Privacy Policy

1.Identification of the Data Controller

BILBAO RIA 2000, S.A. is the CONTROLLER of the processing of the personal data of the USER, and you are hereby informed that the data will be processed in accordance with Regulation (EU) 2016/679 of 27 April (GDPR) and the Spanish Personal Data Protection and Guarantee of Digital Rights Act 3/2018 of 5 December (LOPDGDD).

You can contact the Data Controller by email at

The address for complaints shall be the one given for the registered office of the Data Controller.

2.Purposes of the processing

  • a)To answer the questions that the data subject sends to the Data Controller.

    Storage period: The data shall be stored until the issue raised by the data subject has been resolved. If necessary, the information shall subsequently be blocked during the legally-established periods.

    Legal grounds: Consent of the data subject and legitimate interest of the data controller.

  • b)Manage your participation in the selection processes of the Data Controller.

    Storage period: The data will be stored while you as data subject does not revoke your consent. If necessary, the information shall subsequently be blocked during the legally-established periods.

    Legal grounds: Consent of the data subject and legitimate interest of the data controller.

3.Recipients of your data

The Data Controller contracts third parties to perform the processing in order to be able to provide its services. Specifically, the Data Controller has agreements signed with the following service suppliers:

With the exception of those entities, your data shall not be given to any other third party. If your data need to be disclosed to third parties for any reason whatsoever, you shall be informed beforehand and, as applicable, your consent shall be sought and the purposes of the disclosure and the identity of the third party in question shall be specified.

The only exception is the cases where there is a legal requirement to disclose that data to a third party.


The people who provide us with their data enjoy the following rights in that regard:

  • a.Right of access
  • b.Right of rectification or deletion
  • c.Right to limit the processing
  • d.Right to portability
  • e.Right of objection
  • f.Right to withdraw consent


  • a.Right of access: anybody is entitled to obtain from the Data Controller confirmation of whether or not personal data concerning them is being processed and, should that be so, right of access to the personal data.
  • b.Right of rectification: it is the right to obtain the rectification of the personal data held by us and which concern you.
  • c.Right of erasure: it is the right to obtain the erasure of your personal data.
  • d.Right to limit the processing: it is the right for your data to no longer be processed by the relevant operations when any of the following conditions are met:

    • When you have exercised your rights to rectification or objection, and the Data Controller is deciding whether to accept or reject the request.
    • If the data processing were unlawful, which implies the erasure of the data, but you do not wish your data to be deleted by the Data Controller.
    • When the data are no longer necessary for the processing, meaning the data should be deleted, but you want the Data Controller to limit their processing and keep them in order to be able to bring, exercise or defend yourself against claims.

  • e.Right to portability: It is the right to obtain from the Data Controller, in the case of the automated processing of your data, a copy of such data in a machine readable, structured format in common use or for that copy to be directly sent to the Controller that you indicate. Please note that this right shall not apply to:

    • The data of third parties that you have provided to the Data Controller.
    • Any data that concern you, but which third parties have provided to the Data Controller.

  • f.Right of objection: It is the right to object to your personal data being processed. As far as the processing by the Data Controller is concerned, you may object to being sent own or third-party commercial communications.


If you wish to obtain further information on your rights, we suggest you visit the website of the Spanish Data Protection Agency and consult the European Data Protection Regulation.

You may exercise these rights by sending an email to, clearly indicating which right you wish to exercise and providing a copy of your identity document to accredit your identification. You may also send the request by mail to the registered address of the Data Controller that appears in Point 1 of this Privacy Policy.

In addition, we hereby inform you that you can file a claim with the relevant Supervisory Authority, in this case, the Spanish Data Protection Agency, particularly, if you have not been able to exercise your rights satisfactorily. You can contact the Spanish Data Protection Agency by phoning 901 100 099 and 912 663 517 or visit it at its address C/Jorge Juan 6, 28001 – Madrid.

5.Security Measures

The Data Controller hereby guarantees you as the user that the processing performed complies with all the provisions of the aforementioned data protection legislation (GDPR and LOPDGDD) and that the data are processed in a lawful, legal and transparent way as regards the data subject, and appropriate, pertinent and limited to the necessary with respect to the purposes for which the data are processed.

Furthermore, the Data Controller guarantees that it has implemented the appropriate organisational and technical security measures that the GDPR and LOPDGDD establish in order to protect the rights and freedoms of USERS, and has provided the latter with the appropriate information to be able to exercise them.

The Data Controller wishes to clarify that it will not process or store data or information on its patients or on the results of their tests.

6.Provenance and truthfulness of the data

All the data collected come from the data subject. By accepting this Privacy Policy, you as the User declare and undertake to guarantee the truthfulness and accuracy of the data provided, as well as being their legitimate owner.

Furthermore, you undertake to always keep your data current and to inform the Data Controller without delay of any important changes, such as the change of holder of your bank account or any change to your email account provided in the relevant forms hosted on the website.

Accordingly, you as the User shall be solely liable for any breach of the above and shall hold the Data Controller harmless from any liability with regard to that data that you have not previously communicated.