Our Privacy Policy describes how we collect, use and protect your personal information. It contains detailed sections on the purposes for which we collect and process personal information, your legal rights and the security measures we have in place to ensure the information we process is protected.
Please read this Policy to learn more about these aspects.
ABERTIS INFRAESTRUCTURAS, S.A. (hereinafter “Abertis”) is responsible for processing any personal data provided through www.abertis.com (hereinafter the “Website”) or any other means provided for this purpose. Below are its identification and contact details:
Tax ID No.: A08209769
Registered office: Paseo de la Castellana 89, planta 9ª 28046 Madrid, Spain.
Data Protection Officer: lopd@abertis.com
However, FUNDACION PRIVADA ABERTIS (hereinafter the “Abertis Foundation”) will be the data controller if you contact or interact with it instead. Its identification and contact details are:
Tax ID No.: G62053293
Registered office: Castellet i la Gornal, 08729, Barcelona, Spain.
Data Protection Officer: lopd@abertis.com
By means of this Privacy Policy, you as a user (hereinafter, “User” or, where applicable, “Users”) are informed that any personal data you provide through the Website, as well as your browsing data and any other data you may provide through any other means provided for this purpose, will be processed by Abertis or by the Abertis Foundation, as appropriate, as independent data controllers, for the purposes set out in this Policy.
By reading this Privacy Policy, which has been drafted in clear and plain language, you may freely and voluntarily decide whether you wish to provide your data to Abertis or to the Abertis Foundation.
The data processed for the purposes listed below has been provided by the User through the various forms provided for this purpose or is obtained from the User’s use and browsing of the Website (through cookies, which are used to store and retrieve data).
The User’s personal data will be processed for the following specific purposes, on a legitimate basis and according to specific categories of User data that will be processed as set out below.
a) Responding to questions sent by the User through the provided contact channels:
To manage, process and provide support for requests, applications, incidents, claims or queries made by the User through the various communication channels made available to them.
The data is processed for this purpose based on consent given by the User, who can revoke it at any time. If the User revokes their consent, it will not be possible to manage or process their query or issue. Revoking consent will not affect any previous data processing.
Identification details: name, surname(s).
Contact details: email address, postal address, telephone number.
Other data: any data provided by the User in relation to the query, complaint or request.
The data will be kept for as long as is necessary to process and respond to the request and, afterwards, for the limitation period established for legal actions that could arise from the aforementioned request.
b) Managing institutional relations:
To manage Abertis’ or the Abertis Foundation’s relations with the different companies, institutions and individuals with which it maintains institutional relations.
The data is processed for this purpose based on the data controller’s legitimate interest, insofar as the data is processed exclusively for the purposes of professional contact with persons or legal entities with whom there is or may be an institutional relationship of any kind.
Identification details: name, surname(s).
Contact details: email address, postal address, telephone number.
Professional or company data: positions held in companies, public or private institutions, non-profit organisations, foundations, etc.
The data will be retained for as long as it is up to date and necessary to maintain the intended institutional relations. Notwithstanding the above, when the data is no longer suitable or necessary for the aforementioned purpose, it may continue to be kept for the limitation period established for legal actions that could arise from the aforementioned request.
c) Ethics Channel:
To handle complaints and queries received, as well as perform any investigative actions required to address possible breaches of law, comply with legal obligations, or exercise or defend legal rights.
The legitimate basis for any processing to clarify facts reported through the Ethics Channel, referring to any misconduct that might be construed as a serious or very serious criminal or administrative offence or a breach of European Union law, is the fulfilment of Abertis’ or, where appropriate, the Abertis Foundation’s legal obligations.
The processing of personal data required to clarify any behaviour contrary to proper corporate conduct, namely verifying compliance with established corporate guidelines, will be based on the entity’s legitimate interest.
Where special categories of personal data are required to properly clarify the reported facts, it will be processed on the basis of substantial public interest under the applicable law.
Identification details: name, surname(s).
Contact details: email, telephone, postal address.
Other data: any data provided by the User in relation to the complaint.
Personal data processed for the purpose of clarifying facts will be kept in the company’s complaints channel management systems only for the time necessary to decide whether to initiate an investigation into the complaint. In any event, the data must be deleted from the complaints channel three months after it has been entered, unless it must be retained to continue the investigation, in which case this information will be processed in a separate environment. Complaints retained longer than strictly necessary must be anonymised.
d) Managing data subjects’ participation in events organised by Abertis or the Abertis Foundation:
To manage data subjects’ participation in any events that may be organised by Abertis or the Abertis Foundation.
The data is processed for this purpose based on consent given by the data subject to participate in the events. Consent may be revoked at any time. If the data subject revokes their consent, it will not be possible to manage their participation in the specific event. Revoking consent will not affect any previous data processing.
Identification details: name, surname(s).
Contact details: email address, postal address, telephone number.
Professional or company data: data related to the event and referring to the company, position, field, etc., in which the professional activity is carried out.
The data will be kept for as long as is necessary to manage participation in the event and, once this period has expired, for the limitation period established for legal actions that could arise from participating in the events.
e) Handling requests to exercise rights:
To manage the exercise of rights and handle related data protection requests.
The legitimate basis for the processing of such data is the company’s legal obligation to manage data protection rights under the applicable regulations.
Identification details: name, surname(s).
Contact details: email, telephone, postal address.
Other: any data included by the User in the open fields of the means made available to them.
The data will be kept for however as long as is necessary to manage and process the rights exercised and, afterwards, will be blocked for the limitation period of any possible legal liability that may arise from handling such requests.
f) Producing internal reports, surveys, statistics and analyses to improve Abertis’ and the Abertis Foundation’s business processes and institutional relations:
To understand and analyse Users’ and other stakeholders’ perceptions of Abertis or the Abertis Foundation, as well as their business processes and institutional relations.
All processing for this purpose will be based on the data controller’s legitimate interest, as recognised under the data protection regulations.
This legitimate interest consists of being able to organise and optimise business, institutional and commercial activity in the most efficient way possible, with the aim of offering Users the best possible experience with the highest possible quality.
Identification details: name, surname(s).
Contact details: email, telephone, postal address.
Other: any data provided by Users in questionnaires, surveys, etc., provided.
The information will be used to draw up reports, statistical surveys and analyses for the time required to process and draw them up. Afterwards, the data will be anonymised.
g) Video surveillance
To Ensure the safety and security of people and property by preventing crime and deterring inappropriate behavior. Monitor public and private spaces, control access to sensitive areas and collect visual evidence in case of incidents for use in investigations or legal proceedings.
All processing derived from this purpose will have as a basis of legitimacy the public interest, recognized to the data controller by different national regulations such as Law 5/2014, of 4 April, 2014, on Private Security.
Identification details: image.
The data will be retained for a period of thirty (30) days, after which they will be deleted if there is no incident related to the images. In exceptional cases, if the captured images are necessary for legal, judicial or administrative investigations, this period may be extended until the investigation is completed.
h) Reception
Managing access control to corporate premises and security of goods and persons, including the processing and registration of the identity of persons accessing corporate areas and verification of their authorization and identity to enter, contributing to the prevention of unauthorized access and compliance with internal security regulations established by Abertis.
All processing derived from this purpose will be based on the legitimacy of the public interest, recognized to the data controller by different national regulations such as Law 5/2014, of 4 April, 2014, on Private Security.
Identification details: first name, last name, ID Nr..
Employment details: entity you work for.
The data will be retained for a period of thirty (30) days, after which it will be deleted if there is no incident related to access to the corporate premises. In exceptional situations, if the processing of your data is necessary for legal, judicial or administrative investigations, this period may be extended until the investigation is completed.
If the User provides third-party data, they declare that they have the consent of such third parties or sufficient legitimacy to do so, undertaking to pass on the information in the Privacy Policy to the relevant third parties and exempting the entity processing the data from any liability in this regard.
However, actions may be taken to verify this fact, including appropriate due diligence measures in accordance with data protection regulations.
All personal data processed to fulfil the above purposes may be disclosed to:
Public administrations, in the cases provided for by law, to comply with a legal obligation.
Courts, in the cases provided for by law, to comply with a legal obligation.
Third-party service providers who may have access to the User’s personal data, which will be processed on behalf of the data controller, for the purpose of providing services. The User is informed that rigorous supplier selection procedures are followed to comply with our data protection obligations, including signing the appropriate data processing contract in accordance with Article 28 of the GDPR.
The User declares to be over eighteen (18) years of age and that the information provided is true, accurate, complete and up to date. In this regard, you will be liable for the veracity of all the data provided and will keep the information provided duly updated, so that it matches your actual circumstances.
Likewise, you declare that you have informed any third parties whose data you have provided of the provisions of this document. You must obtain their authorisation to provide their data for the aforementioned purposes.
In any case, the User will be liable for any false or inaccurate information provided through the Website or any other means provided for this purpose and any direct or indirect damages caused to Abertis, the Abertis Foundation or third parties.
As the owner of the data, the User may send a letter to the address set out in the heading of this Privacy Policy or an email to lopd@abertis.com at any time and free of charge to exercise the following rights:
Right of access.
The right to be informed of whether or not your personal data is being processed and, if so, to have access to such data and to receive information on the purposes for which it is being processed, which categories of data, the recipients of your personal data and the intended retention period for the data, among other information.
Right of rectification.
The right to request your personal data be rectified to ensure that it is accurate and up to date.
Right of erasure.
The right to request your personal data be deleted, provided that the legal requirements are met, and any inaccurate data concerning you be rectified when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Restriction of processing.
In certain circumstances (e.g. if you contest the accuracy of your data, while the accuracy is being verified), the right to request that the processing of your personal data be restricted, where it will only be processed to bring or defend claims.
Revocation of consent.
The User may revoke the consent given at any time. All consents granted for the aforementioned purposes are independent, and you may revoke only one or more of them without affecting the others.
Objection to processing.
The right to object to the processing of your personal data in certain circumstances and for reasons related to your particular situation (in particular, to processing based on an applicable legitimate interest). In this context, the data will no longer be processed, unless there are compelling legitimate reasons or to file or defend possible claims.
Data portability.
The right to receive the personal data provided in a structured, common and machine-readable format, and to transfer it to another data controller without being prevented from doing so by the controller to whom the data was provided, in the cases legally provided for this purpose.
Automated individual decisions.
Furthermore, in addition to the above-mentioned rights, in the event of automated decisions, including profiling, the right to human intervention, to express your point of view and challenge the decision.
Other rights.
Similarly, where personal data is transferred to a third country or to an international organisation, the right to be informed about how you can access or obtain a copy of the appropriate safeguards relating to the transfer.
Likewise, if you feel the rights recognised by the applicable data protection regulations have been infringed, you may lodge a complaint regarding the protection of your personal data with the Spanish Data Protection Agency (AEPD) at the following address: C/ Jorge Juan, 6, 28001 - Madrid.
Without prejudice to the above, you may contact the Abertis data protection officer by writing to lopd@abertis.com.
The User’s data will be treated at all times as strictly confidential and under a duty of secrecy, in accordance with the provisions of the applicable regulations. To this end, all the necessary technical and organisational measures will be taken to ensure the security of your data and prevent its alteration, loss, unauthorised processing or access, in light of current technology, the nature of the data stored and the risks to which it is exposed.
Abertis reserves the right to revise its Privacy Policy at any time it deems appropriate and publish the new version. For this reason, we ask the User to regularly check this privacy statement to read the latest version.
The User declares to have been informed of these personal data protection provisions, accepting the content of this Privacy Policy.
Last update: November 2024.