1.- RIGHT TO INFORMATION
In accordance with the provisions of article 11 of Organic Law 3/2018, December 5th, on the Protection of Personal Data and guarantee of digital rights (hereafter LOPDGDD) and article 13 of the General Data Protection Regulation 2016 / 679 (RGPD) we inform you of:
1.1- Identification of those responsible:
– The data controller is St. Peter’s School, with address at c / Eduard Toldrà n. 18 (Barcelona), NIF: A08345233, registered St. Peter’s School S.A.
– Contact email: firstname.lastname@example.org
– Telephone: 126.96.36.199
– Administrative authorization data: CIPDI
The data protection delegate is CIPDI, Treatment of Information S.L. You can contact the delegate at the email email@example.com.
1.2- Purpose of data processing and legal basis
1.2.1- General purpose: The data that you provide us in the forms that you will find on the web, those that you send us to our email address and those that may be generated while maintaining a relationship with the person responsible for the treatment will be incorporated, as you transfer them, to a database of data owned by the person responsible for data handling. We will use this data to provide you with the services you request and to distribute information about our activities by email or postal address. The legal basis for this treatment will be the contractual relationship that you maintain with the person responsible for the data handling and the consent that you grant by accepting this notice.
1.2.2- Image processing: The person responsible for data management documents the public events that are organised with photographs and videos in order to disseminate on the school website or other spaces for publicity and for informative purposes, such as: the website itself, social networks where the person responsible for the treatment has created profiles and organisation or press publications. You can obtain more information about this section by consulting the website of the data controller or by contacting the DPD. The treatment of these images is legitimized with the consent of those affected or in application of article 8 of LO 1/1982 on the protection of the right to honor, privacy and the image itself.
1.3- Categories of recipients:
To comply with the above purposes, the following will have access to your data:
– Personnel duly authorized by the person responsible for data management.
– Suppliers necessary to fulfill your demand.
– Public administration within the scope of its powers.
– You can expand this information by consulting the DPD.
1.4- International data transfer:
The data controller uses the following platforms that may involve data transfers outside the Schengen area:
I.- Google (G-Suite). The person responsible for the treatment has signed an agreement with Google, in accordance with the resolution of the Data Protection Authority of June 22, 2017. For more information on the privacy policies of G-Suite you can visit the following link: https://support.google.com/a/answer/2888485?hl=es
II.- MailChimp, to emit communications.
1.5.- Period of information conservation
The person responsible for data management will keep your information as long as you do not revoke the consent granted to accept this clause.
1.6.- Rights as affected
You have the right to access, rectify, delete, object to the processing of your data, to limit the processing, to request the portability of the data, not to be subjected to automated individual decisions and to revoke the consent you grant.
To exercise these rights, you can write to the addresses of the person responsible for the management that appear in this policy, or send an email to the address firstname.lastname@example.org with the text “DATA PROTECTION” in the subject and attaching a photocopy of your NIE or passport in this email.
1.7.- Right to claim
The competent body to know the correct application of the rules on the treatment of information is the Data Protection Authority, with address at Calle Jorge Juan n. 6 from Madrid.
1.8.- Obligations of the affected party
The affected party must provide accurate and up-to-date information in all data collection processes, being solely responsible for the violation of this obligation.
In data collection forms, the data that is mandatory to provide are marked, depending on the demand made by the affected party. Failure to provide this data may make it impossible to participate in the activity or provide the requested service.
In order to fulfill the objectives of the data controller and, above all, to provide more personalized, careful and effective attention to the user, it is sometimes necessary to create profiles of the recipients of the services. In no case will the elaboration of the profile be carried out in an exclusively automated manner.
2.- USER CONSENT
It is understood that the user accepts the established conditions if they press the ‘ACCEPT’ button that is found in all the data collection forms, or if they send a message by email to the contact addresses that appear on the web. Personal data is stored in the general administration database of the data controller which, in any case, guarantees technical and organizational measures to preserve the integrity and security of the information it deals with.
The general database is equipped with the mandatory security document and has all the technical means at its disposal to prevent the loss, misuse, alteration, unauthorized access or theft of the data that you provide us. The processing of personal data is in accordance with the provisions of Organic Law 3/2018 on data protection and guarantee of digital rights and Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016.
4.- USE OF IP ADDRESSES
To facilitate the search for resources that we believe are of interest to you, you can find links to other pages on this website.