Privacy Policy
In accordance with the provisions of current legislation on data protection, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, GDPR), as well as Organic Law 3/2018 of 5 December on Data Protection and Guarantee of Digital Rights (hereinafter, LOPD-GDD), the user is informed in accordance with the provisions of Articles 13 of the GDPR and 11 of the LOPD-GDD:
I. CONTROLLER
Who is responsible for the processing of your data? - Company name: ECOADAPTA
- Tax ID number: G88579800
- Address: C/MAGDALENA 38 1º C 28012 MADRID
- Email address: ecoadapta@ecoadapta.org
- Website: WWW.ECOADAPTA.COM
II. PURPOSE
For what purpose will we process your personal data?
ECOADAPTA processes your information for:
1. Maintenance of the business relationship and provision of the contracted service.
2. Preparation of a budget tailored to your needs.
3. Management of email communications with interested parties.
4. Carry out the company's selection processes.
5. Management of the company's employees and human resources.
6. Sending commercial information related to our sector: RESEARCH, ENVIRONMENTAL MANAGEMENT, ENVIRONMENTAL EDUCATION AND URBAN DEVELOPMENT PROJECTS.
7. Managing training activities
How long will we have your data?
The personal data you provide us will be kept as long as the current business relationship is maintained. However, in order to be as transparent as possible with you, we inform you that the general calculations we work with are:
- Generic identification data (email, name, surname, telephone number, etc.): for the duration of the business relationship or until consent is revoked.
In any case, they will be deleted when they are not going to be used for the purpose for which they were collected.
- Law on Infringements and Sanctions in the Social Order (obligations regarding affiliation, registration, deregistration, contributions, payment of salaries...); Arts. 66 and following General Law Tax (accounting books…): four (4) years.
- Personal actions without special term (article 1964 Civil Code): five (5) years
- Accounting, fiscal and labor (article 30 Commercial Code - accounting books, invoices…): six (6) years.
- Labor: contracts, work schedule records, salary and contribution receipts,
identification documents, four (4) years; in case of reports of prevention of labor risks, records of illnesses or accidents, contracts with prevention services, five (5) years.
- Data subject to the Law on the Prevention of Money Laundering and Financing of Terrorism (article 25): ten (10) years.
- Selection processes: two (2) years from the delivery of the curriculum vitae.
- Likewise, given the sending of commercial information, even if the relationship between the parties is terminated, the controller will continue to retain your information for the sending of newsletters related to our products and services 1 . You may always exercise the rights granted to you by current regulations by contacting us through the most convenient means for you.
- Disaggregated and anonymized data: no deadline 1 If you do not send commercial communications, you can skip this part. Despite the existence of these general deadlines, we inform you that we will periodically review our systems to proceed to eliminate those data that are not legally necessary.
III. LEGITIMATION
What is the legitimacy for the processing of your data? According to the purposes of the collection of our data, the processing of your data is necessary:
1. To manage the commercial relationship that you have signed and contracted with us.
a. Execution of a contract (enabled by article 6.1.b RGPD)
b. Consent of the interested party (enabled by article 6.1.a RGPD)
2. Preparation of a budget tailored to your needs.
a. Execution of a contract and/or pre-contractual relationship (enabled by
article 6.1.b RGPD)
3. Manage communications by email with interested parties.
a. Consent of the interested party (enabled by article 6.1.a RGPD)
b. Legitimate interest (enabled by article 6.1.f RGPD)
4. Carry out the company's selection processes.
a. Consent of the interested party (enabled by article 6.1.a RGPD)
5. Management of the company's employees and internal human resources
a. Contractual execution (enabled by article 6.1.b RGPD)
6. Sending commercial communications
a. Consent of the interested party (enabled by article 6.1. RGPD)
b. Consent of the interested party (enabled by article 20 LSSICE)
c. Legitimate interest (enabled by article 6.1.f RGPD and 21.2 LSSICE)
7. Managing training activities
a. Execution of a contract (enabled by article 6.1.b RGPD)
b. Consent of the interested party (enabled by article 6.1.a RGPD)
Likewise, all the data collected are necessary for the provision of the service. However, those data that are marked with an asterisk (*) will be mandatory. In the event that the mandatory data is not provided, the person responsible will not be able to provide you with the contracted service.
Finally, we inform you that only persons over 14 years of age may provide personal data on this website. According to the LOPD and GDD, in the case of minors under 14 years of age, the consent of their parents or guardians will be mandatory for us to process their personal data. Furthermore, only persons over 18 years of age may contract our services.
In the case of minors under 18 years of age, the consent of their parents or legal guardians will be mandatory for us to provide the services offered, unless the minor is emancipated.
IV. RIGHTS OF INTERESTED PARTIES
What rights do I have in terms of data protection? In accordance with the provisions of articles 13 RGPD and 11.2.c) LOPDGDD, you can exercise any of the following rights by notifying us at the postal address C/MAGDALENA 38 1º C 28038 MADRID or at the email address PALOMA.SANTOSC@GMAIL.COM . In any case, according to current regulations you have the following rights recognized in accordance with the content of articles 15 to 22 RGPD and 12 to 18 LOPDGDD:
- Right to request access to personal data relating to the interested party.
- Right to request rectification or deletion.
- Right to request limitation of processing.
- Right to object to processing.
- Right to portability.
You can request the forms to exercise your rights from the Controller, through the email address indicated in the data of the controller. Additionally, you may file a complaint with the Spanish Data Protection Agency (AEPD). More information in Section VII of this document.
V. RECIPIENTS
To which recipients will your data be communicated? You will always be informed and, where appropriate, your express consent will be requested to transfer your personal data or carry out international transfers in accordance with the current regulations (arts. 13.1.e) and 44 RGPD, as well as art. 11.1 and 40 LOPDGDD 3/2018).
Therefore, we inform you that the third parties with whom the Controller works have their servers located within the EU, EEA or Switzerland, with adequate security measures to guarantee adequate and confidential data processing.
Outside of the aforementioned cases and except by legal obligation, your data will not be transferred or communicated to any third party, except in the cases provided for by law or when it is strictly necessary for the provision of a service. In general terms, the data may be transferred to:
- Technology service providers.
- Payment service providers.
- Courier and parcel companies.
- Third parties or intermediaries, acting as service providers, operating on our own behalf (consultants, consultants, freelancers, etc.).
- Third parties in charge of processing, collaborators or with a close business relationship with the controller for the exclusive purpose of providing our services.
Data transfers will take place in compliance with the strictest confidentiality, using the necessary measures, such as the signing of confidentiality agreements, or adherence to their privacy policies established on their respective web pages. The User may refuse to transfer their data to the Data Processors, by means of a written request, by any of the means previously referenced. The controller will not transfer or communicate your data to any third party, except in the cases legally provided for or when the provision of a service implies the need for a contractual relationship with a Data Processor. Thus, the User accepts that some of the personal data collected may be provided to these Data Processors (payment platforms, agencies, intermediaries, etc.), when necessary for the effective performance of a contracted service or purchased product. The User also accepts that, in the case of provision of services, these may be, totally or partially, subcontracted to other persons or companies, who will be considered Data Processors, with whom the corresponding confidentiality agreement has been agreed, or adhered to their privacy policies, established on their respective web pages. The User may refuse to transfer their data to the Data Processors, by means of a written request, by any of the means previously referenced.
VI. ORIGIN OF YOUR DATA
How have we obtained your data?
The personal data used by ECOADAPTA comes from the interested party, in compliance with the provisions of articles 13 RGPD and 11 LOPDGDD already mentioned, or from group companies or collaborators, about which you can obtain more information by writing to the email address ecoadapta@ecoadapta.org or at the office of the Controller at the postal address indicated in this document.
What categories of data do we handle?
The categories of personal data that are processed:
Identification data
Name
Surname
ID / NIE / Passport or equivalent document
Postal addresses
E-mail addresses
Sex
Date of birth
Place of birth
Contact telephone number (mobile / landline)
Commercial information: own and third parties
Economic data
Bank account number
Credit card number
Curriculum vitae
Academic data
Qualifications
Hobbies
Membership of associations or clubs
The processing of sensitive data will be done in accordance with the provisions of articles 9 RGPD and 9 LOPDGDD, informing in all cases the interested party about which data will be used by the controller.
VII. ADDITIONAL INFORMATION
- Security measures: Users of the website of the controller are informed that the security measures, both technical and organizational, within our reach have been adopted to prevent the loss, misuse, alteration, unauthorized access and theft of data, and thus guarantee the confidentiality, integrity and quality of the information contained therein, in accordance with the provisions of current regulations on data protection. The personal data collected in the forms are processed solely by the staff of the controller or the designated Data Processors. The Website also has SSL encryption that allows the User to securely send their personal data through the contact or registration forms on the website
- Social Networks: the data controller has a profile on some of the main social networks on the Internet (Facebook, Instagram), and is recognized in all cases as the Data Controller of the data of its followers, fans, subscribers, commentators and other User profiles (hereinafter, followers) published by the data controller.
The purpose of the data processing by the data controller, when not prohibited by law, will be to inform its followers about its activities and offers, by any means that the social network allows, as well as to provide personalized customer service. The legal basis that legitimizes this processing will be the consent of the interested party, which may be revoked at any time. In no case will the controller extract data from social networks, unless the User's express consent is obtained for this purpose (for example, to carry out a contest).
- Confidentiality: The information provided by the User will, in any case, be considered confidential, and may not be used for purposes other than those described here. The controller undertakes not to disclose or reveal information about the User's claims, the reasons for the advice requested or the duration of his/her relationship with the User.
- Accuracy of data: The User declares that all data provided by him/her are true and correct and undertakes to keep them updated. The User will be responsible for the accuracy of his/her data and will be solely responsible for any
conflicts or disputes that may arise from the falsity of the data. It is important that, in order for us to keep personal data up to date, the User informs the controller whenever there has been any modification to the data.
- Documentation prepared by LegalDPO (https://legaldpo.es/), based on the information provided by the Data Controller. The content complies with the regulations in force in February 2023, and may vary according to legislative changes or jurisprudential criteria. It is the owner's obligation to check the validity of the regulations at all times.
VIII. CONTROL AUTHORITY
We make every effort to comply with data protection regulations since it is the most valuable asset for us. However, we inform you that if you believe that your rights have been violated, you can file a claim with the Spanish Data Protection Agency (AEPD), located at C/ Jorge Juan, 6. 28001 – Madrid. More information about the AEPD.
http://www.agpd.es/. Documentation prepared by LegalDPO. https://legaldpo.es/