Who is the Data Controller of your personal data?
Data Controller: FUNDACIÓ EURECAT (“Eurecat” or “Data Controller”)
Tax Identification Code: G-66210345
Address: Avda. Universitat Autònoma 23, 08290 Cerdanyola del Vallès, Barcelona (Spain)
Email address: firstname.lastname@example.org
Telephone: +34 93 238 14 00
Data Protections Officer’s email address: email@example.com
What are the purposes and the legal basis for the processing of your personal data?
The Data Controller shall process your identifying and contact data (name, surname, email address…) as the data included at your query, given through the contact form, for the purpose to manage and answer the user contact. The legal basis for its data processing is to develop the proper actions to answer the user’s contact (art 6.1 b) GDPR).
The Data Controller shall process your identifying and contact data (name, surname, email address…), for the purpose of managing the subscription and mailing of (information related the SELFY project, Eurecat’s general information, both newsletter or solely the selected by the user. The legal basis for its data processing is the consent granted by the user (art 6.1 a) GDPR).
The Data Controller shall process identifying data and data related your preferences (postal code, interests, preferences, professional information) given though the web forms, for the purpose of profiling you to sending the Newsletter segmented with contents that are aligned with the user interests. The legal basis for its data processing is the consent granted by the user (art 6.1 a) GDPR).
The Data Controller shall process and have access to user’s navigation data (IP, location, browser…) because of the cookies installed. The mandatory cookies are for to provide the proper web services, and the accessory cookies are to improve the web services, further information regarding cookies data processing’s, consulting the Cookies Policy. The legal basis for data processing related to the mandatory cookies is the legitimate interest (art 6.1 f) GDPR) and the legal basis for the data processing related to accessory cookies is the consent granted by the user (art 6.1 a) GDPR).
Who are the recipients of your data?
Eurecat is the main recipient of user data, however, it may be accessible to third parties that develop services to the Data Controller. Those scenarios that required Eurecat service suppliers’ access to the user’s data, because of the services arranged, shall be submitted to the legal obligations, which are those of article 28 GDPR’S. In any event, Eurecat service suppliers shall not process the user’s data for their own or different purposes and shall not overreach from the services purposes, and, in any case, shall not rent, sold, or make it available to third parties.
The Data Controller shall not transfer your data to third parties without your prior consent, which should fulfill the legal requirements.
The Data Controller in case of legal obligations may transfer your data to third parties, without the user prior consent.
The personal data obtained by the web forms may be transferred to certain consortium partners with whom Eurecat cooperate, for the purpose to manage and answer the user contact as well as to execute the proper actions to carry out the web form purposes for which the data was given This data access by the consortium partners, does not entail a data assignment for its own purposes. You may consult the detailed list of the project consortium partner here
How long your data shall be kept?
Eurecat shall process your data as long as it is necessary for the purposes of the processing for which the data were given, for fulfill with legal obligations and, in any case, until you ask its deletion.
Even if the User asks the erasure of its data, the Data Controller shall keep them blocked for the term required to afford legal obligations or make them available to third parties who get the proper capacities to assume the certain legal obligations.
Is your data subject to international data transfers?
Your data shall not be subjected to international data transfer, it means outside the European Economic Area (“EEA”). However, Eurecat may have services suppliers located or whom develop its services out of the EEA, in this sense, the Data Controller shall ensure to the User that their data object to international transfers shall be protected with the legal measures, that may consist of standard contractual clauses or privacy certifications, bot legal measures approved by the European Union.
Is your data subjected to profiling or automated decisions?
Your data shall not be subjected to automated decisions because of Eurecat’s data processing’s.
The Data Controller shall process your data for profiling purposes in case that you have consent the newsletter subscription where you may have completed the optional web form parts related to your interests, professional data and other related information. The main Eurecat aim about the profiling actions is to take care of user from communications activity, for that reason its profiling shall be done with the solely purpose of segment each newsletter to those subject matters that according to your profile may interest you as well to avoid you the reception of every newsletter activity. The profiling actions solely shall be done in case of you have given your consent to the Newsletter subscription, and the users profiling do not be used in other different ways or purposes.
Eurecat through the accessory cookies installed and agreed by the user, may process user’s navigation data to profiling for the purposes of improve the Web services and contents, to obtain navigation and Web statistics, to develop and implement Web improvements. The cookies profiling is subjected to the cookies installed which are strictly linked to the user consent. You may consult further cookies information consulting the Cookies Policy.
What are your personal data rights?
Current privacy laws granted several rights to the users regarding the processing of their data, main information about them is detailed herein:
- Right of access: users are entitled to find out which of your personal data are processed and the processing purposes
- Right of rectification: users are entitled to request the rectifications regarding their data at any time
- Right of erasure: users are entitled to request, at any time, that their data shall be erased from the data controller storage. However, as set out in the above section related on data storage, in certain circumstances to compliance with the laws in force may prevent this right from being exercised
- Right to object: users are entitled to object to their personal data from being processed in relation to any of each purposes processing’s, pursuant to the privacy policies that may apply in each case.
- Right to restriction of processing: users are entitled to request the restriction of purposes processing’s in the following cases:
- If considers that their data are incorrect or inexact;
- If considers that their data has been processing with not the proper legal basis and considered to restrict the processing’s instead of requests its erasures.
- If the data recorded are no longer required for the processing purposes which were collected for but need its storage to file a lawful claim
- If the user having exercised its right to object for a specific purpose, is awaiting a reply from the data controller to this regard.
- Right to data portability: user is entitled to request that their personal data that were submitted to the data controller are being disclosed to another data controller, only in case that its request is technically possible and reasonable to do so.
How may you exercise your data rights?
Notwithstanding that your data has been collected within your consent or the proper legal basis, you may object to the data processing at any time whereby without consequences for you, however, depending on the right exercised certain services shall not be able to be rendered.
The users may exercise their rights according to the law terms and conditions by addressing to Eurecat through either of the following:
(i). by email address to firstname.lastname@example.org
(ii). by postal to Parc Tecnològic del Vallès. Avda. Universitat Autònoma 23, 08290 Cerdanyola del Vallès (BCN)
The user may have the right to contact to the Data Controller Data Protection Officer by email to email@example.com
The users if considers that their data shall not be processed with legal basis or its requests or rights shall not be attended properly by the Data Controller, are entitled to file a claim upon the Supervisory Authority competent on data protection matters, it is the Agencia Española de Protección de Datos (www.aepd.es ).