1. Data Controller

In accordance with the provisions of the General Data Protection Regulation (hereinafter GDPR), we inform you that personal data will be processed by:



All of the entities and bodies mentioned constitute the SEATRACES CONSORTIUM AND jointly process personal data as Joint Controllers (hereinafter, “Data Controller”).

Data for the exercise of data protection rights: _________________@_______

2. General privacy principles

When we collect and process your personal information, we abide by the following practical principles.

All personal data:

  • Are processed fairly, lawfully and transparently.
  • Are collected for specified, explicit and legitimate purposes, and are not processed in a way that is incompatible with such purposes.
  • Are adequate, relevant and limited to what is necessary with regard to the purposes for which the processing is carried out.
  • Must be accurate and up-to-date. Inaccurate data will be updated or deleted.
  • Must be kept in an identifiable format and only for strictly necessary purposes.
  • Are kept secure through adequate and effective technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage (“integrity and confidentiality”).
  • Are processed according to the principles of data protection by design and data protection by default.

3. Purposes of Processing of personal data

  • Experts: registration and management of the database of experts, publication of their profile and contact details on the website for promotion and to promote synergies. Addition of your email address to a mailing list to receive information.
  • Contact, either by telephone or email: dealing with your requests, suggestions and complaints.
  • Sending information, including by electronic means: manage the sending of information about the area of interest of the members, grants, training, among others.

4. Lawfulness of processing

Lawfulness of processing to use your data is the consent and the performance of a task carried out in the public interest. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

5. Data access by third parties and international data transfers

Profiles and contact details of registered experts will be published on the website. Otherwise, third parties will not be allowed access to personal data, except if required by law. There will be no international transfers of personal data to third countries or organisations, since all data will be processed within the European Economic Area.

6. Profiling and automated decision-making

No profiling or automated decision-making will be carried out.

7. Storage periods

  • Experts: the data will be stored for as long as the data subject remains included in the register of experts. Remember that you may revoke your consent at any time.
  • Users who have used a contact method: as long as the data are necessary to process their request.
  • Sending information, including by electronic means: the data will be stored as long as the data subject does not unsubscribe. Users are reminded that they can stop receiving information at any time.

8. Rights

You may address your communications and exercise your rights by following the procedures laid down by the GDPR. In all our operations related to your privacy, we strive to comply with the current regulation, which contains a number of rights.

In order to exercise your rights, you may contact ——-@——— under the subject “Data Protection”, indicating the right you wish to exercise. You may use an official template: https://www.aepd.es/reglamento/derechos/index.html

You may address the data protection supervisory authority. In Spain: Agencia Española de Protección de Datos (AEPD) C/ Jorge Juan, 6. 28001 – Madrid Tel. 901100099 – 912 663 517 >www.aepd.es

Data subjects have the following rights:

9. Security

The data controller has established the appropriate technical and organisational measures to guarantee the level of security required for the existing risk. In this way, sufficient mechanisms are in place to:

  • Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to guarantee the security of the processing.
  • Pseudonymise and encrypt personal data, where appropriate.

The security measures laid down in the National Security Scheme are applicable.

10. Social networks

Fans or followers on the different social networks and in the context of this processing should consider that the data controller may consult or delete their data in a restricted manner due to the fact that they have a specific profile. Any rectification of their data or restriction of information or publications must be made through the configuration of their profile or user on the social network.

Therefore, fans/followers consent:

  • To the processing of their personal data in the context of said social network and in accordance with its own privacy policies.
  • Access by the data controller to the data contained in their profile or biography, depending on their privacy configuration on each network.
  • That the news published about our events or our comments may appear on their wall or biography.

If you want to stop following us, just click on the option “Stop being a fan” or “Unfollow” or similar.