1. PERSON RESPONSIBLE FOR PROCESSING
The entity in charge of processing and the owner of the domain www.legadoandalusi.es (hereinafter referred to as the Website) is FUNDACIÓN PÚBLICA ANDALUZA EL LEGADO ANDALUSÍ with registered offices in C/ MARIANA PINEDA, S/N – EDIFICIO CORRAL DEL CARBÓN. 18009 GRANADA (Spain), with Vat No.: G-18.411.975.
- Telephone: (+34) 958 225 995
- E-mail: firstname.lastname@example.org
- We have a Data Protection Officer. He has the faculties attributed by the law related to the protection of personal data. You can contact him by sending a communication to the e-mail address: email@example.com
2. PURPOSE OF THE PROCESSING AND LEGITIMACY
Purpose of the data the user provides us with:
a) To send the user the information requested and to resolve any queries he may have sent us in the contact section available on the website. The basis of legitimacy is the consent given.
b) To answer the queries the user may pose regarding the exercise of the rights we inform him about subsequently. The basis of legitimacy is the fulfilment of legal obligations on our part.
In the fulfilment of these obligations, we may communicate the user’s data to the Public Administrations and courts, whenever such information is required in accordance with the established legal processes.
c) By sending us the curriculum vitae, the user authorises us to analyse the data and documents contained therein. These will be kept for a maximum period of one year unless the user notifies us otherwise. The basis of legitimacy is the consent given.
d) The data collected through the forms for the promotion of establishments or services, activities, news, cultural events, etc. are intended for the purpose explicitly stated therein. The basis of legitimacy is the consent given.
e) In case the user expressly authorises us to do so, we may send him information related to our activity, by any electronic means, including the sending of newsletters. This information will be kept as long as the user does not request for its deletion. The basis of legitimacy is the consent given.
3. PERIOD OF DATA PRESERVATION
The data the user provides us with will be kept for as long as there is a mutual interest in maintaining the purpose of the processing. They shall be blocked when they are no longer necessary for the purpose for which they were collected or when the user has exercised his right to suppress, cancel and/or limit the processing. Once this period has elapsed, the data will be deleted in accordance with the provisions of the data protection regulations, which implies their blocking. The data will be then available exclusively to judges and courts, the Public Prosecution Service and the competent administrations, in particular the Data Protection Office, for the purpose of dealing with liabilities arising from the processing, during the period of limitation of such liabilities. On expiry of the aforesaid period, they shall be destroyed with the appropriate security measures to guarantee their pseudonymisation or total destruction.
In addition to the general treatment of the previous point, the period of conservation of four years (Art. 66 and following of the General Taxation Law) and six years for accounting books and invoices (Art. 30 of the Code of Commerce) shall be observed.
4. USER’S RIGHTS
The data protection regulations bestow the user the following rights in relation to the processing of personal data:
- Right of access: right of access to the user’s personal data in order to know what is being processed and the processing operations carried out on it.
- Right of rectification: To be able to request the modification of the user’s data for being inaccurate or not true.
- Right of portability: To be able to obtain a copy in an interoperable format of the data being processed.
- Right to limit processing, in the cases set out in the Law.
- Right of erasure: Request the erasure of the user’s data when processing is no longer necessary.
- Right to oppose: Request the cessation of the sending of commercial communications under the terms indicated.
- Right to revoke the consent given.
To exercise these rights, the user is required to send an express request, together with a copy of his/her National Identity Document or equivalent document in force, by the following means:
- EMAIL addressed to firstname.lastname@example.org with “Data Protection” as subject. It should be sent from the e-mail address the user included on the form. Otherwise, they will not be visible for the user, as his/her identity would not be considered sufficiently proven.
- BY POSTAL MAIL: Addressed to C/ MARIANA PINEDA, S/N – EDIFICIO CORRAL DEL CARBON. 18009 GRANADA (Spain)
If the Provider does not respond to the request in time and form, or does not find it satisfactory, the competent supervisory authority is the Spanish Data Protection Agency (www.aepd.es). On its website you can find a series of models to help the visitor exercise his rights.
5. NO TRANSFER OF DATA
The user is expressly informed that his personal data will under no circumstances be passed on to third parties, unless legally obliged to do so. Any exception to this rule will require his/her prior express and unequivocal informed consent.
6. SECURITY MEASURES
In accordance with the provisions of current regulations on the protection of personal data (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights), the Provider complies with all the provisions of the GDPR and LOPDGDD regulations for the processing of the personal data for which it is responsible, and clearly with the principles described in article 5 of the GDPR, whereby they are processed in a lawful, loyal and transparent manner in relation to the data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Appropriate technical and organizational policies are in place to protect their rights and freedoms, providing them with all the necessary information to enable them to exercise their rights. However, the user should be aware that security measures on the Internet are not impregnable.
Minors (under 14 years old) are not allowed to access and use the portal. They may not use the services available through the Website without the prior authorisation of their parents, guardians or legal representatives, who shall be solely responsible for all acts carried out through the Website by the minors in their care, including the completion of forms with the personal details of those minors and the ticking, where appropriate, of the boxes accompanying them. We are not responsible for the truthfulness and accuracy of the data provided. If the user is responsible for minors, it will be his/her sole responsibility to determine which services and/or content are or are not appropriate for their age.
Regardless of the provisions, the access to the contents of the Website may be terminated, suspended or interrupted at any time without prior notice, without the possibility of the user demanding any compensation whatsoever.