BASIC INFORMATION ON DATA PROTECTION – 1st LAYER | |
Data controller | KONECTA FOUNDATION |
Purpose | Manage the queries and requests made to us through the different means of contact provided and the issues arising from them. |
Legitimisation | Execution of the legal relationship that arises from contacting us via the contact methods provided. |
Recipients | Your personal data will not be disclosed or transferred internationally, unless legally obliged to do so. |
Rights | Access, rectify and delete data, as well as other rights that you can consult in the Additional information. |
Additional information | You can consult below all the additional information on the processing of your personal data. |
PRIVACY POLICY
Who is responsible for the processing of the users’ personal data?
Identity: KONECTA FOUNDATION
Tax Identification Number: G84227313
Address: Calle Serrano, 41-2nd floor – P.C. 28001 Madrid
Phone number: +34 902 193 106
E-mail: fundacion@fundacionkonecta.org
Data Protection Officer: Yes, a DPO has been appointed in the entity
DPO contact details: dpd@konecta-group.com
For what purpose does KONECTA FOUNDATION process the users’ personal data?
At KONECTA FOUNDATION we process your personal data with the utmost respect and compliance with the applicable regulations on personal data protection.
We process the personal data provided to us by users through the different contact channels we have set up to manage the queries and requests made to us by interested parties and the issues arising from them on behalf of the company.
For its part, in relation to the social networks where we have a presence, we will use the personal data of users to interact with them, mainly by responding to comments they make to the publications we make.
We inform you that we will only process your personal data for the aforementioned purposes and that under no circumstances will automated decisions be taken based on your profile.
How long do we keep your personal data?
In the case of enquiries or requests that we receive, we will process the personal data for as long as it is necessary to resolve them and deal with them and, subsequently, for as long as it is necessary to comply with legal requirements.
With regard to the personal data of our followers on social networks, we will keep them on the respective social network until they stop following us.
In other cases, we will process your data for the time necessary to process your request and/or service.
What is the legitimisation to carry out the processing of the users’ personal data?
The legal basis that legitimises the processing of users’ personal data is their necessity for the execution of the legal relationship that arises from filling in the form and sending the query or request. That is to say, it is necessary to manage the queries or requests they make.
With respect to the personal data of our followers on social networks, the legal basis that legitimises their processing is the consent they give when they follow us on them, although they may stop doing so at any time.
What obligations does KONECTA FOUNDATION fulfil with regard to the personal data it processes?
KONECTA FOUNDATION complies with each and every one of the principles required by both the General Data Protection Regulation and the LOPDGDD. Below, we include a brief summary of all of them in order to understand exactly what they entail. No obstante, However, we will be happy to clarify any doubts you may have in this regard by sending an e-mail to dpd@konecta-group.com
In this regard, the General Data Protection Regulation and the LOPDGDD establish a series of principles – that is, obligations for KONECTA FOUNDATION and all its staff – that KONECTA FOUNDATION will take into account during all phases, processing and actions to which it submits the personal data for which it is responsible.
These principles are regulated in articles 5 and 6 of the General Data Protection Regulation and those are:
– Principle of lawfulness, fairness and transparency which implies, as its name indicates, that KONECTA FOUNDATION shall solely have the right to process data in a “lawful, fair and transparent way in relation with the data subject”.
– Principle of purpose limitation. This principle requires that KONECTA FOUNDATION shall only process data collected for ‘specified, explicit and legitimate purposes’. This principle also implies that KONECTA FOUNDATION may not further process such data ‘in a manner incompatible with those purposes’.
The prohibition of processing for incompatible purposes, as provided for in Article 89.1 of the General Data Protection Regulation, does not apply to the processing of such data for the purposes of ‘archiving in the public interest, scientific and historical research purposes or statistical purposes’.
– Principle of data minimisation. This obligation implies the duty of KONECTA FOUNDATION, as data controller, and of all staff working for KONECTA FOUNDATION of solely processing data that are ‘adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed’.
– Principle of accuracy. This principle is embodied in the need for KONECTA FOUNDATION to process personal data that is accurate and therefore up-to-date. In this regard, the General Data Protection Regulation requires KONECTA FOUNDATION, as controller, to take ‘all reasonable steps to ensure that personal data which are inaccurate in relation to the purposes for which they are processed are erased or rectified without delay’. We therefore ask you, should you have changed any personal data from the data you provided to us at the beginning of the relationship, to please let us know as soon as possible so that we can only process personal data that is up to date and current.
The principle of accuracy requires – and KONECTA FOUNDATION will do so – that KONECTA FOUNDATION, from time to time, take steps to verify – to the extent possible and using reasonable efforts – that the personal data it processes are accurate and up to date.
– Principle of storage limitation. This principle requires that KONECTA FOUNDATION only retains the personal data it processes – in a manner that allows identification of data subjects – for no longer than is necessary for the purposes of the processing of the personal data.
The General Data Protection Regulation allows personal data to be retained for longer periods ‘provided that they are processed exclusively for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes’, in accordance with Article 89(1), without prejudice to the implementation of appropriate technical and organisational measures imposed by the General Data Protection Regulation in order to protect the rights and freedoms of the data subject.
– Principle of integrity and confidentiality. This obligation implies the adoption by KONECTA FOUNDATION of all measures – technical, organisational or otherwise – that are necessary to ensure ‘adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
– Accountability principle. This principle is one of the new obligations incorporated in the General Data Protection Regulation and which implies a change of attitude and mentality, as far as personal data protection and security are concerned, on the part of KONECTA FOUNDATION and, therefore, of all its staff.
Compliance, in practice, with this duty of Accountability (also known as active responsibility) means that KONECTA FOUNDATION and all its staff must have an active and preventive – and not reactive – attitude towards possible risks, threats and/or inadequate processing of personal data from the beginning at all the stages of the processing.
For this reason, all KONECTA FOUNDATION staff are aware of the importance of this principle of Accountability, which entails the adoption of preventive measures, attitudes and proactive actions to the benefit, at all times, of the maximum respect for the holder’s fundamental right to the protection of personal data.
This principle of Accountability involves extensive documentary work that allows traceability of all the actions that have been taken to comply with this active responsibility by all KONECTA FOUNDATION staff.
– Principle of lawfulness of processing. The General Data Protection Regulation requires, as could not be otherwise, that any processing of personal data carried out be lawful and, in this regard, includes six legal bases that make the processing of personal data lawful.
These six bases are regulated in Article 6 of the General Data Protection Regulation and are made up of the following factual assumptions:
- a) the data subject consented to the processing of his or her personal data for one or more specified purposes;
- b) the processing is necessary for the performance of a contract to which the data subject is party or for the implementation at his or her request of pre-contractual measures;
- c) processing is necessary for compliance with a legal obligation applicable to the controller;
- d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;
- e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
You can also consult the full text of the General Data Protection Regulation and the LOPDGDD.
And, if you have any doubts or questions related to personal data protection, you can contact our data protection officer at dpd@konecta-group.com
To which recipients will users’ personal data be communicated?
KONECTA FOUNDATION will not transfer or make international transfers of your personal data. It will only transfer your personal data in the event that it is required to do so by law.
However, we also inform you that KONECTA FOUNDATION works with several entities that provide a service that requires access to personal data, being, therefore, these entities in charge of KONECTA FOUNDATION’s data processing.
What security measures has KONECTA FOUNDATION adopted to protect your data?
At KONECTA FOUNDATION we take all the measures in our power to guarantee the security and confidentiality of all the personal data we process. These measures are both physical and logical, of a technical and organisational nature, and are necessary depending on the data we process. Of course, the measures are adopted with the aim of guaranteeing the security, confidentiality and integrity of all the personal data we process in order to avoid their alteration, loss, processing and/or unauthorised access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or from the physical or natural environment.
Likewise, KONECTA FOUNDATION has an updated Security Document (following the recommendations of the Spanish Data Protection Agency) on its conservation and adaptation to the requirements of the GDPR and the LOPDGDD.
Among the security measures (by way of summary) that we adopt are: constant training of all our employees, use of secure passwords and their frequent change, backup copies, encryption of personal data, control of access to personal data according to needs, security audit, hiring of data processors who offer the necessary security and strict compliance with data protection regulations, physical security measures for access control (keys, padlocks, etc.), paper shredder, use of official programmes that guarantee security in the processing of personal data and, of course, all those offered by technique and technology and which are consistent with the risks identified for the processing of personal data carried out by KONECTA FOUNDATION.
In the same vein, we ask you to do everything in your power to prevent becoming a victim of any of the attacks that, unfortunately, take place on the Internet. To this end, we remind you not to click on any link that you are not sure of its origin, not to provide bank details or passwords electronically or by telephone, to use a secure password (combining letters, numbers and special characters) and to change it frequently (at least once a year). Likewise, if you have any doubts about KONECTA FOUNDATION requesting data and/or any other type of action, please, before taking any action, consult KONECTA FOUNDATION by e-mail at dpd@konecta-group.com
What rights do users have as data holders?
You, as personal data holder, either on your own behalf or through a representative –legal or voluntary- may exercise the rights to access, rectification, limitation of processing, deletion, opposition, as well as the right to data portability.
We explain briefly what each of the rights consists of:
- Right of access: you have the right to know which of your personal data KONECTA FOUNDATION is processing.
- Right to rectification: you have the right to have your data rectified by KONECTA FOUNDATION if it is inaccurate or it has not been updated (for example: change in the e-mail, error in the contact phone number, change in the postal address or in the account number).
- Right to deletion: you have the right to request that KONECTA FOUNDATION deletes personal data concerning you. However, if there is a reason that prevents this (contractual relationship, legal requirements, etc.), KONECTA FOUNDATION will inform you upon receipt of your request whether it can positively respond to your right to deletion or not.
- Right to limitation of processing: you have the right to request that KONECTA FOUNDATION cease a specific processing of personal data that it is carrying out. However, as with the right to deletion, in the event that there is justified cause not to positively respond to your right, KONECTA FOUNDATION will let you know in a clear, simple and transparent manner.
- Right to data portability: you have the right to request a copy of the personal data that KONECTA FOUNDATION is processing about you, provided that this data has been provided by you and is in a structured, commonly used and machine-readable format. You may also choose whether you want such data to be provided to you or to another data controller.
- Right to opposition: you may exercise this right to object to a specific processing of personal data being carried out by KONECTA FOUNDATION. However, as with the right to erasure and restriction, if there are legitimate reasons that require the processing and/or legal obligations, KONECTA FOUNDATION will inform you of this in a simple and transparent manner.
- Right not to be object of automated decision-making: you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar manner.
To exercise these rights, you should contact us by e-mail at dpd@konecta-group.com, indicating “Data Protection Rights” in the subject line or, if you prefer, by post to KONECTA FOUNDATION at the address Calle Serrano, 41-2nd floor – P.C. 28001 Madrid, specifying which right you wish to exercise. We may ask you for a copy of your ID card if proof of identity is required.
You will receive a reply from us within a maximum period of 30 days from receipt of your request, and we will make every effort and use all the means at our disposal to reduce this period as much as possible. If you are not satisfied, you may apply to the Spanish Data Protection Agency to request the protection of your rights.
However, prior to filing such a complaint, you may (and we ask that you do so) refer such complaint to our DPO, who will be happy to resolve your problem as soon as possible. You may contact our DPO at the following e-mail address dpd@konecta-group.com
How did we obtain your personal data?
The personal data we process at KONECTA FOUNDATION have been collected through the means of contact provided.
As there are no forms, no specific categories of personal data are collected, beyond the e-mail address. Therefore, we ask users not to provide personal data if it is not necessary to carry out their queries or requests and, if it is necessary, to provide us with the minimum necessary to deal with them.
We do not process data that the General Data Protection Regulation classifies as ‘special categories of data’ (health data, religion, ideology, trade union membership, etc.).
Which body can I lodge a data protection complaint with?
We inform you that you can file a data protection complaint with the Spanish Data Protection Agency. All the information is available on their webpage: www.aepd.es.
However, prior to filing such a complaint, you may (and we ask you to do so) refer the complaint to our DPO who will be happy to solve your problem as soon as possible. You may contact our DPO at the following e-mail address: dpd@konecta-group.com