1. WHO DOES THIS POLICY APPLY TO?
This policy applies to all natural persons who are users of the platform, whether or not they are party to any legal transaction with Fundación ONCE. Said persons are hereafter interchangeably referred to as “the user” or “the users”. By “personal data” we are referring to any information about an identified or identifiable natural person.
If you are already a customer or worker of Fundación ONCE or have entered into any other legal transaction with us, we advise you to refer to the information contained in this policy concerning specific privacy terms.
The users declare, on their own liability, that they have the sufficient legal capacity to enter into legal transactions with Fundación ONCE.
2. IF YOU BROWSE OR USE OUR PLATFORM, WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA?
We are controllers of your personal data:
- Organization full name: FUNDACIÓN ONCE PARA LA COOPERACIÓN E INCLUSIÓN DE PERSONAS CON DISCAPACIDAD
- Registered address: CALLE SEBASTIÁN HERRERA nº15, 28012, MADRID, ESPAÑA.
3. WHO IS THE DATA PROTECTION OFFICER (DPO) AT FUNDACIÓN ONCE?
Fundación ONCE has appointed a Data Protection Officer Committee (DPO) users may contact if they wish regarding issues pertaining to the processing of the data provided, as well as any other controversy that may arise in this regard, according to the GDPR. You may contact our DPO at the address:
- Contact email address: firstname.lastname@example.org
4. WHAT KIND OF DATA DO WE PROCESS?
Processing your data is necessary to give you access to Platform content and features or to be able to provide you with information or services you may request. In this regard, we are firmly committed to process your personal data in a legitimate and coherent manner in accordance with the principles and legal obligations established by current data protection regulations.
When you browse our platform and particularly when you register or interact with us such as when you fill out a contact form or answer a survey, you are directly providing us with personal data.
The data you provide to us are in relation to those forms or applications on the platform and may vary depending on the type of form or application in question. Notwithstanding the foregoing, different categories of personal data may be collected by means of the platform and its different forms/applications. However, we always only request data that is appropriate, relevant and limited to what is necessary for the aforementioned purposes of processing (data minimization principle).
- Data for identification purposes (for example your name and surname)
- Data for contact purposes (for example email address)
5. FOR WHAT PURPOSE DO WE USE YOUR DATA?
- To allow you to browse our platform and to be able to give you access to the information and content available.
- To respond to your requests made through contact forms available in the platform, particularly those that are for preparing or establishing a legal relationship between parties.
- To adopt any applicable security measures in accordance with current regulation including the possible anonymization of your personal data by using techniques available for this purpose. In this regard, anonymization and pseudonymization techniques may also be applied to better protect your personal data.
- To apply relevant security, organizational and/or technical measures regarding your personal data taking in consideration the existing risk at all times. This can include pseudonymization or encryption of your personal data.
6. WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?
|Purpose of processing||Legal basis of processing|
|To allow you to browse our platform and give you access to information and to the content available on said platform.||Your consent and, where applicable, compelling legitimate grounds or those of a third party relating to the appropriate management, maintenance, development and evolution of the platform, tools, network and related IT systems for them to function properly and to enable the features, access to content and services, and the general security of all of the above.|
|To respond to your requests or applications in accordance with the forms or applications you submit to us.||Your consent|
|To take all protective measures that apply in accordance with current regulations, including the possible pseudonymization and anonymization of your personal data by applying the appropriate methods for that purpose.||Compliance with a legal obligation (REGULATION (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter “General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. In the case of processing aimed at guaranteeing the security of the platform, the network and the related IT system, the compelling legitimate interest of Fundación ONCE or, where applicable, that of a third party, could be argued (item 49 of the GDPR).|
|To apply the appropriate security, technical and/or organizational measures focusing on the risk that exists at any given time.||Compliance with a legal obligation (REGULATION (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereafter “General Data Protection Regulation” or “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. In the case of processing aimed at guaranteeing the security of the platform, the network and the related IT system, the compelling legitimate interest of Fundación ONCE or, where applicable, that of a third party, could be argued (item 49 of the GDPR).|
7. HOW LONG DO WE STORE YOUR DATA?
|Personal data collected for the purposes stated||Persona data storage terms or criteria|
|User browsing data||
Generally, your data will be stored for these purposes for as long as is required and necessary for you to be able to correctly browse and use our platform and the content available on said platform that you access.
|To respond to your requests or applications in accordance with the forms or applications you submit to us.||
For the amount of time that is absolutely necessary to properly attend to your specific requests and/or applications as the case may be.
Should they consist of the execution of pre-contractual actions or the signing of a contract with Fundacion ONCE at your request, your data will be stored for as long as is necessary to implement the pre-contractual actions or agreement between the parties, and also to prove to the authorities the legal liabilities deriving from the transaction in question.
|To take all protective measures applicable in accordance with current regulations.||For as long as your personal data is being processed. This includes storing said data during the established legal periods regardless of the legal basis used by Fundación ONCE.|
|To apply relevant security, organizational and/or technical measures regarding your personal data taking in consideration the existing risk at all times.||For as long as your personal data is being processed. This includes storing said data during the established legal periods regardless of the legal basis used by Fundación ONCE.|
In any case, and notwithstanding the foregoing, the user should note the following:
In accordance with current regulations governing personal data protection, as far as the correct processing of personal information by Fundacion ONCE is concerned, this organization may also securely store the information for four years from the time it is collected (statute of limitations in this context).
In general, when personal data is no longer necessary for the purposes for which they were collected, they will be blocked and will remain at the sole disposal of the relevant authorities for the purposes of ascertaining legal liability during the processing of said data, always in accordance with the applicable regulations. Such data may not be used for any other purposes other than the aforementioned. Once the legal period for blocking personal data has passed, said data will be deleted as per the applicable regulations, and may also be safely anonymized by Fundación ONCE, where applicable (anonymized/non-personal data).
8. WHAT HAPPENS IF YOU DON’T PROVIDE US WITH YOUR DATA?
We try to collect or apply the minimum amount of data strictly necessary for processing personal data in the pursuit of our business and social goals. And we do all of this in line with the principles set out in the applicable regulations.
Not providing your personal data may result in the following consequences: 1) you will be unable to properly browse our website (if you do not accept technical or session cookies); 2) we will be unable to process your application or specific request, making it impossible to set up the corresponding legal transaction (for example, if you do not provide sufficient details on the corresponding form or application).
In any event, the information and personal data that you provide in each case, should always be:
- Sufficient, albeit limited and adjusted, and provided for the legitimate purposes for processing as indicated in each specific case, fully respecting the principles of purpose limitation and data minimization.
- Accurate, up-to-date, and truthful, in order to be able to properly verify your identity, capacity and, where applicable, representation, as well as to be able to adjust the processing of your data to your specific needs and situation, if required. All in line with the accuracy principle that applies to personal data.
Users will be fully responsible for the personal data and information they provide to Fundación ONCE on the platform, and in relation to the services they require or contract.
9. DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
Generally speaking, we do not share your data with third parties, nor do we sell them or offer them to third parties. Nevertheless, as user of Fundación ONCE services or benefits, your personal data may be shared with other companies within the Group of Companies to Fundación ONCE belongs for merely internal and administrative purposes, in accordance with item 48 of the GDPR.
Likewise, if you have already consented to your personal information being supplied to other ONCE SOCIAL GROUP companies (list of companies available at https://www.ilunion.com/) in order to inform you of activities, events, promotions or other information potentially of interest to you, including advertising and promotions relating to the activities organized by said companies, your personal information will be supplied to same. You may withdraw your consent for that purpose at any time, although doing so will not affect the legitimacy of the processing of your personal data prior to said withdrawal, in accordance with the GDPR.
Fundación ONCE has different data processors for processing the personal data under its control, to whom it gives access to said data as trusted suppliers, and only when this is strictly necessary for the provision of the services contracted with said suppliers. These data processors operate under a service contract in accordance with the terms, conditions and guarantees set out in Article 28 of the GDPR. Fundación ONCE carries out the necessary controls, inspections and audits in this regard to ensure that said processors are in strict compliance with the contracts signed to that end and with the applicable regulations.
10. ARE YOUR PRESONAL DATA TRANSFERRED INTERNATIONALLY?
We hereby inform you that, on a general basis, your personal data will not be transferred abroad and that Fundación ONCE takes the necessary measures and guarantees in this regards in accordance with applicable personal data regulations.
11. WHAT ARE YOUR RIGHTS, WHAT DO THEY MEAN, HOW CAN YOU EXERCISE THEM?
|Your rights||What are they?||How to exercise them?|
|Right of access Article 15 GDPR.||The right to receive confirmation from Fundación ONCE as to whether or not your data is being processed, and to basic information about such processing, as well as to obtain a copy of the personal data being processed.||To exercise this right, send an email to email@example.com. with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to rectification Articles 16 & 19 GDPR.||The right to have your personal data rectified by Fundación ONCE without undue delay.||To exercise this right, send an email to firstname.lastname@example.org. with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to erasure Articles 17 & 19 GDPR.||The right to have your personal data deleted by Fundación ONCE without undue delay.||To exercise this right, send an email to email@example.com. with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to restrict processing Articles 18 & 19 GDPR.||
Right to restrict the processing of your data by Fundación ONCE when:
|To exercise this right, send an email to firstname.lastname@example.org. with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to data portability Article 20 GDPR.||The right to receive the personal data that concern you and that you provided to us in a structured, commonly used and machine readable format, or to transmit said data to another controller when this is technically possible.||To exercise this right, send an email to email@example.com. with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to object Article 21 GDPR.||The right to object at any time to the processing of your personal data, including any profiling of data, even when Fundación ONCE or a third party demonstrate compelling legitimate grounds.||To exercise this right, send an email to firstname.lastname@example.org. with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Rights related to automated decision making (including profiling) Article 22 GDPR. Artículo 22 RGPD.||The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.||To exercise this right, send an email to email@example.com. with the subject “Exercising Rights” and attach, if ID is required, a copy of your national ID card or an equivalent identification document (passport, N.I.E, etc.).|
|Right to withdraw consent||You have the right to withdraw consent at any time. The withdrawal of consent will not affect the lawfulness of processing by Fundación ONCE based on your consent before its withdrawal.||Said withdrawal may be communicated by means of the forms, content, and privacy settings made available by Fundación ONCE (for instance, requesting to unsubscribe from the newsletter using the link provided for that purpose). Nevertheless, this withdrawal may also be communicated over email: firstname.lastname@example.org to attend to your right as per the applicable regulations.|
|Right to lodge a complaint with the competent supervisory authority (AEPD). Articles 13 & 14 GDPR||The possibility of reporting any breach of your right to personal data protection to the competent authority.||We recommend that before filing any kind of complaint with the Spanish Data Protection Agency (AEPD), you contact us to review the situation and so that we can try to come up with an effective and amicable solution. Notwithstanding the above, the Spanish Data Protection Agency (AEPD) website also contains information on how to submit a claim www.aepd.es.|
12. ARE THERE ANY MEASURES IN PLACE TO SECURE AND PROTECT YOUR DATA?
Considering the nature, scope, context, and the indicated purposes of processing, as well as the varying degrees of likelihood and seriousness of risks to your rights and liberties, Fundación ONCE applies (and will continue to apply) suitable technical and organizational measures in order to guarantee the requisite security and protection of your personal data, meeting privacy criteria by design and by default, as well as applying a system that focuses on the concurrent risk, which will be revised and updated by Fundación ONCE whenever necessary.