top of page

Privacy statement & cookies consent

Privacy Policy

​

1. Introduction

At VancastVideo, privacy and the protection of personal data are a priority. We are committed to processing personal data lawfully, fairly, and transparently, in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), Organic Law 3/2018 (LOPDGDD), and all applicable regulations governing information society services.

​

VANCAST maintains an Information Security Management System (ISMS) certified in accordance with ISO/IEC 27001, ensuring that the processes, controls, and security measures applied to the processing of personal data meet internationally recognized standards for confidentiality, integrity, and availability of information.

 

This Privacy Policy describes how personal data is collected, used, and protected in connection with the use of the vancastvideo.com website and the VancastVideo Platform.

​

2. Data Controller

Company name: VANCAST COMUNICACIÓN ON LINE, SL
Tax ID: ESB63720304
Registered address: Av. Reina Victoria, 31, 3º 2ª, 08021 Barcelona, Spain
Email: privacy@vancast.net
Domain: vancastvideo.com

​

3. Scope

This policy applies to:

​

  • Users of the vancastvideo.com website

  • Administrative users of the VancastVideo platform

  • Commercial contacts and subscribers to informational communications

  • Clients and end users, depending on their role

 

4. Roles and responsibilities
4.1 VANCAST as Data Controller

VANCAST acts as data controller with respect to:

​

  • Contact data and informational or commercial communications

  • Account management, billing, and support

  • Website navigation and technical cookies

 

4.2 VANCAST as Data Processor

When using the VancastVideo platform, the client acts as the data controller for the personal data hosted or processed through the platform, while VANCAST acts as data processor, in accordance with the main agreement and the corresponding Data Processing Agreement (DPA).

 

5. Purposes of processing and legal bases

Personal data is processed for the following purposes:

​

a) Service provision

  • User account management

  • Access to and use of the platform

  • Technical support and customer service
    Legal basis: performance of a contract (Art. 6.1(b) GDPR)

 

b) Informational or commercial communications

Sending information related to VancastVideo products and services by electronic means, provided that a valid legal basis exists and with the possibility to object at any time.
Legal basis: consent of the data subject (Art. 6.1(a) GDPR) or legitimate interest in B2B relationships, where applicable.

​

c) Request management

Handling inquiries, incidents, or requests.
Legal basis: consent or legitimate interest.

 

d) Service improvement

Aggregated and anonymized statistical analysis.
Legal basis: legitimate interest.

​

6. Data retention

Personal data will be retained:

​

  • For the duration of the contractual relationship

  • As long as a legal obligation exists

  • Or until deletion is requested

 

Once the applicable retention periods expire, the data will be deleted or properly blocked in accordance with applicable regulations.

​

7. Data subject rights

Data subjects may exercise the following rights:

​

  • Access

  • Rectification

  • Erasure

  • Restriction of processing

  • Objection

  • Data portability

 

By submitting a written request to:

​

  • Email: privacy@vancast.net

  • Postal address: c/. Reina Victoria, 31, 3º 2ª, 08021 Barcelona, Spain

​

Data subjects also have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD).

 

8. Security measures

VANCAST has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR.

​

In particular, VANCAST operates under an ISO/IEC 27001–certified Information Security Management System (ISMS), providing a structured framework for managing information security and protecting personal data.

​

These measures include, among others:

​

  • Role-based logical and physical access controls

  • Secure authentication and credential management

  • Encryption of data in transit and, where applicable, at rest

  • Monitoring, logging, and auditing of access and activity

  • Vulnerability management and security updates

  • Business continuity and incident recovery procedures

  • Security awareness and training for authorized personnel

 

These measures are reviewed and updated on a regular basis.

 

VANCAST also maintains documented incident management, business continuity, and disaster recovery procedures designed to ensure the operational resilience of the platform.

 

8 bis. Alignment with DORA and the financial sector

VANCAST designs and operates the VancastVideo platform taking into account the digital operational resilience requirements applicable to financial entities, in accordance with Regulation (EU) 2022/2554 (DORA).

​

The technical and organizational measures implemented by VANCAST enable clients in the banking, insurance, and financial sectors to:

​

  • Ensure the security, availability, and integrity of digital services

  • Reduce operational risk associated with mission-critical communications

  • Maintain traceability, control, and oversight of ICT services

  • Support the management of third-party ICT risk

 

VANCAST actively cooperates with its clients in risk assessments, audits, vendor questionnaires, and compliance reviews, providing the technical and organizational information required to support their regulatory obligations.

 

9. Sub-processors and suppliers

VANCAST may engage subcontractors for services necessary to provide the platform (hosting, CDN, technical services, etc.).

All sub-processors:

​

  • Act under contractual agreements

  • Comply with GDPR requirements

  • Are subject to confidentiality and security obligations

 

VANCAST selects its suppliers based on technical solvency, regulatory compliance, and information security criteria, contractually requiring security levels equivalent to those defined in its ISO/IEC 27001–certified ISMS.

 

For regulated sectors, VANCAST applies enhanced control over the ICT supply chain.

 

10. International data transfers
10.1 Infrastructure and hosting

The platform is primarily hosted on Amazon Web Services (AWS) within the European Union. Data may be securely replicated within the European Economic Area (EEA).

​

10.2 Use of services in other regions

Any international data transfer outside the EEA will be carried out solely on the basis of valid legal mechanisms, such as Standard Contractual Clauses (SCCs) or other appropriate safeguards under the GDPR.

​

For financial-sector clients, any use of services outside the EEA will be subject to prior regulatory and operational risk assessment.

 

11. Applicable law

This Privacy Policy is governed by Spanish and European law.


Any dispute shall be submitted to the courts of Barcelona, unless otherwise required by applicable law.

 

Cookies Policy

 

12. Use of cookies

VancastVideo uses exclusively technical and strictly necessary cookies to ensure the proper functioning of the website and platform.

These cookies:

​​

  • Enable navigation and authentication

  • Maintain user sessions

  • Do not perform advertising tracking

  • Do not create user profiles

 

Characteristics:

​

  • Limited duration (up to 1 month)

  • Automatic renewal upon access

  • Server-side session storage

 

13. Third-party cookies and external links

The website may contain links to external services not controlled by VANCAST. Users are encouraged to review the privacy and cookies policies of those services.

 

14. Modifications

VANCAST reserves the right to update this Privacy and Cookies Policy to reflect regulatory or functional changes. The current version will always be available on the website.

​

​

 

bottom of page