Privacy Policy

This privacy policy is in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (RGPD), Organic Law 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as, insofar as it is not contrary to the aforementioned regulations, to Organic Law 15/1999, on the Protection of Personal Data (LOPD) and its implementing regulations, and/or those that may replace or update them in the future.

Our organisation is committed to the privacy of your personal data. The personal data provided are necessary to provide our services and are processed in a lawful, fair and transparent manner, ensuring adequate security of the same, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage through the application of technical and organisational measures.

By means of this document, we wish to provide you with all the necessary information regarding the processing of your personal data by this organisation in a transparent manner.

I.- DATA CONTROLLER

IDENTITY:

Dr. Ana Mafé García, president of the Asociación Internacional Itinerario Cultural Camino del Santo Grial de Europa since the day of its foundation on 22 February 2022, registered in the National Register of Associations, Section: 1st with National Number: 624670 and with Tax Identification Number: G72535727.

N.I.F.:

20.161.061C – R

ADDRESS:

Valencia (Spain)

TELEPHONE:

+34 626 39 16 76

E-MAIL:

lopd@elcaminodelsantogrial.eu

 

II.- RECIPIENTS OF PERSONAL DATA

1.- The personal data provided will not be the object of any transfer except as provided for in the specific processing.

2.- Optionally, for the contracting of cloud computing services and/or services for sending e-mails, as well as other related IT services, the personal data may be:

– Transferred to IT service companies located within the European Economic Area (EEA) or,

– Transferred to IT service companies located outside the EEA that are covered by the Privacy Shield and therefore have adequate safeguards in place to ensure the security of personal data. You can obtain more information by visiting this link: https://www.privacyshield.gov/welcome

Optionally, to administrations and other bodies when required to comply with legal obligations.

III.- LEGAL BASIS LEGITIMISING THE PROCESSING OF PERSONAL DATA

For each specific processing of personal data, we will inform you of the legal basis that legitimises it.

IV.- RIGHTS

RIGHT OF ACCESS

This is the right to obtain from the data controller confirmation as to whether or not personal data concerning the data subject are being processed and, if so, the right of access to the personal data and to the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the storage period or the criteria used to determine this period, the existence of the right to request from the controller the rectification or erasure of personal data or the restriction or objection to the processing of personal data relating to the data subject, the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), the existence, where applicable, of automated decisions, including profiling, where data are transferred to third countries the right to be informed of the appropriate safeguards applied.

RIGHT OF RECTIFICATION

This is the right to request rectification of your personal data if it is inaccurate, including the right to complete incomplete data. It should be noted that by providing us with personal data by any means, you guarantee that they are true and accurate and undertake to notify us of any changes or modifications to them. Therefore, any damage caused as a result of the communication of erroneous, inaccurate or incomplete information in the forms on the website shall be the sole responsibility of the interested party.

RIGHT OF DELETION

This is the right to request the deletion of your personal data when, among other cases, they are no longer necessary for the purpose for which they were collected, or they are being processed in another way or you withdraw your consent. It should be noted that erasure will not take place when the processing of personal data is necessary, inter alia, for compliance with legal obligations or for the formulation, exercise or defence of claims.

RIGHT TO LIMITATION

This is the right to request the restriction of the processing of your personal data, which means that in certain cases you can ask us to temporarily suspend the processing of your personal data or to keep it for longer than necessary when you may need it.

RIGHT TO WITHDRAW CONSENT

It is the right to withdraw the consent you have provided by checking «I have read and accept the privacy policy» at any time and as specified in the corresponding section «Exercise of rights» or in the specific treatment of commercial communications or Newsletter. It must be taken into account that this right will not take effect if, among other cases, the processing of personal data is necessary for compliance with a legal obligation, the execution and maintenance of a contractual relationship, or for the formulation, exercise or the defense of claims. Likewise, the withdrawal of consent will not have retroactive effects, that is, it will not affect the legality of the treatment based on consent prior to its withdrawal.

RIGHT TO PORTABILITY

It is the right to receive the personal data that concerns you and that you have provided to us, in a structured, commonly used and machine-readable format, and to transmit it to another person responsible, as long as: the treatment is based on your consent and is carried out by automated or computer means.

RIGHT OF OPPOSITION

It is the right to oppose the processing of your personal data based on our legitimate interest. We will not continue to process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defense of claims.

RIGHT TO FILE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you consider that we treat your personal data incorrectly, you can contact us or you also have the right to file a claim with the Spanish Data Protection Agency (AEPD):

https://www.agpd.es/portalwebAGPD/index-ides-idphp.php

EXERCISE OF RIGHTS

You can exercise your rights by writing to the postal address indicated above or by emailing lopd@elcaminodelsantogrial.eu, attaching in both cases a copy of your NIF/NIE/Passport or similar document.

V.- PROCESSING OF PERSONAL DATA.

GENERIC PROVISIONS.

The personal data requested in each of the specific treatments are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, so the principle of data minimization is complied with.

The personal data requested in each of the specific treatments are strictly necessary; refusal to provide them would imply not being able to provide the requested service.

The communications of personal data provided for in each of the specific treatments are in some cases necessary for the execution and maintenance of a contract and in other cases for compliance with a legal obligation applicable to the person responsible for the treatment.

CONTACT FORM

Personal data will be processed to channel requests for information, suggestions and complaints from users or clients.

The legal basis that legitimizes the processing of personal data is express consent by checking “I have read and accept the privacy policy.”

Personal data will be kept for a period of two years from the moment they stop being processed, without prejudice to the exercise of the rights that assist you as an interested party.

CURRICULUM FORM

Personal data will be processed for the management of the company’s selection process.

The legal basis that legitimizes the processing of personal data is express consent by checking “I have read and accept the privacy policy.”

Personal data will be kept for a period of two years from the moment they stop being processed, without prejudice to the exercise of the rights that assist you as an interested party.