PRIVACY POLICY
This privacy policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), with Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), as well as, insofar as it does not conflict with the aforementioned regulations, with Organic Law 15/1999 on the Protection of Personal Data (LOPD) and its implementing regulations, and/or those that may replace or update them in the future.
Our organisation is committed to the privacy of your personal data. The personal data provided is necessary to deliver our services and is processed in a lawful, fair and transparent manner, ensuring adequate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage through the application of technical and organisational measures.
Through this document we wish to provide you, in a transparent and fair manner, with all the necessary information regarding the processing of your personal data carried out by this organisation.
I.- DATA CONTROLLER
IDENTITY: ASOCIACION PROTECTORA DE ANIMALES DE DÉNIA
C.I.F. / N.I.F.: G03660305
ADDRESS: PTDA. MADRIGUERES SUD, 36 C, 03700 DENIA (ALICANTE)
PHONE: 966427678
E-MAIL: info@apad-apad.org
DATA PROTECTION OFFICER: info@apad-apad.org
II.- RECIPIENTS OF PERSONAL DATA
The personal data provided will not be transferred to any third party unless otherwise specified in the specific processing activities. Optionally, for the procurement of cloud computing services and/or services for sending emails, communications, and other related IT services, personal data may be:
- Transferred to IT service companies located within the European Economic Area (EEA), or
- Transferred to IT service companies located outside the EEA that are covered by the Privacy Shield protection framework, which provides adequate protection measures to guarantee the security of personal data. More information is available at: https://www.privacyshield.gov/welcome
Optionally, to public administrations and other bodies when required in fulfilment of legal obligations.
III.- LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
In each specific personal data processing activity, we will inform you of the legal basis that legitimises it.
IV.- RIGHTS
4.1. RIGHT OF ACCESS
This is the right to obtain from the data controller confirmation of whether or not personal data concerning the data subject is being processed and, if so, the right to access the personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data has been or will be communicated, the retention period or the criteria used to determine it, the existence of the right to request rectification or erasure of personal data or restriction of processing, or to object to such processing, the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), the existence, where applicable, of automated decision-making including profiling, and where data is transferred to third countries, the right to be informed of the appropriate safeguards applied.
4.2. RIGHT TO RECTIFICATION
This is the right to request the rectification of your personal data if it is inaccurate, including the right to have incomplete data completed. Please note that by providing us with personal data through any means, you guarantee that it is true and accurate and undertake to notify us of any changes or modifications. Therefore, any damage caused by the communication of erroneous, inaccurate or incomplete information in the website forms shall be the sole responsibility of the data subject.
4.3. RIGHT TO ERASURE
This is the right to request the erasure of your personal data when, among other circumstances, it is no longer necessary for the purpose for which it was collected, or is being processed in a different manner, or you withdraw your consent. Please note that erasure will not apply where the processing of personal data is necessary, among other circumstances, for compliance with legal obligations or for the establishment, exercise or defence of legal claims.
4.4. RIGHT TO RESTRICTION
This is the right to request the restriction of the processing of your personal data, which means that in certain cases you may ask us to temporarily suspend the processing of your personal data or to retain it beyond the time necessary when you may need it.
4.5. RIGHT TO WITHDRAW CONSENT
This is the right to withdraw the consent you have given by ticking “I have read and accept the privacy policy” at any time, as specified in the corresponding section “Exercise of rights” or in the specific processing activity for commercial communications or newsletters. Please note that this right will not apply if, among other cases, the processing of personal data is necessary for compliance with a legal obligation, the performance and maintenance of a contractual relationship, or for the establishment, exercise or defence of legal claims. Furthermore, the withdrawal of consent will not have retroactive effect, meaning it will not affect the lawfulness of processing based on consent prior to its withdrawal.
4.6. RIGHT TO DATA PORTABILITY
This is the right to receive the personal data concerning you that you have provided to us, in a structured, commonly used and machine-readable format, and to transmit it to another controller, provided that: the processing is based on your consent and is carried out by automated or electronic means.
4.7. RIGHT TO OBJECT
This is the right to object to the processing of your personal data based on our legitimate interest. We will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
4.8. RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If you consider that we are processing your personal data incorrectly, you may contact us or you also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):
https://www.agpd.es/portalwebAGPD/index-ides-idphp.php
4.9. EXERCISE OF RIGHTS
You may exercise your rights by writing to the postal address indicated above or by emailing info@apad-apad.org, enclosing in both cases a copy of your national ID / NIE / passport or equivalent document.
SECURITY MEASURES
The data controller applies appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of the data.
PERSONAL DATA PROCESSING ACTIVITIES
6.1. GENERAL PROVISIONS
The personal data requested in each specific processing activity is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed, thereby complying with the principle of data minimisation.
The personal data requested in each specific processing activity is strictly necessary; refusal to provide it would mean that the requested service cannot be delivered.
The communications of personal data provided for in each specific processing activity are in some cases necessary for the performance and maintenance of a contract, and in other cases for compliance with a legal obligation applicable to the data controller.
6.2. BASIC PROCESSING ACTIVITIES
CONTACT FORM
The personal data provided in the contact form will be used solely to respond to enquiries or requests for information and to manage the relationship arising from the enquiry.
The legal basis legitimising the processing of personal data is express consent given by ticking “I have read and accept the privacy policy”.
Data will not be transferred to third parties except where legally required.
Personal data will be retained for a period of two years from the moment it is no longer processed, without prejudice to the exercise of the rights available to the data subject.
DONATIONS AND MEMBERSHIP FEES
The personal data of members, donors and adopters is processed for the following purposes: managing financial contributions (periodic fees or one-off donations), issuing receipts, certificates and tax records of contributions made, maintaining the administrative and accounting relationship arising from their status as a member or donor, providing information about campaigns, activities and projects related to the organisation’s objectives, and fulfilling applicable legal and fiscal obligations.
The legal basis legitimising the processing of personal data is express consent given by ticking “I have read and accept the privacy policy”.
Data may be shared with banking institutions for the management of collections or direct debits, with the tax authority for compliance with legal obligations, with accounting or tax advisors for the financial management of the organisation, and with technology providers offering hosting, communications or management software services, under a confidentiality and data processing agreement. Under no circumstances will data be transferred to third parties for commercial purposes.
No international transfers of data outside the European Economic Area are envisaged. Should services located in third countries be used, compliance with the standard contractual clauses approved by the European Commission will be guaranteed.
Data will be retained for as long as the relationship as a member, donor or adopter is maintained, and thereafter for the legally required periods.
ADOPTION, VOLUNTEERING, MEMBERSHIP AND DONATIONS
The personal data provided in the form is processed for the following purposes: adoption form (managing your application to adopt or foster animals, assessing the suitability of the adopter or foster home, formalising the adoption contract and carrying out subsequent follow-up), volunteering form (managing the application to participate as a volunteer, coordinating tasks, shifts and activities within the organisation, and fulfilling legal obligations arising from the relationship), membership and donations form (processing registration as a member, sponsor or donor, managing financial contributions, issuing tax receipts, and maintaining the administrative and accounting relationship arising from your collaboration).
The legal basis legitimising the processing of personal data depends on the performance of a contract or pre-contractual relationship and compliance with a legal obligation.
Data may be shared with collaborating veterinary clinics and insurers when necessary for the care of the animal, with banking institutions for the management of collections and payments, with public administrations and the tax authority where a legal obligation exists, with the organisation’s accounting or tax advisors, and with technology providers under a confidentiality and data processing agreement.
No international data transfers will be made. Should the organisation use services outside the European Economic Area, it will ensure that the provider offers adequate guarantees in accordance with the GDPR.
Data will be retained for the duration of the relationship arising from the adoption, volunteering or donation, and thereafter for the number of years required by fiscal, accounting or administrative regulations. Once the legal retention periods have elapsed, data will be blocked and securely deleted.