Privacy policy
FUNDACIÓ CONGRÉS DE CULTURA CATALANA informs users of the website about its policy regarding the processing and protection of users' and clients' personal data.
It guarantees at all times the full and complete compliance with the obligations established by data protection regulations and information society services: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, regarding the protection of natural persons with respect to the processing of personal data and the free movement of such data (GDPR), the Organic Law 3/2018 of December 5, on Personal Data Protection and guarantee of digital rights (LOPDGDD), and the Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSIce).
Data Controller
FUNDACIÓ CONGRÉS DE CULTURA CATALANA
C.I.F.
G08650970
Address
Carrer Sant Pere Més Alt, 1 Principal-B - 08003 - Barcelona
Registry of Private Foundations of the Generalitat de Catalunya No. 173
Phone
93 410 68 66
Email
comunicacio@noucongres.cat
Purposes of Data Processing
The data provided by the User are used for various purposes listed below:
| Purpose of processing | Legal basis for processing |
|---|---|
| To manage inquiries or any type of request made through the contact forms available on the website. | Legitimate interest of the Company to respond to information requests through the website. Express consent given at the time of data collection through web forms. |
| Sending newsletters, commercial communications, and promotions. | Express consent given at the time of data collection through web forms. |
| Processing requests to become a sponsor. | Express consent given at the time of data collection through web forms. Legitimate interest of the Company to respond to information requests through the website. |
| Making a donation/contribution. | Express consent given at the time of data collection through web forms. Legitimate interest of the Company to respond to information requests through the website. |
| Compliance with current tax obligations. | Compliance with legal obligations that apply to us. |
| Managing website incidents and maintenance. | Legitimate interest of the Company. |
Data Retention Period
| Purpose of processing | Retention period |
|---|---|
| Managing inquiries or any type of request made through the contact forms available on the website. | We will process your data for as long as it is necessary to fulfill your request. |
| Sending newsletters, commercial communications, and promotions. | We will process your data until you unsubscribe. |
| Processing requests to become a sponsor. | We will process your data as long as you remain a registered user (i.e., until you decide to unsubscribe). |
| Making a donation/contribution. | We will process your data for the time necessary to comply with the applicable legal retention periods. |
| Compliance with current tax obligations. | We will process your data for the time necessary to comply with the applicable legal retention periods. |
| Managing website incidents and maintenance. | We will process your data for the time necessary to comply with the applicable legal retention periods. |
Data Recipients
To fulfill the purposes indicated in this Privacy Policy, it is necessary that we provide access to your personal data to third parties who support us in the services we offer you (Data Processors), namely:
- Financial institutions.
- Technology service providers.
- Logistics, transport, and delivery service providers and collaborators.
- Marketing and advertising service providers and collaborators.
The data processors, when executing a contract or providing a service to the Controller, must follow its instructions and ensure the same levels of security.
User Rights
The user has the right to:
- Request access to their personal data being processed and receive this information in writing through the requested medium.
- Request the rectification of inaccurate personal data or, where appropriate, request its deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- Request the restriction of the processing of their data.
- Object to the processing of their personal data when applicable; in this case, your data will no longer be processed except for legitimate reasons.
- Right to data portability. The data subject has the right to receive their personal data if they have been provided in a structured, commonly used, and machine-readable format, and to transmit them to another controller if the following conditions are met:
- The processing is based on consent or a contract.
- The processing is carried out by automated means.
- Right to withdraw consent.
- Right to lodge a complaint with the Spanish Data Protection Agency.
The User may exercise the aforementioned rights at the postal or electronic address of the Controller, proving their identity with a scanned copy of their DNI or equivalent document, and specifying the right they wish to exercise.
Data Source
Personal data must be provided voluntarily by the interested party. The lack of some data or failure to answer questions that may be posed to the interested party during registration processes or through electronic forms may result in the impossibility of accessing certain services for which these personal data are essential. In such cases, the Data Controller must inform about the mandatory or necessary nature of providing personal data for the operation of the service.
The Controller ensures the confidentiality of your personal data and guarantees their security, adopting the necessary measures to prevent their alteration, loss, unauthorized processing, or access.
Information Provided by the Interested Party
Minors under 18 years old cannot provide their personal data without the prior consent of their parents and/or legal guardians.
The interested party, by entering their data in the contact forms or forms provided for downloads, expressly and freely accepts that their data are necessary for the Controller to handle their request, and the inclusion of data in the remaining fields is voluntary.
The interested party guarantees that the personal data provided to the provider are truthful and is responsible for communicating any changes to them.
All data requested through the website are necessary for the provision of an optimal service to the interested party. If not all data are provided, it is not guaranteed that the information and services provided by the Controller will fully meet their needs.
Security Measures
In accordance with current regulations on personal data protection, the Controller is complying with all provisions of the GDPR and LOPDGDD for the processing of personal data under its responsibility, and explicitly with the principles described in Article 5 of the GDPR and Article 4 of the LOPDGDD, whereby data are processed lawfully, fairly, and transparently in relation to the data subject and are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
The Controller guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and LOPDGDD in order to protect the rights and freedoms of the data subject and has provided them with the appropriate information to enable them to exercise their rights.
Security Breaches
The Controller will inform about any security breach affecting the database used by this website, or affecting any of our third-party services, to all individuals whose data may have been affected, and to the authorities, within 72 hours of detecting the breach.
Applicable Law and Jurisdiction
The right to take civil or criminal action as deemed necessary for the misuse of the website and content is reserved.