PRIVACY POLICY
Responsible for treatment
The person responsible for the treatment is the CONFRARIA DE SANT JORDI, C/ San Francisco, N 10/12, 03450, Banyeres de Mariola (ALICANTE).
Privacy Principles
At CONFRARIA DE SANT JORDI we are committed to working continuously to guarantee privacy in the processing of your personal data., and to offer you at all times the most complete and clear information that we can. We encourage you to read this section carefully before providing us with your personal data..
If you are under fourteen years of age, please do not provide us with your data without the consent of your parents..
In this section we inform you of how we treat the data of people who are related to our organization. Starting with our principles:
– We do not ask for personal information, unless it is necessary to provide you with the services you require.
– We never share personal information with anyone, except to comply with the law, or we have your express authorization.
– We will never use your personal data for purposes other than those expressed in this privacy policy.
– Your data will always be treated with a level of protection appropriate to the legislation on data protection, and we will not subject them to automated decisions.
We have written this privacy policy taking into account the requirements of current data protection legislation.:
– Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 relating to the protection of natural persons (GDPR).
– Organic Law 3/2018, of 5 from December, Protection of Personal Data and guarantee of digital rights (LOPD).
– Royal Decree 1720/2007, of 21 from December (RLOPD).
This privacy policy is written on the date 6 from December to 2018.
On the occasion of the modification of treatment criteria, in order to facilitate its understanding or to adapt it to current legislation, we may change this privacy policy. We will update the date of it, so you can check its validity.
Treatments we perform:
contact treatment
Legal Basis: Consent of the interested party
Treatment Purposes: Respond to your request, Send you information and track your request.
Collective: contact persons, customers, providers
Data Categories: Name and surname, telephone, email address
Recipient Categories: Data transfers to third parties are not contemplated.
International transfers: No international data transfers are planned.
Deletion Period: Contact data will be kept for an indefinite period, or until the interested party requests its deletion.
Security measures: Adapted to the requirements of the Regulation (EU) 2016/679, General Data Protection Regulation.
Treatment of care rights of people (ARCO)
Legal Basis: GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.
General Data Protection Regulation.
Treatment Purposes: Respond to requests in the exercise of the rights established by the General Data Protection Regulation: Right of access, rectification, suppression, limitation, portability and opposition to automated decision making.
Collective: Natural persons who request it (employees, customers, providers, contact persons)
Data Categories: Name and surname, address, signature and telephone.
Recipient Categories: Personal data may be communicated to the Control Authority (Spanish Data Protection Agency) within the framework of an investigation for protection of rights initiated by the interested party.
International transfers: No international data transfers are planned.
Deletion Period: They will be kept for a period of five years from the moment of the request.
Security measures: Adapted to the requirements of the Regulation (EU) 2016/679, General Data Protection Regulation.
Supplier treatment
Legal Basis: GDPR: 6.1.b) Treatment necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures.
GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.
Royal Legislative Decree 2/2015, of 23 October, approving the consolidated text of the Workers' Statute Law.
Law 58/2003, of 17 from December, General Tax.
Treatment Purposes:
– Acquisition of products and/or services that we need for the development of our activity.
– Control of subcontractors if applicable.
Collective:
– Suppliers.
– People who work for our suppliers.
Data Categories: –
Name and surname, DNI/NIF/Identification document, address, signature and telephone.
– Job detail data: job. Workplace safety training.
– Economic, financial and insurance data: Bank data.
Recipient Categories:
– Financial entities. (Bill Payment)
– State Tax Administration Agency.
International transfers: No international data transfers are planned.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data., according to the law 58/2003, of 17 from December, General Tax,
Security measures: Adapted to the requirements of the Regulation (EU) 2016/679, General Data Protection Regulation.
Security breach notification processing
Legal Basis: GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.
General Data Protection Regulation. Articles 33 Y 34
Treatment Purposes: Management and evaluation of security breaches that occur in our organization.
Collective: Variable: Employees, Customers, Suppliers, Contact Persons (It will depend on the security breach)
Data Categories: Variable. (It will depend on the security breach)
Recipient Categories: – Spanish Data Protection Agency.
– State Security Forces and Bodies.
International transfers: No international data transfers are planned.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.. The provisions of the archives and documentation regulations will apply..
Security measures: Adapted to the requirements of the Regulation (EU) 2016/679, General Data Protection Regulation.
Treatment of brothers
Legal Basis: GDPR: 6.1.b) Treatment necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures.
GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.
Organic Law 1/2002, of 22 of March, regulator of the Right of Association.
Treatment Purposes: Compliance with the purposes defined in the statutes of our CONFRARIA.
Collective: Natural persons who have joined.
Data Categories: Name and surname, DNI/NIF/Identification document, address, signature and telephone.
Recipient Categories: Bank entities (associated fee collection).
International transfers: No international data transfers are planned.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data..
Security measures: Adapted to the requirements of the Regulation (EU) 2016/679, General Data Protection Regulation.
Volunteer treatment
Legal Basis: RGPD 6.1.a) The interested party gave his/her consent to the processing of his/her personal data for one or more specific purposes..
GDPR: 6.1.b) Treatment necessary for the execution of a contract to which the interested party is a party or for the application of pre-contractual measures at the request of the interested party..
Treatment Purposes: Collaborate voluntarily and altruistically with our CONFRARIA for the development of its purposes.
Collective: People who voluntarily collaborate with our CONFRARIA.
Data Categories: Name and surname, DNI/CIF/Identification document, personnel registration number, address, signature and telephone.
Recipient Categories: No transfer of data to third parties is planned..
International transfers: No international data transfers are planned.
Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data..
Security measures: Adapted to the requirements of the Regulation (EU) 2016/679, General Data Protection Regulation.
Your rights
You have the right to request a copy of your personal data from us, to rectify inaccurate data or complete it if it is incomplete, or, where appropriate, delete them, when they are no longer necessary for the purposes for which they were collected.
You also have the right to limit the processing of your personal data and to obtain your personal data in a structured and readable format..
You can object to the processing of your personal data in some circumstances (in particular, where we do not need to process them to comply with a contractual or other legal requirement, or when the object of the treatment is direct marketing).
When you have given us your consent, you can withdraw it at any time. At that moment we will stop processing your data or, in your case, we will stop doing it for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that took place while your consent was in force..
These rights may be limited; For example, if to fulfill your request we would have to reveal data about another person., or if you ask us to delete certain records that we are required to keep for a legal obligation or legitimate interest, How can the exercise of defense against claims be?. Or even in those cases where the right to freedom of expression and information must prevail.
You can contact us by any of the means indicated in the Data Controller section of this privacy policy., providing a copy of a document that proves your identity (usually the DNI). The most convenient way to exercise your rights is by accessing our RIGHTS PORTAL: https://www.adelopd.com/portalderechos/confraria-de-sant-jordi.
Another of your rights is not to be subject to a decision based solely on automated processing., including profiling that produces legal effects or affects you.
Against any violation of your rights, as, for example, that we have not attended to your request, You have the right to file a claim with the Supervisory Authority regarding data protection.. This could be your country (if you live outside of Spain) or the Spanish Data Protection Agency (if you live in Spain).
Links to third party websites.
Our website can, sometimes, contain links to other websites. It is your responsibility to ensure that you read the data protection policy and legal conditions that apply to each site..
Third party data.
If you provide us with third party data, You assume the responsibility of informing them in advance as established in the article 14 del RGPD.