Privacy policy

1.- RIGHT TO INFORMATION

In accordance with the provisions of Article 11 of Organic Law 3/2018, of December 5, on Personal Data Protection and the Guarantee of Digital Rights (hereinafter, LOPDGDD) and Article 13 of the General Data Protection Regulation 2016/679 (GDPR), this describes how personal data is processed by the FUNDACIÓN LUCHA CONTRA LAS INFECCIONES (“FLI Foundation”).

1.2.- Definitions

The following definitions apply:

1. Personal data: any information about an identified or identifiable natural person (the data subject). A natural person is considered identifiable if their identity can be determined, directly or indirectly, through an identifier such as a name, identification number, location data, online identifier, or one or more elements of their physical, physiological, genetic, mental, economic, cultural, or social identity.

2. Processing: any operation or set of operations performed on personal data or personal data sets, whether by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, communication by transmission, dissemination, or any other form of access enabling, comparison, or interconnection, restriction, erasure, or destruction.

3. Profile creation: any form of automated processing of personal data consisting of using such data to evaluate personal aspects of a natural person; in particular, to analyze or predict aspects related to professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that person.

4. Pseudonymization: processing of personal data in such a way that it can no longer be attributed to a data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that the personal data is not associated with an identified or identifiable natural person.

5. File: a structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or distributed functionally or geographically.

6. Data controller or controller: the natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

7. Data processor or processor: the natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller.

8. Recipient: the person to whom personal data is communicated, whether a third party or not. However, public authorities that may receive personal data in the context of a specific investigation are not considered recipients.

9. Third party: a natural or legal person, public authority, service, or body other than the data subject, the data controller, the data processor, and the persons authorized to process the personal data under the direct authority of the controller or the processor.

10. Consent of the data subject: any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they, by a statement or a clear affirmative action, agree to the processing of personal data concerning them.

11. Supervisory authority: the independent public authority established by a member state in accordance with Article 51 of the GDPR.

12. Cross-border processing:

  • a) The processing of personal data carried out in the context of the activities of establishments in more than one member state by a controller or processor in the European Union, if the controller or processor is established in more than one member state, or
  • b) The processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which affects or may affect substantially data subjects in more than one member state.

1.3.- Who decides how the data will be used and what means will be used for processing?

The data controller is FLI (Fundación Lucha contra las Infecciones).

  • Tax ID: G60182821
  • Address: Badalona (08916 ), Ctra. de Canyet s/n – Hosp. Univ. Germans Trias i Pujol, 2a planta Maternal
  • Phone: 934.657.897
  • Email: info@lluita.org

1.4.- Who supervises the correct application of the rules governing data processing at FLI?

The Data Protection Officer (DPO) is CIPDI Tratamiento de la Información SL, located at Mataró, c/Sant Agustí n. 1, 1º 1ª, mdpd@cipdi.com.

1.5.- What are the purposes of processing your data, the legal basis for such processing, and how long will we retain the data?

Purpose Legal Basis Retention
Provision of the services you request Contractual relationship 10 years
Sending information about activities by email or postal mail Contractual relationship and consent Until consent is withdrawn
Request for information Consent 1 year
Management of labor personnel Contractual relationship and legal obligation 5 years
Management of suppliers Contractual relationship and legal obligation 5 years
Attending to legal and contractual obligations Contractual relationship and legal obligation 5 years
Management of images Consent and Article 8 LO 1/1982 Until consent is withdrawn

1.6.- Do we process your images?

The data controller documents public events organized through photographs and videos for the purpose of disseminating them on its website or other public information platforms, such as: the website itself, social media profiles managed by the controller, and press publications. For more information, you can visit the data controller’s website or contact their DPO.

1.7.- Who will have access to and know the content of your data?

To fulfill the above purposes, personal data may be accessed by the following people and entities. Access will be limited to the data necessary to carry out the functions of the data controller. Confidentiality agreements and/or specific agreements have been signed with all entities and persons involved, which regulate access to the information, security measures, and the use of the data. The following may access your data:

  • Staff duly authorized by the data controller.
  • Providers necessary to fulfill the requested services or comply with legal and contractual obligations.
  • Public authorities within their competencies.
  • Social networks, if prior consent has been given for the dissemination of personal data.

You can obtain further details by contacting the Data Protection Officer.

1.8.- Do we carry out cross-border data processing?

The data controller uses the following programs, which may involve transferring data outside the Schengen Area:

  1. Microsoft. For more information, click here: https://privacy.microsoft.com/es-es/privacystatement
  2. Google Workspace. For more information, click here: https://policies.google.com/privacy?hl=es
  3. Mailchimp. For more information, click here: https://www.intuit.com/privacy/statement/
  4. ActiveCampaign. For more information, click here: https://www.activecampaign.com/legal/privacy-policy
  5. Stripe. For more information, click here: https://stripe.com/es/privacy
  6. Social media platforms listed on our website.

In these cases, data transfers are made to countries considered adequate, as they have an adequacy decision from the European Commission, or in accordance with the guarantees required by the GDPR, such as using standard data protection clauses approved by the European Commission.

All information regarding user rights for digital processing can be found in the legal notices of the websites containing the programs and applications. As access is freely available, we assume that all content of the notices has been reproduced. Due to the length of the published policies, you may request a copy from the data controller or the Data Protection Officer at the addresses listed in section 1.3 of this document.

1.9.- What rights do data subjects have?

Right of access: Regulated under Article 15 of GDPR 2016/679. It consists of requesting from the data controller, free of charge, all information about the personal data and communications made or planned.

Right of rectification: Regulated under Article 16 of GDPR. It consists of requesting the data controller to change the content of the information about the person and their data following the instructions of the data subject.

Right of erasure: Regulated under Article 17 of GDPR 2016/679. It consists of requesting the data controller to delete any information about the data subject. Erasure involves blocking all data and keeping them available to public authorities for the period required by law.

Right to restrict processing: Regulated under Article 18 of GDPR 2016/679. It consists of requesting the data controller to limit the processing of their data under certain conditions:

  1. i) the data is inaccurate;
  2. ii) the processing is unlawful;
  3. iii) the data controller no longer needs the data;
  4. iv) the reasons for stopping processing, as argued by the data subject, outweigh those of the controller.

Right to data portability: Regulated under Article 20 of GDPR 2016/679. It consists of requesting the data controller to provide the personal data in a structured, commonly used, and machine-readable format for transmission to another controller when the processing is based on consent and carried out by automated means.

Right to object: Regulated under Article 21 of GDPR 2016/679. It consists of requesting the data controller to process data according to specific instructions from the data subject.

Right to withdraw consent: Regulated under Article 13.2.c) of GDPR 2016/679. It is a request from the data subject to the controller to withdraw consent for processing their data.

Rights not to be subject to automated decisions: It is a request to ensure that legal decisions are not made solely by machines.

To exercise the above rights, you can contact the data controller in writing or send an email to mdpd@cipdi.com with the subject “DATA PROTECTION” and attaching a photocopy of your ID, NIE, or passport.

1.10.- How can a complaint be made?

You can contact the internal compliance officer by sending an email to dpo@scienhub.org

If you believe your rights have been violated, the competent authority to oversee the correct application of the information processing rules is the Spanish Data Protection Agency, located at Calle Jorge Juan No. 6, Madrid.

1.11.- What obligations do I have as a data subject?

The data subject must provide truthful and up-to-date information in all data collection processes, taking responsibility in case of violation of this obligation.

Depending on the request made by the data subject, mandatory data is already marked in the collection forms. If mandatory data is not provided, the right to participate in the activity may be hindered or the requested service may not be provided.

1.12.- Can the data controller create profiles?

To provide more personalized, careful, and effective attention to the user, sometimes it is necessary to create profiles of the service recipients. Profiles are not created without the direct intervention of a natural person.

2.- USER CONSENT

It is understood that the user accepts the proposed conditions if they click the ‘ACCEPT’ button found in the data collection forms or send an email to the contact addresses listed on the website.
Personal data is stored in the general administration database of the data controller, who guarantees the technical and organizational measures to preserve the integrity and security of the data being processed.

3.- SECURITY

The general database is equipped with the necessary security document and has all the technical means available to prevent the loss, misuse, alteration, unauthorized access, or theft of your data. The processing of personal data complies with Organic Law 3/2018 on data protection and the guarantee of digital rights and Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016.

4.- USE OF IP ADDRESSES

To assist with searching for resources that we believe may be of interest to you, you may find links to other pages on this website.
This privacy policy applies only to this website. The data controller does not guarantee compliance with these rules on other websites nor is it responsible for access through links from this site.