Privacy Policy

1. Basic information on data protection

RESPONSIBLE	City Council of Puerto del Rosario NIF: P3501800A
CONTACT	928 85 01 10 Calle Fernández Castañeyra, 2, 35600, Puerto del Rosario, Las Palmas dpo@puertodelrosario.org
PURPOSE	The management of your request, doubt or query and the administrative processing that may arise from it.
LEGITIMACY	Compliance with a legal obligation (Article 6.1.c of the GDPR), the performance of a task in the public interest or the exercise of public authority (Article 6.1.e of the GDPR). Consent of the data subjects, where required (Article 6.1.a of the GDPR).
TARGET	Public Administrations in the exercise of their powers, when necessary for the management of your application.
RIGHTS	Interested persons may request access, rectification or deletion of their data, as well as exercise other rights or withdraw, where appropriate, the consent granted through the website and/or the electronic headquarters, at the address Calle Fernández Castañeyra, 2, 35600, Puerto del Rosario, Las Palmas, or by sending an email to dpo@puertodelrosario.org.
ADDITIONAL INFORMATION	You should read the detailed information on data protection below.

 

Detailed information on data protection

The personal data linked to the website and electronic headquarters responsibility of the City Council of Puerto del Rosario respect the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data ( RGPD ) and the Organic Law 3/2018, of December 5 , Protection of Personal Data and guarantee of digital rights ( LOPDGDDD ).

2.1. Who is the Data Controller?

Data of the Responsible:

• RESPONSIBLE: Municipality of Puerto del Rosario
• TAX ID: P3501800A
• Address: Calle Fernandez Castañeyra, 2, 35600, Puerto del Rosario, Las Palmas
• Telephone: 928 85 01 10

Data of the DATA PROTECTION DELEGATE:

• APDTIC PROFESIONALES, S.L.
• dpo@puertodelrosario.org

The City Council of Puerto del Rosario is responsible for keeping a record of the processing activities under its responsibility in compliance with the duties established in Article 30 of the GDPR.

2.2. For what purposes do we process your personal data?

The City Council of Puerto del Rosario will process the personal data of the persons concerned, in general, for:

1. Manage the different administrative procedures and report on their processing.
2. Verify or check the accuracy of the personal data that the interested persons declare that are already in the possession of the public administrations or that previously were already approached.
3. Notification and processing of appeals.
4. Manage requests for information, suggestions, communications in general and send newsletters.

2.3. What is the legitimacy for the processing of your data?

The City Council of Puerto del Rosario is entitled to carry out the processing of personal data in accordance with the principle of lawfulness of the processing indicated in Article 6 of the GDPR and, specifically, to:

• In general, in the case of administrative procedure activity the legal basis for processing will be the performance of a task in the public interest or the exercise of public power, taking into account Law 39/2015, of October 1, on common administrative procedure; Law 9/2017, of November 8, on public sector contracts; Law 39/2015, of October 1, on common administrative procedure, etc.
• In certain cases, the processing will be legitimized by the consent of the persons concerned.
• In any case, the basis of legitimacy will be included in the basic informative clauses available in the personal data collection forms.

2.4. To which recipients will your data be communicated?

Your data may be communicated, according to current legislation and whenever necessary for the management of the procedure or request, to other public administrations in the exercise of their powers, to financial institutions, official newspapers, websites or bulletin boards of the City Council of Puerto del Rosario to give the legally required publicity in the procedures where it is necessary.

The basic informative clauses will include, in any case, the specific recipients of the data.

2.5. How long will we keep your personal data?

The personal data provided will be kept as long as you do not request their deletion or cancellation and provided that they are adequate, relevant and limited to that necessary for the purposes for which they are processed.

2.6. Will data be transferred to third countries?

There will be no international transfer of data.

2.7. What are your rights when you provide us with your personal data?

• Access: the right to obtain confirmation as to whether or not we are processing your personal data, to know what it is, what it is used for, how long it will be kept, the origin of the data and whether it has been or will be communicated to a third party.
• Rectification: the right to request the rectification of inaccurate data and the completion of incomplete personal data.
• Deletion: the right to request the deletion of personal data when they are inadequate, excessive or no longer necessary for the purposes for which they were collected, including the right to be forgotten.
• Opposition: the right to object, in certain circumstances, to the processing of your personal data or to request the cessation of the processing.
• Limitation of processing: the right to request, in the legally established circumstances, that your data not be processed beyond the mere conservation of the same.
• Portability: the right to receive personal data in a structured, commonly used and machine-readable format and to be able to transmit it to another data controller, whenever technically possible.

2.8. Will you have the possibility to withdraw your consent?

You will have the possibility and the right to withdraw your consent for any specific purpose granted at the time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

2.9. Where can you exercise your rights?

The interested party may exercise their rights free of charge, receiving a response within the deadlines established in the RGPD and the LOPDGDD, by the following means:

• In writing at the registry of the Town Hall of Puerto del Rosario. This request must be signed together with a copy of the DNI or passport of the interested party. In case of acting through a legal representative, the ID card and the document proving the presentation of the representative must also be presented.
• If the City Council of Puerto del Rosario has reasonable doubts regarding the identity of the natural person submitting the application, it may request additional information necessary to confirm the identity of the interested party.
• The City Council of Puerto del Rosario must respond to the application within one month of receipt. This period may be extended for another two months if necessary, taking into account the complexity and number of applications received. The interested party, in any case, will be informed within one month of receipt of the request.
• Any data subject may also address his or her request to exercise his or her rights to the Data Protection Officer at the following e-mail address: dpo@puertodelrosario.org.
• For more information: https://www.aepd.es/reglamento/derechos/index.html

2.10. How can you make a complaint to the Control Authority?

In the event that your rights have not been respected, you can file a complaint by writing to the Spanish Data Protection Agency (AEPD) located at Calle Jorge Juan, 6-28001-Madrid or use the electronic headquarters: https://sedeagpd.gob.es/sede-electronica-web/.

In both cases, it must be accompanied by the pertinent documentation.

2.11. What are the security measures?

In compliance with Article 32 of the RGPD and taking into account the established in the First Additional Provision of the LOPDGDD 3/2018, the City Council of Puerto del Rosario has security measures established by its internal security regulations that follow the National Security Scheme (ENS) regulated by Royal Decree 311/2022, of May 3.

APPLICABLE LEGISLATION

• Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
• Royal Decree 311/2022, of May 3, 2002, regulating the National Security Scheme

 

3. Data Protection Rights

Data protection regulations allow any person to exercise their rights of access, rectification, deletion and portability of data, opposition and limitation to its processing, as well as not to be subject to decisions based solely on the automated processing of their data.

3.1. Right of access

The affected person has the right to be informed:

• the purposes of the processing, as well as the categories of personal data to be processed and the possible communications of data and the recipients of such data
• the data retention period, if possible. If this is not possible, the criteria for determining this period are
• the right to request the rectification or deletion of data, the limitation of the processing, or to oppose to it.
• of the right to lodge a complaint with the supervisory authority
• to obtain, where the personal data have not been obtained from the data subject, any available information on their source
• to be informed of the appropriate safeguards if an international transfer of data takes place
• to obtain a copy of the data undergoing processing
• of the existence of automated decisions (including profiling), the logic applied and the consequences of this processing.

It should be distinguished from the right of access of interested parties to administrative records regulated by Law 39/2015, of October 1, on the common administrative procedure of Public Administrations as well as the right of access regulated by Law 19/2013, of December 9, on transparency, access to public information and good governance.

3.2. Right of rectification

The data subject has the right to obtain without undue delay, from the controller, the rectification of inaccurate personal data, as well as the completion of incomplete personal data, including by means of an additional declaration.

3.3. Right to erasure (right to be forgotten)

The affected person may request the deletion of personal data when any of the cases contemplated in the legislation occur, highlighting those cases in which the purpose for which the data was processed disappears, or the personal data has been processed unlawfully.

An exception is made to this right, in cases where it must prevail, for the fulfillment of a mission carried out in the public interest or in the exercise of public powers vested in the person in charge.

3.4. Right to limitation of processing

It allows the data subject to obtain from the controller the restriction of data processing when:

• the accuracy of the data is contested, pending verification of the accuracy of the data by the data controller
• the processing is unlawful but the data subject requests restriction of use instead of erasure
• the data controller no longer needs the data for the purpose of the processing, but the data subject does for the exercise of one of his or her rights
• the data subject has exercised his or her right to object to the processing, while it is being verified whether the legitimate reasons of the controller prevail over the data subject

3.5. Right to portability

The data subject shall have the right to receive from the controller his or her personal data, in a structured, commonly used and machine-readable format, or to request that it be transferred to another controller where technically feasible.

3.6. Right of opposition

The affected person may object to the treatment:

• When, for reasons related to your personal situation, the processing of the data must cease, unless a legitimate interest is demonstrated, which prevails over the interests, rights and freedoms of the data subject, or it is necessary for the exercise or defense of claims.
• When the purpose of the processing is direct marketing.

 

Forms for the exercise of your rights:

• Form for exercising the right of access
• Form for exercising the right of rectification
• Form for exercising the right to object
• Form for exercising the right of deletion (“right to be forgotten”)
• Form for the exercise of the right to limit the processing of personal data
• Form for exercising the right to portability
• Form of exercise of the right not to be subject to automated individual decisions

 

4. Registration of treatment activities

Article 30 of the EU Regulation 2016/679 General Data Protection Regulation (GDPR), states that each controller shall keep a register of the processing activities (RAT) it carries out and with the information indicated below:

• The name and contact details of the person in charge and of the data protection officer.
• The purposes of the treatment.
• A description of the categories of data subjects and categories of personal data.
• The categories of data recipients.
• Transfers of personal data, if any.
• The deadlines foreseen for the deletion of the different categories of data, when possible.
• A general description of the technical and organizational security measures.

Likewise, as regulated in Article 31.2 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), all entities included in Article 77.1 of this organic law must make public an inventory of their processing in which the information established in Article 30 of the RGPD and their legitimizing legal basis for the processing of personal data shall be stated.

In accordance with these regulations, a record is kept of the processing activities carried out by the Municipality of Puerto del Rosario:

LINK TO THE REGISTER OF PROCESSING ACTIVITIES IN THE TRANSPARENCY PORTAL

 

5. Data Protection Delegate (DPD)

Article 37.1 of the EU Regulation 2016/679 General Data Protection Regulation (GDPR), states that public authorities and bodies are required to appoint a Data Protection Officer (DPO).

The City Council of Puerto del Rosario has designated its DPD correctly, as it can be verified in: DPD Consultation

• Data Protection Delegate: APDTIC PROFESIONALES, S.L.
• Contact: dpo@puertodelrosario.org

Its functions are defined in Article 39 of the RGPD and consist mainly of informing and advising the City Council of Puerto del Rosario and its employees on the obligations incumbent upon them in the processing of personal data, and the supervision of their compliance. It must also cooperate with the Spanish Data Protection Agency (AEPD) and act as a point of contact between it and the City Council of Puerto del Rosario.

In turn, any citizen may contact the Data Protection Delegate if they have doubts about the processing of their data by the City Council of Puerto del Rosario or are not satisfied with it. To do so, you can contact the Delegate of Data Protection of the City Council of Puerto del Rosario by writing to the addresscorreodpo@puertodelrosario.org

 

More information: Spanish Data Protection Agency – Data Protection Delegate.