Privacy Policy

Data Controller

The personal data that may be collected directly will be processed confidentially and incorporated into the corresponding processing activity owned by VINCES. An updated list of the processing activities of VINCES is available in the record of processing activities.


The purpose of the data processing corresponds to each processing activity that VINCES undertakes, which are subsequently accessible in the record of processing activities.


The processing of your data is carried out based on the express consent given by clear affirmative action, because it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, for compliance with some legal obligation applicable to VINCES, or to satisfy the legitimate interests of VINCES or our clients, in full consideration of the fundamental rights and freedoms of the data subject requiring the protection of the corresponding personal data. You can view the legal basis for each processing activity that VINCES undertakes in the record of processing activities.

Data storage

The personal data provided will be kept for the time necessary to fulfil the purpose for which they are collected and to determine the possible responsibilities and liabilities that may arise from the purpose, and the periods established in the pertinent legislation and regulations concerning archiving, file storage and documentation.


In general, personal data will not be disclosed or communicated to third parties unless to comply with some legal obligation or in case of VINCES service providers who need the referred personal data to fulfil some legitimate obligation of their own.

You can view the recipients for each processing activity that VINCES undertakes in the record of processing activities.

Rights of data subjects

Anyone has the right to obtain confirmation about the processing of their data carried out by VINCES. You can exercise your rights to access, rectification, erasure and data portability, limitation/restriction and objection to processing, and not to be subject to a decision based solely on automated processing, where pertinent, by contacting:

Record of processing activities


Potential Clients


Civil servants

Video surveillance



Common security measures for the record of processing activities: The organisational and technical measures that the Spanish Data Protection Agency (SPDA) indicate for processing low-risk personal data, in which regard this personal data processing excludes data related to ethnic or racial origin; religious, philosophical or political ideology; union affiliation; genetic and biometric data; health data; and sexual orientation data of natural persona and any further data processing involving an elevated risk for the rights and freedoms of people.

For further information on these organisational and technical measures, please contact us at the following address: