Privacy policy

AZTI provides the necessary technical resources for users to access this privacy policy and comply with the information obligations established in the applicable regulations.

FUNDACIÓN AZTI – AZTI FUNDAZIOA (hereinafter, “AZTI”) informs users of the website (hereinafter, the “WEBSITE”) about its privacy policy applicable to personal data that may be collected through the WEBSITE or other duly identified data collection systems.

The use of the WEBSITE does not imply that the user must provide personal information. However, if personal data is provided, it will be treated in accordance with the principles and rights established in the current data protection regulations.

AZTI may modify this privacy policy to adapt it to new regulatory, jurisprudential, or administrative provisions, as well as to the practices it may develop through the WEBSITE, always guaranteeing the protection of users’ rights.

1. Who is responsible for processing your personal data?

  1. Website owner: AZTI – Fundación Azti – Azti Fundazioa
  2. NIF: G-48.939.508
  3. Registered office: Txatxarramendi Irla, no number. 48395 Sukarrieta (Vizcaya)
  4. Contact phone: +34 94 657 40 00
  5. Email: rgpd@azti.es
  6. Registration data: Registered in the Basque Country Foundations Registry with number F-38

2. Principles related to processing

In the processing of personal data carried out, the principles required by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, GDPR), are respected:

  1. Principle of lawfulness, fairness, and transparency: the data we collect is processed lawfully, fairly, and transparently, with the prior consent of the data subjects when necessary or, where applicable, for the execution of a contract to which the data subject is a party or for the application at the request of the data subject of pre-contractual measures, or if the processing is necessary for compliance with a legal obligation applicable to the controller or for the satisfaction of legitimate interests pursued by the controller or by a third party, provided that such interests do not override the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, particularly when the data subject is a child.
  2. Principle of purpose limitation: the personal data we process is used for the purposes indicated in the section “For what purpose do we use your personal data?”.
  3. Principle of data minimization: in accordance with this principle, the only personal data we collect from users is strictly necessary to manage the contractual relationship or to respond to the queries and/or information requests they make.
  4. Principle of accuracy: the personal data we collect will be kept accurate and, if necessary, updated. To this end, if there is any change in personal data, the user must inform us so that we can make the appropriate update.
  5. Principle of storage limitation: the personal data we process will be kept for the periods indicated in the section “How long will we keep your personal data?”.
  6. Principle of integrity and confidentiality: to respect this principle, personal data will be processed in a way that ensures adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by applying appropriate technical and organizational measures.

3. For what purpose do we use your personal data (whether or not you are a website user)?

  1. Customer data: for the proper maintenance, development, fulfillment, and control of the contractual relationship and the provision of the services they demand. We will also use your identification and contact data to conduct satisfaction surveys and to send, by electronic or other means, technical, operational, and/or commercial information about news and commercial information about offers, activities, products, and services of our company.
  2. Supplier data: for the proper maintenance, development, fulfillment, and control of the contractual relationship with our suppliers and the services they provide us.
  3. Employee data: for the maintenance, development, fulfillment, and control of the contractual relationship with our employees, as well as compliance with the current labor, social security, and occupational risk prevention regulations that apply.
  4. Candidate data: to manage the participation of interested parties in the personnel selection processes carried out by the company.
  5. Data collected through the contact form: to manage and respond to queries or information requests made by interested parties.
  6. No automated decision-making or profiling is carried out based on the personal data provided.

4. What is the legal basis for processing your personal data?

  1. Candidate data: the legal basis for processing your personal data is that it is necessary for the execution of the contract to which they are a party. Regarding the conduct of satisfaction surveys and the sending of commercial information, the legal basis for processing your personal data is the satisfaction of legitimate interests pursued by AZTI, as provided for in Article 6.1.f) of the GDPR, based on the provisions of Report 195/2017 of the AEPD. This is without prejudice to your right to object to the sending of such commercial information.
  2. Supplier data: the legal basis for processing your personal data is that it is necessary for the execution of the contract to which they are a party.
  3. Employee data: the legal basis for processing your personal data is that it is necessary for the execution of the contract to which they are a party.
  4. Candidate data: the legal basis for processing your personal data is the consent you give by voluntarily providing your CV to participate in the recruitment processes carried out by AZTI, in accordance with Article 6.1(a) of the GDPR.
  5. Data collected through the contact form: the legal basis for processing the personal data provided by interested parties when completing the form is the consent given by contacting us through it and, therefore, the necessity of such processing to attend to and respond to the query or information request made.
  6. Regarding satisfaction surveys and the sending of commercial information, the legal basis for processing your personal data is the legitimate interest pursued by AZTI under Article 6.1(f) of the GDPR, based on Report 195/2017 of the Spanish Data Protection Agency (AEPD). This is without prejudice to your right to object to receiving such commercial communications.
  7. With regard to browsing data or cookies, the legal basis for processing will be the user’s consent, granted in accordance with Article 6.1(a) of the GDPR, as detailed in the Cookies Policy.

5. How have we obtained your data?

The data we process at AZTI has been obtained directly from you, through:

  1. The various forms you complete during your navigation on our websites and/or through other channels (e.g., registration as a user of the WEBSITE – where applicable –, contact forms, event registration, etc.);
  2. By sending a query email; or
  3. Through other duly identified data collection systems, such as the registration of visits to our facilities.

If the personal data provided belongs to a third party, you assure that you have informed that person about our PRIVACY POLICY and have obtained their consent to provide their data to AZTI for the purposes established below.

We also inform you about the possible processing of your data from social networks through the corporate profiles that AZTI maintains on the various platforms where we are present, all in accordance with the terms and conditions established in each social network.

When indicated (fields marked with an “*”), the provision of the requested personal data will be mandatory, and the refusal to provide it or the provision of incorrect data could prevent us from attending to your request and/or providing the required services.

6. What type of data do we process?

At AZTI, we process the data you have provided during your navigation on www.azti.es, through the corresponding forms we use to formalize our communication with you and/or by email, as well as those we may obtain through AZTI’s corporate profiles on the social networks where we are present.

Specifically, at AZTI, we manage the following categories of data:

  1. Identification and contact data (e.g., name, surname, ID, postal and email address, phone, etc.).
  2. Professional and employment data (e.g., company and position).
  3. Images taken at activities and events organized by AZTI in which you participate.
  4. Codes and credentials of identification as a registered user of the WEBSITE.
  5. Internet browsing data (e.g., IP address, visited web pages, Wi-Fi connections, etc.).
  6. Data related to personal characteristics, education, and employment, in the case of applications and selection processes of AZTI in which you voluntarily decide to participate.

7. To whom will your personal data be communicated?

The personal data of customers, suppliers, and employees will be communicated, where appropriate, to the tax administration for compliance with legal and tax obligations, as well as to the financial entities through which AZTI manages collections and payments.

In the rest of the processing, data will not be communicated to third parties unless necessary for compliance with legal obligations.

Additionally, for some other matters, we use third-party services that act as data processors, with whom we have signed the corresponding data processing contract in accordance with the provisions of Article 28.3 of the GDPR.

8. International data transfers

For certain information management purposes, AZTI uses third-party services located outside the European Economic Area. In these cases, international data transfers are carried out based on Standard Contractual Clauses (SCCs) or under the new EU–U.S. Data Privacy Framework, recognized by the European Commission’s Implementing Decision (EU) 2023/1795 of 10 July 2023, thereby ensuring an adequate level of protection in accordance with Articles 44 and following of the GDPR.

In this regard, both Google and The Rocket Science Group LLC (Mailchimp) are certified under the EU–U.S. Data Privacy Framework, which guarantees that they provide a level of protection equivalent to that required within the European Union.

For certain information management matters, services from Google, acting as a data processor, are used.

Google Privacy Policy: https://policies.google.com/privacy?hl=en

Likewise, to manage more efficiently, dynamically, and effectively and to maintain better control of the informational communications we send by email, we use Mailchimp, a platform developed by The Rocket Science Group LLC, an entity certified under the EU–U.S. Data Privacy Framework.

Privacy policy of The Rocket Science Group LLC: https://mailchimp.com/legal/privacy/

In this regard, we inform you that the use of this platform involves the installation by the service provider of tracking devices in such emails to monitor email openings and the clicking of links contained therein, and to compile campaign tracking reports based on the information collected.

9. How long will we keep your personal data?

Customer, supplier, and employee data: personal data will be kept for the duration of the corresponding contractual relationship and, once it has ended, for the necessary periods to comply with legal obligations.

Regarding the sending of commercial information to customers, your identification and contact personal data will be kept until you express your opposition or revoke your consent for this purpose.

Candidate data: personal data of candidates will be kept for a maximum period of two years.

Data collected through the contact form: personal data provided by users when filling out the form will be kept only during the management of the queries or information requests they make, so that once their processing is completed, they will be deleted.

Data of users of our social media profiles: the retention periods of the personal data of our followers on social media depend on the policies of each social network, although we will only process them until they stop following us.

10. What are your rights when you provide us with your personal data?

  1. Right to request access to your personal data: in order to know and verify the lawfulness of the processing, you may request confirmation at any time whether AZTI is processing your personal data and, if so, we will inform you, among other things, about what data we are processing, its purpose, the origin of the data, the expected retention period of the data, and, if applicable, recipients or categories of recipients.
  2. Right to request rectification: you may request the rectification of inaccurate personal data or the completion of incomplete data, including through an additional statement. In such a case, you must indicate in your request which data you are referring to and the correction to be made, and, if applicable, provide supporting documentation of the inaccuracy or incompleteness of the data being processed.
  3. Right to request erasure (“right to be forgotten”): you may request that your personal data be deleted and no longer processed if they are no longer necessary for the purposes for which they were collected or otherwise processed, you withdraw your consent, they have been unlawfully processed, or they must be deleted to comply with a legal obligation.
  4. Right to request the restriction of processing of your personal data: in this case, AZTI will only keep your personal data for the formulation, exercise, or defense of claims, or to protect the rights of another natural or legal person or for reasons of important public interest.
  5. Right to data portability: you may request that we provide your personal data to you or another controller you indicate, in a structured, commonly used, and machine-readable format.
  6. Right to object to processing: AZTI will stop processing your personal data in the manner you indicate, unless we must continue processing them for compelling legitimate reasons or for the formulation, exercise, or defense of possible claims.
  7. How to exercise your data protection rights: to exercise your rights, you must send us a written request addressed to AZTI at Txatxarramendi Irla, no number. Sukarrieta (Vizcaya) or by sending an email to rgpd@azti.es, always accompanied by a photocopy of your ID.

The exercise of these rights is free of charge, and AZTI will respond to all requests within a maximum period of one month, in accordance with Article 12.3 of the GDPR.

How to file a complaint with the Spanish Data Protection Agency: if you believe that we have not properly processed your personal data or that we have not adequately addressed your data protection rights, you may file a complaint with the Spanish Data Protection Agency, either through its electronic headquarters or at its address, Calle Jorge Juan, nº 6, C.P. 28001 Madrid.

More information about data protection rights and complaints to the supervisory authority at www.aepd.es.

11. Security

In accordance with the provisions of Article 32 of the GDPR, AZTI has adopted the appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

To assess the adequacy of the security level, the risks presented by data processing have been particularly taken into account, especially as a result of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

12. Use of the website by minors

We ask users to read the policies on the use of the website by minors that we have published in the “Legal Notice” of our WEBSITE.

In compliance with Article 7 of the Spanish LOPDGDD, minors under 14 years of age may not provide their personal data without the prior consent of their parents or legal guardians.

13. Cookies

Cookies are small text files stored on the hard drive or in the memory of the computer that accesses or visits the pages of certain websites, so that user preferences can be known when reconnecting. Cookies stored on the user’s hard drive cannot read the data contained on it, access personal information, or read cookies created by other providers.

See information about the cookies used on this WEBSITE in the “Cookies Policy” section.

The installation of cookies is carried out only after obtaining the user’s informed consent, in accordance with the Spanish Data Protection Agency (AEPD) Cookies Guide (2023 update), providing clear options such as “Accept all,” “Reject all,” or “Configure.”.

Last updated: 28/10/2025

Cookies