XXX, hereinafter XXX, according to the legal requirements imposed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, recognises itself as being the Controller responsible for processing your personal data and undertakes to process such data in keeping with the regulations and risks associated to their processing, as previously identified. Simply visiting this Portal does not entail the processing of personal data due to the fact that no personal data identifying the User is automatically registered.
To guarantee the adequate management of your personal data, all of the staff at XXX involved in the processing processes are aware of the data protection policies established at the institution, thereby guaranteeing the confidential nature, integrity, availability and resilience of your personal data and the capacity to effectively recover personal data in as short a time as possible, should an incident occur.
1. The controller of your personal data
Identity of the Controller: XXX. – CIF XXX
Postal address: XXX
Contact email: XXX
Contact tel.: XXX
Identification of the Data Protection Delegates (DPD):XXX
Main DPD contact: XXX
2. Why your personal data are processed and for how long
Every time XXX asks you for your personal data, it will expressly explain, at the moment of collecting them, the purposes of the processing for which you are giving your consent. The duration of the personal data processing period will generally be indefinite unless expressly indicated otherwise by XXX or if you exercise your right to be forgotten, at which time we will delete your personal data with the exception of those we are legally bound to keep for the stipulated amount of time.
3. Legal grounds for processing your personal data
The legal grounds for the lawful processing of personal data is your express consent to do so. XXX will always inform you clearly and simply of the purpose of the processing for which you have given your express consent: in the event of you refusing to give said express consent, XXX will be unable to provide the service requested.
4. Recipient of your personal data
XXX, unless bound by legal obligation, has no intention of disclosing your personal data to third parties. In the event of intending to do so, it would first of all ask for your express consent, indicating the recipients of the data or the category of recipients if these are not clearly predetermined.
XXX may, however, hire the services of third parties, thereby entailing access to your personal data by a third party, but always within the scope of providing the services of a data controller in the conditions indicated in articles 28 and 29 of the above-mentioned European Regulation. In such cases, XXX will regulate the processing by means of the corresponding confidentiality agreement, clearly stipulating the commitments acquired by both parties in regard to the safe and confidential processing of your personal data.
If the data were processed by a body outside of the European space, we would work with bodies considered by the Spanish Data Processing Agency to have a demonstrable comparable level of security by means of the following:
- The company providing the service figures on the list of countries with a level of protection comparable to that of the European Union.
- The international transfer of personal data is expressly authorised by the Spanish Data Protection Agency.
- The company providing the service works under the auspices of the EU-US Privacy Shield.
5. Rights referring to the processing of your personal data
As the owner of the personal data processed by XXX, and in application of articles 15 and 21 of the above-mentioned European Regulation, you are free at any time to exercise your rights of access, rectification or deletion, restricted processing, objection and/or portability. To do this, you must contact XXX by any of the regular communication channels, and particularly by means of the contact details indicated in point 1 of this Data Protection Policy, asking to exercise the desired right. In this case, you must first of all irrevocably identify yourself as being the owner of the personal data in regard to which you wish to exercise the right. XXX will carry out your wishes in the shortest possible time and, in any case, without undue delay. Should you have any about your rights and how to exercise them, XXX will be only too happy to provide the necessary information and to enable their exercising.
Should you consider that the request to exercise your rights has not been adequately dealt with, you can make a complaint to the competent Control Authority. We therefore provide the main contact details of the Spanish Data Protection Agency:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
Contact tel.: 901 100 099 – 912 663 517
6. Data origin
The origin of the User data processed by XXX will be their owner or legal representative or the person or persons expressly authorised by their owner. The categories of data processed through this Portal will always correspond to data of an identifying or economic nature, or commercial, academic and/or professional information and, in general, any kind of personal data not considered to be especially protected.