Detailed information about the processing of data of a personal nature
This is the Institut Ramon Llull data protection policy. It refers to the data of persons with whom it has a relation in the performance of its competences and functions. The processing is done in fulfilment of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and State regulations on the subject.
Who is responsible for personal data processing?
The person responsible for personal data processing is the Institut Ramon Llull hereinafter, the Institute), with TIN S0800063J and official headquarters at Avinguda Diagonal, 373, Barcelona (CP 08008), firstname.lastname@example.org, www.llull.cat
What are the criteria for personal data processing?
In the processing of the data we fully accept the principles of the General Data Protection Regulation.
a) We process them licitly (only when we have a legal basis that allows us to do so and with transparency with regard to the interested party).
b) We use them for particular explicit and legitimate purposes which we explain when obtaining them. Later we do not process them in any way incompatible with those purposes.
c) We only process suitable, relevant data limited to what is necessary in each case and for each case and for each purpose.
d) We make sure the data are up to date.
e) We conserve them for the necessary time, obeying the rules that govern the conservation of public information.
f) We apply appropriate technical or organisational measures to prevent unauthorised or illicit processing, loss or destruction or accidental damage.
Who is the Data Protection Delegate?
The Data Protection Delegate (DPD) is the person who supervises the implementation of the Institute data protection policy, making sure that the personal data are properly processed and people’s rights protected. Among his or her functions is dealing with any doubt, suggestion, complaint or claim by the persons whose data are processed. The Data Protection Delegate can be contacted in writing at Avinguda Diagonal, 373, Barcelona (CP 08008), tel. 934678000 or at the email address email@example.com.
For what purpose do we process the data and to whom do we pass them on?
The Institute processes the data to perform its competences and functions. The Institute services are described on the website and the electronic headquarters. A complete description of the processing and of the purposes for which the data will be used appears in the Processing Activities Register, which can be consulted at transparency portal
Administrative procedures and formalities On the basis of the requests by the interested parties, we use their data to follow the procedure particular to each formality. The catalogue of formalities and the procedure to be followed can be consulted at site information. According to the procedure the data can be passed on to other competent administrations in the field. In some cases they have to be the object of publication on fulfilment of the transparency principle.
Services For the supply of the services we process the data provided by the beneficiaries or the ones we have obtained from other administrations. Supplying these services often involves a monitoring and procurement of new data from the persons using them. Services offered by the can be consulted at the website. As a general criterion the data are not passed on to other people without the explicit consent of the user of the service.
Activities Activities In the joint organisation of activities with other entities or organisms we receive data from the persons signed up for them in order to organise the activity. As a general criterion the data are not passed on to other people without the explicit consent of the person taking part in the activity.
Contact We deal with the inquiries of the persons using the contact forms on our website. The data are used solely for that purpose and are not passed on to other people.
Selection of staff We receive CVs and convene staff selection processes. The data provided by the interested parties enable us to assess their merits and analyse the suitability of the candidates’ profiles according to the vacant or newly created posts. We do not pass them on to other persons.
Sending information With the explicit authorisation of each person we use the contact data they have provided us with to inform them about our initiatives, services or activities. We do so through different channels according to how each person has authorised us. We do not pass them on to other persons without their consent.
Management of the data of our suppliers We record and process the data of the suppliers of services or goods. They may be the data of self-employed persons or representatives of companies. We obtain the data that are indispensable to maintain the commercial relation and use them solely for that purpose. In fulfilment of legal obligations (tax rules) we pass on data to the tax administration.
What is the legal justification for the processing of the data?
The data processing we carry out has different legal bases, according to the nature of each one.
Fulfilment of legal obligations The processing of the data in the context of administrative procedures is carried out according to the regulations applicable to each procedure. It is carried out in fulfilment of legal obligations.
Carrying out a mission in the public interest Carrying out a mission in the public interest The processing resulting from the supply of our services finds its justification in satisfying the public interest.
Fulfilment of a contractual or precontractual relation We process the data of our suppliers according to the regulations of the public sector, to the extent and with the scope necessary for the development of the contractual relation. In another aspect, but also in the framework of contractual or precontractual relations, we process data of persons who take part in selection processes or join our institution.
On the basis of consent When we send information about our initiatives, services or activities we process the receivers’ contact data with their explicit authorisation or consent.
How long do we conserve the data?
The time of conservation of the data is determined by different factors, mainly the fact that they continue to be necessary to fulfil the purposes for which they have been collected in each case. Secondly, they are conserved to deal with possible responsibilities of the processing of the data by the Institute, and any other requirement from other public administrations or judicial bodies.
In consequence, the data have to be conserved for the time necessary to preserve their legal or informative value or to accredit the fulfilment of the legal obligations, but not for a period longer than necessary according to the purposes of the processing.
In certain cases, such as the data that appear in accounting documents and invoices, tax regulations oblige us to conserve them until the expiry of the responsibilities in the area.
In the case of the data that are processed exclusively on the basis of the consent of the interested party, they are conserved until that person revokes consent.
The regulations for the conservation of public documents and the judgements of the National Access, Assessment and Triage Committee are a reference to determine the criteria we follow in the conservation or elimination of the data..
What rights do persons have in relation to the data we process?
As provided for in the General Data Protection Regulation, the persons whose date we process have the following rights:
To know if they are processed. Any person has, first and foremost, the right to know if we process their data, regardless of whether there has been a previous relation.
To be informed about collection. When personal data are obtained from the interested party, when providing them he or she must have clear information about the purposes for which they are intended, who will be responsible for the processing and the main aspects derived from that processing.
To have access. A very broad right that includes knowing precisely what personal data are the object of processing, the purpose for which they are processed, the passing on to other persons who will use them (if that is the case) or the right to obtain a copy or know the planned period for their conservation.
To require rectification. This is the right to have any inexact data that may be the object of processing by us rectified.
To require suppression. In certain circumstances there is a right to require the suppression of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and which justified their processing.
To require limitation of the processing.. Also in certain circumstances there is a right to require the limitation of the processing of the data. In this case they will cease to be processed and will only be conserved for the exercise or defence of claims, in accordance with the General Data Protection Regulation.
To portability. In the cases provided for in the regulations there is a right to obtain one’s own personal data in a structured format for common use which can be read by machine and to pass them on to another person responsible for the processing if so decided by the interested party.
To oppose the processing.. A person may adduce reasons related to his or her particular situation, reasons that will lead to the cessation of the processing of their data to the extent or insofar as it might cause some damage to them, except for legitimate reasons or the exercise or defence of claims.
Not to receive information. We deal immediately with requests not to continue to receive information about our activities and services, when such dispatches are based solely on the consent of the receiver.
How can rights be exercised or defended?
The rights we have just listed may be exercised by sending a request to the Institute at the postal address or the other contact data indicated at the head.
If there is no satisfactory reply to the exercise of the rights a claim may be submitted to the Catalan Data Protection Authority using the forms or other channels accessible from the website (www.apd.cat).
In all cases, whether to submit claims, request clarifications or send suggestions, the Data Protection Delegate may be contacted by email at the address firstname.lastname@example.org
Cookies are small pieces of data that websites send to browsers and which are stored in users’ devices: computers, mobile telephones, tablets, and so on. Their purpose is to improve the experience of using the website, as these archives make it possible for the website to remember information about the user’s visits, such as preferred options or language. In this way the website personalizes its content and becomes more agile and useful for the user.
By browsing this website users agree to cookies being installed in their equipment that enable us to find out the following information:
Types of cookies
This website uses session, or temporary, cookies and persistent cookies. Session cookies merely keep data while the user is visiting the website. Persistent cookies store the data on the device’s hard drive so that it will be accessible in more than one session.
Depending on the type of data obtained the website can use technical cookies.
These allow users to browse the webpage and use the different options or services it contains. For example, controlling data traffic and communication, identifying the session, entering restricted access areas, requesting enrolment or participation in an event, using security features while browsing and storing content.
These allow users to access the website with some general characteristics that are either already predefined in their hard drive or defined by the user. For example, the language, the type of browser used to access the website, the chosen content design, the geo-location of the device or the regional configuration from where access takes place.
Statistical analysis cookies
These make it possible to monitor and analyse the behaviour of visitors to the website. The information gathered is used to measure a website’s activity and to produce users’ browsing history, making it possible to improve the service.
Third party cookies
Third party cookies that manage and improve the services offered can also be installed. For example, statistics services like Google Analytics.
Managing the cookies in my browser
Users can allow, block or erase the cookies installed in their device by configuring the browsing options.