, contracts, etc.) and, after reading it, freely decide whether they wish us to process such data. In addition, it serves to expand the information previously provided to data subjects in the information clauses included in the processes for collecting their personal data.

Likewise, this policy is intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter LOPDGDD).

2. Who is responsible for processing your personal data?

: :

Entity:	AINIA
CIF/NIF:	G46421988
Postal address	Calle Benjamín Franklin, 5 a 11, CP 46980 Paterna (Valencia)
Phone:	96 136 60 90
Email:	privacy@ainia.es
Corporate purpose:	Agri-food Research
Website	https://www.ainia.com/
Registration details:	Registered in the Associations Register: No. 78.125 (National Associations Register, Ministry of the Interior); No. 3 (MINECO Technological Centres Register)

3. How can you contact the Data Protection Officer?

Our entity has appointed a Data Protection Officer before the General Registry of the Spanish Data Protection Agency, to whom data subjects may address their complaints or questions regarding how our entity processes their personal data. You may contact them in writing, indicating the name of our entity or trade name, followed by your complaint or query at:

BUSINESS ADAPTER, S.L.

Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).

Data subject support form or by E-mail: info@businessadapter.es

4. What personal data will we process and how do we obtain it?

For the development of our business activity, it is essential to process personal data, which may be collected through digital means (e.g. email, forms or web questionnaires), by completing paper documents (e.g. contracts or forms), or through face-to-face or telephone conversations. In all cases, the data will be processed fairly, lawfully and transparently.

The categories of data that our entity will process concerning data subjects are:

Identification data: name and surname, ID card or equivalent document, image and signature (handwritten or digital).
Contact data: telephone number, email, postal address.
Commercial data: quotations, purchasing conditions, management and history of services and/or purchases, outcome of contacts (telephone, email, messaging and other communication channels).
Research data: age, gender, family situation, behaviour towards a product (interest, attention, etc.) or physical reactions (body language, heart rate, galvanic skin response, etc.).
Training data: virtual classroom access credentials (username and password), participation records, training certificates.
Accounting data: income and expenditure control, invoicing data.
Banking data: bank accounts and cards.
Goods and services transactions: bank transfers and direct debits, amounts and concepts.
Browsing data: analysis of time spent on our website, pages visited, demographic data (e.g. age, gender, language).

In general terms, our entity will not collect special category data (e.g. health data, ethnic origin, political opinions or religious beliefs), but if it becomes necessary to process such data, you will be informed and your prior express consent will be requested.

Consequently, the data requested will be adequate, relevant, limited to what is strictly essential and necessary, and processed only by personnel and/or collaborators authorised by our entity, who will have signed a confidentiality commitment and undertake to comply with the security standards necessary to guarantee the confidentiality, integrity and availability of the processed data, as well as the other requirements legally established in the GDPR. Therefore, they will be processed lawfully.

The data to be processed are provided by the data subject or their legal representative, although there may be cases in which we delegate certain functions to collaborators who are responsible for collecting your data. However, such data will always be processed with your prior express consent.

In the event that a data subject does not provide the data requested or provides incomplete or incorrect data, it will not be possible to fulfil and maintain the relationship with them.

The categories of data that we may process regarding a person will depend on the relationship maintained with our entity, as shown below:

Members and Clients:

Identification, contact, commercial, accounting, banking, goods and services transaction and financial data will be processed and may only be collected if you provide them to us.

Consumers:

Identification, contact, research, commercial, accounting, banking and goods and services transaction data will be processed and may only be collected if you provide them to us.

Students:

Identification, contact, training, commercial, accounting, banking and goods and services transaction data will be processed and may only be collected if you provide them to us.

Information requesters:

Whether the requested information is by telephone or in writing (e.g. email or web forms), we will request and process your identification, contact and commercial data.

Suppliers and collaborators:

Identification, contact, commercial, accounting, banking, goods and services transaction and financial data will be processed. These data may be processed throughout all stages of the business relationship.

Job applicants:

For this category of data subjects, curriculum vitae data, identification data, contact details and other data related to their professional or personal characteristics will be processed when they submit their application to us through any means (e.g. in person, email, web forms). Such data may also be collected during recruitment interviews (in person or via videoconference). We may even receive your job application through a collaborator to whom we have delegated certain functions. For more information, please consult our Job Applicants Policy.

Social media users:

We are present on different social media platforms and may process identification, contact, commercial and other data that the user enables to be viewed or shared with other users of the social network, including curriculum vitae data (e.g. LinkedIn). For more information, please consult our Social Media Policy.

Subscribers:

An email address is requested in the subscription forms for our bulletins/newsletters.

Complainants:

Identification data, contact details and personal information belonging to yourself or third parties that you wish to communicate to us in relation to the complaint you submit will be processed.

Whistleblowers:

Through our internal whistleblowing channel, reports may be submitted anonymously, although you may also voluntarily provide us with identification and contact data, as well as other personal information relating to yourself or third parties connected to the report, in accordance with Law 2/2023 of 20 February on the protection of persons who report regulatory infringements and on combating corruption. More information is available in the terms of the Internal Whistleblowing Channel.

Visitors:

Identification and contact data will be processed and collected either when provided by the data subject upon accessing our facilities or when your contact person within our entity provides them to allow you access to such facilities.

Web Users:

When visiting our website, and only if the user expressly authorises it, analytical data (e.g. visit duration or pages visited) and even demographic data (e.g. gender, age, country or language) may be collected. For more information, please visit our Cookies Policy.

More information for data subjects:

The legally established information included in the corresponding information clauses within the different data collection methods will be made available to data subjects, so that you may freely and expressly decide whether you want the requested personal data to be processed by our entity.

All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our entity.

5. What will your data be processed for?

In general terms, the processing of personal data carried out by our entity aims to fulfil and maintain relationships with different groups of people, such as clients or suppliers. It also applies to other people who proactively contact us through our web forms, by telephone or in person, by email or post, such as job applicants or information requesters, users of our website/blog or social networks, and interested parties in general.

Depending on such relationship, the processing of your data responds to different purposes which, by way of example and not limitation, are detailed below:

Members:

Your personal data will be processed to identify you, fulfil and maintain the pre-contractual and contractual relationship, including sending commercial communications through different means, registering you as a member, responding to your queries, carrying out quality controls and commercial statistics, providing our services, accounting and billing management, transactions of goods and services, collection management, incident management, complaints and exercise of rights, as well as for other purposes necessary to comply with such relationship, the laws to which we are subject and our legitimate interests.

Clients:

Your personal data will be processed to identify you, fulfil and maintain the pre-contractual and contractual relationship, including sending commercial communications through different means, responding to queries, carrying out quality controls and commercial statistics, providing our services, accounting and billing management, transactions of goods and services, collection management, incident management, complaints and exercise of rights, as well as for other purposes necessary to comply with such relationship, the laws to which we are subject and our legitimate interests.

Consumers:

Your personal data will be processed to identify you as a participant in our consumer research programme consisting of a product testing survey (programme) in which you have requested to participate. This means that we may use your data to contact you (email or telephone) and inform you about aspects related to the programme. We will also create a consumer profile using your personal data (age, gender or family situation) in order to align your profile with the profile requested for each programme and the products to be tested. Likewise, data generated as a result of your participation in our programmes will also be processed, such as behaviour towards the product (interest, attention, etc.) or physical reactions (body language, heart rate, galvanic skin response, etc.), which will allow us to issue a global assessment of consumers regarding the product under study, but never to create profiles of your personality.

Consumers’ personal data will also be processed to respond to queries, payment management, accounting and billing management, incident management, complaints and exercise of rights, as well as for other purposes necessary to comply with such relationship, the laws to which we are subject and our legitimate interests.

Students:

Your personal data will be processed to identify you, register you in the training activities you request to participate in, record your participation and issue the corresponding participation certificates, contact you and inform you about the training you wish to undertake, send commercial communications through different means, respond to queries, carry out quality controls and commercial statistics, deliver our training, accounting and billing management, transactions of goods and services, collection management, incident management, complaints and exercise of rights, as well as for other purposes necessary to comply with such relationship, the laws to which we are subject and our legitimate interests.

Information requesters:

We will process your personal data to respond to your general information requests, identify you, send or provide quotations and information about goods and/or services of interest to you, including in our response (verbal, written or digital) commercial information related to the request. We will also carry out follow-up contacts through different means to learn about the decisions taken regarding the commercial proposals we have sent you.

Solicitantes de empleo:

Your data will be processed to include you in our recruitment processes and job pool, identify you, as well as contact you and inform you about vacancies, interview coordination and other matters related to your application. For more information, please consult our Job Applicants Policy.

Suppliers and collaborators:

Your personal data will be processed in order to maintain the commercial relationship, whether for requesting quotations, purchasing goods or contracting services, identifying you, accounting management, carrying out transactions of goods and services, assignment for training (speakers), as well as for other purposes necessary to comply with such relationship, our legal obligations and legitimate interests.

Social media users:

We will process your personal data to maintain the relationship as users of the same social network, identify you, contact you, share news and other personal data that you allow to be shared with the rest of the members of the social network. For more information, please consult our Social Media Policy.

Subscribers:

Your data will be processed to send you our newsletters/news bulletins or advertising by email, to identify you and to process your unsubscribe request should you request it.

Complainants:

Personal data will be processed to identify you, manage your complaint and contact you regarding its status, as well as to comply with our legal obligations and legitimate interests.

Whistleblowers:

The personal data you decide to provide in your report will be processed to register and manage your report, as well as to identify and contact you (except in the case of anonymous reports) to acknowledge receipt of your report and keep you informed about the status of our investigations within the deadlines and terms established in Law 2/2023 of 20 February. Likewise, we may process your data based on our legitimate interests and whenever necessary to comply with other legal obligations to which we are subject. More information is available in the terms of the Internal Whistleblowing Channel.

Visitors:

Data relating to visits to our facilities will be processed to identify you, comply with our occupational risk prevention obligations and for security and access control purposes at our facilities.

Web Users:

Data may also be processed for different purposes (e.g. visit analysis) when you accept the installation of cookies while visiting our website. For more information, please visit our Cookies Policy.

More information for data subjects:

The legally established information included in the corresponding information clauses within the different data collection methods (e.g. forms, recordings, contracts, etc.) and in others that we make available to you (e.g. badges, invoices, legal notices, etc.) will be made available to data subjects so that you may freely and expressly decide whether you want the requested personal data to be processed by our entity.

If you do not provide the data we request or if incomplete or erroneous data are provided, it will not be possible to respond to your request for information or establish a relationship with you.

The data will not be further processed or used for purposes other than those accepted by the data subjects.

The purposes motivating the processing of personal data will be duly identified in the corresponding processing activities owned by our entity.

6. Why do we process your data (legal basis)?

The processing of your personal data by our entity is based on one or more of the following legal grounds:

When you provide your express, free, informed and unequivocal consent, after being informed at the time your data are collected and in more detail through this privacy policy, which after reading and agreeing to it, you may voluntarily authorise us to process your data for one or more purposes by ticking the boxes provided for this purpose in our web forms or by signing the information clauses provided to you whenever we request your personal data.

For the execution of a contract to which you are a party or because you have requested pre-contractual measures.

When processing is necessary to comply with a legal obligation applicable to our entity.

When processing is necessary for the purposes of the legitimate interests pursued by our entity or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. In this regard, we inform you that our entity has carried out an assessment balancing our legitimate interests with the rights and freedoms of the data subject, always respecting their fundamental rights.

If the user is under 14 years of age, consent from parents, guardians or legal representatives will be required to process their data. The user is solely responsible for the accuracy of the data sent to us.

7. Data retention

The personal data provided will be retained while we maintain our relationship with you and for the time necessary to fulfil the purpose for which your data were collected.

Once such relationship has ended, we will keep them blocked in those cases where it is necessary to retain them until liabilities expire exclusively for claims or legal actions, as well as to comply with our legal obligations, for example:

· ·
·

Data	subjects Sector	Legal basis	Retention period
· Clients · Suppliers · Consumers · Students	Accounting	Art. 30.1 Royal Decree Commercial Code	6 years from the last accounting entry
· Clients · Suppliers · Consumers · Students	Tax	Art. 66 General Tax Law 58/2003	· General retention period: 4 years · In the event of losses during the financial year: 10 years · Invoices: 5 years
· Employees	Labour	Art. 21 of Royal Legislative Decree 5/2000 – Social Order	· 4 years:
· Job applicants	Labour Labour	Relations Guide	1 year
· Employees Occupational	Risk Prevention	Art. 4.3 of Royal Decree 5/2000 – Social Order	· 5 years
· Job applicants	Job applications	Guide on Labour Relations – AEPD	1 year
· Whistleblowers · Affected persons	Reports through the Internal Whistleblowing Channel	· Art. 26.2 Law 2/2023 – internal information systems · Art. 32.3 Law 2/2023 – internal information systems Art. 32.4 Law 2/2023 – internal information systems	· In the event that the reported facts have been investigated, they shall not be retained for more than 10 years. · For the time strictly necessary to decide whether to initiate an investigation into the reported facts. If it is proven that the information provided, or part of it, is not truthful, it must be immediately deleted, unless such lack of truthfulness may constitute a criminal offence, in which case the information shall be retained for the time necessary while the judicial proceedings are processed. · If no investigation is initiated within 3 months of receipt of the report, the data must be deleted.

8. Profiling

We do not create profiles or make automated decisions using your personal data, but if we do so, you will be informed and prior authorisation will be requested.

Likewise, you have the right to object to this type of processing at any time by writing to our entity at privacy@ainia.es.

9. Data disclosure

As a general rule, our entity does not disclose personal data to third parties without prior consent, although this will be necessary in the following cases:

If you are a consumer, student, client or supplier/collaborator, your personal data may be disclosed to third parties due to legal obligation (e.g. Tax Agency), or in those cases and to those entities necessary to provide our services or pay invoices (e.g. Banking entities).

Likewise, your personal data as a consumer, student, client or supplier/collaborator may be processed by certain providers to whom we delegate some of our obligations (e.g. accounting advisors), and all of them have committed, through a data processing agreement, to comply with the same security measures implemented by our entity, as well as to comply with the duty of secrecy and confidentiality regarding the processed personal data, among other obligations relating to personal data protection.

If you are a job applicant, your data will not be disclosed to third parties unless we are legally obliged to do so.

If you are requesting information or are a user of our website, your data will not be disclosed to third parties unless we are legally obliged to do so.

If you are a whistleblower, your data may be lawfully processed by persons other than those responsible for the internal information system, and may also be disclosed to third parties when necessary for the adoption of corrective measures within our entity or for the processing of sanctioning or criminal proceedings that may arise (Art. 32.2 Law 2/2023).

In general terms, we may disclose your personal data to Judges, Courts, the Public Prosecutor’s Office and/or competent Public Administrations in the event of claims when we are obliged to do so.

10. International data transfer

In the event of disclosures to third parties located in countries outside the European Economic Area, we will inform you and request your prior express consent.

11. Security Measures

Our entity has implemented all the necessary technical and organisational measures to protect the personal data processed, preventing its loss, theft or unauthorised use.

These measures have been created according to the type of data processed and the purposes motivating such processing. They are periodically verified through our internal controls for compliance with personal data protection regulations and through external audits.

12. Your Rights

You, as the holder of your personal data and acting on your own behalf or through your legal representative (e.g. persons under 14 years of age), may contact our entity at any time and request the exercise of your rights regarding personal data protection.

We explain below what these rights are:

Right of Access:

You have the right to know and request from us at any time the following information:

Whether or not we are processing your personal data.
The purposes of the processing, as well as the categories of personal data being processed.
The origin of your data, if you did not provide it directly to us.
The recipients or categories of recipients to whom your personal data have been or will be disclosed, including, where applicable, recipients in third countries or international organisations.
Information on the appropriate safeguards relating to the transfer of your data to a third country or international organisation, where applicable.
The planned retention period, or if not possible, the criteria used to determine this period.
Whether automated decisions exist, including profiling, meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
A copy of your personal data being processed.

Right to Rectification:

To request the rectification of your personal data when they are inaccurate, as well as to complete them when they are incomplete.

Right to Object:

You may object to us processing your data when they are incorrect or when their processing is no longer necessary.

If you act as a reported person or a person affected by a report under Law 2/2023, you may not exercise your right to object, since it is presumed (unless proven otherwise) that there are legitimate grounds for processing your personal data, in accordance with Article 31.4 of the Law.

Right to Erasure:

To request that your data be deleted for any of the following reasons:

Your data are no longer necessary for the purposes for which they were collected or processed.
You have not given consent for the processing of your data.
When you have exercised your right to object.
When the data have been unlawfully processed.
When the data must be erased to comply with a legal obligation.

Right to Restriction of Processing:

You may request the exercise of this right in one or more of the following cases:

When you contest the accuracy of your data, for a period allowing the controller to verify their accuracy.
When the processing is unlawful and you oppose the erasure of your data and request the restriction of their use instead.
When the data are no longer needed for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims.
When you have objected to processing pursuant to Article 21(1), while it is verified whether the legitimate grounds of the controller override those of the data subject.

Right to Data Portability:

This refers to the right to obtain the data relating to you in a structured, commonly used and machine-readable format, and to transmit them to another controller for further processing.

Right not to be subject to automated decision-making:

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of your rights, you must contact our entity in writing either by post at: Calle Benjamín Franklin, 5 a 11, CP 46980 Paterna (Valencia), or by email at: privacy@ainia.es, stating the rights you wish to exercise and your contact details so that we may send our response. If you act on behalf of another person, you must provide proof of representation.

If you wish to submit any suggestion or query regarding the processing of your personal data, you may contact the Data Protection Officer at:

BUSINESS ADAPTER, S.L.

Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).

Data subject support form

We inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.

13. Commitment to Personal Data Protection

Scope of application

Our commitment to personal data protection shall be mandatory for all departments and employees of our entity, as well as for third parties acting on our behalf.

Purpose

We have established action protocols for the processing of your personal data, in accordance with European and Spanish data protection regulations.

Principles

We will process your data lawfully, fairly, transparently, with data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability.

Special category data

Our entity prohibits the processing of personal data revealing ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data or data concerning sexual orientation, except in legally authorised cases and with the prior consent of the data subject.

Rights of data subjects

Our entity will handle and respond to requests for the exercise of rights as quickly and diligently as possible.

Register of Activities, Impact Assessment and Security Measures

Our entity will maintain a record of processing activities and analyse the purposes of processing, categories of data subjects and data, recipients, international transfers, retention periods, etc., in order to assess the risks of processing and implement the necessary security measures to guarantee the confidentiality, integrity and availability of personal data.

Likewise, in each processing activity, the need to carry out an Impact Assessment and determine whether there is an obligation to appoint a Data Protection Officer has been analysed, establishing where necessary that the person appointed to this position has sufficient knowledge and experience in accordance with current regulations.

Control

We have external support advising us on this matter, monitoring all publications made by the competent supervisory authorities and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.

14. Update of this Policy

Our entity reserves the right to modify this Policy without prior notice. Therefore, we recommend consulting it each time you visit our website.

Text updated on 12 February 2024

ttis, pulvinar dapibus leo.