Privacy Policy
Privacy Policy
Introduction
This Privacy Policy has been developed taking into account the provisions of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter, the GDPR. The
purpose of this Privacy Policy is to inform the owners of personal data, regarding whom information is being collected, of the specific aspects related to the processing of their data, among other things, the purposes of the processing, contact information to exercise your rights, information retention periods and security measures, among other things.
Data Controller
In terms of data protection, NABIL BOUR-QAIBA MASKIOUI (LA MANO DE FÁTIMA) must be considered the Data Controller, in relation to the processing operations identified in this policy, specifically in the Data Processing section.
The identifying details of the owner of this website are indicated below:
Data Controller: NABIL BOUR-QAIBA MASKIOUI (LA MANO DE FÁTIMA)
Postal address: CALLE LOPE DE VEGA 23 BAJO, 39003, SANTANDER (CANTABRIA)
Email address: lamanodefatima2019@gmail.com
Data processing
The personal data requested, if applicable, will consist solely of those strictly necessary to identify and respond to the request made by the data subject, hereinafter the data subject. Furthermore, personal data will be collected for specific, explicit and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
The data collected from each data subject will be adequate, relevant, and not excessive in relation to the purposes corresponding to each case, and will be updated whenever necessary.
Prior to the collection of their data, the data subject will be informed of the general details of this policy so that they can provide express, precise, and unequivocal consent for the processing of their data, in accordance with the following aspects:
Purposes of processing
The explicit purposes for which each of the processing operations is carried out are set out in the information clauses included in each of the data collection methods (web forms, paper forms, voiceovers or posters, and information notes).
However, the data subject's personal data will be processed solely for the purpose of providing an effective response and addressing the user's requests, as specified in the option, service, form, or data collection system used by the data subject.
Legitimation
As a general rule, prior to processing personal data, the Data Controller obtains the express and unequivocal consent of the data subject by incorporating informed consent clauses into the various data collection systems.
However, if the data subject's consent is not required, the legitimate basis for processing relied upon by the Data Controller is the existence of a specific law or regulation that authorizes or requires the processing of the data subject's data.
Recipients
As a general rule, the Data Controller does not transfer or communicate data to third parties, except as required by law. However, if necessary, the data subject is informed of such transfers or communications through informed consent clauses contained in the various methods for collecting personal data.
Origin
As a general rule, personal data is always collected directly from the data subject. However, in certain exceptions, data may be collected through third parties, entities, or services other than the data subject. In this regard, this information will be communicated to the data subject through the informed consent clauses contained in the various information collection methods and within a reasonable period of time after obtaining the data, and no later than one month.
Conservation periods
The information collected from the data subject will be retained as long as necessary to fulfill the purpose for which the personal data was collected. Once the purpose has been fulfilled, the data will be deleted. Such deletion will result in the blocking of the data, which will be kept solely for the disposal of the Public Administrations, Judges, and Courts, to address potential liabilities arising from the processing, during the statute of limitations for these. Once this period has elapsed, the information will be destroyed.
For information purposes, the legal information retention requirements for various matters are set out below:
Browsing data
In relation to the browsing data that may be processed through the website, in the event that data subject to the regulations are collected, it is recommended to consult the Cookie Policy published on our website.
Rights of interested parties
The data protection regulations grant a series of rights to interested parties or data owners, website users or users of the Data Controller's social media profiles.
These rights that assist interested parties are the following:
- Right of access: right to obtain information about whether their own data is being processed, the purpose of the processing being carried out, the categories of data processed, the recipients or categories of recipients, the retention period and the origin of said data.
Right to rectification: right to obtain rectification of inaccurate or incomplete personal data.
Right to erasure: right to obtain the erasure of data in the following cases:
o When the data are no longer necessary for the purpose for which they were collected
; o When the data subject withdraws consent
; o When the data subject objects to the processing
; o When they must be erased in compliance with a legal obligation
; or o When the data have been obtained through an information society service based on the provisions of Article 8, paragraph 1 of the European Data Protection Regulation.
- Right to object: right to object to a particular treatment based on the consent of the interested party
- Right to restriction: the right to obtain restriction on data processing when any of the following applies:
o When the data subject contests the accuracy of the personal data, for a period enabling the entity to verify its accuracy.
o When the processing is lawful and the data subject opposes the deletion of the data.
o When the entity no longer needs the data for the purposes for which it was collected, but the data subject requires it for the formulation, exercise, or defense of legal claims.
o When the data subject has objected to processing while it is being verified whether the legitimate grounds of the entity prevail over those of the data subject.
- Right to portability: right to obtain data in a structured, commonly used and machine-readable format, and to transmit it to another data controller when:
o The processing is based on consent
or the processing is carried out by automated means
- Right to lodge a complaint with the competent supervisory authority.
Interested parties may exercise the aforementioned rights by contacting the Data Controller in writing at the following address: lamanodefatima2019@gmail.com, indicating the right they wish to exercise in the Subject line.
In this regard, the Data Controller will respond to your request as soon as possible and taking into account the time limits established in data protection regulations.
Security
The security measures adopted by the Data Controller are those required, in accordance with the provisions of Article 32 of the GDPR. In this regard, the Data Controller, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, has established appropriate technical and organizational measures to guarantee a level of security appropriate to the existing risk.
In any case, the Data Controller has implemented sufficient mechanisms to:
a) Guarantee the permanent confidentiality, integrity, availability, and resilience of the processing systems and services.
b) Restore the availability of and access to personal data promptly in the event of a physical or technical incident.
c) Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to guarantee the security of the processing.
d) Pseudonymize and encrypt personal data, where appropriate.