Party Responsible for Data Processing
In terms of data protection, D.F.S.A. should be considered the Party Responsible for Data Processing, in relation to the filing systems or processing identified in this policy, specifically in the Data Processing section.
The following are the identifying details of the owner of this website:
Party Responsible for Data Processing: D.F.S.A.
Mailing Address: Calle SILICI, 67-6, 08940, CORNELLA DE LLOBREGAT, (Barcelona).
E-mail Address: email@example.com
Data Protection Officer
The person designated to exercise the functions of data protection officer in D.F.S.A. is LOURDES ARACELI, ORTECHO MENDOZA whose identifying details are as follows:
Mailing Address: Calle SILICI, 67-6
Phone Number: 933778585
The personal data requested, where appropriate, will consist only of those strictly necessary to identify and respond to the request made by their owner, hereinafter the party concerned. This information will be treated in a fair, lawful, and transparent manner in relation to the party concerned. Moreover, the personal data will be collected for explicit and legitimate purposes, not being further processed in a manner incompatible with said purposes.
The data collected from each party concerned will be appropriate, relevant, and not excessive in relation to the corresponding purposes for each case and will be updated whenever necessary.
Purposes for the data processing.The owner of the data will be informed, prior to the collection of his or her data, of the general ends regulated in this policy in order to be able to give the express, precise, and unequivocal consent for the processing of his or her data, in accordance with the following aspects.
The explicit purposes for which each of the processes are carried out are included in the informative clauses included in each of the data acquisition channels (web forms, paper forms, voice-recording, or posters and informative notes).
However, personal data of the interested party will be processed with the sole purpose of providing an effective response and meet the requests made by the user, specified next to the option, service, form, or data acquisition system that the owner uses.
As a general rule, prior to the processing of personal data, D.F.S.A. obtains express and unequivocal consent from the owner thereof, through the incorporation of informed consent clauses in the different information collection systems.
However, if the consent of the party concerned is not required, the legitimizing basis of the treatment in which D.F.S.A. is the existence of a specific law or regulation that authorizes or demands the processing of the concerned party’s data.
As a general rule, D.F.S.A. does not proceed to the cession or communication of the data to third parties, except those legally required. However, if necessary, such cessions or data communication are informed to the party concerned through the informed consent clauses contained in the different channels of personal data acquisition.
As a general rule, personal data are always collected directly from the party concerned. However, in certain exceptions, the data may be collected through third parties, entities, or services other than the party concerned. In this sense, this end will be transferred to the interested party through the clauses of informed consent contained in the different channels of information acquisition and within a reasonable timeframe, once the data have been obtained, and at the latest within a month.
Time limits for data storage
The information collected from the party concerned will be kept as long as it is necessary to fulfil the purpose for which the personal data were collected, so that, once the purpose has been fulfilled, the data will be cancelled. Said cancellation will result in the blocking of the data which is conserved only to be made available to Public Administrations, Judges, and Courts, to attend to the possible responsibilities arising from the processing, during the statute of limitations of these data, and once the aforementioned period has elapsed, the information will be destroyed.
For informative purposes, the following are the legal terms for the storage of information in relation to different matters:
|DOCUMENT||TIME LIMIT||LEGAL REF.|
|Documentation related to employment or to social security||4 years||Article 21 of Royal Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Infractions and Punishments in the legal Social Order|
|Accounting and fiscal documentation for mercantile purposes||6 years||Art. 30 Commercial Code|
|Accounting and fiscal documentation for tax purposes||4 years||Articles 66 to 70 General Taxation Law|
|Building access control||1 month||Instruction 1/1996 under the Spanish Data Protection Agency (AEPD)|
|Video-surveillance||1 month||Instruction 1/2006 under the Spanish Data Protection Agency (AEPD)
Organic Law 4/1997
In relation to the navigation data that can be processed through the website, if the data that are collected are subject to the regulations, we recommend consulting the Cookies Policy published on our website.
Rights of the parties concerned.
The regulations on data protection grant a series of rights to the parties concerned or owners of the data, users of the website, or users of D.F.S.A.’s social network profiles.
These rights that assist the parties concerned are the following:
- Right of access: right to obtain information about whether their own data are being processed, the purpose of the processing being carried out, the categories of data concerned, the recipients or categories of data recipients, the time limits for data storage, and the origin of said data.
- Right to rectification: right to perform the rectification of inaccurate or incomplete personal data.
- Right to erasure: right to perform erasure of data in the following scenarios:
- When the data are no longer necessary for the purposes for which they were collected
- When the owner of the same withdraws consent
- When the party concerned is opposed to data processing
- When it should be erased in compliance with a legal obligation
- When the data has been obtained by means of an information society service based on the provisions of art. 8 sec. 1 of the European Regulation on Data Protection.
- Right to opposition: right to oppose a specific form of processing based on the consent of the party concerned.
- Right to limitation: right to limit the processing of data in one of the following situations:
- When the party concerned challenges the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
- When the processing is illegal, and the party concerned is opposed to the erasure of data.
- When the company no longer needs the data for the purposes for which they were collected, but the party concerned needs them for the formulation, exercise, or defence of claims.
- When the party concerned has opposed the processing of data while it is verified whether or not the legitimate motives of the company prevail over those of the party concerned.
- Right to transferability: right to obtain data in a structured, commonly used, and machine-readable format, and to transfer it to another data protection officer when:
- The processing is based on consent
- The processing is carried out by automated means
- Right to file a claim against the competent supervisory authority
The parties concerned may exercise the indicated rights by writing to D.F.S.A. at the following address: firstname.lastname@example.org, indicating in the Subject line the right he or she wishes to exercise.
In this way, D.F.S.A. will respond to your request as soon as possible while taking into account the deadlines provided in the regulations on data protection.
The security measures adopted by D.F.S.A. are those required, in accordance with the provisions of article 32 of the RGPD. In this regard, D.F.S.A., taking into account the state of technology, the costs of application, and the nature, scope, context, and purposes of the data processing, as well as the risks of variable probability and seriousness of the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to ensure the level of security appropriate to the existing risk.
In any case, D.F.S.A. has enough mechanisms in place to:
- Guarantee the permanent confidentiality, integrity, availability, and resilience of data processing systems and services.
- Quickly restore availability and access to personal data, in case of physical or technical incidents.
- Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures put in place to guarantee the safety of the data processing.
- Use pseudonyms and encryptions for personal data, if applicable.