WE ALSO RECOMMEND THAT YOU CLOSELY READ OUR COOKIES POLICY AND OUR DISCLAIMER.
1. AT WHOM IS THIS POLICY TARGETED?
This policy applies to all natural person users of the platform, regardless of whether or not they have a legal relationship with Fundación ONCE (hereinafter, indistinctly, the “user” or “users”). Personal data means all information concerning an identified or identifiable individual.
If you are already a client or worker or otherwise have a legal relationship with Fundación ONCE, please also refer to the information set out in this policy concerning the specific terms and conditions of privacy.
The user acknowledges, at his/her own responsibility, that it has sufficient legal capacity to enter into a legal relationship with Fundación ONCE.
2. WHEN BROWSING OR USING OUR PLATFORM, WHO CONTROLS YOUR PERSONAL DATA?
We are the controller of your personal data:
- Complete name of the entity: Fundación ONCE para la Cooperación e Inclusión Social de Personas con Discapacidad
- Registered office: Calle Sebastián Herrera 15, Madrid
3. WHO IS THE DATA PROTECTION OFFICER (DPO) AT Fundación ONCE?
Fundación ONCE has set in place a DELEGATED DATA PROTECTION COMMITTEE (DPO), which users may contact, should they so wish, with respect to any issues regarding the processing of their data, as well as any issues as may arise in this connection, in line with the provisions of the GDPR. You may contact our DPO at the following address:
Contact e-mail: email@example.com
4. WHAT TYPES OF DATA DO WE PROCESS?
Your data must be processed in order to grant you access to the content and/or functionalities of the platform or, should you so wish, to send you information or provide the services available on the platform. In this regard, we have undertaken a firm commitment to processing your personal data lawfully and in line with the principles and statutory obligations envisaged in the prevailing personal data protection legislation.
Whenever you search our platform or, in particular, when you interact or register with us, you are directly providing us with data, e.g., when you fill in any forms or applications available online in line with the processing purposes indicated in each case (e.g., the contact form).
The data you provide are related to such forms or applications available on the platform, and, moreover, may vary depending on the type of form or application in question. The above notwithstanding, various categories of personal data may be gathered via the platform and the different forms/applications. Nonetheless, we will always request the appropriate, pertinent data, limited to the extent required for the above processing purposes (the principle of data minimisation):
- Personal identification data (e.g., your name and surnames).
- Personal contact data (e.g., e-mail).
Similarly, when browsing our platform, be aware of any cookies installed on your terminal or device, as this will entail the processing of your personal data depending on the type of cookies notified and the specific purposes of such cookies (see the cookies policy).
5. HOW DO WE USE YOUR DATA?
- To enable you to browse our platform, granting you access to the available information and content.
- To process your requests or applications in line with the contact forms you send us and, in particular, those that serve to prepare or arrange a legal relationship between the parties (e.g., employment contracts, contracts for services, etc.).
- To enable the uses associated with the Platform cookies as described in our cookies policy.
- Where you have accepted the cookies policy, in order to fulfil the purposes associated with the different types of cookies notified in the policy, above all those of an analytical nature (browsing/user profile), to conduct such analyses and prepare the statistics associated with the web browsing with a view to enhancing our services and improving the quality of our service provision. At any time, should you so wish, you may configure the use of the analytical cookies, with the right to revoke your consent with respect to the purposes associated with such cookies. Please note that the revocation of your consent to the processing of your data with respect to certain types of cookies, such as session or technical cookies, may prevent you from browsing our platform (see the cookies policy ).
- To adopt the applicable protection measures in line with the legislation in force, including the potential anonymisation of your personal data, to which end the appropriate available techniques will be applied. With this in mind, anonymisation and pseudonymisation procedures may also be carried out in order to better safeguard your personal data.
- To apply the relevant security, technical and/or organisational measures to your personal data, with an emphasis on the existing risks in place, including the pseudonymisation or encryption of personal data via our platform.
6. ON WHAT BASIS ARE YOUR DATA LAWFULLY PROCESSED?
|Purposes of the processing||Lawful basis of the processing|
|To enable you to browse our platform, granting you access to the available information and content.||Your consent and, where applicable, fulfilment of the legitimate interests (whether our own or that of third parties) associated with the proper management, maintenance, development and evolution of the platform, tools, network and associated IT systems, enabling it to be properly managed, the relevant functionalities, access to content and services and the overall security of all of the above aspects.|
|To process your requests or applications in line with the forms or applications you send us.||Your consent|
|Where you have accepted the cookies policy set in place for such purpose, enabling the purposes of the processing associated with such cookies to be met and, in particular, to conduct the relevant analysis deriving from your web search for analytical and/or statistical purposes.||Your consent|
|To adopt the applicable protection measures in line with the legislation in force, including the potential pseudonymisation and anonymisation of your personal data, to which end the appropriate available techniques will be applied.||Compliance with a statutory obligation (REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the "General Data Protection Regulation" or the “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. In the case of processing aimed at ensuring the security of the platform, the network and the associated IT system, fulfilment of the legitimate interests of Fundación ONCE or, as the case may be, a third party (Whereas 49 of the GDPR).|
|To apply the relevant security, technical and/or organisational measures to your personal data, with an emphasis on the existing risks in place.||Compliance with a statutory obligation (REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the "General Data Protection Regulation" or the “GDPR”) https://www.boe.es/doue/2016/119/L00001-00088.pdf. In the case of processing aimed at ensuring the security of the platform, the network and the associated IT system, fulfilment of the legitimate interests of Fundación ONCE or, as the case may be, a third party (Whereas 49 of the GDPR).|
7. FOR HOW LONG WILL YOUR DATA BE KEPT?
|Personal data associated with the purposes of processing notified||Deadlines or criteria regarding the storage of your personal data|
|Data associated with the user’s browsing on our platform||
|To process your requests or applications in line with the forms or applications you send us.||
|To adopt the applicable protection measures in line with the legislation in force.||During such time as the user’s personal data are processed, including the storage of such data during the statutory periods envisaged, and regardless of the legitimate basis for the processing cited by Fundación ONCE.|
|To apply the relevant security, technical and/or organisational measures to your personal data, with an emphasis on the existing risks in place.||During such time as the user’s personal data are processed, including the storage of such data during the statutory periods envisaged, and regardless of the legitimate basis for the processing cited by Fundación ONCE.|
In any event, the foregoing notwithstanding, the user is also informed of the following:
- In line with the legislation in force, as far as the proper processing of personal information on the part of Fundación ONCE is concerned, the entity may also securely store such information for four years as from the date of collection/capture (statute of limitations on infringements in this area).
- With respect to the time during which cookies are stored, users are advised to refer to our cookies policy (section on time limits).
- In general terms, where personal data are no longer required for the purposes for which they were collected, such data will be blocked, whereupon they will only be available to the competent authorities in order to attribute any potential legal liability arising during the processing thereof, at all times in line with the applicable legislation, and such data may not be used for any other purpose. Once the relevant statutory deadlines as regards blocked data have elapsed, such personal data will be deleted in line with the provisions of the applicable legislation, or, where applicable, securely anonymised by Fundación ONCE (anonymised/non-personal data).
8. WHAT HAPPENS IF YOU DON’T PROVIDE US WITH YOUR DATA?
We aim to request and use the minimum data required for the personal data processing we carry out in the full performance of our corporate activities and purposes. All of this in line with the principles set out in the applicable legislation.
Nonetheless, the failure to provide your personal data may make it impossible: 1) to properly browse our website (failure to accept technical or session cookies) and 2) to process your specific request or petition, thereby rendering it impossible to formalise the legal relationship requested or in preparation (e.g., failure to complete or insufficient completion of the relevant form or application).
In any event, the personal data and information you provide, in each particular case, must at all times be:
- Sufficient, albeit adjusted, limited and proportionate in line with the legitimate purposes of the processing notified in each case, with the utmost respect for the principles of purpose limitation and data minimisation.
- Accurate, up-to-date and truthful, with a view to being able to duly confirm the relevant identity, capacity and, where applicable, representative authority, as well as to bring any data processing carried out into line with the your specific needs and actual circumstances in each case. All of the above in line with the principle of data accuracy.
Users will be fully responsible for any personal data and information they provide to Fundación ONCE within the context of the platform and, where applicable, any services they may request or engage.
9. DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES?
In general terms, we do not share your data with third parties, nor do we sell or offer such data to them. Nonetheless, as a client of Fundación ONCE, your personal data may be shared with other entities and companies of the Group to which Fundación ONCE belongs, merely for internal, administrative purposes and in line with the provisions of Whereas 48 of the GDPR.
Similarly, where you have previously accepted the disclosure of your personal data to other entities of GRUPO SOCIAL ONCE (comprising the entities that may be consulted at www.ilunion.com; www.fundaciononce.es or www.once.es), in order to receive information concerning activities, events, benefits, promotions or any other information that may be of interest to you, including advertising or promotional information, concerning the activities pursued by such entities, your personal data will be disclosed to the above entities. You may at any time revoke your consent for such purpose, although such circumstance shall not affect the legitimacy of any processing carried out prior to such revocation in line with the GDPR.
Moreover, certain third parties may access your personal information in the course of the services they provide to Fundación ONCE. For example, in the case of the third party cookies applied on the platform (see the cookies policy).
Fundación ONCE has various processors for the personal data it controls, granting such processors access as trusted providers and to the extent strictly necessary for the provision of the services contracted from such providers. Such data processors operate under a contract for services on the terms and per the conditions and guarantees envisaged in article 28 of the GDPR, and Fundación ONCE carries out the relevant controls, inspections and audits in such connection in order to check that such processors strictly comply with the contracts executed for such purpose and the applicable legislation.
10. ARE THERE INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA?
We inform you that, in general terms, no international transfers of your personal data are envisaged, and the necessary measures and guarantees in such connection have been set in place by Fundación ONCE in line with the prevailing data protection legislation.
The above notwithstanding, our cookies policy notes the existence of potential international personal data transfers, with reference to the services provided to us by third parties (third-party cookies). All such international transfers are fully guaranteed in line with the applicable legislation, and the entities in question are included in the list of certified entities within the framework of Privacy Shield (see the cookies policy).
11. WHAT ARE YOUR RIGHTS, WHAT DO THEY MEAN AND HOW DO YOU EXERCISE THEM?
|Your rights||What are they?||How can you exercise them?|
|Right to information Articles 12 to 14 of the GDPR.||The right to be provided by Fundación ONCE with appropriate information, both at the moment in which your personal data are collected (whether obtained from you or via a third party) and at any moment thereafter with respect to the processing of your personal data.||Fundación ONCE seeks to offer you all of the necessary personal data processing-related information in application of articles 12 to 14 of the GDPR. Nonetheless, should you have any queries or doubts concerning our privacy and cookies policies, please do not hesitate to contact us at: firstname.lastname@example.org and we will process your request for additional information.|
Right of access
Article 15 GDPR.
|The right to obtain from Fundación ONCE confirmation as to whether or not your personal data are being processed and to basic information regarding such processing, as well as a copy of the personal data processed.||By writing to: email@example.com with the ref. “Exercise of Rights”, attaching a copy of your national ID or like document (passport, N.I.E., etc.), where your identity must be evidenced.|
Right to rectification
Articles 16 and 19 GDPR.
|The right to obtain the rectification of your personal data from Fundación ONCE without undue delay.||By writing to: firstname.lastname@example.org with the ref. “Exercise of Rights”, attaching a copy of your national ID or like document (passport, N.I.E., etc.), where your identity must be evidenced.|
Right to erasure (‘right to be forgotten’)
Articles 17 and 19 GDPR.
|The right to obtain the erasure of your personal data from Fundación ONCE without undue delay.||By writing to: email@example.com with the ref. “Exercise of Rights”, attaching a copy of your national ID or like document (passport, N.I.E., etc.), where your identity must be evidenced.|
Right to restriction of processing
Articles 18 and 19 GDPR.
The right to obtain restricted processing of your personal data from Fundación ONCE where:
Right to data portability
Article 20 GDPR.
|The right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and to transmit such data to another controller where technically possible.
|By writing to: firstname.lastname@example.org with the ref. “Exercise of Rights”, attaching a copy of your national ID or like document (passport, N.I.E., etc.), where your identity must be evidenced.
Right to object
Article 21 GDPR.
|The right to object at any time to the processing of your personal data, including profiling where such circumstance is based on the legitimate interests pursued by Fundación ONCE or a third party.|
Right not to be subject to automated individual decision-making (including profiling)
Article 22 GDPR.
|Right not to be subject to automated individual decision-making, including profiling, which produces legal effects concerning you or similarly significantly affects you.|
Right to revoke any consent granted
You will be entitled to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing carried out by Fundación ONCE based on consent before its withdrawal.
Such revocation may be formalised via the forms, contents and privacy configuration sections made available by Fundación ONCE (e.g., requesting cancelation of the newsletter service via the link established for such purpose. Nonetheless, you may also write an e-mail for such purpose to: email@example.com so that your right may be duly observed per the provisions of the applicable legislation.
Right to lodge a complaint with the competent supervisory authority (AEPD)
Articles 13 and 14 GDPR.
|The right to seek redress from the supervisory authority where you consider your right to personal data protection to have been infringed.||Before filing any complaint or claim with the Spanish Data Protection Agency (AEPD), we recommend that you contact us with a view to assessing the specific situation in question and attempting, where applicable, to seek an effective, amicable solution. Nonetheless, should you so wish, you may also find information on how to lodge a complaint on the AEPD website www.aepd.es|
12. ARE THERE ANY MEASURES IN PLACE TO ENSURE THE SECURITY AND PROTECTION OF YOUR PERSONAL DATA?
Given the nature, scope, context and purposes of the processing, as well as the risks of varying degrees of probability and seriousness for your rights and freedoms, Fundación ONCE applies (and will apply) the appropriate technical and organisational measures in order to duly guarantee the security and protection of your personal data, having regard to privacy-related criteria from the design stage and by default, while also applying a risk-oriented approach, to be reviewed and updated by Fundación ONCE as and when required.
This policy has been in force since 01/06/2018.
Fundación ONCE reserves the right to modify this policy in order to bring it into line with any applicable future legislative developments, case law precedents or rulings, or for technical, operational, commercial, corporate or business reasons, serving reasonable prior notice of any changes, where possible. In any event, you are advised to read this policy in detail every time you access this platform, as any such modifications will be announced.
Moreover, Fundación ONCE may personally inform you beforehand of any planned changes to this policy, prior to their entry into force, provided such notification is technically and reasonably possible, particularly where you are a registered user or have entered into a legal relationship with Fundación ONCE.