1. Data Controller
MUNDUKIDE Fundazioa (hereinafter MUNDUKIDE), entered in the Registry of Basque Foundations under number F-83, with registered address at Zarugalde 30, Arraste-Mondragón, guarantees the protection of the personal data provided voluntarily by the user when communicating with MUNDUKIDE, filling in data collection forms, entering into a contractual relation-ship or using any other service involving the communication of data or access to data.
MUNDUKIDE processes personal data pursuant to the EU General Data Protection Regulation 679/2016 of 27 April 2016 (GDPR) and with Organic Law 3/2018 of December 5 on Data Protection and Guarantee of Digital Rights (LOPDGDD), and in compliance with current legislation on data protection.
MUNDUKIDE makes this policy public to guarantee total compliance with the principle of pro-active responsibility and transparency of information, and to demonstrate that the data subject’s unequivocal consent has been obtained through this policy.
2. Purpose of processing
The personal data collected and processed by MUNDUKIDE, through its website, contracts, conferences, newsletters, solidarity events, or other means, shall be adequate, relevant and limited to those necessary in relation to the purposes for which they are processed.
The purposes, by way of example, but not exhaustive, are to attend to the specific request, such as answering queries, subscribing and sending newsletters, commercial contact, donations, event registration, sending documentation and information related to MUNDUKIDE’s activity and, in general, commercial and/or advertising communications.
The purpose of collecting or processing personal data is also to establish and maintain relationships, in compliance with the nature and characteristics of the relationship, be it partners, collaborators, volunteers, associates, users, etc.
In the case of training, the purpose is to manage any training activity, as well as registration, assistance and subsequent information, follow-up, etc.
In all cases, personal data shall be retained in a form in which the data subjects can be identified only for as long as is necessary for the purposes of the processing.
Such retention periods may be extended only for scientific or historical research or statistical purposes.
The legal ground or legitimacy for data processing on the part of MUNDUKIDE depends on the processing activity, type of per-sonal data subject and the purpose of data processing; therefore, our legal ground is based on:
- Acceptance or consent: Data subjects who contact MUNDUKIDE to request information, make a query, become a member, subscribe information and newsletters, training, etc., and who voluntarily pro-vide the personal data requested.
- contract: Workers, Volunteers or Users who access the services of MUNDUKIDE provide their con-sent by entering into a contract.
- Overriding legitimate interest of the data controller or third parties to whom the data is communicated: Such legitimate interest arises when contact data are collected which extend beyond the forms de-scribed in the section on the purpose of processing (for example: receipt of business cards, e-mail enquiries, etc.).
In all instances, the data subject shall be responsible for the veracity of the data provided. MUNDUKIDE reserves the right to exclude any false or illicit data, without prejudice to any other actions that may arise in law.
MUNDUKIDE advises that, unless there is legally constituted representation, no data subject may use the identity of another person or communicate their personal data and must bear in mind at all times that the personal data they provide to MUNDUKIDE shall be their own and be adequate, pertinent, current, accurate and true.
To this effect, the data subject shall be solely liable for any direct or indirect damage caused to third parties or MUNDUKIDE by using the personal data of another person, or their own personal data when it is false, erroneous, out of date, inadequate or inappropriate. Likewise, those who communicates the personal data of a third party shall be answerable to the latter for the reporting obligation laid down in the regulations in force, for cases where the personal data has not been collected from the data subject, and/or shall be liable for the consequences of not having provided the information.
4. Release or Transfer
Transfers: MUNDUKIDE shall release personal data to third parties solely to meet its contractual or legal obligations to service providers or public or private bodies.
In such cases, the data subject consents to such release and may exercise the right to be in-formed thereof.
International transfer: MUNDUKIDE states that in the execution of its activity it uses the services of suppliers to whom it communicates data (as data processors) domiciled outside the European Economic Area, carrying out an international transfer of data.
5. 5. User rights and complaints procedure
Users may at all times exercise their recognised rights over their personal data and may revoke their consent to the aforementioned uses by writing to MUNDUKIDE with the request or right they are exercising, either by post or email email@example.com. A photocopy of the user’s national identity card or similar ID shall be included in order to exercise their recognised rights, which are as follows:
- Right to access. Request if MUNDUKIDE is processing your data.
- Right to rectification. Request modification of the data if they are incorrect.
- Right to erasure. Request the deletion of data in legally established cases.
- Right to object. Stop processing personal data unless there are compelling legitimate grounds.
- Right to restriction of processing. Data will be retained only for the exercise or defence of legal claims.
For more information on the exercise of these rights, please consult the Spanish Data Protec-tion Agency.
If you consider that the processing of your personal data is in violation of the rules, you may lodge a complaint:
- with the data controllers at MUNDUKIDE; or
- with the Agencia Española de Protección de Datos (Spanish Data Protection Agency) at: C/ Jorge Juan, 6, C.P. 28001, Madrid (España).
6. Data source
The data processed by MUNDUKIDE are the personal data obtained, in general, from the data subjects themselves via the relevant questionnaire.
In the case of personal data not obtained directly from the data subject, MUNDUKIDE will in-form the subject in accordance with the GDPR, basically the source and category of the data.
7. Security Measures
The personal data which have been supplied by or obtained from users and which are under the control of MUNDUKIDE are stored in files, automated or not. MUNDUKIDE keeps a record of processing activities in accordance with current legislation.
In all of its data processing activities, MUNDUKIDE implements the appropriate technical and organisational measures to ensure the confidentiality, integrity, availability, and resilience of the data processed and to ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or accidental damage.