PRIVACY POLICY
Last updated: 17/07/2025
1. GENERAL INFORMATION
1.1 Introduction
This policy has been prepared in compliance with GDPR 2016/679, LOPDGDD 3/2018 and applicable regulations.
1.2 Scope of application
- Navigation and use of the belasai.es website
- Use of the contact form
- Provision of the Employee Assistance Program (EAP)
- Communications with users and clients
- Any interaction involving personal data
2. DATA CONTROLLER
Name: beLASAI
Tax ID: 79002791E
Address: 48011, Bilbao, Vizcaya.
3. DATA PROCESSING ACTIVITIES
3.1 Website contact form
Manage inquiries and information requests and commercial communication with potential clients.
- Identification data: first and last name
- Contact data: email address
- Professional data: company
- Inquiry content: message sent
Consent of the data subject (art. 6.1.a GDPR).
Data retained while commercial interest persists, maximum 3 years.
Processed only by authorized personnel. No transfers except for legal obligation.
3.2 EAP - General data
Manage registration, provision, and monitoring of the EAP, appointments, communication, and service evaluation.
- Identification: name, surnames, ID
- Contact: phone, email
- Employment: company, job position
- Access: credentials and logs
- Communication: email, call, video call records
- Evaluation: service ratings
Contract execution (art. 6.1.b GDPR).
During contract validity and 5 additional years for liabilities.
Authorized personnel and professionals subject to confidentiality.
3.3 EAP - Health data
Provision of psychological support, evaluation, and monitoring of emotional wellbeing.
- Mental and psychological health data
- Emotional state and wellbeing
- Psychological consultation history
- Reports and evaluations
- Intervention and follow-up plans
- Explicit consent (art. 9.2.a GDPR)
- Healthcare by a professional subject to confidentiality (art. 9.2.h GDPR)
- Encryption of data in transit and at rest
- Access restricted to authorized professionals
- Periodic access audits
- Specific training on health data protection
- Confidentiality protocols
During provision and 5 years from last consultation; longer if required by health regulations.
Only licensed psychologists subject to professional secrecy.
3.4 EAP - Financial data
Provision of financial and tax advice and personalized recommendations.
- Income and expenses
- Debts and financial obligations
- Tax information
- Bank data when necessary
- Investments and savings
Contract execution (art. 6.1.b) and consent for specific financial data.
During the service and 6 additional years per tax and accounting regulations.
Qualified professionals subject to confidentiality.
4. DATA SUBJECT RIGHTS
Rights: access, rectification, erasure, restriction, portability, objection, and not being subject to automated decisions.
Response within one month maximum, extendable by two months in complex cases.
5. SECURITY MEASURES
- SSL/TLS encryption in transit
- Encryption at rest in databases
- Robust authentication
- Firewalls and intrusion detection
- Encrypted backups
- Regular system updates
- Documented security policy
- Periodic staff training
- Minimum access controls
- Internal security audits
- Incident response procedures
- Confidentiality agreements
Contracts with processors ensuring adequate measures.
6. CONFIDENTIALITY AND PROFESSIONAL SECRECY
Psychologists subject to professional secrecy and professional association regulations.
Staff and collaborators with confidentiality obligations and ongoing training.
7. POLICY MODIFICATIONS
beLASAI may modify the policy and will communicate relevant changes; new consent may be required.
8. CONTACT AND INQUIRIES
Address: 48011, Bilbao, Vizcaya.
Business hours: Mon-Fri 8:00-17:00