Privacy Policy
-
Privacy Policy
- Data Controller
The data controller Vector Renewables España, S.L.U. with registered office at Calle Serrano 27, 3º derecha 28001 Madrid with NIF B84544428, registered in the Commercial Register of Madrid in Volume 22558, Folio 129, Section 8, Sheet M-403249, Registration 1ª, ("Data Controller", "we", "our"), in accordance with Article 13 of the General Data Protection Regulation (EU) 2016/679 ("Regulation"), informs you that your personal data will be processed for the purposes and in the manner described below. This privacy policy ("Policy") refers to the processing carried out by the Data Controller on the personal data of users who, like you, browse, interact, register, or request the services offered by the website www.vectorenewables.com ("Site"). We recommend that you read the Information Notice and additional information on the processing of personal data on the Site carefully before interacting with our services.
- Purpose and Legal Basis for Processing
In compliance with the Regulation, the processing operations described below will be governed by the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality. 2.1 Main Objectives The data controller processes your personal data for the following main purposes: (a) to execute a contract to which you are a party or to carry out pre-contractual activities at your request (for example, providing the requested service/product, providing the corresponding pre/post-sales customer service, including by email/phone, examining your CV if you send it through the "Work with us" section, and performing all related operational, administrative, and management activities); (b) to comply with legal obligations, regulations, or national/EU legislation, including, for example, obligations arising from judicial orders and other competent authorities; (c) to pursue our legitimate interests in protecting our rights, asserting or defending such rights in competent forums (e.g., judicial, arbitration, administrative), protecting our assets, preventing fraud, managing any extraordinary corporate transactions, and improving the services offered on the Site. The provision of personal data for purposes (a), (b), and (c) is mandatory to enter into the contract with us, to allow us to provide the requested service/product, or to respond to your requests, as well as to examine your CV if you send it through the "Work with us" section or to comply with legal obligations related to the contract. If you do not provide your personal data, the Data Controller will not be able to establish the contractual relationship with you, execute it and/or the aforementioned obligations, or carry out the activities described above.
2.2 Additional Purposes
Subject to your free and optional consent, the data controller also processes your personal data for the following additional purposes: (d) to send you commercial communications regarding the products, services, events, and promotions of the Data Controller, including market studies, statistical processing, and qualitative surveys, through automated telephone calls and similar methods such as email, SMS, MMS, push notifications, as well as traditional methods such as paper mail and operator-assisted phone calls ("marketing purposes"); (e) to communicate your personal data to other companies of the Data Controller's group operating in the energy sector to send commercial communications regarding the products, services, events, and promotions of these third parties, including market studies, statistical processing, and surveys, through automated telephone calls and similar methods such as email, SMS, MMS, push notifications, as well as traditional methods such as paper mail and operator-assisted phone calls ("third-party marketing communication"). Providing personal data for commercial purposes and communication to third parties for commercial purposes is optional. If you do not provide your personal data, we will not be able to send you commercial and/or marketing communications or communicate your personal data to the mentioned companies or third parties. In any case, you can revoke your consent for marketing purposes and third-party marketing communication at any time and, with specific reference to marketing purposes, you can revoke your consent for all or some communication methods by the means indicated below or those indicated within each communication. If you are already one of our customers, or in any case have already benefited from the services of the Data Controller by providing us with your email in the context of the sale of a service or product, we will send you commercial communications by email regarding products and services of the Data Controller similar to those that are the subject of the service or product sale, based on our legitimate interest in carrying out such promotional activity. It is understood that, even in this case, you may object at any time to the sending of commercial communications by the means indicated below or those indicated within each communication.
- Category of Processed Personal Data
The data controller processes the following personal data by electronic means, including automated processes, and manually according to procedures and logics functional to the aforementioned purposes:
- data voluntarily provided by you such as your name, surname, email, phone number, job-related data (this is when you provide us with your personal data to, for example, register on the Site, request a service or product, subscribe to the newsletter), as well as the data contained in your CV if you send it through the "Work with us" section;
- browsing data acquired by the computer systems responsible for the operation of the Site, whose transmission is implicit in the use of Internet communication protocols (this is information that is not collected to be associated with identified data subjects, but which by its nature could, through processing and associations with data held by third parties, allow users to be identified - this category of data includes IP addresses, browser type, operating system, domain name, and addresses of websites accessed or exited from, information about the pages visited by users within the Site, access time, time spent on a single page, analysis of the internal path, and other parameters related to the user's operating system and IT environment. These data are collected and used in an aggregated and anonymous form solely to improve the quality of the services offered on the Site, optimize its functionality, and compile statistical information related to the use of the Site);
- data collected through cookies (since the Site uses cookies that collect personal data from users, you are invited to read the Cookie Policy which describes the cookies used by the Site and their purposes). The data controller does not process personal data belonging to special categories of personal data (e.g., health data). By browsing, interacting, registering, or requesting the services offered by the Site, you confirm that you are at least 16 years old. If you provide us with third-party personal data, you will process such personal data as an autonomous data controller and will take all necessary measures to ensure that such communication and our subsequent use for the purposes specified from time to time comply with the applicable reference legislation (e.g., before providing us with third-party personal data, you will obtain their prior informed consent, if required by applicable legislation). In any case, you agree to indemnify the Data Controller against any litigation, claim, or request from any data subject that may arise as a result of the communication of their personal data to the Data Controller in violation of the applicable legislation.
- Data Retention
With respect to the purposes (a), (b), and (c) above, the Data Controller retains your personal data for the time strictly necessary to pursue the mentioned purposes (e.g., if you have an account, until your account is closed) in compliance with civil and fiscal retention obligations and within the limits provided by law. More specifically, data processed to fulfill any contractual obligation with you may be retained for the entire duration of the contract, as well as for the 6 years following the end of the fiscal year corresponding to the year to which they relate, in order to address any tax assessment and/or litigation. If we need to defend ourselves or take actions or even make a claim against you or any third party, we may retain the personal data that we reasonably deem necessary to process for such purposes for the time that such claim may be pursued. If you send your CV through the "Work with us" section, the data will be retained until the end of the selection process and, in the case of a spontaneous application, for a maximum of 12 months, unless an extension of the period is subject to your consent. With regard to the processing of your personal data for marketing purposes, your personal data will be retained for a period not exceeding 24 months from the date of collection, unless you withdraw your consent earlier and without prejudice to the extension of the period subject to your consent. With respect to browsing data, they will be retained at the premises of the data controller for the time defined by the relevant legislation, in compliance with the principle of proportionality, limited to the period necessary to achieve the purposes for which the data were collected. At the end of the prescribed retention period, personal data will be deleted or anonymized, unless it is necessary to continue processing them to pursue other legitimate purposes of the data controller (e.g., the resolution of pre-litigation or litigation initiated previously, the need to follow up on judicial or competent authority investigations initiated before the expiration of the retention period).
- Data Collection and Reporting
The personal data held by the Data Controller come directly from you. To pursue the aforementioned purposes, your personal data are accessible to the staff of the Data Controller, including consultants, duly authorized and trained to process personal data, and to third parties (e.g., technical service providers, management or organizational service providers to whom the Data Controller has subcontracted certain activities for efficiency reasons) who have signed a special agreement with the Data Controller and act as data processors. These parties are only provided with the personal data necessary to perform their functions and are committed to using the personal data received solely for the aforementioned processing purposes, to keep them confidential and secure, and to act in accordance with applicable legislation. To pursue the aforementioned purposes, it may be necessary for the data controller to communicate your personal data to the following categories of recipients:
- companies within the group of companies of the data controller, to comply with legal obligations or provide the requested service/product (for example, if you request information about services/products offered by other group companies, we will communicate your data to these companies so that they can respond to your questions and send you the requested information);
- third-party companies that provide accounting, administrative, legal, and tax services to the Data Controller or act as banking, financial, and insurance intermediaries, including subjects involved in various ways in the supply processes of the requested service/product, or in subsequent phases (e.g., customer service, courier and postal services, credit recovery companies);
- third-party companies that operate in the framework of assistance and consulting relationships or provide other services to the Data Controller, even in the case of extraordinary corporate transactions of merger, sale, or transfer of a business branch, in order to enable the execution of the operations, as well as third-party companies involved in such operations;
- third-party companies that carry out control, auditing, and certification activities on the activities carried out by the Data Controller;
- judicial authorities and other competent authorities or public bodies. You can request the updated list of data processors and recipients by contacting the data controller by the means described below. The Data Controller points out that some of the aforementioned subjects may be located abroad, including in countries outside the European Economic Area that do not guarantee an adequate level of personal data protection. In this case, the Data Controller allows access to personal data for the aforementioned purposes only after taking the precautions required by the Regulation for a legitimate transfer (e.g., prior signing of the European Commission's standard contractual clauses for the transfer of personal data abroad).
- Data Subject Rights
You can exercise the following rights at any time:
- the right to access personal data and the following information: the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data may be communicated, the retention period of personal data (where possible), and if the personal data are not collected from you, any available information about their origin, in accordance with Article 15 of the Regulation;
- the right to rectify inaccurate personal data in accordance with Article 16 of the Regulation;
- the right to obtain the deletion of personal data concerning you, if the conditions of Article 17 of the Regulation are met;
- the right to request the limitation of processing, where the conditions established in Article 18 of the Regulation are met;
- the right to receive or request the transfer of personal data concerning you held by the data controller in a structured, commonly used, and machine-readable format, for your subsequent personal use or to provide them to another data controller, where the conditions established in Article 20 of the Regulation are met;
- the right to object to the processing, if the conditions established in Article 21 of the Regulation are met;
- the right not to be subject to a decision based solely on automated processing of your personal data, where applicable, that produces legal effects on you or significantly affects you, if the conditions of Article 22 of the Regulation are met;
- the right to withdraw your consent, including for purposes related to the sending of commercial communications (with effect only for the future). The data controller reminds you that there may be limitations to the aforementioned rights when exercising them could cause real and concrete harm, for example, to the legitimate interests of the data controller. The exercise of rights is free of charge, but the Data Controller reserves the right to charge a fee in the case of manifestly unfounded or excessive claims. Finally, the Data Controller reminds you that you can always file a complaint with the Spanish Data Protection Agency in the manner established on the website: www.vectorenewables.com To exercise the aforementioned rights or for any request related to the processing of personal data by the Data Controller, you can contact the Data Controller without formalities at the following address:
This email address is being protected from spambots. You need JavaScript enabled to view it.
- Third-Party Sites
Since the Site may allow access to sites owned and managed by third parties, we point out that this Privacy Policy does not apply to such third-party sites and that the Data Controller is not responsible for the personal data processing activities carried out by such third parties acting as autonomous data controllers. In these cases, we suggest you read the privacy policies of such third-party sites carefully.
- Changes and Updates
The Owner reserves the right to modify or update the content of the Policy, in whole or in part (even as a result of changes in applicable legislation). Changes will be published on the Site and, if substantial, will be communicated to you by email. Therefore, the Data Controller invites you to visit this section regularly to stay informed about how the Data Controller processes your personal data. Previous versions of the Policy can be requested from the Data Controller through the methods indicated above.