1. Data Controller
In accordance with the provisions of the General Data Protection Regulation (hereinafter GDPR), we inform you that personal data will be processed by:
__________________
__________________
All of the entities and bodies mentioned constitute the SEATRACES CONSORTIUM AND jointly process personal data as Joint Controllers (hereinafter, “Data Controller”).
Data for the exercise of data protection rights: _________________@_______
2. General privacy principles
When we collect and process your personal information, we abide by the following practical principles.
All personal data:
- Are processed fairly, lawfully and transparently.
- Are collected for specified, explicit and legitimate purposes, and are not processed in a way that is incompatible with such purposes.
- Are adequate, relevant and limited to what is necessary with regard to the purposes for which the processing is carried out.
- Must be accurate and up-to-date. Inaccurate data will be updated or deleted.
- Must be kept in an identifiable format and only for strictly necessary purposes.
- Are kept secure through adequate and effective technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage (“integrity and confidentiality”).
- Are processed according to the principles of data protection by design and data protection by default.
3. Purposes of Processing of personal data
- Experts: registration and management of the database of experts, publication of their profile and contact details on the website for promotion and to promote synergies. Addition of your email address to a mailing list to receive information.
- Contact, either by telephone or email: dealing with your requests, suggestions and complaints.
- Sending information, including by electronic means: manage the sending of information about the area of interest of the members, grants, training, among others.
4. Lawfulness of processing
Lawfulness of processing to use your data is the consent and the performance of a task carried out in the public interest. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
5. Data access by third parties and international data transfers
Profiles and contact details of registered experts will be published on the website. Otherwise, third parties will not be allowed access to personal data, except if required by law. There will be no international transfers of personal data to third countries or organisations, since all data will be processed within the European Economic Area.
6. Profiling and automated decision-making
No profiling or automated decision-making will be carried out.
7. Storage periods
- Experts: the data will be stored for as long as the data subject remains included in the register of experts. Remember that you may revoke your consent at any time.
- Users who have used a contact method: as long as the data are necessary to process their request.
- Sending information, including by electronic means: the data will be stored as long as the data subject does not unsubscribe. Users are reminded that they can stop receiving information at any time.
8. Rights
You may address your communications and exercise your rights by following the procedures laid down by the GDPR. In all our operations related to your privacy, we strive to comply with the current regulation, which contains a number of rights.
In order to exercise your rights, you may contact ——-@——— under the subject “Data Protection”, indicating the right you wish to exercise. You may use an official template: https://www.aepd.es/reglamento/derechos/index.html
You may address the data protection supervisory authority. In Spain: Agencia Española de Protección de Datos (AEPD) C/ Jorge Juan, 6. 28001 – Madrid Tel. 901100099 – 912 663 517 >www.aepd.es
Data subjects have the following rights:
| Your rights | What does it mean? |
| Right to information | You have the right to be provided with clear, concise, transparent and easy to understand information about how we use your personal data and about your rights. |
| Right of access | You have the right to access the personal data we store about you (subject to certain limits).
Manifestly unfounded, excessive or repetitive requests may not be granted. |
| Right to rectification | You have the right to rectify your data where they are inaccurate or no longer valid, or to request that they be supplemented where they are incomplete. |
| Right to erasure / to be forgotten | In certain cases, you have the right to request that your personal data be erased or deleted. It should be noted that this is not an absolute right, as we may have legal or legitimate grounds for keeping them. |
| Right to object to receiving communications from us | You may opt-out of receiving communications from us at any time.
The easiest way to opt-out is to click on the “unsubscribe” link in any email or communication we send you. You may also email us at —–. |
| Right to withdraw consent at any time | In the event that consent has been granted for any of the purposes communicated and determined in the processing operations referred to, we inform you that you have the right to withdraw your consent at any time, without this affecting the lawfulness of the processing based on your consent prior to such withdrawal. |
| Right to data portability | You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable form, so that they may be transferred to another data controller, where the processing is based on the execution of a contract or on your consent and is carried out by automated means. |
| Right to restriction of processing | You have the right to request the restriction of the processing of your data. If you exercise this right, the processing of your data will be subject to restrictions, so that we may store them, but we may no longer use or process them.
This right may only be exercised in certain circumstances:
|
9. Security
The data controller has established the appropriate technical and organisational measures to guarantee the level of security required for the existing risk. In this way, sufficient mechanisms are in place to:
- Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
- Restore availability and access to personal data quickly in the event of a physical or technical incident.
- Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to guarantee the security of the processing.
- Pseudonymise and encrypt personal data, where appropriate.
The security measures laid down in the National Security Scheme are applicable.
10. Social networks
Fans or followers on the different social networks and in the context of this processing should consider that the data controller may consult or delete their data in a restricted manner due to the fact that they have a specific profile. Any rectification of their data or restriction of information or publications must be made through the configuration of their profile or user on the social network.
Therefore, fans/followers consent:
- To the processing of their personal data in the context of said social network and in accordance with its own privacy policies.
- Access by the data controller to the data contained in their profile or biography, depending on their privacy configuration on each network.
- That the news published about our events or our comments may appear on their wall or biography.
If you want to stop following us, just click on the option “Stop being a fan” or “Unfollow” or similar.