POLÍTICA DE PRIVACIDAD
The terms under which we process your personal data are outlined below in the form of questions and answers:
Who is the data controller of your data?
- Identity: FUNDACIÓN TATIANA PÉREZ DE GUZMÁN EL BUENO, owner of the Centro Internacional de Neurociencia y Ética (CINET). Tax number: G-86444346.
- Address: Paseo General Martínez Campos, 25, 28010 – Madrid
- Telephone: (+34) 914 44 33 41
- Email address: firstname.lastname@example.org
Why do we process your personal data?
We process the personal data you provide for the following purposes:
- To channel requests for information, suggestions and complaints you send to us, to contact the sender of the information, to respond to your request or query and for tracking purposes. Providing data for this purpose is voluntary, although failure to provide data will prevent us from responding to the request, query or complaint. Therefore, it is necessary for you to provide your personal data for us to be able to deal with such requests.
- Sending commercial communications about our products or services if you consent to this by ticking the box provided. Consent for this purpose is voluntary and your refusal will result in your data not being processed for the purpose of sending you commercial communications about our products or services.
- If you become a friend or follower of ours on social media, we will process your data to keep you informed of our activities and promotions through these channels. Providing data for this purpose is voluntary. However, if you do not do so, you cannot be our friend or follower on the social network in question. Identification data are the types of data processed for this purpose.
How long do we process your data?
We will retain your data only for as long as is necessary to fulfil the purpose for which it was collected, to comply with any legal obligations imposed on us and to meet any liabilities arising from the fulfilment of the purpose for which the data was collected.
Unless the data subject withdraws his or her consent, the data used to send commercial communications about our products or services will be retained permanently.
The data processed to deal with requests, petitions, queries or complaints will be kept for as long as is necessary to answer them and consider them finally closed. Thereafter, they will be kept as a record of the communication for a period of one year unless you ask for them to be deleted at an earlier date.
Data submitted via social media will be stored for as long as you remain a friend or follower of ours on the relevant platform.
What is the legal basis for processing your data?
Data for sending electronic commercial communications about our products or services are processed on the legal basis of the data subject’s consent. You may withdraw this consent at any time without affecting the lawfulness of the processing previously carried out.
The processing of personal data for the purpose of responding to your requests for information, requests, enquiries and complaints is based on the consent of the data subject. You may withdraw this consent at any time without affecting the lawfulness of the processing previously carried out.
The data provided via social media is processed on the legal basis of your consent, which you can withdraw at any time, but this does not affect the lawfulness of the processing previously carried out.
The categories of data processed are those requested in each case on the form with which you provide us with your data.
Who will your data be passed on to?
The data will not be disclosed to other parties, with the exception of transfers that are required by law.
Although there is no data transfer, third-party companies acting as our suppliers may have access to your data in order to provide the service. These data processors access your data in accordance with our instructions and must not use it for any other purpose. They do so in strict confidence and on the basis of a contract in which they undertake to comply with the requirements of the applicable data protection regulations.
What are your rights when you provide us with your data?
Anyone has the right to receive confirmation as to whether we are or are not processing personal data of interest to them. Data subjects have the right of access to their personal data as well as the right to request the rectification of inaccurate data or, where appropriate, the erasure of such data in certain situations, e.g. when the data is no longer necessary for the purposes for which it was collected.
Under the conditions provided for in the General Data Protection Regulation, data subjects may request the restriction of the processing of their data or its portability. In this case, we will only retain the data for the purpose of asserting or defending claims.
In certain circumstances and for reasons relating to the particular situation, data subjects may object to the processing of their data. If you have given your consent for a specific purpose, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent prior to its withdrawal. In such cases, we will stop processing the data or, where applicable, we will stop processing the data for that specific purpose, unless there are compelling legitimate grounds or for the purpose of asserting or defending possible claims.
In addition, in accordance with the data protection laws, you may, where appropriate, object to decisions based solely on automated processing of your data.
Regarding such rights:
- Except in the case of demonstrably unfounded or unreasonable claims (e.g. of a recurring nature), where a fee equal to the administrative costs incurred may be charged or an action refused, there is no charge for exercising these rights.
- Your rights can be exercised directly or through a legal representative or a volunteer.
- Your request must be answered within one month. However, given the complexity and number of requests, the deadline may be extended by a further two months.
- We have a duty to inform you of the means of exercising these rights, which must be accessible, and we must not deny you the right to exercise it simply because you have chosen another means. Unless you indicate otherwise, if the application is submitted electronically, the information will be submitted electronically as far as possible.
- If, for whatever reason, your request is not acted upon, we will inform you within one month of the reasons for this and of the possibility of lodging a complaint with a supervisory authority.
To help you exercise the above rights, below are links to the application form for each of these rights:
- Form for exercising the right of access
- Form for exercising the right of rectification
- Form for exercising the right of objection
- Form for exercising the right to erasure (“right to be forgotten”)
- Form for exercising the right to restriction of processing
- Form for exercising the right of portability
- Form for exercising the right not to be subject to automated individual decisions
All of the foregoing rights may be exercised through the contact methods set out at the beginning of this clause.
In any case, you must prove your identity by attaching a photocopy or a scanned copy of your identity card ID or an equivalent document, or a document certifying a representation if the right is exercised by a representative.
In the event of a violation of your rights, in particular if you have not obtained satisfaction in the exercise of your rights, you may lodge a complaint with the Spanish Data Protection Authority (contact details at www.aepd.es) or any other competent supervisory authority. You can also contact these agencies to learn more about your rights.
How do we protect your personal data?
We are committed to protecting the personal data we process. We use reasonably reliable and effective physical, organisational and technical measures, controls and procedures to maintain the integrity and security of your data and to protect your privacy.
Furthermore, all employees with access to personal data have received training and are aware of their responsibilities in connection to the processing of your data.
In the contracts we conclude with our suppliers, we include clauses obliging them to maintain the confidentiality of the personal data to which they have access in the context of the contract and to implement the necessary technical and organisational security measures to ensure the confidentiality, integrity, availability and long-term resilience of the systems and services for processing personal data.
All of these security measures are examined on a regular basis to verify that they are adequate and effective.
Absolute security cannot be guaranteed, however, and no security system is impenetrable. Therefore, if information in our possession and control is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the supervisory authority and, if necessary, inform users who may have been affected so that they can take appropriate action.
What is your responsibility as the data subject?
By providing us with personal information, the person doing so warrants that they are over 14 years of age and that the information provided is true, accurate, complete and current.
For these purposes, the data subject is responsible for the accuracy of the data and must keep it appropriately up to date so that it corresponds to his or her actual situation. He/she shall be liable for any incorrect or inaccurate data he/she provides and for any damage that may arise directly or indirectly as a result.
If you provide third party data, you assume responsibility for informing them in advance of all the provisions of Article 14 of the General Data Protection Regulation under the conditions laid down in that provision.