Who is responsible for the processing of personal data?
FUNDACIÓ JOVIAT, as the website controller, in accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR), Organic Law 3/2018 of December 5 (LOPDGDD), and other applicable legal regulations regarding personal data protection, as well as Law 34/2002 of July 11 on Information Society Services and Electronic Commerce (LSSICE), informs you that it has implemented the necessary technical and organizational security measures to guarantee and protect the confidentiality, integrity, and availability of the data entered.
How did we obtain your data?
You have provided them to us: through our web forms.
When you provide us with personal data, you guarantee that you are authorized to provide this information and that it is true, truthful, accurate and up-to-date, that it is not confidential, that it does not violate any contractual restrictions or third-party rights and you undertake not to impersonate other users.
Web forms in which we collect personal data:
Contact Socio-Health Area
Contact Sports Area
contact Pastry Area
Kitchen Area contact
Contact EV
Contact FPi
Contact H
Contact EJ
We have obtained them automatically: if you have provided us with the data through this website or any of its subdomains and/or microsites, we collect information, for example, when you access the page, when you fill out any form with personal data, when you upload information or content (for example, on our blog), or when you communicate with us directly by email.
When you visit our website, data is sent from your browser to our server, to optimize our services and improve your experience as a user, for example, when you access the page or when you log in through third-party services such as social networks. This data may be collected and stored automatically by us or by third parties on our behalf. This data may include:
– the user’s IP address
– the date and time of the visit
– the URL of the site the user came from
– the pages visited on our website
– Information about the browser used (type and version of the browser, operating system, etc.).
We may process and record these uses, sessions and related information, either independently or with the help of third-party services, including through the use of cookies and other tracking technologies such as flash cookies and web analytics.
In the event that our website has social network connectors, when you choose to interact with us through a social network, we cannot be held responsible for the privacy settings chosen by the user, as the social network may inform you about your IP address or which page you are visiting on our website and may set a cookie to allow them to function correctly. Your name will appear in the likes you give or in the comments you make on our page on a social network. If you do not want your personal data associated with these likes or comments to appear, configure your privacy to avoid this, pseudonymizing your data, for example by giving yourself a “nickname” or alias that does not reveal your first and last name.
If you log in to one of these social networks while visiting our website, the social network may add this information to your profile and this information will be transferred to the social network. If you do not want this data transfer to take place, please log out of your social network before entering our websites or mobile applications, as we have no control over this collection and transfer of data through social plugins.
If as a user, through our official page on a social network, you decide to publish and/or share texts, photos, videos and other types of information and/or content, you will be solely responsible for ensuring that this content complies with the corresponding legal regulations.
In any case, we may remove from both this website and our social media pages any content published when we detect that you have violated current legislation, and the terms indicated in this privacy policy and in the general conditions contained in our Legal Notice .
Social Networks are not hosted directly on our services. Your interactions with them are governed by their policies and not ours. Please read the privacy policies of these social networks for detailed information about the collection and transfer of personal data, your rights and how to configure your privacy.
To verify that the forms on this website are used by people, and not by automated means, we use Google’s “reCAPTCHA” technology. When using it, information relating to the hardware and software of the device used by the user is collected and sent to Google for analysis, in accordance with the Privacy Policy (from Google) and the Terms of Use (from Google).
What should you know before sharing third-party data?
With respect to the data of other people, you must respect their privacy, taking special care when publishing their personal data. We remind you that, as a user, you only provide and consent to the processing of your personal data, but not that of third parties. If you provide us with data from third parties, you are transferring personal data, and it is your responsibility to have the prior and express consent of these third parties to use and provide them to us. You are responsible for informing them of the inclusion of their data in our processing.
The publication of third-party data without their consent may infringe, in addition to data protection regulations, the right to honor, privacy or one’s own image, rights whose protection is governed by the provisions of Organic Law 1/1982, of May 5, on civil protection of the right to honor, personal and family privacy and one’s own image.
What purposes do we give to the personal data we collect?
We may process the data for different purposes, for example:
1. Respond to your inquiry to be able to clarify the doubts and questions you have raised with us.
2. Carry out our academic activity based on the student’s enrollment in our center.
3. Contact you by the means you have indicated to us, e-mail, telephone, etc.
4. In relation to the information collected automatically by the website, based on your browsing as a user, we create anonymous and aggregated information about your behavior, segmentation effects and development of anonymous profiles.
This interaction helps us to: improve the performance of the website, promote a more personalized experience, measure and monitor the efficiency of the website, manage the website, so as to ensure that it becomes increasingly secure and transparent.
5. Conduct opinion and/or satisfaction surveys and send you, by electronic communications, information about our teaching and training (including advertising and/or commercial communications for the purposes of art. 21 LSSICE 34/2002). If we already have a prior contractual relationship, we will send these communications on the basis of our legitimate interest (Art. 6 par. 1 letter f RGPD). In the event that we do not have a prior contractual relationship, we will only send you this type of communications if you authorize us to do so by checking the option (opt-*in) that is expressly included for this purpose in the corresponding forms (Art. 6 par. 1 letter a RGPD). The electronic communications that we send you will include, in the communication itself, the option to stop receiving them.
6. We may take photographs and/or videos in the activities or events that we organize and/or promote, to inform about them, document them, and form part of the photographic/videographic memory.
How long will we keep your personal data?
We will keep your personal data until you request its deletion. Even if requested, we may keep it for the necessary time and limit its processing (blocking it), solely to comply with the legal/contractual obligations to which we are subject and/or during the legal periods provided for the prescription of any responsibilities on our part and/or the exercise or defense of claims arising from the relationship maintained.
What grounds of legitimacy do we use to process your data?
The causes of legitimation are those that allow and enable us to process your personal data in a lawful manner. There are different causes of legitimation or legal bases that allow us to process your data in a lawful and legal manner:
1. It may be the legal relationship between the parties arising from enrollment in the educational center, in the event that it is a student or parent or legal guardian of a student.
2. It may also be your consent if you have made a request to us through our website, or if you have attended one of our events. You grant us this consent unequivocally by providing us with your data online or offline, considering this contribution a clear affirmative act that expresses this consent. The provision of the requested data is mandatory as it is essential to meet your request; if you do not provide it, we will not be able to carry it out. You may withdraw this consent at any time by sending us an e-mail to this effect; this withdrawal means that we will not be able to provide you with the services requested or attend to your queries or requests.
3. As established in Recital 47 of the GDPR (General European Regulation on the Protection of Personal Data 2016/679 of 27-4-2016), our legitimate interest in:
Inform you of our training activities (including through electronic communications) or of those third-party entities with which we have signed a collaboration agreement. If you are our student or parent or legal guardian, we will send these communications on the basis of our legitimate interest. Otherwise, we will only send you this type of communications if you give us your consent, checking the option expressly included for this purpose in the corresponding forms. In any case, the electronic communications that we send you will include, in the communication itself, the option to stop receiving them in the future.
In any case, we consider that the indicated processing of your data is proportionate and has a minimal impact on your privacy, but your interests, rights or freedoms will always prevail over our legitimate interest, so if you do not want us to process your data for these purposes, please send us an e-mail to this effect to rgpd@joviat.cat and we will do so, being able to keep them blocked for the formulation, exercise or defense of claims. The withdrawal of your consent to process your data for these purposes does not condition the processing of your data for the rest of the purposes described in the privacy policy.
To whom can we communicate the personal data you provide us?
Your personal data will not be transferred to third parties, except that:
1. We have your express authorization.
2. The third parties are suppliers who supply us with products and services (processors) and communication is a requirement to comply with our obligations and services.
3. A Law or regulation with the rank of Law requires us to communicate data to entities or organizations.
4. The communication was strictly necessary to ensure compliance with our terms of use, rights or ownership.
Do we make international transfers of your personal data?
An international data transfer occurs when personal data that is processed by a controller or processor in the European Economic Area (European Union countries, Iceland, Liechtenstein and Norway) is sent to a third country or international organization, outside this territory.
We will always ensure that personal data is processed and located in the European Economic Area (EEA). However, in certain circumstances, we may make international data transfers, for example, if it is necessary for the conclusion or execution of a contract, in the interest of the interested client/user, for example when using service providers located outside the European Union, who may have access to personal data, for the provision of services (by way of example and not limitation: hosting, housing, XaaS, remote backups, IT support or maintenance services, email managers, sending emails and email marketing, file transfer, etc.) or for the execution of pre-contractual measures taken at the request of the interested party.
These entities may be different and vary over time, but we will try to choose entities that either belong to countries that have a level of protection equivalent to the European level in terms of data protection, or that have the appropriate guarantees to achieve this level, or they will be carried out on the basis of one of the exceptions provided for this purpose in the GDPR.
What Rights can you exercise?
These are known as ARC-POL Rights, you can exercise them by sending an e-mail to: rgpd@joviat.cat or a letter to the postal address: Rubió i Ors, 5, CP 08241 MANRESA (Barcelona).
You may, where appropriate, exercise your rights of access, rectification, deletion, limitation and opposition to your processing, as well as not to be subject to decisions based solely on the automated processing of your data, at the postal or electronic mail address indicated at the beginning of this privacy policy; in both cases by means of a written and signed request attaching a copy of your ID card or passport or another valid document that identifies you. In the event of a modification of your data, you must notify it at the same address, declining this company any responsibility in the event of failure to do so:
Right of access: You can ask us what personal data we are processing and even request a copy of it.
Right of rectification: You can request that we rectify inaccurate personal data or that we complete incomplete personal data, including through an additional declaration.
Right to erasure (right to be forgotten): You can request the deletion of your personal data when: they are not necessary for the purposes for which they were collected, you withdraw your consent, there has been unlawful processing of them or in compliance with a legal obligation.
Right to limitation of processing: You can request that we limit the processing of your data, and in this case we will only keep it for the exercise or defense of claims.
Right to object: You can object to the processing of your data if this processing is based on the legitimate interest of the person responsible for the file or is for advertising purposes.
Once any of the above requests have been received, we will respond to you within the legally established deadlines. If you consider that your personal data has not been treated appropriately in accordance with the Law, you can contact our Data Protection Delegate DPD at dpd@joviat.cat, you can also complain to the Spanish Data Protection Agency. If you would like more information about the rights you can exercise and to request model forms for exercising rights, you can visit the website of the Spanish Data Protection Agency, www.aepd.es .
SECURITY POLICY
1 Objectives
JOVIAT’s security policy aims to set high-level guidelines to follow so that all personal data processing is carried out securely and only by authorized personnel, as well as to protect the organization’s information from possible losses of confidentiality, integrity and/or availability.
2 Scope
The scope of this policy is limited to all departments of Fundació JOVIAT.
3 Planning
The actions necessary to comply with the security policy statement involve the implementation, operation and maintenance of an ISMS (Information Security Management System), which is aligned with this policy at all times.
The planning phase includes as a fundamental point a study of the company’s security through a risk and impact analysis and the establishment of its corresponding plan for treating risks not accepted by the organization.
The implementation of the ISMS is the primary responsibility of the data controller (or ISMS manager) supported at all times by technical personnel and with the full support of management.
Based on the results obtained in the planning phase, certain security controls are implemented, in addition to operating the ISMS procedures to comply with the GDPR and LOPD.
4 Review
The information security policy and the ISMS are reviewed regularly at planned intervals or if significant changes occur to ensure continued suitability, efficiency and effectiveness. They are generally reviewed annually in conjunction with the ISMS internal audit processes.
There are monitoring procedures that provide information on the correct performance of the ISMS.
Management also plays an important role in system review, conducting an in-depth analysis of the system and finding possible improvements and deficiencies.
With all this input data, a global review is carried out by the data protection commission.
5 Improvement
Possible improvements to the information security policy and the ISMS are established either during the review phases or on the basis of contributions that are considered interesting from both Company personnel and external personnel.
These improvements are evaluated and once their feasibility has been studied, they are implemented, operated and maintained. The entire ISMS is framed within the Demming cycle (PDCA cycle), its implementation and operation, its review and its subsequent improvement. All of this applied to information security.