Information policy on personal data: security incidents

Data controller 

Who is responsible for processing your data?

Address: Paseo Miramón, 181 20014 Donostia-San Sebastián
Telephone: 943 30 90 30
Email for requests regarding personal data:


Why do we process your data?

Managing processes relating to personal data security breaches, determining the nature of the potential impact on individuals, severity of the consequences, communications and actions taken

Legitimate Interest

What is the legitimate interest for processing your data?

Compliance with  legal obligation, based on Article 6.1.c) of the European Data Protection Regulation


Under what circumstances do we disclose your data?

Personal data will not be transferred except in the case of compliance with legally established obligations within the scope of this processing or to support the service.

International transfers

Under what circumstances are they made?

Handling of your data does not entail any international transfer of such data.


How long do we keep your data?

Personal data relating to the management of security breaches shall be retained until the process is archived, including, where appropriate, the procedure before the Data Protection Agency and/or complaint procedure. Once this process has been completed, the data will be locked with restricted access  during the limitation periods relating to the demand for liabilities arising from the management in general and that relating to personal data, in particular.


What are your rights when you provide us with your data?

 Data subjects have the right to obtain confirmation as to whether FABRIKA is processing personal data concerning them.

Specifically, they have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. 

In certain circumstances, data subjects may request that we restrict the processing of their data, in which case we will only keep it for the purpose of exercising or defending claims.
The data subject may exercise their rights by sending their request to the postal or e-mail address indicated in the section on identification of the data controller, for which an application form is available in our privacy portal.

You may lodge a complaint with the Spanish Data Protection Agency, especially when you are not satisfied with the exercise of your rights, at the postal and/or email address indicated on its website.


The data will be processed confidentially and subject to appropriate technical and organisational security measures to prevent their alteration, loss, unauthorised processing or access.