Data processing controller details:
DIGITAL DATA CENTRE BIDCO, S.L.
Calle Julián Camarillo 29, Edificio 1, Piso 3º, 28037, Madrid
CIF: B – 88308986
Registered in the Mercantile Registry of Madrid, in Volume 38728, folio 162; Section 8; Sheet M-688605, 1st inscription.
DATA HOLDINGS FUTURE, S.L.U.
Avenida Punto Com 23, Alcalá de Henares, 28805, Madrid,
CIF: B – 88333182
Registered in the Mercantile Registry of Madrid, in Volume 38744, folio 157, Sheet M-688843, 1st inscription.
What is personal data?
Personal data means any type of information that allows Nabiax to identify you and that is related to an individual, such as name, identification number or online identities.
It also includes personal data that is collected:
- on our website
- when you interact with us on social media profiles
- through the business relationships that you or your company develop with us
- when you request promotional or marketing material from us
- through your employment relationship with us
Nabiax aims to collect personal data that is suitable, relevant and limited to the purposes for which it was collected. Furthermore, we strive to store your personal data truthfully, thoroughly, and reliably in order that they fulfil their original purpose, and we only store your personal data for as long as is absolutely necessary to achieve the purposes for which it was first collected.
Thus, the personal data processed by Nabiax is grouped as follows:
- Data corresponding to contact persons using the online form
We collect the personal data of individuals who contact Nabiax using the online contact form found on the website or when an individual provides them to us personally when visiting either our offices or our data centres.
For instance, when you visit one of our data centres, we may ask for your first and last name, company or business details, title or role held, telephone number, email address, or any information that allows us to identify you as a visitor.
- Data corresponding to clients, potential clients and suppliers
This constitutes contact data that we need to collect for the purpose of entering into contractual or pre-contractual relationships that we need to collect for contractual or pre-contractual relationships with legal entities for regular trade activity.
- Data and information collected automatically
We automatically collect personal data when you visit our website by using registration and analysis tools, cookies and through your use and access of our portals. You can consult further information about the cookies and similar technologies used on our websites (including our portals) in the “Cookies Policy” found on this website.
The personal data we collect automatically may include the software and hardware characteristics of the device you used to access our website and online services (such as employee and customer online portals), unique device identification information, region and language settings, performance data about our website and online services, information about the network service provider and IP address (a number assigned to your device when you connect to the internet).
- Data corresponding to images captured by our Data Centres’ CCTV systems
This constitutes data belonging to individuals that is processed by security cameras or CCTV systems installed in our different data centres.
- Data corresponding to prospective candidates
This refers to the individuals who send us their CVs using our website, online portals or social networks or any means used by Nabiax to advertise job vacancies.
What personal data do we collect?
As we have stated in the above sections, the data we collect is necessary in order to carry out Nabiax’s business activities.
We limit ourselves to processing the identification data, email addresses and, where applicable, company information of individuals, and/or a telephone contact number to be able to contact the owner in the event of any query.
We also process data related to the company to which the contact of the client or supplier belongs and, in the event that the client is a freelancer/self-employed, the data related to the identity document provided and possible economic data will also be processed in order to facilitate the suitable handling of the contractual relationship.
In relation to the access control data, data related to identity documents is requested to control access to our Data Centres’ facilities. Furthermore, data related to the image of the individuals who access the facilities will be processed by our security cameras.
Finally, Nabiax processes personal employment and academic history of prospective candidates who send their CVs to any Nabiax company or division.
What do we use your data for?
Nabiax may use your personal data for one or more of the following purposes:
- Data related to our website contact form will be used exclusively so that you can contact us and that we can answer you.
- In relation to the contact persons of clients, prospects, suppliers or freelancers, the data will be processed with the sole purpose of executing the necessary contractual or pre-contractual agreements with company representatives.
- To support our relationship with you and your associated company, including technical support services and account and billing services.
- As mentioned previously, the data related to the people who access our Data Centres will be processed exclusively for security purposes, with the same purpose applying to the data corresponding to the video surveillance cameras located in the different Nabiax data centres.
- Although Nabiax does not process the data for commercial reasons, it is possible that the contact details of client companies or potential clients may be used, on occasions not using a systematic method, to send information related to possible new services or features or to communicate offers of the services provided by Nabiax.
- To analyse your use of our website and online services (such as portals), which will allow us to develop and improve the services we offer you and your associated company.
- In the event that a user has sent their CV through our website, portal or social networks, said data will be used to manage the application, analyse their profile and review their candidacy.
In addition to the aforementioned uses, on some Nabiax portals you will have the option to upload additional personal data, such as photographs of yourself or other representatives of your organization. This option is completely voluntary and Nabiax will only use this personal data for the purpose for which it was originally collected.
What are the legitimate bases for the processing of data?
The legitimate basis for data processing regarding the contact data of clients or potential clients, suppliers and freelancers/independent entities is mainly the fulfilment of contractual relations.
Moreover, regarding candidates and contact persons who fill in the online form, the legitimate basis is consent, which is granted when users willingly provide their personal data to Nabiax.
In relation to the sending of information related to Nabiax’s business activity, the legitimising basis is legitimate interest.
Sharing of data with third parties
Nabiax will not communicate and/or share your personal data to any third party, except in the following cases:
- That said data transfer was necessary to comply with the contractual relationship maintained with the owner of the data or their company.
- When Nabiax is required to comply with its legal obligations, such as with public authorities or official, state and/or judicial bodies.
- Nabiax may communicate personal data to the rest of the companies that form part of the Nabiax group, for administrative management purposes, provided that the legitimising basis is legitimate interest.
- In the case of data pertaining to work or academic history, your data may be communicated to the rest of Nabiax’s companies in the case that your application is of sufficient interest to the company to offer a job. In this case, legitimate interest is the basis for sharing the data.
- We may share your personal data with service providers and distributors that require the processing of data for which Nabiax is responsible. In these cases, such third parties will be considered data processors and will be required to hold the corresponding data processing contract. These third-party service providers may include auditing companies, computer maintenance companies, Data Centre security companies or any other company that, in order to provide their services, needs access to personal data that is under Nabiax’s responsibility.
We do not sell your personal data to third parties, whether for money or any other reason. If we disclose or share your personal data in the manner described above, we will do so to facilitate relevant services or our employment relationship with you and never for means of direct compensation. Whenever we work with a service provider that needs to access and use your personal data in order to provide certain services, at the instruction of Nabiax, we will take all reasonable steps to ensure that said service provider complies with applicable data protection and privacy laws and that the User will be notified in advance to give them the opportunity to express their consent.
Finally, Nabiax reserves the right to disclose your personal data if we are required to do so by law and when we believe that, in good faith, such an action is reasonably necessary to comply with applicable law or to safeguard Nabiax’s rights, property, or safety, or to protect its employees, customers, or the general public.
International data transfers
Given Nabiax’s global presence, we may transfer your personal data between Nabiax group companies, including locations where data privacy laws may differ from those in force in your country or jurisdiction.
To carry out this sharing of data, as a group we have the appropriate transfer compliance measures to guarantee the validity of the transfer of personal data to countries where the level of protection does not meet that which is required by applicable data protection laws.
Legal grounds for the processing of your personal data
Nabiax processes your personal data based on one or more of the following legal grounds:
- Your consent: when you agree to receive our marketing or promotional materials, we process your personal data to send you messages about us and the products and services we offer. You can withdraw your consent at any time.
- Execution of a contract: we may use your personal data to conclude or fulfil the agreements made between you or your associated company and Nabiax.
- Legitimate interests: we may use your personal data in accordance with our legitimate interests, including improving our services, providing information about our products or services, preventing and detecting fraud, ensuring network and information security and for administrative and legal compliance purposes.
- Compliance with legal obligations and protection of people: we may use your personal data to comply with the law and our legal obligations, as well as to protect you and others from certain threats.
How long do we keep personal data?
In general, the data provided will be kept as long as the contractual relationship is maintained or during the years necessary to comply with the legal obligations that affect Nabiax, according to the applicable legislation of each country where Nabiax is present.
In the case of contact persons, the data will be kept as long as the owner does not object to its processing.
Upon expiration or early termination of our business relationship, we will archive the personal data of Nabiax customers in order to preserve it as evidence or to comply with the retention requirements required by applicable laws or regulations. At the end of such storage period (i.e. when any applicable limitation laws or minimum record retention requirements expire), we will proceed to delete the personal data from our systems and records.
How do we protect your personal data?
Nabiax implements appropriate physical, technical, and organizational security measures, which are designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resiliency of your personal data. These security measures include: (i) encryption of personal information in the case that we deem it appropriate; (ii) the implementation of technical security measures; (iii) taking steps to guarantee the backup of personal data and its availability in the event of a security incident; and (iv) periodic analysis, assessment and evaluation of the effectiveness of our security measures.
However, no method of information safeguarding is completely secure. While we have measures in place designed to protect your personal data, we cannot guarantee that our security methods will be effective or sufficient. In addition, you should be aware that data transmission over the Internet is not always safe and we cannot guarantee that any information you transmit to us will always be fully secure.
How can I exercise my rights?
The data owner has the right to obtain confirmation as to whether Nabiax is processing their personal data, which therefore grants them the right to access their personal data, correct inaccurate data or request it be deleted when the data is no longer necessary, as well as to oppose the processing of their data for any purpose set forth herein, such as for the sending of commercial information.
The owner has the right to access, rectification, deletion, opposition, limitation of processing and portability that may be exercised either by sending an email or by post to the following addresses:
Postal address: Nabiax, Julián Camarillo Street, 29, Building 1, 3rd floor, 28037 – Madrid, Spain
In any case, the data owner can contact the corresponding control authority to make any complaints that they deem appropriate. In the case that they reside in Spain, these can be directed to the Agencia Española de Protección de Datos (Spanish Data Protection Agency).
Can I contact the Data Protection Delegate?
Despite the fact that Nabiax is not an entity that is required to name a Data Protection Delegate by the European Data Protection Regulations, it has voluntarily decided to appoint one with the aim of improving the quality of its services and customer experience enjoyed by its clients. Therefore, any user can contact the Data Protection Delegate at email@example.com
Truthfulness of data provided and necessary updates
Nabiax presumes that the personal data provided through the different channels and forms is true, that it is supplied directly by the owner, that they are who they claim to be, that the data is up to date and that the affected/interested party will communicate any changes to their data at the first opportunity.
In the event that Nabiax processes personal data that belongs to a third party. For example, client’s staff who contact Nabiax for access to the Data Centre
Nabiax will be deemed in charge of the processing of personal data that belongs to a client, exclusively in the event that Nabiax undertakes the processing of this data on behalf of the client and in the case that it is necessary for Nabiax to process it, as per the instructions of the client and for the fulfilment of the contractual relationship that exists between them, provided that this data is stored on Nabiax servers, for example in the case of data belonging to users who have access to the Data Centres or to Nabiax client systems. Nabiax, as data processor, undertakes to:
- Use the personal data subject to processing, access or viewing, or those that need to be collected, only for the purpose of the order.
- Process the data in accordance with the client’s instructions.
- Keep an activity log.
- Uphold a duty of secrecy regarding all information, including personal data, to which it has had access by virtue of this assignment, even after the Contract ends.
- Guarantee that the persons authorised to process personal data undertake to respect confidentiality and comply with the corresponding security measures.
- Guarantee to provide the necessary personal data protection training for those authorised to process personal data.
- Communicate to the client any requests for rights of access, rectification, deletion, opposition, limitation of processing and portability of data that the owners of the data could exercise against Nabiax.
- Notify the client, without undue delay and using the email address(es) designated by the client, of the security breaches of which they are aware and that may affect the personal data that is the responsibility of the client.
- Nabiax will not communicate or allow access to personal data that is the responsibility of the client to third parties, except in cases permitted by law or when it needs to subcontract the provision of services with third parties to comply with the contractual relationship upheld with the client. In such cases, Nabiax will sign the corresponding processing contract with the subcontractor, which will set out the same conditions as this document.
- Once the provision of the services that motivate Nabiax to access, process or view the personal data belonging to the client has ended for any reason, or at the end of the contractual relationship, Nabiax will destroy or return the data to the client. Notwithstanding, Nabiax may retain a copy, with the data duly blocked, in case any responsibilities may arise from the execution of the services in question, for the sole purposes of legal defence, internal audit and in order to comply with the obligations that correspond to them by law.
- Maintain the necessary technical, operational and organizational security measures to guarantee the permanent confidentiality, integrity, availability and resiliency of data processing systems and services. Nabiax shall maintain sufficient security measures to comply with the provisions of art. 32 of Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free circulation of this data (“Regulation”) and in the applicable legislation depending on the country in which Nabiax is located.
- Comply with all the obligations established in the Regulations and with the applicable legislation of each country in which Nabiax is present.
Duty of secrecy and confidentiality in data processing
Those who are responsible for the processing of data concerning individuals and who thereby access data files either directly or indirectly, will uphold secrecy at all times with respect to the personal data that they are exposed to in the execution of these activities. The Duty of Secrecy represents an obligation that must be complied with by Nabiax, the members of the governing and management bodies, the staff contracted by the company under Labour Law and the professionals who provide services contracted under the Mercantile Law regime. The providers of goods and services and their employees, Data processing Managers and their employees and those who are subcontracted by the Data processing manager and their employees are also obliged to uphold this duty. This Duty of Secrecy withstands the termination of the labour or commercial relationship established with Nabiax, with the Data processing manager, as well as after the expiration of labour, commercial, etc., contracts that link the employees and/or professionals with the Data processing Manager and the suppliers that provide goods or services to Nabiax.
Nabiax has implemented the necessary security measures across its work centres, premises, systems, communications infrastructure, etc., in order to comply with Personal Data Protection regulations. It has also adopted the logical, physical, organisational, contractual, etc., measures that prevent unauthorised access by third parties to the data or to the destruction, modification, reproduction, disclosure, transmission or reuse of the same.