Who is the Data Controller of your personal data?
Data Controller: FUNDACIÓ EURECAT (“Eurecat” or “Data Controller”)
Tax Identification Code: G-66210345
Address: Avda. Universitat Autònoma 23, 08290 Cerdanyola del Vallès, Barcelona (Spain)
Email address: email@example.com
Telephone: +34 93 238 14 00
Data Protections Officer’s email address: firstname.lastname@example.org
What are the purposes and the legal basis for the processing of your personal data?
The Data Controller shall process your identifying and contact data (name, surname, email address…) as the data included at your query, given through the contact form, for the purpose to manage and answer the user contact. The legal basis for its data processing is to develop the proper actions to answer the user’s contact (art 6.1 b) GDPR).
The Data Controller shall process your identifying and contact data (name, surname, email address…) as the data included at your query, given through the “User Group” contact form, for the purpose to manage and answer the user contact as well as to inform or access at the GuestXR Group. The legal basis for its data processing is to develop the proper actions to answer the user’s contact (art 6.1 b) GDPR).
The Data Controller shall process your identifying and contact data (name, surname, email address…), for the purpose of subscribe and send GuestXR project information, as well as Eurecat’s general information, (both newsletters or solely the selected by the user). The legal basis for its data processing is the consent granted by the user (art 6.1 a) GDPR).
The Data Controller shall process data related your preferences (postal code, interests, preferences, professional information) given though the web forms, for the purpose profiling the user to sending the Newsletter segmented with contents that are aligned with the user interests. The legal basis for its data processing is the consent granted by the user (art 6.1 a) GDPR).
The Data Controller shall process and have access to user’s navigation data (IP, location, browser…) because of the accessories cookies installed and agreed, for the purpose of improve the Web services and contents, further information regarding cookies data processing’s, consulting the Cookies Policy. The legal basis for its data processing is the consent granted by the user (art 6.1 a) GDPR).
Who are the recipients of your data?
Eurecat is the main recipient of your data, however, they may be accessible to third parties that develop services to the Data Controller. When access to the user’s data is required for the services developed, it shall be submitted and fulfill with the legal obligations, which are those of article 28 GDPR’S. In any event, the services providers shall not process the user’s data for their own or different purposes and shall not overreach from the services purposes, and, in any case, shall not rent, sold, or make it available to third parties.
The Data Controller shall not transfer your data to third parties without your prior consent, which should fulfill the legal requirements.
The Data Controller may transfer your data to third parties in case of legal obligations to do so, without the user consent.
The personal data obtained by the web forms may be revealed to certain consortium partners whit whom Eurecat cooperate, for the purpose to manage and answer the user contact, as well as to execute the proper actions to carry out the web form purposes for which the data was given. This data access by the consortium partners, does not entail a data assignment for its own purposes. You may consult the detailed list of the project consortium partner here.
How long will your data be kept?
Eurecat shall process your data as long as is necessary to the purposes of the processing which the data were disclosed for and, in any case, until you ask its deletion.
Even if the User ask the deletion of the data, the Data Controller shall keep them blocked for the term required to afford legal obligations or make them available to third parties with the proper capacities because of legal issues.
Is your data subject to international data transfers?
Your data shall not be subjected to international data transfer, it means outside the European Economic Area (“EEA”). However, Eurecat may have services suppliers located or whom develop its services out of the EEA, in these sense, the Data Controller shall ensure to the User that their data object to international transfers shall be protected with the legal measures, that may consist on standard contractual clauses or privacy certifications, bot legal measures approved by the European Union.
Is your data subjected to profiling or automated decisions?
Your data shall not be subjected to automated decisions because of Eurecat’s data processing’s.
The Data Controller shall process your data for profiling purposes in case of you have consent the newsletter subscription where you have completed the optional web form parts related to your interests. Its profiling shall be done with the solely purpose of segment each newsletter to those subject matters that according to your profile may interest you and to avoid you the reception of all the newsletter activity. The profiling actions solely shall be done in case of you have given your consent to the Newsletter subscription, and the users profiling do not be used in other different ways or purposes.
Eurecat through the accessory cookies installed and agreed by the user, may process user’s navigation data to profiling for the purposes of improve the Web services and contents, to obtain navigation and Web statistics, to develop and implement Web improvements. The cookies profiling is subjected to the cookies installed which are strictly linked to the user consent. You may consult further cookies information consulting the Cookies Policy.
What are your personal data rights?
Current privacy laws granted several rights to the users regarding the processing of their data, main information about them is detailed herein:
- Right of access: users are entitled to find out which of your personal data are processed and the processing purposes
- Right of rectification: users are entitled to request the rectifications regarding their data at any time
- Right of erasure: users are entitled to request, at any time, that their data shall be erased from the data controller storage. However, as set out in the above section related on data storage, in certain circumstances to compliance with the laws in force may prevent this right from being exercised
- Right to object: users are entitled to object to their personal data from being processed in relation to any of each purposes processing’s, pursuant to the privacy policies that may apply in each case.
- Right to restriction of processing: users are entitled to request the restriction of purposes processing’s in the following cases:
- If considers that their data are incorrect or inexact;
- If considers that their data has been processing with not the proper legal basis and considered to restrict the processing’s instead of requests its erasures;
- If the data recorded are no longer required for the processing purposes which were collected for but need its storage to file a lawful claim;
- If the user having exercised its right to object for a specific purpose, is awaiting a reply from the data controller to this regard
- Right to data portability: user is entitled to request that their personal data that were submitted to the data controller are being disclosed to another data controller, only in case that its request is technically possible and reasonable to do so.
How may you exercise your data rights?
Notwithstanding that your data has been collected within your consent or the proper legal basis, you may object to the data processing at any time whereby without consequences for you, however, depending on the right exercised certain services shall not be able to be rendered.
The users may exercise their rights according to the law terms and conditions by addressing to Eurecat through either of the following:
(i). by email address to email@example.com
(ii). by postal to Parc Tecnològic del Vallès. Avda. Universitat Autònoma 23, 08290 Cerdanyola del Vallès (BCN)
The user may have the right to contact to the Data Controller Data Protection Officer by email to firstname.lastname@example.org
User, if considers that their data shall not been processed with legal basis or its requests or rights shall not been attended properly by the Data Controller, are entitled to file a claim upon the Supervisory Authority competent on data protection matters, it is the Agencia Española de Protección de Datos (www.aepd.es).