Below, we inform you about the processing of your personal data through the privacy policy – hereinafter, the policy.

Estacionamientos y Servicios, S.A.U. – hereinafter, EYSA – with registered office at Calle Albacete, Nº 3, Edificio Mizar, 1ª planta, puerta A, B, 28027 Madrid, and NIF A-28385458, provides the privacy policy on its website located at the URL https://eysaservicios.com – hereinafter, the website – with the aim of offering you information on how we will process your personal data and how we will protect your privacy and information. This policy is an integral part of the Legal Notice.

WE KINDLY ASK YOU TO TAKE A FEW MINUTES TO READ OUR PRIVACY POLICY. IT WON’T TAKE LONG AND YOU WILL BE INFORMED ABOUT HOW WE HANDLE AND PROTECT YOUR PERSONAL DATA.

BRIEF INTRODUCTION

This policy applies to all users of the website – hereinafter, the user or the users – whether or not they are EYSA customers, and is available at the URL https://eysaservicios.com, as well as in interactions that the user makes with EYSA through the specified website.

EYSA reserves the right to modify this policy to adapt it to future legislative, doctrinal, or jurisprudential developments that may apply, or for technical, operational, commercial, corporate, business reasons, and in any case whenever it deems appropriate. We will inform you of changes or updates through the website or other means deemed appropriate. In any case, it is recommended that each time you access this platform, you read this policy in detail because continuing to use the functionalities provided by EYSA after being notified of the modifications will imply your acceptance of them, except in cases where your express consent is required.

WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

The responsible party for the processing of personal data is Estacionamientos y Servicios, S.A.U. Its address is located at Calle Albacete, Nº 3, 1ª planta, Edificio Mizar, Puerta A, B, 28027 Madrid, and NIF A-28385458.

WHO IS THE DATA PROTECTION OFFICER (DPO) OF EYSA?

To ensure proper management in the processing of your data, EYSA has appointed a Data Protection Officer – hereinafter, DPO – with whom you can contact regarding all matters related to the processing of your personal data, as well as to exercise your rights as provided in the applicable regulations.

You can contact our DPO through the following contact details: (i) Postal address: Calle Albacete, Nº 3, Edificio Mizar, 1ª planta, Puerta A, B, 28027 Madrid, Spain. (ii) Email address: privacidad@eysaservicios.com.

FOR WHAT PURPOSE AND ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

  1. Contact, management, and processing of user inquiries and requests. The contact form on the website is enabled.
    • Purpose: The personal data of users who contact EYSA through any of the contact channels provided on the website to receive inquiries or requests will be processed to maintain contact between the parties, manage the users of the website, provide customer or user service, and manage and process requests.
    • Data processed: (i) identifying data, such as your name and surname; (ii) contact data, such as your contact phone number, email address; and (iii) professional data, such as the company you work for.
    • Legal basis: the management and processing of the legal relationship between the user and EYSA, that is, in managing your own request, maintaining contact between the parties, and, if applicable, providing the service requested by the user.
  2. Management of cookies on the website.
    • Purpose: in the case of accepting our cookie policy, in particular, those for analysis, personalization, advertising, and social networks, the personal data of users may be processed by EYSA to (i) monitor and analyze your behavior on the website, such as counting visits and traffic sources to evaluate website performance and improve it; (ii) provide better functionality and personalization of the website, such as accessing a series of criteria on your terminal like language, browser type, etc.; (iii) manage advertising; and (iv) manage the social network services we have added to enable content sharing, as well as to create a profile of your interests by monitoring your browsing on other websites. You can obtain more information about the cookies we use in our cookie policy.
    • Data processed: browsing data, such as the IP address and domain from which access is obtained, date and time of the visit, etc.
    • Legal basis: express and explicit consent for the processing of your personal data for one or more specific purposes. Depending on the case, the satisfaction of the legitimate interest, own or third party, associated with the proper technical usability, management, maintenance, development, and evolution of the website, tools, network, and associated information systems (ex art. 6.1 f) of the GDPR) will also apply.
  3. Sending newsletters and information about events.
    • Purpose: we will process your data to offer you commercial information about our products and services, our quarterly newsletter, and information about invitations to events such as sector fairs, congresses, etc.
    • Data processed: (i) identifying data, such as name and surname; and (ii) contact data, such as phone or email.
    • Legal basis: Your consent or legitimate interest as long as the legal requirements for it are met. For example, within the legal limits established, EYSA may have a legitimate interest in arousing interest and promoting the contracting of its products, as well as improving its image.
  4. Sending invitations and managing your registration/participation in the event, organization, and logistics.
    • Purpose: Manage your data when you contact EYSA through the contact channels provided, either through the contact form, phone call, meeting/contact in person, sending emails by the user, or through any other means. Your data will also be processed to maintain contact between the parties and manage inquiries sent through the channels provided.
    • Data processed: (i) identifying data, such as name and surname; (ii) contact data, such as phone or email; and (iii) professional data, such as the company you belong to, the role/function you perform in the workplace.
    • Legal basis: (i) the legitimate interest of EYSA in creating and developing a network of contacts for the development and maintenance of public relations and/or networking with its stakeholders, as well as for the exchange of opinions on issues related to sectoral interests or related to the activity, in order to contribute to the development of the communities where its business is carried out. To manage your registration and/or participation in the event, (i) the consent you give when registering through the corporate channels previously enabled; and (ii) the management and processing of the legal relationship established between the user and EYSA with the invited user, or the person invited to participate as a speaker or panelist, i.e., in managing your own request, maintaining contact between the parties, the event’s celebration, to ensure it is conducted with the necessary guarantees and that all attendees can participate under the specified conditions.
  5. Capturing corporate images and videos.
    • Purpose: capturing images and videos for the creation of audiovisual material and its subsequent dissemination in online and offline corporate media, e.g., corporate website, social media profiles, etc.
    • Data processed: (i) photograph; (ii) video recordings.
    • Legal basis: (i) If they are general shots and ambient sound, the legal basis will be the legitimate interest of EYSA in publishing and promoting the image and brand “EYSA” with the objective of giving visibility and enhancing the public image of the EYSA group in accordance with its ideals and values, materialized through the organization of events; (ii) if they are images or recordings captured during the event, directly or indirectly by EYSA, where close-ups are captured that can directly recognize your image and/or voice, the processing of your data will be legitimized by your consent. Intentionally posing for a photograph implies your consent, i.e., looking directly and intentionally at the camera and/or technology intended for recording or capturing images. Besides consenting to the processing of images, you also consent to the free transfer of your image, for the use of the technical means known today and those that may be developed in the future, for the maximum period allowed by law and without geographic limitation. If you do not want to appear in any image and/or recording, we advise you to avoid posing, as well as the areas that may be designated as a specific photography area.
  6. Access control.
    • Purpose: manage your data to verify your identity and authorized access to our facilities and, in the case of access to EYSA corporate events, verify the identity and authorized access to the event. It involves exercising due diligence to preserve the safety of people and facilities.
    • Data processed: (i) identifying data, such as name, surname, and document number that proves your identity.
    • Legal basis: the legitimate interest of EYSA in verifying the identity of visitors or, in the case of events, attendees, who have previously registered.
  7. Video surveillance.
    • Purpose: (i) ensuring the safety of people, property, or facilities and, if applicable, investigating security incidents that may occur; and (ii) controlling access to the facilities.
    • Data processed: the image of people accessing or attempting to access the premises through the installed cameras will be processed.
    • Legal basis: to ensure the safety of people, property, or facilities, as well as controlling access to the facilities, the legal basis will be the legitimate interest pursued by the data controller.
  8. Fraud prevention.
    • Purpose: the personal data of users will be processed to comply with the established legal and corporate standards, as well as to cooperate with the competent authorities to prevent crimes or fraud.
    • Data processed: identifying and contact data, as well as data related to commercial transactions.
    • Legal basis: EYSA’s legitimate interest in ensuring reasonable use of the resources provided on the website and reducing the risk of being victims of fraud or scam operations. If you want more information about EYSA’s legitimate interest in relation to this purpose, you can request information at privacidad@eysaservicios.com.

When the legal basis for processing your personal data is your consent, we remind you that you have the right to revoke it at any time easily and free of charge by writing to privacidad@eysaservicios.com.

WHAT ARE THE SOURCES OF THE DATA PROCESSED?

The data that EYSA processes as a result of the interactions you make through our website originates from the following sources:

  1. Data provided by the user by filling in the spaces to manage communication with users provided by EYSA.
  2. Data provided and/or generated as a result of the development, processing, and management of the relationship established with EYSA.
  3. Data generated as a result of the user’s navigation and use of the website.

Additionally, EYSA will process those data directly obtained by you.

HOW LONG DO WE KEEP YOUR DATA?

The personal data provided will be kept for the period determined based on the following criteria: (i) legal obligation of conservation; and (ii) request for deletion by the interested party where applicable. You can request additional information about retention periods at privacidad@eysaservicios.com.

Generally, when personal data are no longer necessary for the purposes for which they were collected, they will be blocked, remaining available to the competent authorities for the possible clarification of legal responsibilities in accordance with applicable regulations, and cannot be used for other purposes. After the legal deadlines corresponding to the prescription periods of possible legal actions, your data will be deleted or, if applicable, securely anonymized by EYSA (anonymized/non-personal data).

WHAT ARE THE CONSEQUENCES OF NOT PROVIDING YOUR DATA AND WHAT SHOULD YOU GUARANTEE?

We avoid requesting more data than is strictly necessary for each purpose; consequently, we will request the minimum and essential data to carry out personal data processing.

It is necessary to inform you that failing to provide your personal data could result in the inability to: (i) navigate correctly through our website, for example, disabling technical cookies; (ii) process your specific request or application, for example, by insufficiently completing the forms that may be enabled on the website.

In any case, the information and personal data you provide must be: (i) sufficient, although adjusted, limited, and proportionate to the website’s forms; (ii) accurate, updated, and truthful, to verify your identity adequately and access the website’s services.

EYSA informs you that when personal data is collected through a form provided on our website, it will be necessary to register at least the data indicated in the form as mandatory marked with an (*). If such necessary data is not provided, EYSA will not be able to manage the requested service or inquiry.

In the case that you provide data of a third party, you guarantee that you have previously informed the third party of the entire content of this privacy policy and obtained their consent for the processing of their data by EYSA.

We inform you that you will be responsible for the data and personal information you provide to EYSA and, if applicable, for the services you request or contract.

To provide your personal data through any enabled means, such as through our website, you must be over eighteen (18) years of age. By providing data to EYSA, you declare and guarantee that you are over eighteen (18) years of age, taking responsibility for such a decision.

DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?

Generally, we do not make your data available to third parties. EYSA does not carry out any transfer or communication of data unless there is a reasonable need or prior obtaining your consent. In this regard, your personal data may be communicated to the following recipients:

  1. Purpose: your data will be communicated to other EYSA Group organizations when necessary for the proper organization of events – including their security – for internal administrative purposes or for the publication of audiovisual material captured during events on the websites of each organization. Your data may also be transferred to public administration bodies when necessary for the organization of events in which such bodies participate.
    • Legal basis: EYSA’s legitimate interest in the appropriate management and celebration of the event to ensure it is conducted with full guarantees and that all attendees can participate appropriately.
  2. Purpose: when required by certain service providers for accommodation, transportation, and/or travel agencies.
    • Legal basis: the application of pre-contractual measures at the request of the interested party and EYSA’s legitimate interest in the management and celebration of the event, allowing it to be conducted with full guarantees and that all attendees can participate appropriately.
  3. Purpose: to comply with a legal procedure or legal obligation, data may be transferred to public administrations in the cases provided by law, to state security forces, and to courts.
    • Legal basis: Compliance with a legal obligation.
  4. Purpose: access control. It is possible that we need to communicate your personal data to the access control point of the building where our facilities are located to verify your identity and authorized access.
    • Legal basis: legitimate interest.

Likewise, it is possible that EYSA’s third-party providers may access your personal information in the provision of services, such as the necessary technical infrastructure of the website. In any case, third-party providers are configured as data processors and operate following EYSA’s instructions in compliance with applicable regulations.

ARE INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA MADE?

We inform you that, generally, no international transfers of your personal data are planned, with EYSA adopting the necessary measures and guarantees in this area in accordance with applicable personal data protection regulations. Notwithstanding the above, in our cookie policy, you will find information about the use of Cookies by third parties who may make international transfers of personal data. You can consult the privacy information of third parties serving cookies on this website through our Cookie Policy.

WHAT RIGHTS DO YOU HAVE, WHAT DO THEY MEAN, AND HOW CAN YOU EXERCISE THEM?

You can exercise the rights of access, rectification, deletion, portability, limitation of processing, and opposition through the following means:

  • A written request addressed to Calle Albacete, Nº 3, Edif. Mízar, 1ª planta, puerta A, B, 28027 Madrid, Spain. It must contain the express reference to “data protection.”
  • To the email address privacidad@eysaservicios.com.

In both cases, the holder of the rights must prove their identity, and only in the case that they have not previously provided data that allows us to identify them or the circumstances require enhanced proof, such as access to certain personal data, or the means provided are insufficient, such as the email with which you registered, we may request additional information such as a copy of the front of your identity document.

EYSA will provide the requested information within a maximum period of one (1) month from the receipt of the request. This period may be extended by another two (2) months if necessary, considering the complexity and number of requests.

EYSA informs you that if you consider your personal data protection rights have been violated, you may file a complaint with the competent Data Protection Authority (in Spain, the Spanish Data Protection Agency www.aepd.es). In any case, we recommend that before filing any complaint with the AEPD, you contact EYSA’s Data Protection Officer (privacidad@eysaservicios.com) to analyze the specific situation and respond to your request or exercise of rights with an effective and friendly solution.

ARE SECURITY AND PROTECTION MEASURES APPLIED TO YOUR PERSONAL DATA?

Considering the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity for your rights and freedoms, EYSA applies appropriate technical and organizational measures to ensure the security and protection of your personal data, which EYSA will review and update when necessary or when circumstances require it.

VALIDITY AND MODIFICATION OF THE PRIVACY POLICY

This policy has been in effect since July 16, 2024.