1. Who is responsible for processing your personal data?
Your personal data will be processed, on a joint-responsibility basis, by the following entities (hereinafter, the “DATA CONTROLLERS”):
- ELHUYAR FUNDAZIOA, an entity with registered office in Usurbil (Gipuzkoa), Zelai Haundi, 3, Polígono industrial Osinalde, with N.I.F. Number G-20780896 and listed in the Register of Foundations of the Basque Country under number F134.
- FUNDACIÓN DONOSTIA INTERNATIONAL PHYSICS CENTER (DIPC), an entity with registered office in Donostia-San Sebastián (Gipuzkoa), Paseo Manuel de Lardizabal, 4, with N.I.F. Number G-20662292 and listed in the Register of Foundations of the Basque Country under number F-72.
2. How have we obtained your data?
The data we process at the ENTITY have been obtained from you through (i) the different forms that you fill in whilst browsing the WEBSITE or through other channels (e.g. forms for registering for the ONZIENTZIA Programme, etc.; (ii) by sending an email enquiry.
Additionally, we inform you of the possible processing of your social network data through the corporate profiles of the DATA CONTROLLERS on each social network in which they are present, under the terms and conditions established in each social network.
3. What type of data do we process?
The data processed by us are those provided by you whilst browsing the WEBSITE, through the relevant forms that we use to enter into contact with you, or through email, as well as other data which, if applicable, we obtain through the DATA CONTROLLERS corporate profiles on the social networks in which we are present.
The DATA CONTROLLERS process the following type of data in particular:
- Identification and contact details (e.g. name, surname, ID number, postal and email address, telephone number, etc.).
- Bank and financial transaction data (prize management).
- Internet browsing data (e.g. IP address, visits to web pages, connections to Wi-Fi networks, etc.)
- Images captured in relation to the ONZIENTZIA competition and events or activities organised in your office.
4. Why do we process your data and on what legitimate grounds?
We process your personal data for the following purposes:
- To manage your access and use of the contents and services made available to you by the ENTITIES through the WEBSITE, including blog services, social networks and any other features that are accessible via the WEBSITE at any given time, all on the basis of the contractual relationship between the parties.
- To process and manage any requests for information, suggestions, complaints or claims that you make via the WEBSITE or email address, and on the basis of your request for the adoption of pre-contractual measures.
- To process and manage your participation in the ONZIENTZIA competition and, if applicable, to manage the delivery of prizes, all on the basis of the contractual relationship between the parties.
- In cases where you have given your consent, and on the basis of this consent, to manage and publicise the ONZIENTZIA competition and the activities related to it.
Where the processing of your data is based on your consent, you may at any time revoke it freely, and free of charge, under the terms indicated in Section 7 below.
5. To whom do we disclose your data?
We inform you that your personal data may only be communicated to the Public Bodies and Administrations to which, where appropriate, the DATA CONTROLLERS are legally obliged to communicate your data.
No international transfer of your data is envisaged.
6. How long do we keep your data?
In general, personal data will be kept for as long as they continue to be necessary for the purpose for which they were collected, for as long as you do not revoke your consent to their processing or request their deletion, as well as for the additional time necessary for the DATA CONTROLLERS to comply with the legal obligations that they must observe.
In any case, we inform you that the DATA CONTROLLERS have established internal data cleansing policies aimed at controlling the retention periods of the personal data in their possession, so that these may be deleted when no longer necessary or suitable for the purpose for which they were obtained.
7. What are your rights?
The applicable regulations on data protection grant you a series of rights related to your personal data that you may exercise during their processing thereof.
The applicable data protection legislation grants you a number of rights related to your personal data that you may exercise during the processing thereof. These rights are as follows:
- To access your data: you have the right to access your data to know what personal data we are processing.
- To request the rectification or erasure of your data: in certain circumstances, you have the right to request rectification of any inaccurate personal data being processed by us, or even to request that we delete them when, among other reasons, said data are no longer required for the purposes they were obtained for.
- To request the limitation of the processing of your data: in certain circumstances you have the right to ask us to limit the processing of your data, in which case we inform you that we will only keep your data for the exercise or defence of claims as established in the applicable regulations on data protection.
- To data portability: in certain circumstances you have the right to receive the personal data concerning you and that you have provided to us, in a structured, commonly used and machine-readable format, and to transfer them to another data controller.
- To object to the processing of your personal data: in certain circumstances, and for reasons related to your personal situation, you have the right to object to the processing of your data, in which case we will no longer process them unless, for compelling legitimate reasons or for the exercise or defence of any claims, the data must be retained.
You also have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
You may exercise these rights by writing to each of the DATA CONTROLLERS at the postal addresses indicated in Section Error! Reference source not found. or by sending an email to email@example.com.
Finally, you may file a complaint before the relevant supervisory authority (in this case, the Spanish Data Protection Agency), especially if you have not obtained satisfaction in exercising your rights. You can contact said Authority through its website: www.aepd.es.
8. Security Measures
The DATA CONTROLLERS will treat your data with strict confidentiality at all times and shall abide by the mandatory duty of secrecy regarding said data, in accordance with the applicable legal provisions on data protection, adopting for said purpose the necessary technical and organisational measures to ensure the security of your data and to prevent their alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the stored data and the risks to which they are exposed.
9. Cookies policy
Additionally, we remind you that a Cookies Policy is available on the WEBSITE and can be accessed here.