Introduction
This Privacy Policy has been developed taking into account the provisions of the Organic Law on the Protection of Personal Data in force, as well as Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter the GDPR.
The purpose of this Privacy Policy is to inform the owners of the personal data, regarding which information is being collected, the specific aspects related to the processing of their data, among other things, the purposes of the processing, the contact information to be informed of their rights, the terms of conservation of the information and the security measures among other things.
Data Controller
In terms of data protection, the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA must be considered Data Controller, in relation to the files/processings identified in this policy, specifically in the Data Processing section.
The identification data of the owner of this website are indicated below:
Data Controller: FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA
Postal address: Calle Aravaca 12, 1º B 28040, (Madrid).
Email address: administracionsehh@sehh.es
Data processing
The personal data requested, where appropriate, will consist only of those strictly essential to identify and attend to the request made by the owner thereof, hereinafter the subject. Said information will be treated in a fair, lawful and transparent manner in relation to the subject. On the other hand, personal data will be collected for certain explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes.
The data collected from each subject will be adequate, pertinent and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.
The owner of the data will be informed, prior to the collection of their data, of the general matters regulated in this policy so that they can give express, precise and unequivocal consent for the processing of their data, in accordance with the following aspects.
Processing purposes.
The explicit purposes for which each of the processing are carried out are included in the informative clauses incorporated in each of the data collection channels (web forms, paper forms, locutions or posters and informative notes).
However, the personal data of the subject will be processed with the sole purpose of providing an effective response and meeting the requests made by the user, specified together with the option, service, form or data collection system that the owner uses.
Authentication
As a general rule, prior to the processing of personal data, the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA obtains the express and unequivocal consent of the owner thereof, through the incorporation of informed consent clauses in the different information collection systems.
However, in the event that the consent of the subject is not required, the authentication basis of the processing in which the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA relies is the existence of a specific law or regulation that authorizes or requires the processing of the data of the interested.
Recipients
As a general rule, the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA does not transfer or communicate data to third parties, except as required by law, however, if necessary, said data transfers or communications are reported to the subject through the informed consent clauses contained in the different ways of collecting personal data.
Origin
As a general rule, personal data is always collected directly from the subject, however, in certain exceptions, the data may be collected through third parties, entities or services other than the subject. In this sense, this matter will be communicated to the subject through the informed consent clauses contained in the different ways of collecting information and within a reasonable period, once the data has been obtained, and at the latest within a month.
Conservation terms
The information collected from the subject will be kept as long as it is necessary to fulfill the purpose for which the personal data was collected, so that, once the purpose has been fulfilled, the data will be canceled. This cancellation will give rise to the blocking of the data, being kept only at the disposal of the public authorities, Judges and Courts, to attend the possible responsibilities arising from the processing, during the limitation period of these, once the aforementioned period has expired, the information will be destroyed.
For information purposes, below are the legal terms of conservation of information in relation to different matters:
| DOCUMENT | TERM | LEGAL REFERENCE |
| Documentation of labor nature or related to social security | 4 years | Article 21 of Royal Legislative Decree 5/2000, of 4th August approving the revised text of the Law on Offenses and Sanctions in the Social Order |
| Accounting and tax documentation for commercial purposes | 6 years | Art. 30 of the Code of Commerce |
| Accounting and tax documentation for tax purposes | 4 years | Articles 66 to 70 General Tax Law |
| Building access control | 1 month | Instruction 1/1996 of the Spanish Agency for Data Protection (AEPD, according to the Spanish acronym) |
| Video surveillance | 1 month | Instruction 1/2006 of the Spanish Agency for Data Protection Organic Law 4/1997 |
Navigation data
In relation to the navigation data that can be processed through the website, in the event that data subject to regulations are collected, it is recommended to consult the Cookies Policy published on our website.
Rights of the subjects
The regulations on data protection grant a series of rights to the subjects or holders of the data, visitors to the website or users of the profiles of the social networks of FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA.
These rights of the interested persons are the following:
- Right to access: right to obtain information on whether your own data is being processed, the purpose of the processing being carried out, the categories of data in question, the recipients or categories of recipients, the retention period and the origin of said data.
- Right to rectification: right to obtain the rectification of inaccurate or incomplete personal data.
- Right to deletion: right to obtain the deletion of the data in the following cases:
o When the data is no longer necessary for the purpose for which it was collected
o When the owner of the same withdraws the consent
o When the subject opposes the processing
o When they must be deleted in compliance with a legal obligation
o When the data has been obtained by virtue of an information society service based on the provisions of article 8 paragraph 1 of the European Regulation on Data Protection. - Right to opposition: right to oppose a certain processing based on the consent of the subject.
- Right to limitation: right to obtain the limitation of data processing when any of the following cases occur:
o When the subject contests the accuracy of the personal data, for a period that allows the company to verify the accuracy of the same.
o When the processing is illegal and the subject opposes the deletion of the data.
o When the company no longer needs the data for the purposes for which they were collected, but the subject needs them for the formulation, exercise or defense of claims.
o When the subject has opposed the processing while verifying whether the legitimate reasons of the company prevail over those of the subject. - Right to portability: right to obtain the data in a structured, commonly used and machine-readable format, and to transmit it to another data controller when: whether the processing is based on consent or the processing is carried out by automated means
- Right to file a claim with the competent control authority
Data subjects may exercise the indicated rights by contacting the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA, in writing, sent to the following address: Calle Aravaca 12, 1º B 28040, (Madrid) indicating in the Subject line the right you wish to exercise.
In this sense, the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA will attend your request as soon as possible and taking into account the terms established in the regulations on data protection.
Security
The security measures adopted by the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA are those required, in accordance with the provisions of article 32 of the GDPR. In this sense, the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA, taking into account the state of the technique, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks of variable probability and severity for rights and freedoms of individuals, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.
In any case, the FUNDACION ESPAÑOLA DE HEMATOLOGÍA Y HEMOTERAPIA has sufficient mechanisms in place to:
a) Guarantee the confidentiality, integrity, availability and permanent resilience of processing systems and services.
b) Restore the availability and access to personal data quickly, in the event of a physical or technical incident.
c) Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the processing.
d) Pseudonymize and encrypt personal data, where appropriate
