This privacy policy establishes the basis that the AENOR Group will rely on to process any personal information we may obtain, respecting at all times the principles of legality, loyalty and transparency, as well as the other obligations and guarantees established in the current regulations on personal data protection.
This Policy applies to all the companies of the AENOR Group (hereinafter AENOR), you can click HERE to learn the identity and contact details of the Group's different companies.
If you wish to receive detailed information on the processing of your data by any of the AENOR entities, you can send an email to datos@aenor.com.
AENOR processes personal data to manage contractual relationships, perform organisational services and activities and to offer interested parties and customers information on activities, products and services related to AENOR.
Depending on your relationship with us, we process the information you provide to us for the following purposes:
USERS WEBSITE Manage the information you request through the different contact forms on our website. Answer any questions you ask through the different contact forms on our website. FPresent offers for our services and/or products, if authorized.POTENTIAL CUSTOMERS Manage the potential commercial and/or professional relationship. Manage the sending of the information requested. Answer any questions you may have.Present offers for our services and/or products, if authorized.CUSTOMERS Provide the service (conformity assessment / inspection / consultancy / IT / training / laboratory / licence (e.g. Certool) / platform subscription, for example, AENORmás) or deliver the purchased product (sale of standards/books). Maintain and manage the contractual relationship with you. Present offers for our services and/or products, unless you object.Administer satisfaction surveys.SUPPLIERS Manage the commercial and/or professional relationship.Assess compliance with applicable regulations.CANDIDATES Manage the personnel selection process.Candidates who pass the initial stages of the selection process may be called upon to take a competence assessment, after which a competence profile will be created and stored for current or future selection processes compatible with the candidate.PERSONNEL TO QUALIFY RCarry out the qualification process in the corresponding conformity assessment scheme.TESTERS Take part in sensory studies (tests) in order to try different products already on the market or to be launched in the near future, including food, cosmetics and chemical and pharmaceutical products. You can access the Laboratory Privacy Policy: HERE.ATTENDEES AT SEMINAR AND EVENTSManage the registration for the seminar/event, as well as their attendance, to send commercial offers from the AENOR Group (if authorized). Capture images for informative and outreach purposes.USER OF THE WHISTLEBLOWER CHANNELManage complaints made through the internal reporting system or any alternative channel, in order to conduct the relevant investigations.Our digital whistleblowing channel is available HERE. This website contains additional information on the channel and the processing of personal data.
USERS WEBSITE
POTENTIAL CUSTOMERS
CUSTOMERS
SUPPLIERS
CANDIDATES
PERSONNEL TO QUALIFY
TESTERS
ATTENDEES AT SEMINAR AND EVENTS
USER OF THE WHISTLEBLOWER CHANNEL
The legal basis for processing your personal data, depending on the category of data subject, may be:
USERS WEBSITE The consent of the data subject. European legal reference: Art. 6.1.a GDPR.POTENTIAL CUSTOMERS Consent of the data subject. European legal reference: Art. 6.1.a GDPR. Application, at the request of the data subject, of pre-contractual measures (budgets, order sheets, service offers, etc.). European legal reference: Art. 6.1.b GDPR.Legitimate interest (send requested information, respond to questions posed, send commercial offers, etc.). European legal reference: Art. 6.1.f GDPR.CUSTOMERS Performance of a contract to which the data subject is a party. European legal reference: Art. 6.1.b GDPR.SUPPLIERS Performance of a contract to which the data subject is a party. European legal reference: Art. 6.1.b GDPR.Compliance with legal obligations. European legal reference: Art. 6.1.c GDPR.CANDIDATES Consent of the data subject. European legal reference: Art. 6.1.a GDPR.PERSONNEL TO QUALIFY Performance of a contract to which the data subject is a party. European legal reference: Art. 6.1.b GDPR.TESTERS Consent of the data subject (participate in product studies). European legal reference: Art. 6.1.a GDPR. Performance of a contract to which the data subject is a party (as applicable). European legal reference: Art. 6.1.b GDPR. If minors are involved: consent given by the holder of parental authority or guardianship when completing the corresponding questionnaire (the minor will never be identified). Spanish legal reference: Art. 7.1.2 LOPDGDD.ATTENDEES AT SEMINAR AND EVENTSConsent of the data subject when registering for the corresponding seminar/event. When panoramic views are captured, attendees will be informed of this, but no express consent will be required. European legal reference: Art. 6.1.a GDPR.USER OF THE WHISTLEBLOWER CHANNELCompliance with legal obligations. European legal reference: Art. 6.1.c. Spanish legal reference Act 2/2023 on the protection of whistleblowers.Consent of the data subject (if they identified themselves voluntarily). European legal reference: Art. 6.1.a.
In due observance of the Act on the Services of the Information Society, AENOR may send you commercial communications, including via electronic means, in order to keep you informed about the products and services of the AENOR Group. At all times and in each of the communications received, you can clearly, freely and easily object to receiving them. Specifically, AENOR may send you information of interest relating to: Books, publications, standards, subscriptions and informative seminars on these matters.Training actions and related seminars.Compliance assessment and audit services, as well as workshops to inform of, present or disseminate new products.Certification of persons and related seminars.Software licences and briefing sessions on related innovations.Monthly delivery of the digital magazine.Communication to any of the entities of the AENOR Group, in accordance with the provisions of section 6 "To whom do we disclose your data?"
In due observance of the Act on the Services of the Information Society, AENOR may send you commercial communications, including via electronic means, in order to keep you informed about the products and services of the AENOR Group. At all times and in each of the communications received, you can clearly, freely and easily object to receiving them.
Specifically, AENOR may send you information of interest relating to:
USERS WEBSITEName, surname, email, phone number, IP address, entity to which they belong, post or position held, if applicable.POTENTIAL CUSTOMERSName, surname, email, phone number, entity to which they belong, post or position held.CUSTOMERSName, surname, email, phone number, DNI or similar document, financial details. If they belong to a company, entity to which they belong, post or position held.In the case of a conformity assessment provided to entities (legal persons), the data processed will be of the personnel interviewed of the audited entity, as well as of that which may appear in the documentation shown as part of the audit.SUPPLIERSName, surname, email, phone number, signature, professional address, financial details.CANDIDATESName, surname, email, phone, academic training, professional experience. If a candidate advances in the selection process, the competency profile resulting from the assessment test performed will be processed.PERSONNEL TO QUALIFYName, surname, email, phone number, training, professional experience, entity to which they belong, post or position held (if applicable), information resulting from the qualification process.TESTERSAt the time of registration Name, surname, date of birth, gender, email, phone number, city/town, province, IP address.At the time of registration DNI, existence of minors.At the time of registration In addition to the above: Postal address, preferences/tastes/behaviours in relation to the products being studied, as well as any information that the tester may include that is considered personal.Involvement of minors The data of minors is provided by the holders of parental authority or guardianship, after AENOR sends them the corresponding questionnaire: age, sex, frequency of consumption of the corresponding product.ATTENDEES AT SEMINAR AND EVENTSName, surname, email, phone number, entity to which they belong, post or position held, city/town.When attending activities and events organized by AENOR, the data subject may be photographed or recorded on video. Said photographs and videos are used by AENOR to report on these events, and have no commercial purposes whatsoever.USER OF THE WHISTLEBLOWER CHANNELComplaints are upheld on the basis of anonymity, so the reporter/whistleblower will voluntarily decide to identify themselves. If they identify themselves, the data they provide us, such as name, surname, phone number and/or email address, may be processed.In the case of persons reported, their data will be processed confidentially.
Name, surname, email, phone number, IP address, entity to which they belong, post or position held, if applicable.
Name, surname, email, phone number, entity to which they belong, post or position held.
Name, surname, email, phone number, DNI or similar document, financial details. If they belong to a company, entity to which they belong, post or position held.
In the case of a conformity assessment provided to entities (legal persons), the data processed will be of the personnel interviewed of the audited entity, as well as of that which may appear in the documentation shown as part of the audit.
Name, surname, email, phone number, signature, professional address, financial details.
Name, surname, email, phone, academic training, professional experience. If a candidate advances in the selection process, the competency profile resulting from the assessment test performed will be processed.
Name, surname, email, phone number, training, professional experience, entity to which they belong, post or position held (if applicable), information resulting from the qualification process.
At the time of registration
Name, surname, email, phone number, entity to which they belong, post or position held, city/town.
When attending activities and events organized by AENOR, the data subject may be photographed or recorded on video. Said photographs and videos are used by AENOR to report on these events, and have no commercial purposes whatsoever.
The requested data are appropriate, relevant and strictly necessary, and the other Party is not obliged to provide it under any circumstances, but failure to provide it may affect the purpose of the service or make it impossible to render it.
a) Needed to provide the service
AENOR may occasionally use trusted service providers, who may have access to personal data to provide the services engaged. In those cases, it will have entered into the relevant data processing contract, pursuant to Article 28 of the GDPR.
Personal data may also to communicated to banks as necessary in order to provide, invoice and collect payment for services.b) Communication of data between AENOR Group companies and the SPANISH ASSOCIATION FOR STANDARDIZATION (UNE):Communications between group companies for technical and/or administrative purposes, such as access to technological tools/systems used to provide the service, which will be based on AENOR's legitimate interest, as well as for sending commercial communications.c) Compliance with a legal obligationAENOR may also communicate your personal information to third parties that have been duly authorised by law in order to comply with legislation or at the request of an administrative or judicial authority.
AENOR, as a general rule, avoids international data transfers (outside the European Union or the European Economic Area); however, in cases where it is necessary to make an international data transfer, this will be communicated to the data subject, after AENOR makes the corresponding verification of adequate guarantees, in accordance with the applicable legal requirements, to ensure that the data is properly protected (e.g. existence of an adequacy decision, use of standard contractual clauses, etc.).
Data subjects are entitled to the following data protection rights:
ACCESSEnables the data owner to obtain confirmation of whether or not AENOR is processing personal data that concerns them and, if it is, to obtain a copy of the personal data being processed.RECTIFICATIONLets data owners correct errors andand amend data if it is inaccurate or incomplete.DELETIONThis means that data can be deleted and no longer processed by AENOR, unless there is a legal obligation to retain it and/or other legitimate reasons for AENOR to process it. For example, if personal data is no longer needed for the purposes for which it was collected, the customer may request that we delete this data without undue delay..LIMITATIONUnder the conditions established by law, this allows data processing to be halted in such a way that it cannot be processed in the future by AENOR, which will only keep it for the exercise or defence of claims.OBJECTIONIn certain circumstances data subjects may object, on grounds related to their particular situation, to processing of their personal data. Thereafter, AENOR will no longer process data, unless required to do so for overriding legal reasons or to file or defend potential claims. Similarly, the interested party is entitled not to be subject to decisions based solely on automated processing, including profiling, which has legal effects on the subject or similar significant effects thereon.PORTABILITY This enables the data subject to receive their personal data in a structured, commonly-used, machine-readable format and to send it directly to another data controller.
ACCESS
RECTIFICATION
DELETION
LIMITATION
OBJECTION
PORTABILITY
You have the option and right to withdraw consent for any specific purpose granted at the time, without affecting the legality of the processing based on the consent prior to its withdrawal.
If any data subject believes that their data is not processed correctly by AENOR, they may email their claims to datos@aenor.com or the relevant data protection authority.
The supervisory authorities of the European countries where AENOR operates are:
Spain ➜ Agencia Española de Protección de Datos [Spanish Data Protection Authority]
Italy ➜ Garante per la protezione dei dati personali
Portugal ➜ Comissão Nacional de Potecção de Dados
AENOR informs you that your data will be processed with the utmost zeal and confidentiality by all the staff involved in any phase of the processing. We will not transfer or disclose your data to any third party, except as authorized by law, or unless the Data Subject has expressly authorized us to do so.