Privacy policy

Privacy policy

At Netex Knowledge Factory, S.A., we understand that it is essential to maintain a transparent relationship with you. For this reason, in what follows we present our privacy policy, so that at all times you are duly informed about how we collect and process any information that you provide for us in a secure way.

Your data will be processed in accordance with current legislation, in particular as established in Regulation (EU) 2016/679 of April 27th, 2016 (GDPR) relating to the protection of individuals and the Spanish Organic Law 3/2018, of December 5th, concerning Protection of Personal Data and Digital Rights Guarantee with regard to the processing of personal data and the free movement of such data.

By reading our Privacy Policy closely you will find the information required to know how we handle the data that you give us.


If you, or any authorised person, have provided us with your data, Netex Knowledge Factory, S.A. with CIF: ESA15595754 we are the data controller for this data. This data will be processed in accordance with provisions established in the regulations on protection of personal data, that is, Regulation (EU) 2016/679 of April 27th, 2016 (GDPR) relating to the protection of individuals  and the Spanish Organic Law 3/2018, of December 5th, concerning Protection of Personal Data and Digital Rights Guarantee regarding the processing of personal data and to the free circulation of such data.

It is possible that there exist other people responsible for the processing that we carry out, and in such cases we will always inform about the person or entity responsible for this data, as well as their identifying data.

At Netex Knowledge Factory, S.A. we are committed to complying with obligations on the secrecy of personal data and the need to safeguard it. Thus we adopt all measures necessary to avoid the alteration, loss, unauthorised access or processing of this data, in accordance with the aforementioned Regulation.

Netex Knowledge Factory, S.A. is part of a group that comprises:

  • Netex (UK) Limited   GB150 0648 44
  • Virtual College Limited GB755296890


Netex Knowledge Factory, S.A., through the web page in the corresponding section of the privacy policy. More information in “Legal Notice”.


The personal data that we process is as follows:

  • Data that you decide to provide for us voluntarily.
  • Data derived from communications that you have with us.
  • Information relating to your own navigation in the case of Online Services (IP address or information derived from cookies) or similar devices (please see our Cookie Policy on the web).
  • Information which is available from publicly available sources, and for which we have legitimate access.
  • Data derived from the contractual or pre-contractual relationship that you have with us, including your image, in which case you will always be kept informed about the possibility of your image being captured.
  • Data on you provided to us by third parties, where a legitimate basis for this exists or having obtained your consent to do so.
  • Data on third parties that you have given us, with the prior consent of the third party in involved.


In Netex Knowledge Factory, S.A. we always process your personal data in strict compliance with current legislation. Also, we can confirm to you that we possess the appropriate technical and organisational measures necessary to guarantee an optimal level of security, ensuring that only those people who have authorisation will access this data, which will serve to keep it safe and intact, avoiding any intentional or accidental loss, and that we have reinforced our data processing systems and services.

The operations, management and technical procedures that we carry out, both automated and non-automated, and which allow for the collection, storage, modification, transfer and other actions on personal data, are considered to constitute the processing of personal data.

We also inform you of joint processing of the data by the companies of the group as set out in item 1 of this privacy policy.


The basis of the legitimisation of the processing of personal data will be that which arises from contractual, pre-contractual, employment or any other kind of relationship required for the processing of data, such as express consent.


In the case of receiving communications by these means (electronic mail, automated form response messages, and other communication systems), we inform you that such messages are sent exclusively to the recipient, and may contain privileged or confidential information. If you are not the intended recipient, you are hereby notified that the use, disclosure and/or copying of these without permission is prohibited under current legislation.

In accordance with the provisions of Law 34/2002 of July 11th on Company Information and Electronic Commerce Services, and Directive 2002/58/EC, we inform you that in the event that you do not want to receive communications and information of a commercial kind via this electronic communication system, please indicate this to us using the same route, stating in the subject “UNSUBSCRIBE TO COMMERCIAL COMMUNICATIONS” so that your personal data are deactivated from our database. Your request will be actioned within a period of 10 days from the date of sending the request. In the event that we do not receive an express reply by you, we will understand that you agree to and authorise our entity to continue making such communications.


The personal data relating to individuals that Netex Knowledge Factory, S.A. collects by any means will be retained whilst the person involved does not request its deletion. Also, the data will be retained for as long as the relationship that promoted the processing of the data exists, always respecting legal periods for retention. When such a period has ended, the personal data will be deleted from all the systems of Netex Knowledge Factory, S.A..


There will be no sharing, transmission, or transfer of personal data, except for that already noted, other than due to legal obligation. If, due to a request from the Public Administration or the Autonomous Institutions within the scope of those functions expressly conferred on these entities by law, we are asked for your data, we will provide it.

If a case of sharing, transmission or transfer of personal data exists outside the scope of the previously mentioned cases, you will receive prior notification so that you can provide us with your consent where required.

But so that we can achieve a satisfactory level of internal organisation, plus a good level of operation and procedures to ensure the effective management of Netex Knowledge Factory, S.A., it may be necessary to contract the services of consultants, professionals, or other service-based companies to process data under our instruction.

This processing by third parties is regulated in a contract in which, in writing or in some other form that provides for the verification of its signing and content, it is stated expressly and specifically that the data processor therein will process the data in accordance with our instructions and will not apply or use data for any purposes other than those which appear in said contract, nor will this entity communicate the data to other persons, even for its conservation.


Data protection regulations confer on you the following rights:

  • Revocation rights of any consent previously given.
  • Access rights: To know what type of data is being processed and the characteristics of the processing being done.
  • Rectification rights: To be able to request the modification of data which is inaccurate or untruthful
  • Portability rights: To be able to obtain a copy in an interoperable format of the data that is being processed.
  • Limitation rights of the processing, in cases where this processing is considered unnecessary.
  • Cancellation rights: To request the cessation of data processing, and the deletion of the same when its retention is no longer necessary.

Also, we would like to inform you that you can withdraw the consent that you have given, without this affecting the legality of the processing already carried out, by sending your request to the address indicated in the previous paragraph. In this case, your application should be accompanied by a copy of your DNI or other ID document proving your identity.

If you want more information regarding the processing of your data, to rectify data which is inaccurate, to object to and/or limit any processing you consider to be unnecessary, or to request the cancellation of the processing when the data is no longer necessary, you can write to Netex Knowledge Factory, S.A., C / Ícaro, 44, 15172 – Oleiros (A Coruña) or by email to

  • Such communication should include the following information: Name and surname(s) of the user, a statement of the request being made, along with their address and accredited details.
  • The exercising of these rights should be done by the owner him or herself. However, they can also be exercised by someone authorised as a legal representative of the owner. In a such a case, documentation which accredits this representation of the owner should be provided.

Remember, also, that you have the right to present a complaint to the Spanish Data Protection Agency (AEPD), if you consider that your rights have been infringed, to Protección de Datos, C/ Jorge Juan, 6 28001-Madrid – FAX: 914483680- TEL: 901 100 099- E-mail:


In what follows, we set out the purposes of data processing by one, or all, of the Data Controllers previously specified.

Labour management Personnel management for the formalisation of a labour contract, monitoring of records, payroll management, time monitoring, training, pension plan, and Prevention of Occupational Risks. Contractual relationship
Accounting and tax management Processing necessary for compliance with tax and accounting obligations Contractual relationship Legal obligation of the person or entity responsible Prevalent legitimate interests of the person or entity responsible or of third parties
Management of contacts Processing of data in order to maintain communications with interested parties Contractual relationship Prevalent legitimate interests of the person or entity responsible or of third parties Express consent of the interested party
Prevention of occupational risks Compliance with the current legislation in the area of occupational risk prevention and health oversight Contractual relationship Legal obligation of the person or entity responsible
Video surveillance Image capture by the video surveillance system and/or alarm system with image capture, as a means of protecting the assets of the entity Prevalent legitimate interests of the person or entity responsible or of third parties
Management of job candidates Selection of personnel and the allocation of positions of work through curriculum management, personal interviews and assessment tests Life interests of interested parties and/or other persons Express consent of the interested party
Organisation of events and activities Management and coordination of the entity’s activities and events. Monitoring of attendance and participants. Contractual relationship Express consent of the interested party
Informative communications and notifications Dissemination of activities and notifications of information related to the activities of the entity Prevalent legitimate interests of the person or entity responsible or of third parties Express consent of the interested party
Multimedia management Processing of images and/or videos for the communications media and social networks and the promotion of the activities Express consent of the interested party
Management of customers Processing of data necessary for maintaining the commercial/contractual relationship with customers, billing, after-sales service, management of work carried out Contractual relationship Commercial relationship
Sending of advertising Sending commercial information, notifications about events of interest, offers, information relating to products and services, to customers and/or potential customers. Express consent of the interested party
Labour monitoring Monitoring of employee work attendance, monitoring of shifts and the management of vacations, leave and other kinds of attendance. Contractual relationship Prevalent legitimate interests of the person or entity responsible or of third parties
Management of incidents To manage customer incidents relating to services/products for the monitoring and resolution of these Contractual relationship Life interests of interested parties and/or other persons Legal obligation of the person or entity responsible
Project management Data required for project management, contact data for people involved, workers and/or third party participants in the same Contractual relationship
Management of potential customers To be able to communicate where necessary with possible customers and/or other interested parties, the sending of budgets, rates, product costs and other information requested prior to the establishment of a contractual relationship Commercial relationship
Management of external platforms Management of the users of the platforms contracted by customers: sign-up, modification, sign-off and reports etc. Contractual relationship