1. INTRODUCTION

The ROC FOUNDATION reserves the right to modify this Policy in order to adapt it to new legislation, jurisprudential criteria, industry practices, or the interests of the FOUNDATION . Any modification will be announced with due notice, so that you are fully aware of its contents.

In order to provide you with certain services it is necessary to manage your personal data. For these purposes, the same, will be incorporated into the corresponding processing activities of the ROC FOUNDATION and will be processed for the specific purpose of each treatment, in accordance, mainly, with the regulation established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

 

2. GENERAL INFORMATION

In the following, the ROC FOUNDATION informs, in general, about the privacy and protection of personal data protection applied to the processing activities it carries out on the Portal, as well as by other means:

Who is responsible for the processing of your personal data?

Fundación ROC Investigación y Docencia (known throughout this document as FUNDACIÓN ROC), is the Data Controller and is committed to the protection of the information it manages. In accordance with Article 13 of the RGPD and Article 11 of the LOPDGDD we inform you of the following:

  • Corporate Name: Fundación ROC Investigación y Docencia
  • TAX ID: G55411656
  • Address: Paseo General Martínez Campos, 17 - 28010 Madrid (Spain)
  • Registration data in the Foundations Registry: 1222/24
  • Email regarding data protection: privacidad@fundacionroc.com
  • Contact telephone number: 621 196 799
  • DPO contact: dpo@fundacionroc.com

 

Why do we process your personal data?

The purpose of the collection and processing of personal data, through the various forms owned by the ROC Foundation, made available to users, respond, as appropriate, to manage and respond to requests for information, questions, complaints, compliments or suggestions to publications or any services or activities, events or events provided, offered, sponsored and / or sponsored by our Foundation .

We also inform you that on this website, data processing will be carried out for the additional purpose derived from the fact that you have made a donation to us. In this case, your data will be processed to manage the donation, as well as to manage the tax deductions that may be applicable.

What is the legal basis that legitimizes the processing of your personal data? That is to say, what is the legal basis for us to process your personal data?

The legal basis that legitimizes us to process your personal data is the consent given by you by signing or accepting the relevant forms, for one or more specific purposes (Art. 6.1.a RGPD).

How long do we keep your personal data?

Your personal data will be kept by us for the corresponding period of time in order to maintain a record of attention and manage our services efficiently and the person concerned does not request its deletion. Even if deletion is requested, they will be kept blocked for the necessary time, and limiting their processing, only for one of the following reasons: to comply with legal/contractual obligations of any kind to which we are subject and/or during the legal periods provided for the prescription of any liabilities on our part and/or the exercise or defense of claims arising from the relationship maintained with the owner of the data.

Specifically, the data will be retained as follows:

- Data obtained in the contact request: Until the request is resolved within the deadlines for possible claims.

- Data on donations and their donors: Up to 6 years from its realization, taking into account the legal deadlines foreseen for the attention of requirements of the Tax Agency.

- Data obtained through cookies: Consult the cookies policy.

Who should keep the data up to date?

On the other hand, in order that the data always correspond to reality, we will try to keep them updated. So that, for this purpose, the User must make the changes, directly, when so enabled or by communicating, by reliable means, to the corresponding area or department of our Foundation .

Who may be assignees or recipients of your personal data?

Personal data will not be transferred or communicated to third parties, except in the necessary cases in which the public bodies with competence in the matter so require us (in the case of donations, the Tax Agency).

International Data Transfers

It is possible that there may be international transfers of data in the installation of cookies, to countries outside the European Economic Area. In such cases, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to ensure a level of protection equivalent to that required by European data protection regulations.

You can obtain detailed information about the use of cookies, the third parties that manage them, the specific purposes, as well as manage or revoke your consent at any time, by consulting our Cookies Policy .

The ROC FOUNDATION has different profiles on social networks to publicize their activities and interact with users. Users of these social networks who voluntarily decide to follow or become friends of the Foundation, express their consent to the processing of their personal data relating to their profile for the sole purpose of interacting within the corresponding social network, within the framework of their privacy policies and under the conditions established by each platform.

You should be aware that the use of these social networks may involve international transfers of personal data to countries outside the European Economic Area (such as the United States), where the servers of these platforms are located. These transfers are covered, where appropriate, by legal mechanisms such as the Standard Contractual Clauses (STCs) approved by the European Commission, or by the guarantees provided in the compliance policy of each provider.

Personal data security

The ROC FOUNDATION will adopt appropriate technical and organizational measures in its information system, in compliance with the principle of proactive responsibility, in order to ensure the security and confidentiality of stored data, thus avoiding its alteration, loss, unauthorized processing or access; taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as risks of varying probability and severity associated with each of the treatments.

What are your data protection rights and how can you exercise them?

You may exercise your rights of access, rectification, erasure, restriction, portability, objection, or not to be subject to decisions based solely on automated data processing. To do so, you may write to the email address privacidad@fundacionroc.com, indicated above.

In the letter, you must specify which of these rights you are requesting to be satisfied and identify yourself. In case of doubt as to your identity, you may be asked to provide additional information.

In case of acting through a representative, legal or voluntary, he/she must also provide a document proving the representation and his/her identification document.

Likewise, if you consider that your right to personal data protection has been violated, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es).

More information about exercising your data protection rights is provided below:

a) What are my rights

b) Who can exercise these rights before the Foundation?

c) How and where can I exercise these rights?

d) Supplementary information

 

a) What are my rights?

Data protection regulations allow you to exercise before the data controller, the ROC Foundation, the rights of access, rectification, opposition, portability, erasure ("right to be forgotten"), limitation of processing and not to be subject to individualized decisions, in accordance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR") and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD):

Right of access

You have the right to know:

  • Whether or not we are processing personal data concerning you.
  • The origin of your data, if not provided by you.
  • The purposes of the processing of your data.
  • The categories of data involved.
  • The recipients or categories of recipients to whom the personal data were or will be disclosed.
  • If possible, the expected retention period of the personal data (or, if not possible, the criteria used to determine this period).
  • The right to file a complaint with a supervisory authority.
  • If we make automated decisions - including profiling - using your personal data.

Right of rectification

  • You have the right to have your personal data rectified:
  • Completing them, if they are incomplete.
  • Updating or rectifying them, if for any reason they are no longer in accordance with the current reality or are inaccurate.
  • By exercising your right to rectification, we will ensure that all your personal data is accurate and complete.

Right to suppression

  • You have the right to have your personal data deleted when any of the following conditions apply:
  • Such data are no longer necessary for the purposes for which they were collected or processed.
  • You withdraw the consent on which we base the processing of your data and it cannot be based on any other basis of legitimacy.
  • You have successfully exercised your right to object to the processing of your data.
  • Personal data have been processed unlawfully.

Right to limitation of processing

  • You have the right to obtain the limitation of the processing of your personal data (i.e. that we keep it without using it for the intended purposes).

Right of opposition

  • You will have the right to ask us to stop using your personal data, for example, when you believe that the personal data we hold about you may be incorrect or you believe that we no longer need to use it.

Right of portability

  • When the processing of your data is based on consent or is necessary for the performance of a contract or pre-contract and is carried out by automated means, you have the right to data portability, i.e. to have your data delivered to you in a structured, commonly used and machine-readable format, including forwarding it to a new data controller, which is why the FOUNDATION will facilitate the portability of your data to the new data controller.

Right not to be subject to automated individual decisions

  • This right is intended to ensure that you are not subject to a decision based solely on the processing of your data, including profiling, which produces legal effects on you or similarly significantly affects you. Profiling refers to any form of processing of your personal data that evaluates personal aspects, in particular analyzing or predicting aspects related to your job performance, financial situation, health, personal preferences or interests, reliability or behavior.

b) Who can exercise these rights before the Foundation?

You, as the data subject or holder of the personal data, acting on your own behalf and in your own right.

Through another person acting, duly accredited, as legal representative (e.g. when the holders of parental authority or guardianship act on behalf of a person under 14 years of age or when acting as legal representative of a person with functional diversity) or volunteer (person you have freely and voluntarily granted powers of attorney for this purpose).

c) How and where can I exercise these rights?

By Postal Mail

You may submit your letter by sending it to the following postal address: Paseo General Martínez Campos, 17 - 28010 Madrid (Spain).

By internet

You can submit your letter by sending an email to the following address: privacidad@fundacionroc.com.

You can also contact our Data Protection Officer at dpo@fundacionroc.com.

In both cases, you must:

  • Provide sufficient data and information to meet the request. For this purpose, you can use the model forms available from the Spanish Data Protection Agency https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos
  • Identify yourself and sign the form in handwriting or, if you have a recognized digital certificate, sign it electronically.
  • In case of acting on behalf of a third party, the document accrediting the representation of the interested party must also be included.

d) Supplementary information

The ROC FOUNDATION will analyze whether or not the petition is in accordance with the law. It will inform the petitioner of the decision adopted, proceeding accordingly: if it is upheld, it will adopt the appropriate measures according to the right exercised; if it is rejected, it will indicate the system of appeals provided for by law. In the event that the requests are manifestly unfounded or excessive (e.g., repetitive nature) the Foundation may: (i) Charge a fee proportional to the administrative costs incurred (ii) Refuse to act.

 

For further information or clarification about your rights in the protection of personal data, please send a letter to the e-mail addresses indicated above.