Data controller
DATA CONTROLLER
FUNDACIÓN ABEL MATUTES (hereinafter, the Foundation) is particularly aware of the importance of personal data protection for users of the website services and for volunteers in general. This Privacy Policy (or Data Protection Policy) allows the Foundation, the owner of this website, to inform website users about what is done with the personal data collected by the website so that they can freely and voluntarily decide whether they want to provide the requested data.
The Foundation reserves the right to modify this policy. Any changes to it will be announced in due time so that users are fully aware of their nature.
The data controller is the Foundation, with tax ID code G57318370, and registered address at Bartolome Rosello Avenue, 18, 07800 Ibiza (Balearic Islands). Users can contact our Data Protection Officer at the following email address: dpo@fundacionabelmatutes.org.
PURPOSE
The data controller may process personal data for the following purposes:
1. Management of user participation in events and activities in which the data controller participates and/or collaborates. This includes:
• Responding to their and/or their children’s requests to take part.
• Responding to user contact requests to manage their participation and/or special requests and preferences.
• Sending information on all activities and projects the Foundation carries out or takes part and/or collaborates in, all within the scope of its founding purposes.
• During the course of any event or activity, the Foundation may take photos or videos of participants. In such cases, the Foundation may publish this material in relation to the event, as well as any non-profit activities supported by itself or its partners, on its website or partners’ websites and social networks, provided they have received express written consent.
2. Management of requests for information and contact through the channels or forms provided for this purpose. This includes:
• Managing requests to contact the Foundation.
• Responding to requests for information about activities, events and actions in which the Foundation participates.
• Managing subscription and subscription cancellation regarding messages related to the Foundation with information on activities, events and actions in which the Foundation participates.
3. Management of donations made through the channels or forms provided for this purpose. This includes:
• Managing the donation itself.
• Responding to requests for contact and information on donations.
4. Managing applications from volunteers. This includes:
• Managing the registration and deregistration of volunteers.
• Coordinating participation in the activities, programmes and actions for which people can register.
• Managing requests for contact with the Foundation.
• Responding to requests for information about activities, events and actions in which the Foundation participates.
• Sending information on all activities and projects the Foundation carries out or takes part and/or collaborates in, all within the scope of its founding purposes.
5. Where appropriate, to get the opinion of volunteers through the channels or forms provided for this purpose.
LEGAL BASIS FOR DATA USE
The data controller is authorised to process personal data based on:
• The existence of a partnership agreement or convention pursuant to article 6.1.b) of the General Regulation on the Protection of Personal Data.
• The explicit consent granted by users in those cases where such has been requested, for one or more specific purposes as set out in article 6.1.a) of the General Regulation on the Protection of Personal Data, after completing the forms and checking the box enabled for this purpose. In any such cases, interested parties have the right to withdraw their consent at any time, without this affecting the legality of the processing based on the consent received prior to its withdrawal.
• Compliance with legal obligations imposed on the data controller under article 6.1.c) of the General Data Protection Regulation, when an applicable regulation requires the performance of a certain degree of personal data processing.
ORIGIN OF DATA
Personal data is provided to us by volunteers through this website or the forms made available by the data controller that they complete, or from the user experience collected during their participation in the events or activities organised by the Foundation. Data that does not come directly from the interested party will come from agreements the Foundation has with partners such as NGOs.
The Foundation does not process the data of users aged under 14 without the prior and express consent of their parents, guardians or legal representatives.
DATA CONSERVATION PERIOD
Personal data will be kept for the period required to comply with legal obligations or respond to any possible claims made during the limitation period for civil actions. Appropriate security measures will be taken to ensure its correct storage.
SECURITY MEASURES
The Foundation has taken the organisational and technical security measures required to protect the confidentiality, integrity and availability of data. Among others, the Foundation has taken the following measures:
a) Data blocking procedures. In line with article 32 of Organic Law 3/2018 on Personal Data Protection and the Guarantee of Digital Rights, the Foundation blocks data to prevent it being processed.
b) Security breach procedures. The Foundation has technical measures in place to detect any security incidents that may affect data processing. If a security incident is detected, the Foundation has defined measures to resolve the incident and, where appropriate, notify the competent authorities and/or interested parties.
c) Personal data anonymisation and encryption. This allows the Foundation to guarantee that personal data is held in the strictest confidentiality.
d) Procedures to restore access to personal data after an incident.
The Foundation regularly evaluates the effectiveness of the technical and organisational measures to guarantee the security of data processing.
RECIPIENTS OF THE DATA
The personal data provided to the data controller may be transmitted to the following recipients:
• Third parties to whom the Foundation is obliged to transmit information, such as public authorities, to comply with their requirements and applicable regulations (art. 6.1.c) GDPR).
• Other companies and/or partners that have to process personal data for participation in actions and events and, where appropriate, their transmission based on the implementation of an agreement and/or convention (art. 6.1.b) GDPR).
The organisations that act as data controllers, such as partners, do not sell or exploit personal data; they merely process personal data for the purposes indicated previously. These organisations employ service providers with access to personal data (data processors). These service providers may include companies based outside the European Union and thus involve international data transfers. If this is the case, transfers will always be made in compliance with Chapter V of the GDPR.
USER RIGHTS
Users may exercise their rights in line with the General Data Protection Regulation. These rights are:
• The right to request information and access to their personal data.
• The right to request the rectification or deletion of their data.
• The right to request limitations on the processing of their data.
• The right to object to the processing of their data,
• The right to portability of their data.
Users may exercise their rights with a request, specifying the right they wish to exercise, sent to the data controller at the following address: Avenida Bartolomé Roselló, 18, 07800 Ibiza (Balearic Islands), or by email to privacy@fundacionabelmatutes.org. If the Foundation is unsure about user identity, it may request that users provide a copy of their passport or official ID.
If users believe their rights in regard to personal data protection have been violated, they should contact our Data Protection Officer at dpo@fundacionabelmatutes.org, or file an official complaint with the appropriate supervisory authority, in the case of Spain, the Spanish Data Protection Agency (www.aepd.es).
Last update: October 2024