Data protection policy
Register of processing operations
Exercise your rights

Data protection policy

 

Regulation 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and Spain’s Framework Act 3/2018, of 5 December 2018, on personal data protection and guaranteeing digital rights (LOPD).

Both the privacy of data and the confidentiality of information are important factors for the Fundació Julio Muñoz Ramonet (hereinafter FJMR). Therefore, as established in the GDPR and the LOPD, users are hereby informed of its policy regarding the processing and protection of their personal data.

This data protection policy may change over time due to changes to legislation, case law or the criteria followed by the Catalan Data Protection Authority and/or the competent authority at any given time. For this reason, the organisation reserves the right to amend this policy to adapt it to changes in the legislation or case law in force when the website is accessed.

Date of last update: 25/04/2023

 

Who is the data controller responsible for processing your data?

Your personal data are processed by FJMR, with Tax ID code G61645149 and headquarters at Plaça de Sant Jaume, s/n, 08002 in Barcelona (email address: fundaciojmr@bcn.cat).

 

How have we obtained your data?

We have obtained your personal data through your past or current relationship with FJMR: as a recipient of our services, a participant in our activities, a subscriber to our newsletters or a third party that maintains a commercial or collaborative relationship with the organisation.

 

For what purpose do we process your data? What is the lawful basis for processing them? To whom do we disclose them and for how long do we store them?

FJMR will process your data for the following purposes:

1. To send you our newsletter, if you have subscribed to it. In this case, the lawful basis for processing is your consent.

2. To maintain the agreed-upon professional relationship. In this case, the lawful basis for processing is the adoption of pre-contractual measures and/or the established contractual relationship.

3. To manage the CCTV and control the entrances to the garden, the building and FJMR’s facilities. In this case, the lawful basis is the legal obligation established to guarantee the safety of facilities, assets and people.

 

To who do we communicate your data?

Unless legally required, your personal data will not be disclosed to any third parties.
No international transfer of data is anticipated.

 

For how long do we store the data?

Your data will be deleted once the service requested has been completed or your subscription to the newsletter has ended. However, FJMR will keep some data in compliance with the Transparency Law and to deal with potential complaints stemming from the service.

The regulations that govern foundations specify that some accounting data shall be kept for ten years (Law 10/2010, of 28 April 2010, on the prevention of money laundering and the funding of terrorism).

In the case of data obtained through CCTV and entrance control, the data and images will be deleted within a month.

 

Information on data quality:

Your data will be processed in a lawful, faithful and transparent fashion.

Your data will be gathered for specified, explicit, legitimate purposes, as outlined in this policy, and they will not be processed subsequently in any manner incompatible with these purposes.

The data we process are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

We will ensure that the data are accurate and kept up to date at all times. If any change or modification to your personal data occurs, please notify us so that we may comply with the principle of accuracy (accurate, up-to-date data).

 

What are your data protection rights and how can you exercise them?

Everyone has the right to obtain information on their data being processed by an organisation. Your rights are as follows:

  • Right of access, rectification and erasure: you have the right to access your personal data and to request a rectification of any inaccurate data or, if necessary, to ask that they be erased when they are no longer needed for the purposes for which they were gathered, among other reasons.
  • Right to restriction of processing: in certain circumstances, you have the right to restrict our processing of your data. In this case, they will only be kept for the exercise or defence of legal claims.
  • Right to object: in certain circumstances, and for reasons relating to your particular situation, you may object to the processing of your data. The organisation will stop processing them, except when there are compelling legitimate grounds to do so or for the exercise or defence of legal claims.
  • Right to data portability: you have the right to receive the personal data concerning you that you have provided in a structured, commonly used and machine-readable format, when: a) the processing is based on consent or a contract, and b) the processing is effected via automated means.

To exercise these rights, please send an email to fundaciojmr@bcn.cat.

In your request, please provide the following information:
1. Your full name.
2. Your ID number.
3. Your contact address.
4. The right you wish to exercise.
5. The specific data to which your request applies, with reference to the specific file and the processing, where possible.

Your request shall be resolved within a maximum of one month via the same means you used initially.

Though we believe that any issue relating to your privacy will be resolved through this channel, if you deem it necessary, you may submit a claim to the supervisory authority through the Catalan Data Protection Authority website http://apdcat.gencat.cat/ca/drets_i_obligacions/reclamar_i_denunciar.

For more information, please consult the Barcelona City Council e-office: https://seuelectronica.ajuntament.barcelona.cat/ca/proteccio-de-dades.

Processing security

Taking into account the current state of technology, the application costs and the nature, scope, context and purposes of the processing, along with the risks of varying likelihood and seriousness concerning the rights and freedoms of natural persons, the organisation applies appropriate technical and organisational measures to ensure a suitable level of security in regard to the risk, which prevent the accidental or illicit destruction, loss or alteration of the personal data that is transmitted, stored or processed in another way, as well as the unauthorised disclosure of or access to those data.