Everyone has the right to protect their personal data. We respect the right of users to be informed about the collection of their personal data and other operations related to said data. When using data that can directly or indirectly identify you, we will apply a principle of strict necessity. For this reason, we have designed the website in such a way that the use of your personal data will be kept to a minimum and will not exceed the purposes for which your personal data was collected or processed; we do not process your personal data when we can provide you services through the use of anonymous or traffic data (such as marketing research carried out to improve our services, browsing data processed to provide you with personalized content, offers adapted to your language preference, your location, etc.) or by other means that allow us to identify you, apart from when strictly necessary or upon request by the competent public authorities or the police (for example, in the case of traffic data or your IP address).
You must notify us of any changes to your personal data in order to ensure that the information in our files is, at all times, up-to-date and accurate. You are responsible, in all cases, for the accuracy of the personal data provided, and we reserve the right to suspend or interrupt the provision of the requested services in the event that you provide inaccurate personal data, without prejudice to any action permitted by the law.
WHO IS THE DATA CONTROLLER?
For the purposes of data protection legislation (as defined below), FUNDACIÓ PUIG (hereinafter, the “Foundation”), with registered office at Plaça Europa, 46-48 – 08902 Hospitalet de Llobregat (Barcelona), with corporate tax number G61057022 registered in the Mercantile Registry of Barcelona, in volume 1, sheet 1, page number 1, will be considered data controller. The Foundation undertakes to treat all information provided online by a user as strictly confidential.
WHAT PERSONAL DATA DO WE PROCESS?
Applicable legislation and lawfulness
All personal data sent to the Foundation through the website will be collected or processed by the Foundation in accordance with the applicable data protection legislation, including Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), without prejudice to the applicable mandatory local laws that protect users or any other applicable conflict-of-law rule (collectively, “data protection legislation”). The legal bases for the processing of your personal data are generally based on your express consent.
Who collects and processes your personal data, how and for what purpose?
The Foundation may collect and process your personal data for various purposes.
Provided we have requested and you have expressly granted us your consent, or when permitted by the applicable regulations, your personal data may be processed for marketing purposes, especially to send to users, also through newsletters, commercial communications, information and updates on events and similar initiatives organized by the Foundation or any collaborating company, including Puig companies, or to facilitate your browsing on the website (in this document, “marketing purposes”). The Foundation will be considered controller of the personal data collected and processed on the website for marketing purposes, since it decides the purposes and means of processing of the personal data for said marketing purposes.
The Foundation has designated certain entities that will also process the personal data of the users of the website (hereinafter, the “data processors”).
The aforementioned service providers and data processors have been chosen for their experience in the processing of personal data and provide sufficient guarantees in relation to compliance with the data protection legislation (including the technical security measures that govern the processing to be carried out). When processing personal data, the data processors will act exclusively under the instructions of the Foundation. We periodically check that our data processors comply with our instructions and that they continue to provide sufficient guarantees in relation to their exhaustive compliance with the data protection legislation on the processing of personal data.
The processors of your personal data provide us with the following services:
· IT services, for purposes related to hosting the Foundation’s servers;
· Marketing services, for analyzing the use of our website, sending communications, managing advertising content, etc.
Your personal data is processed primarily by electronic means and, in some circumstances, by paper-based means, such as when processing of your personal data is required to prevent fraud on the website. Your personal data will be stored in a way that allows us to identify you for the period necessary for the purposes for which it was collected and subsequently processed and, in any case, in accordance with the data protection legislation. Your personal data will not be disclosed to third parties for purposes that are not permitted by law or without your consent.
Apart from the processors designated to process personal data, your personal data will also be made available to third parties, autonomous data controllers, for purposes related to the provision of services requested by users (for example, sending communications related to the activity of the Foundation or collaborating companies) or for the purposes of third parties. For more information on the matter, see section 7 (To whom will your personal data be disclosed?).
For marketing purposes, we may process your personal data as well as browsing data (“traffic data”) resulting from the use of the website and our services by any user, in order to provide users with content and personalized offers in our services or to deliver any newsletter to which they subscribe, subject to their discretionary right to withdraw their subscription to said newsletter or to oppose or object to the receipt of any advertising or marketing content that we consider of interest to a specific user. For marketing purposes, personal data and traffic data are processed mainly by electronic means and will be kept for us in any case, in accordance with data protection legislation, and made available to our data processors.
In addition, your personal data may be disclosed to public authorities (e.g., the police or courts) in accordance with applicable laws and at the formal request of such entities, for example, in the event that we need to prevent fraud on the site (anti-fraud services).
The data processors will also have access to your personal data for the specific purposes established in this section. In all the above circumstances, your consent to the processing of data is not necessary since the processing of personal data would be necessary for the fulfillment of commercial or marketing/advertising purposes.
The reasons for collecting personal data will be expressly listed in the information in the privacy statement that we will present from time to time on the page that requests the user to provide their personal data, whether for commercial or marketing purposes. We may have access to the personal data of third parties that have been disclosed directly by users, for example, when a user wishes to recommend a service on the website to a friend.
What happens if you do not submit your personal data to us?
Providing us with your personal data (in particular your personal information, your email address and your telephone number) is necessary to supply other services provided on the website at your request, or when your personal data is needed to fulfill the obligations required by law or the regulations. Refusal to provide us with some of your personal data could prevent us from fulfilling the above purposes and/or providing you with any of our other services. Therefore, not submitting personal data may, in some cases, constitute a legitimate and justified reason for us not to provide you with the website services.
Providing us with additional personal data that is not required to comply with legal or contractual obligations and to properly examine our services with necessary traffic data is, on the other hand, optional and has no effect on the use of the website and of the services offered on the website. We will inform you in each case, whether the disclosure of your personal data is mandatory or optional, by marking the mandatory information or the necessary data with an appropriate symbol (*), where applicable.
To whom will your personal data be disclosed?
Personal data will be disclosed to external companies that provide, on behalf of the Foundation, specific services such as data processors or to other recipients of personal data collected by us who process your personal data for commercial and advertising (marketing) purposes and, in any case, in accordance with applicable laws and regulations.
Your personal data will also be used by companies belonging to PUIG, with registered offices in EU countries or countries outside the EU, for their own marketing purposes.
Notwithstanding the foregoing, the personal data will not be disclosed to any other third party, nor will it be disclosed or transferred without informing our users of said disclosure/dissemination/transfer and, in any case, in accordance with applicable laws.
Security measures and storage period
For the best possible protection of your personal data outside the limits of our control and management, we recommend that your computer contain software that protects the transmission/reception of network data (such as updated antivirus systems) and that your Internet service provider take appropriate measures for the security of network data transmission (such as firewalls and antispam filtering).
Transfer of your personal data to other countries
The personal data that we collect from you is currently within the European Union (“EU”). However, it is possible that, in the future, said personal data will be transferred, stored or processed outside the EU.
By submitting your personal data, you agree to this transfer, storage or processing. You should be aware that countries outside the EU may not offer the same level of data protection as the EU. However, we will take reasonable steps to ensure that your personal data is provided with equivalent protection in accordance with data protection legislation, in particular by implementing appropriate contractual conditions in our agreements with business partners dealing with the transfer of personal data to ensure that personal data is processed in accordance with our instructions and in a manner that maintains its integrity and security.
Your right in relation to your personal data
Below is a summary of the rights available in relation to your personal data.
For your convenience, and without prejudice to certain formal requirements established in the data protection legislation, you can exercise any of these rights by contacting firstname.lastname@example.org.
· Right to withdraw your consent:
At any time, you may withdraw the consent you have given to the Foundation to process your personal data. Please note, however, that should you withdraw your consent or otherwise object to our processing of your personal data, this may affect our ability to provide you with goods and services or affect the functionality of our website.
Furthermore, if at any time you wish to stop receiving marketing messages, communications and materials, you can do so by clicking on the “unsubscribe” link that is included in all of our email marketing messages.
· Right to access your personal data in our possession:
You have the right to obtain, at any time, confirmation of whether or not we are processing your personal data and, where appropriate, access to said personal data.
In addition, you have the right to receive information about the source of your personal data; about the purposes and method of processing of your personal data; the logic involved in any electronic data processing; the details of the data controller and data processors; the names of entities and categories of entities to which your personal data may be disclosed or who may access your personal data, for example as a data controller or a party so designated.
· Right to rectify inaccurate personal data:
You have the right to obtain from us without undue delay the rectification of inaccurate personal data in our possession that concerns you. This includes the right to request that incomplete personal data be completed.
· Right of erasure:
You have the right to obtain from us the erasure without undue delay of the personal data in our possession that concerns you, in the circumstances stipulated by the data protection legislation.
· Right to restriction of processing:
You have the right to restrict the way we process your personal data in the circumstances stipulated by the data protection legislation.
· Right to data portability:
You have the right to receive from us the personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller without hindrance from us. This includes the right to demand that we transmit the relevant personal data to another controller on your behalf, when technically feasible. This right only applies to personal data: (i) for which we have obtained your consent to process, or (ii) we have obtained to fulfill our contractual obligations with you, and in each case to the extent that we process your personal data using automated means.
· The right to lodge a complaint against us:
If you believe that our handling of your personal data does not comply with the data protection legislation you can lodge a complaint with the supervisory authority in the EU member state in which you live or work, or in which the alleged non-compliance occurred.
Whenever your consent is required, the Foundation will inform you in advance and give you the option of granting or not your consent for the use of your personal data, including your email address, for the above purposes, by checking the appropriate boxes.
We wish to inform you that we may process your personal data without your consent in certain circumstances, such as when said processing is necessary to comply with a legal obligation to which we are subject or when said processing is necessary to carry out obligations assumed in contracts with the users.
Last update: July 2020
© Fundació Puig, 2020. All rights reserved.