DATA CONTROLLER
The data controllers with respect to this privacy policy are:
- FUNDACIÓ INSTITUT DE FORMACIÓ CONTÍNUA DE LA UNIVERSITY OF BARCELONA with address at C/ Ciutat de Grenada, 131 - 08018 Barcelona, Spain and the website www.il3.ub.edu
- FUNDACIÓ UNIVERSITÀRIA DEL BAGES with Spanish tax ID (NIF) G59330795, address at Av. Universitària, 4, 6 - 08242 Manresa (Barcelona), Spain and the website www.umanresa.cat.
- UNIÓ CONSORCI FORMACIÓ with Spanish tax ID (NIF) B64719883, address at C/ Esteve Terradas, 30, Ed. Tramuntana, Bjs, Gràcia - 08023 Barcelona, Spain and the website https://ucf.cat/ca
The three organisations listed above are joint controllers. As per article 26 of the General Data Protection Regulation (GDPR) and the arrangement made between them, the joint controllers recognise the importance of protecting our users’ personal information
and commit to processing it responsibly and in accordance with data protection laws.
This privacy policy governs all aspects relative to the processing of data pertaining to users of our website or who provide their personal data by means of the various forms on our website.
The policy also informs users of other ways we process their
data.
PERSONAL DATA
Personal data is information that identifies you or enables you to be identified. We use forms on our website to collect personal data provided by our users: name, surname(s), email address, phone number, address and any other data that users voluntarily provide via any social media platforms they are registered on. Privacy on social media is determined by each user’s settings and by the terms and conditions of each social
media provider.
When someone uses our website, this does not obligate them to provide any of their personal data. Any personal data provided will be processed legally and in accordance at all times with the principles and rights set out Regulation
(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, and Spanish Organic Law 3/2018 of December 5.
PURPOSE, LAWFULNESS, DATA RECIPIENTS AND DURATION OF PROCESSING
We will use personal data for the following purposes:
To process requests or queries submitted by users via the contact form on the website
We collect and process users’ personal data in order to process and manage requests, queries or any other enquiries made using these forms.
Lawfulness of processing: the legitimate interest of the data controller, supported by the consent provided by the user when they check the box to accept our privacy policy before submitting the form. The user has the right to withdraw their consent at any time. This does not affect the lawfulness of the processing prior to their consent being withdrawn.
Data recipients: the data obtained for this purpose will not be shared with third parties unless there is a legal obligation to do so.
Duration of processing: these data will be held for as long as is necessary to fulfil the user’s request and for the time stipulated by law, and for a maximum of three years.
To process users’ registration at the HELIX International Summit
Event registration will be processed using data gathered from the forms provided for this purpose on our website, or from any other forms provided to the data subjects in order to confirm their attendance at the summit.
Lawfulness of processing: the performance of a contract or to take steps requested by the data subject before entering into a contract.
Data recipients: the personal data of summit attendees may be shared among the joint controllers to ensure the event is managed and coordinated correctly, depending on the assigned role of each controller.
Duration of processing: these data will be held for as long as is necessary to fulfil the user’s request and for as long as each joint controller is responsible for holding them.
To send updates and information to people registered for the summit
We may send information about current or future events to data subjects who request this information, and to people or organisations registered for the summit.
Lawfulness of processing: users give us their express consent to gather and process their personal data in order to send them this information.
They may withdraw their consent at any time. We may also send this information electronically to people registered for the summit based on the legitimate interest of the data controllers in accordance with section 2 of article 21 of Spanish Law 34/2002 of 11 July on Information Society Services and Electronic Commerce.
Data recipients: the data obtained for this purpose will not be shared with third parties unless there is a legal obligation to do so.
Duration of processing: if the processing is based on users’ consent, the data will be processed so long as the consent is not withdrawn. Users may withdraw their consent as described in the section of this privacy policy on the rights of the data subject.
To send satisfaction surveys
After the summit, we may use surveys and other methods to ascertain how satisfied the event attendees were. This will enable us to improve the experience in the future.
Lawfulness of processing: the processing of these data is based on a legitimate interest in improving the quality of the service provided.
Data recipients: the data obtained for this purpose will not be shared with third parties unless there is a legal obligation to do so.
Duration of processing: personal data will be erased once the survey or similar has been concluded, and after a reasonable amount of time has passed that enables us to improve our service, implement new services or comply with the applicable legislation.
To obtain statistical information about website users
To assess how people use our website, we analyse the number of pages visited, the number of visits, what people do on the website and how often they use it. We use the statistical information provided by our Internet service providers for this purpose. Our Cookies Policy explains how we process your data for this purpose.
Processing arising from social media use
When a user follows us on social media, they consent to the processing of their personal data in accordance with the privacy policy of that social media provider. Our institutions are not responsible for the information that users provide on social media. However, any individual whose data are published or included in
comments may ask us to erase their data.
Lawfulness of processing: users provide their express consent to access and process the data in their profile and for news about our services to appear in their feed. Users give their consent for this processing when they ask to connect with us.
Data recipients: comments and content published on social media become part of the public domain. Therefore, users must be cautious about sharing their personal information.
Duration of processing: these data will be held so long as the data subject does not object to the processing or withdraw their consent, which they may do at any time.
Users can find more information about this processing on the relevant pages of the websites of each of the joint controllers listed at the start of this privacy policy.
INTERNATIONAL DATA TRANSFERS
We are committed to upholding the security of the personal data we process. That is why we regularly review the privacy policies of the information society service providers we work with. Some of these provides may be located outside of the European Union. According to the GDPR, any processing, by these providers, of personal data that is the responsibility of the owners of this website is considered an international data transfer. We are committed to complying with Chapter 5 of the GDPR, which sets out the terms and conditions governing international data transfers. This is to ensure the rights and freedoms of the data subjects whose data are subject to this type of processing.
DATA ACCURACY
Users must inform us of any changes to their personal data so that we can keep them updated. If users do not inform us of any changes, we cannot be held responsible for the accuracy of the data we hold about them.
Users must ensure the personal data they provide are true, authentic, up to date and accurate and must notify us of any changes.
DATA PERTAINING TO THIRD PARTIES
Any third-party data that users provide for any purpose must have been obtained legally and with the express consent of the persons affected. Users providing these data are responsible for their accuracy.
MANDATORY INFORMATION
Mandatory fields on our forms are marked with an asterisk (*). Users cannot submit a form if they do not provide mandatory information and if they do not check the box to accept the privacy policy.
RIGHTS OF THE DATA SUBJECTS
Data subjects have the right to access their data and to obtain information about how these are processed. They have the right to receive a copy of the personal data which are subject to processing. They have the right to update their data, to ask that inaccurate data be rectified, and to ask that their data be erased when these are no longer needed for the purposes for which they were gathered.
They may request that processing be restricted and may object to the processing of their data by withdrawing their consent. They also have the right to data portability. Lastly, data subjects have the right to not be subject to decisions based solely on automated processing of their personal data.
They may contact FUNDACIÓ INSTITUT DE FORMACIÓ CONTÍNUA DE LA UNIVERSITAT DE BARCELONA in writing at C/ Ciutat de Granada, 131 - 08018 Barcelona, Spain, by email at bbdd@il3.ub.edu or via direct email to the Data Protection Officer at dpd@il3.ub.edu.
They may contact FUNDACIÓ UNIVERSITÀRIA DEL BAGES in writing at Av. Universitària, 4, 6 - 08242 Manresa (Barcelona), Spain, by email at umanresa@umanresa.cat or via direct email to the Data Protection Officer at dpd@umanresa.cat.
They may contact UNIÓ CONSORCI FORMACIÓ in writing at C/ Esteve Terradas, 30, Ed. Tramuntana, Bjs, Gràcia - 08023 Barcelona, Spain, by email at info@ucf.cat or via direct email to the Data Protection Officer at lopd@ucf.cat.
If you consider that your rights have not been upheld, you may submit a complaint to the Catalan Data Protection Authority. See https://apdcat.gencat.cat/en/inici/ for more information.