Data Protection Policy
Data Protection Policy
Foro Cuenca SL (CIF: B16177271), owner of the website forumacademy.com, We are committed to protecting and respecting your privacy in accordance with the provisions of Regulation (EU) 2016/679 (GDPR) and current Spanish data protection legislation.
Protection of personal data
The person responsible for the processing of your personal data is:
- Foro Cuenca, S. L.
- B16177271
- Calle Parque del Huécar 2, Bajo. 16001 Cuenca
- 969233662 - [email protected]
Data Protection Officer (DPO)
- Manuel del Palacio Anuarbe.
- [email protected]
Purposes
As stated in each record of processing activities attached hereto, the purposes of the processing, among others, are as follows:
- Customer relationship management.
- Relationship management with those interested in the company's activity. Relationship management with job candidates.
- Supplier relationship management.
- The management of the employment relationship with employees.
- Etc.
Legitimation
As provided for in Article 61. RGPD, and is defined in each register:
- Consent of the data subject
- Execution of a contract
- Fulfilling a legal obligation
- Vital interest
- Public interest
- Legitimate interest pursued by the controller
Data retention period
The personal data of data subjects will be kept for the time necessary to fulfil the purposes referred to above, and for as long as there is no revocation or withdrawal of the data subjects' consent to the processing of their data. Likewise, a blocked copy will be kept for as long as there are legal obligations regarding the prescription of responsibilities.
Rights of data subjects
The data subject may exercise his or her right to:
- Access
- Correction
- Deletion or oblivion
- Opposition
- Portability
- Treatment limitation
- Opposition to profiling or automated processing
Source
The personal data originate from:
- The person concerned.
- In the case of minors, personal data is provided by parents or legal guardians.
- Publicly accessible sources
Transfer of data
Transfers of data are envisaged to:
- Organisations, Public Administration entities.
- Insurance companies.
- Financial and banking institutions.
All of them are defined in each of the registers.
Transfers of data to third countries
In situations where transfers are necessary for the organisation of international competitions, they may take place for the performance of a contract (Art. 49.1. b. GDPR) or for important reasons of public interest (Art. 49.1. d. GDPR). Specific transfers, if applicable, will be specified in each record of processing activities.
Security measures
The security measures implemented correspond to those provided for in the RGPD (EU) 2016/679 and are described in the documents that make up the federation's Data Protection and Information Security Policy.
Additional information
For more information, please visit our website www.forocuenca.com.
Prepared by: Persevera, SLU. www.perseveragrupo.com.
Register of processing activities
| Identification of the treatment | Clients |
|---|---|
| Purpose/purposes | Customer relationship management. |
| Legitimation of the processing | Based on standing by contractual relationship |
| Stakeholder categories | A person who buys or uses the services of a professional or company. |
| Categories of personal data | Those necessary for the maintenance of the professional relationship. Identification data: name, NIF, postal address, telephone numbers, e-mail address. Bank details: for the direct debit of payments. |
| Retention/suppression period | They will be kept for as long as the purpose for which they are processed remains valid. A blocked copy will also be kept for as long as there are legal (tax) obligations with regard to the statute of limitations. |
| Recipients of communications | State Tax Administration Agency. Banks and financial institutions. |
| Transfers to third countries | No transfers to third countries are envisaged. |
| Security measures | The security measures implemented correspond to those reflected in the Register of Processing Activities document in the corresponding section. |
| Identification of the treatment | Contacts |
|---|---|
| Purpose/purposes | Management of the relationship with those interested in the controller's activity, for whatever reason. |
| Legitimation of the processing | Consent of the data subject |
| Stakeholder categories | Contacts: persons with whom an information relationship is maintained. |
| Categories of personal data | Those necessary for the maintenance of the informative relationship. To inform, send advertising by post or e-mail, informative actions, send newsletters, manage invitations, etc. Identification: name and surname, postal address, telephone numbers, e-mail address. |
| Retention/suppression period | They will be kept for as long as the purpose for which they are processed remains valid. A blocked copy will also be kept for as long as there are legal obligations regarding the prescription of responsibilities. |
| Recipients of communications | Marketing agencies. Communication agencies. Printing companies. |
| Transfers to third countries | No transfers to third countries are envisaged. |
| Security measures | The security measures implemented correspond to those reflected in the Register of Processing Activities document in the corresponding section. |
| Identification of the treatment | Suppliers |
|---|---|
| Purpose/purposes | Supplier relationship management. |
| Legitimation of the processing | Legitimate interest pursued by the controller |
| Stakeholder categories | Suppliers: Companies or Persons with whom a commercial relationship is maintained as suppliers of products and/or services. |
| Categories of personal data | Those necessary for the maintenance of the professional relationship. Identification data: name, NIF, postal address, telephone numbers, e-mail address. Bank details: for the direct debit of payments. |
| Retention/suppression period | They will be kept for as long as the purpose for which they are processed remains in force. A blocked copy will also be kept for as long as there are legal obligations (fiscal and labour) regarding the prescription of responsibilities. |
| Recipients of communications | State Tax Administration Agency. National Social Security Institute. Banks and financial institutions. |
| Transfers to third countries | No transfers to third countries are envisaged. |
| Security measures | The security measures implemented correspond to those reflected in the Register of Processing Activities document in the corresponding section. |
| Identification of the treatment | Workers |
|---|---|
| Purpose/purposes | Management of the employment relationship with employees. |
| Legitimation of the processing | Compliance with contractual and legal obligations. |
| Stakeholder categories | Employees: Persons working for the controller. |
| Categories of personal data | Those necessary for the maintenance of the employment relationship, payroll management, training. Identification: name, surname, Social Security number, postal address, telephone numbers, e-mail address. Personal characteristics: marital status, date and place of birth, age, sex, nationality and percentage of disability. Academic data. Professional data. Bank details, for direct debit of salary payments. |
| Retention/suppression period | They will be kept for as long as the purpose for which they are processed remains in force. A blocked copy will also be kept for as long as there are legal obligations (fiscal and labour) regarding the prescription of responsibilities. |
| Recipients of communications | State Tax Administration Agency. National Social Security Institute. Banks and financial institutions. |
| Transfers to third countries | No transfers to third countries are envisaged. |
| Security measures | The security measures implemented correspond to those reflected in the Register of Processing Activities document in the corresponding section. |