DATA CONTROLLER
The Data Controller is ASSOCIACIÓ MERAKI PROJECTES DE VALÈNCIA, C/ Pintor Rafael Solbes, 1-8, 46017, Valencia (VALENCIA).

PRIVACY PRINCIPLES
At ASSOCIACIÓ MERAKI PROJECTES DE VALÈNCIA, we are committed to working continuously to guarantee the privacy of your personal data and to provide you with the most complete and clear information possible at all times. We encourage you to read this section carefully before providing us with your personal data.

If you are under fourteen years of age, please do not provide us with your data without your parents’ consent.

In this section, we inform you about how we process the data of people who have a relationship with our organisation. Starting with our principles:
– We do not request personal information unless it is necessary to provide you with the services you require.
– We never share personal information with anyone, except to comply with the law or with your express authorisation.
– We will never use your personal data for purposes other than those stated in this privacy policy.
– Your data will always be treated with a level of protection appropriate to data protection legislation, and we will not subject it to automated decisions.

We have drafted this privacy policy taking into account the requirements of current data protection legislation:
– Regulation (EU) 2016/679 of the European Parliament

DATA CONTROLLER
The Data Controller is ASSOCIACIÓ MERAKI PROJECTES DE VALÈNCIA, C/ Pintor Rafael Solbes, 1-8, 46017, Valencia (VALENCIA).

PRIVACY PRINCIPLES
At ASSOCIACIÓ MERAKI PROJECTES DE VALÈNCIA, we are committed to working continuously to guarantee the privacy of your personal data and to provide you with the most complete and clear information possible at all times. We encourage you to read this section carefully before providing us with your personal data.

If you are under fourteen years of age, please do not provide us with your data without your parents’ consent.

In this section, we inform you about how we process the data of

We have drafted this privacy policy taking into account the requirements of current data protection legislation:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on
the protection of natural persons (GDPR).
– Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee
of digital rights (LOPD).
– Royal Decree 1720/2007, of 21 December (RLOPD).

This privacy policy was drafted on 16 April 2024.

Due to changes in processing criteria, in order to facilitate understanding or to adapt it to current legislation, we may modify this privacy policy. We will update the date of the policy so that you can check its validity.

Processing we carry out:

PROCESSING OF EMPLOYEES
Legal basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.

Purposes of Processing:

– Management of contracted personnel.
– Personal file. Time control. Training. Pension plans. Occupational risk prevention.
– Issuing of staff payroll.
– Management of trade union activity.

Group: Employees

CONTACT PROCESSING
Legal basis: Consent of the data subject.
Purpose of processing: To respond to your request, send you information and follow up on your request.
Group: Contact persons, customers, suppliers.
Data categories: Name and surname, telephone number, email address.
Categories of recipients: No data transfers to third parties are contemplated.
International Transfers: No international transfers of data are planned.
Deletion Period: Contact details will be kept for an indefinite period, or until the data subject requests their deletion.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

PROCESSING OF PERSONAL DATA (ARCO)
Legal basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
General Data Protection Regulation.
Purpose of Processing: To respond to requests in the exercise of the rights established by the General Data Protection Regulation: Right of access, rectification, erasure, restriction, portability and objection to automated decision-making.
Group: Individuals who request it (employees, customers, suppliers, contact persons)
Data Categories: Name and surname, address, signature and telephone number.
Categories of Recipients: Personal data may be communicated to the Supervisory Authority (Spanish Data Protection Agency) in the context of an investigation for the protection of rights initiated by the data subject.
International Transfers: No international transfers of data are planned.
Deletion Period: Data will be kept for a period of five years from the time of the request.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

 

PROCESSING OF SUPPLIERS
Legal basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law. Law 58/2003, of 17 December, General Taxation.

CUSTOMER PROCESSING.
Legal basis: GDPR: 6.1.a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
GDPR: 6.1.f) Processing necessary for the purposes of the legitimate interests pursued by the controller. Royal Legislative Decree 2/2015, of 23 October, approving the revised text of the Workers’ Statute Law.
Law 58/2003, of 17 December, General Taxation.

 

PROCESSING OF SECURITY BREACH NOTIFICATIONS
Legal basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the controller.
General Data Protection Regulation. Articles 33 and 34
Purposes of processing: Management and assessment of security breaches that occur in our organisation.
Group: Variable: Employees, Customers, Suppliers, Contact Persons (depending on the security breach)
Data Categories: Variable. (Depending on the security breach)

 

PROCESSING OF MEMBERS
Legal basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation to which the controller is subject.
Organic Law 1/2002, of 22 March, regulating the Right of Association.
Purposes of Processing: Fulfilment of the purposes defined in the statutes of our association. Group: Individuals who have become members.

 

PROCESSING OF VOLUNTEERS
Legal basis: GDPR 6.1.a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Purposes of Processing: To collaborate voluntarily and altruistically with our association in the pursuit of its aims.
Group: People who collaborate voluntarily with our association.
Categories of Data: Name and surname(s), ID number/tax ID number/identification document, personnel registration number, address, signature and telephone number.
Categories of Recipients: No transfer of data to third parties is envisaged.
International Transfers: No international transfers of data are planned.

 

YOUR RIGHTS
You have the right to request a copy of your personal data, to rectify inaccurate data or complete it if it is incomplete, or, where appropriate, to delete it when it is no longer necessary for the purposes for which it was collected.
You also have the right to restrict the processing of your personal data and to obtain your personal data in a structured and readable format.

You may object to the processing of your personal data in certain circumstances (in particular, when we do not have to process it to comply with a contractual or other legal requirement, or when the purpose of the processing is direct marketing).

Where you have given us your consent, you may withdraw it at any time. At that point, we will stop processing your data or, where applicable, we will stop processing it for that specific purpose. If you decide to withdraw your consent, this will not affect any processing that took place while your consent was valid.

These rights may be limited; for example, if in order to comply with your request we would have to disclose data about another person, or if you ask us to delete certain records that we are obliged to keep due to a legal obligation or legitimate interest, such as the exercise of defence against claims. Or even in cases where the right to freedom of expression and information must prevail.