POLITICS
Privacy Policy
Privacy Policy
Introduction
This Privacy Policy has been developed taking into account the provisions of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), as well as Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, the GDPR).
This Privacy Policy aims to inform data subjects, from whom information is being collected, about the specific aspects related to the processing of their data, including, among other things, the purposes of the processing, contact details for exercising their rights, data retention periods, and security measures.
Data Controller
For data protection purposes, NABIL BOUR-QAIBA MASKIOUI (THE HAND OF FATIMA) is considered the Data Controller with respect to the processing operations identified in this policy, specifically in the Data Processing section.
The contact details of the owner of this website are as follows:
Data Controller: NABIL BOUR-QAIBA MASKIOUI (THE HAND OF FATIMA)
Postal address: CALLE LOPE DE VEGA 23 BAJO, 39003, SANTANDER (CANTABRIA), SPAIN
Email address: lamanodefatima2019@gmail.com
Data Processing
The personal data requested, if any, will consist solely of that which is strictly necessary to identify and respond to the request made by the data subject. Furthermore, personal data will be collected for specific, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
The data collected from each data subject will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and will be kept up to date as required.
Prior to the collection of their data, data subjects will be informed of the general provisions of this policy so that they can provide their explicit, specific, and unambiguous consent to the processing of their data, in accordance with the following aspects.
Purposes of Processing
The specific purposes for which each processing activity is carried out are detailed in the information clauses included in each data collection method (web forms, paper forms, recorded messages, or information signs and notices).
However, the personal data of the data subject will be processed solely for the purpose of providing an effective response and addressing the requests made by the user, as specified alongside the option, service, form, or data collection system used by the data subject.
Legal Basis
As a general rule, prior to processing personal data, the Data Controller obtains the express and unambiguous consent of the data subject by including informed consent clauses in the various information collection systems.
However, if the data subject's consent is not required, the legal basis for processing on which the Data Controller relies is the existence of a specific law or regulation that authorizes or requires the processing of the data subject's data.
Recipients
As a general rule, the Data Controller does not transfer or disclose data to third parties, except as legally required. However, if necessary, such transfers or disclosures will be communicated to the data subject through informed consent clauses included in the various methods of collecting personal data.
Origin
As a general rule, personal data is always collected directly from the data subject. However, in certain exceptional cases, data may be collected through third parties, entities, or services other than the data subject. In this regard, the data subject will be informed of this fact through the informed consent clauses included in the various data collection methods and within a reasonable timeframe after the data is obtained, and at the latest within one month.
Retention Periods
The information collected from the data subject will be retained as long as necessary to fulfill the purpose for which the personal data was collected. Once this purpose has been fulfilled, the data will be deleted. This deletion will result in the blocking of the data, which will be retained only at the disposal of Public Administrations, Judges, and Courts to address any potential liabilities arising from the processing, for the duration of the applicable statute of limitations. Once this period has expired, the information will be destroyed.
For informational purposes, the legal data regarding the retention of information in relation to different matters is set out below:
Browsing Data
Regarding browsing data that may be processed through the website, if data subject to regulations is collected, we recommend consulting the Cookie Policy published on our website.
Data Subject Rights
Data protection regulations grant a series of rights to data subjects, including website users and users of the Data Controller's social media profiles.
These rights are as follows:
- Right of access: the right to obtain information about whether their personal data is being processed, the purpose of the processing, the categories of data being processed, the recipients or categories of recipients, the retention period, and the origin of the data.
- Right to rectification: the right to obtain the rectification of inaccurate or incomplete personal data.
- Right to erasure: the right to obtain the erasure of data in the following cases:
o When the data are no longer necessary for the purpose for which they were collected
o When the data subject withdraws consent
o When the data subject objects to the processing
o When they must be erased to comply with a legal obligation
o When the data have been obtained in relation to an information society service as provided for in Article 8(1) of the European General Data Protection Regulation (GDPR).
- Right to object: the right to object to certain processing based on the data subject's consent.
- Right to restriction of processing: the right to obtain restriction of processing of personal data when one of the following applies:
• When the data subject contests the accuracy of the personal data, for a period enabling the entity to verify its accuracy.
• When the processing is lawful and the data subject opposes the erasure of the data.
• When the entity no longer needs the data for the purposes for which they were collected, but the data subject requires them for the establishment, exercise, or defense of legal claims.
• When the data subject has objected to processing pending verification of whether the legitimate grounds of the entity override those of the data subject.
- Right to data portability: the right to obtain your data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller when:
• The processing is based on consent
• The processing is carried out by automated means
- Right to lodge a complaint with the competent supervisory authority.
Data subjects may exercise the aforementioned rights by contacting the Data Controller in writing at the following email address: lamanodefatima2019@gmail.com, specifying the right they wish to exercise in the subject line.
The Data Controller will respond to your request as soon as possible, taking into account the time limits stipulated in data protection regulations.
Security
The security measures adopted by the Data Controller are those required in accordance with Article 32 of the GDPR. In this regard, the Data Controller, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
In any case, the Data Controller has implemented sufficient mechanisms to:
a) Ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.
b) Restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident.
c) Regularly verify, assess, and evaluate the effectiveness of the technical and organizational measures implemented to ensure the security of the processing. d) Pseudonymize and encrypt personal data, where appropriate.
