PRIVACY AND DATA PROTECTION POLICY
Responsible for the processing of personal data
Fundació Enric Miralles (hereinafter the FOUNDATION), owner of the website “wwwfundacioenricmiralles.com” (hereinafter the Website) is responsible for the personal data provided through the Website, those obtained as a consequence of the relationship that you (hereinafter “the Client/User”) maintain with the FOUNDATION and those derived from the Client’s browsing and consumption habits.
The FOUNDATION, with CIF: G65541229, is located at Passatge de la Pau, 10bis – 08002 Barcelona, and can be contacted by Email: info@fundacioenricmiralles.com, or by telephone: 936 241 702.
The FOUNDATION will respect the provisions of current legislation concerning privacy policy; specifically, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (RGPD), Organic Law 15/1999, of 13 December, on the protection of personal data (LOPD), Royal Decree 1720/2007, of December 21, 2007, approving the Regulations for the development of Organic Law 15/1999, of December 13, 1999, on the protection of personal data (RDLOPD), Law 34/2002, of July 11, 2002, on Information Society Services and Electronic Commerce (LSSI-CE).
Purpose of personal data processing
The FOUNDATION will process the Client’s/User’s personal data in order to manage the relationship with the FOUNDATION, including the purchase of products on the Website, as well as to send him/her communications of an informative nature, even after the relationship with the Client/User has ended, in order to keep him/her informed of our products and services similar to those previously requested by the Client.
The personal data collected by the FOUNDATION will be entered into an automated file under the responsibility of the Data Controller, and duly declared and registered in the General Register of the Data Protection Agency, which can be consulted on the website of the Spanish Data Protection Agency (https://www.agpd.es), in order to facilitate, expedite and fulfill the commitments established between the FOUNDATION and the Client/User, the maintenance of the relationship established in the forms filled out by the latter, or to meet a request or query from the latter.
Principles applicable to the processing of personal data
The processing of the Customer’s/User’s personal data shall be subject to the following principles set out in Article 5 of the GDPR, such as the Principle of lawfulness, fairness and transparency, Principle of purpose limitation, Principle of data minimization, Principle of accuracy, Principle of limitation of storage period, Principle of integrity and confidentiality and the Principle of proactive accountability.
Categories of personal data
The categories of data processed by the FOUNDATION are only identification data. In no case are special categories of personal data processed within the meaning of Article 9 of the GDPR.
The FOUNDATION undertakes to request the express and verifiable consent of the Customer/User for the processing of his/her personal data for one or more specific purposes.
Personal Data Retention Periods and Recipients
Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: 5 years or until the Customer/User requests its deletion.
The User’s personal data will not be shared with third parties.
Respecting the provisions of Articles 8 of the RGPD and 13 of the RDLOPD, only those over 14 years of age may give their consent to the processing of their personal data in a lawful manner for the FOUNDATION. In the case of a minor under 14 years of age, the consent of the parents or guardians will be required for the processing, and the processing will only be considered lawful to the extent that the parents or guardians authorize it.
Secrecy and security of personal data
The FOUNDATION undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, so as to ensure the security of personal data and prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data.
Rights deriving from the processing of personal data
The Client/User may exercise before the FOUNDATION’s Data Controller the Rights recognized in the RGPD, among them:
- Right of access: This is the right of the Client/User to obtain confirmation as to whether or not the FOUNDATION is processing his/her personal data and, if so, to obtain information on his/her specific personal data and on the processing that the FOUNDATION has carried out or is carrying out, as well as, among others, the information available on the origin of this data and on the recipients of the communications made or planned for the same.
- Right of rectification: This is the Client’s/User’s right to have personal data that is inaccurate or, taking into account the purposes of the Processing, incomplete, modified.
- Right of suppression: This is the Client’s/User’s right, unless otherwise provided by law, to obtain the deletion of his/her personal data when they are no longer necessary for the purposes for which they were collected or processed; or the User has withdrawn his/her consent to the processing and there is no other legal basis for the processing; or the User objects to the processing and there is no other legitimate reason to continue with the processing; or the personal data have been processed unlawfully; or the personal data must be deleted in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a minor under 14 years of age.
When the interested party considers it appropriate, he/she may file a complaint with the Spanish Data Protection Agency, especially when he/she considers that we have not duly satisfied the exercise of his/her rights. Such claim may be submitted to the aforementioned authority through the different options offered by the electronic headquarters of the Spanish Data Protection Agency.