Privacy Policy

I. PRIVACY POLICY AND DATA PROTECTION

In compliance with the applicable legislation, Fundació Joan Oró (hereinafter, also the Website) is committed to adopting the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected.

Laws included in this privacy policy

This privacy policy is adapted to the current Spanish and European regulations on personal data protection on the internet. Specifically, it complies with the following regulations:

• Regulation (EU) 2016/679 of the European Parliament and the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
• Organic Law 3/2018, of December 5, on Personal Data Protection and the Guarantee of Digital Rights (LOPD-GDD).
• Royal Decree 1720/2007, of December 21, which approves the Regulation for the development of Organic Law 15/1999, of December 13, on Personal Data Protection (RDLOPD).
• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the data controller

The data controller for the personal data collected by Fundació Joan Oró is: Fundació Joan Oró, with NIF: G25304882 and registered in: (pending) with the following registration details: (pending), represented by Fundació Joan Oró (hereinafter, the Data Controller). The contact details are:

• Address: Ramon i Cajal, 2 altell esquerra 25003, Lleida
• Contact phone: +34 973 27 93 96
• Contact email: administracio@fundaciojoanoro.org

Personal data registry

In compliance with the GDPR and the LOPD-GDD, we inform you that the personal data collected by Fundació Joan Oró, through the forms on its website, will be incorporated and processed in our file in order to facilitate, expedite, and fulfill the commitments established between Fundació Joan Oró and the User, or to maintain the relationship that is established in the forms filled by the User, or to attend to a request or inquiry. Additionally, in accordance with the GDPR and LOPD-GDD, unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained that specifies, according to its purposes, the processing activities carried out and other circumstances set forth in the GDPR.

Principles applicable to the processing of personal data

The processing of the User’s personal data will be subject to the following principles:

• Lawfulness, fairness, and transparency: The User’s consent will always be required with fully transparent information about the purposes for which the personal data is collected.
• Purpose limitation: Personal data will be collected for specific, legitimate, and explicit purposes.
• Data minimization: Only data strictly necessary for the intended purposes will be collected.
• Accuracy: Personal data must be accurate and kept up to date.
• Storage limitation: Data will only be kept for as long as necessary to fulfill its purpose.
• Integrity and confidentiality: Data will be processed ensuring its security and confidentiality.
• Accountability: The Data Controller will ensure compliance with these principles.

Categories of personal data

The categories of data processed are only identifying data. In no case are special categories of personal data processed, as defined in Article 9 of the GDPR.

Legal basis for processing personal data

The legal basis for processing personal data is the explicit and verifiable consent of the User for processing their data for one or more specific purposes.

The User has the right to withdraw consent at any time. The withdrawal of consent will be as easy as giving it. As a general rule, the withdrawal of consent will not affect the use of the Website.

When the User must provide their data through forms for inquiries, information requests, or for reasons related to the content of the Website, they will be informed if any field is mandatory, as it is essential for the correct execution of the operation.

Purposes of processing personal data

Personal data is collected and managed by Fundació Joan Oró to facilitate, expedite, and fulfill the commitments established between the Website and the User, or to maintain the relationship established in the forms filled out by the User, or to attend to a request or inquiry.

The data may also be used for commercial purposes, personalization, operational, statistical, or other activities related to the social purpose of Fundació Joan Oró. This includes extraction, storage, and marketing studies to tailor the content offered to the User, as well as to improve the quality, functionality, and navigation of the Website.

When collecting personal data, the User will be informed of the specific purpose for which the data will be processed.

Retention periods for personal data

Personal data will only be retained for the minimum time necessary to fulfill the purposes of processing and, in any case, for the following period: (pending to define), or until the User requests its deletion.

When personal data is collected, the User will be informed of the period during which it will be retained or, when this is not possible, the criteria used to determine this period.

Recipients of personal data

The User’s personal data will not be shared with third parties, unless there is a legal obligation or it is necessary to fulfill the purposes of the processing.

Personal data of minors

In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only individuals over the age of 14 can provide valid consent for the processing of their personal data. In the case of a minor under 14, parental or guardian consent is required, and this will only be considered valid if they have authorized it.

Privacy and security of personal data

Fundació Joan Oró is committed to adopting the necessary technical and organizational measures to ensure the security of personal data and prevent accidental or unlawful destruction, loss, alteration, or unauthorized access.

The Website has an SSL certificate (Secure Socket Layer) that ensures personal data is transmitted securely and confidentially, fully encrypted.

However, Fundació Joan Oró cannot guarantee the total invulnerability of the internet or the absence of hackers or others who might fraudulently access personal data. In the event of a security breach that results in a high risk to the rights and freedoms of individuals, the User will be notified without undue delay.

Rights arising from the processing of personal data

The User can exercise the following rights, recognized by the GDPR and Organic Law 3/2018:

• Right of access: To confirm whether Fundació processes their personal data and to access it.
• Right to rectification: To modify inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”): To request the deletion of their data when it is no longer necessary or other legal conditions are met.
• Right to restriction of processing: To request limitation under certain circumstances.
• Right to data portability: To receive data in a structured, machine-readable format or to transfer it to another data controller.
• Right to object: To object to the processing of data.
• Right not to be subject to automated decisions: To ensure that no decisions are made based solely on automated processing, including profiling.

Exercising the rights

The User may exercise their rights by sending a written communication to the Data Controller with the reference “GDPR-https://fundaciojoanoro.org/”, specifying:

• The User’s name and a copy of the ID. In case of representation, the representative’s identification and the proof of representation.
• Specific request: Reasons for the request or information they wish to access.
• Notification address.
• Date and signature of the applicant.
• Any document proving the request.

These requests can be sent to the postal address: Ramon i Cajal, 2 altell esquerra 25003, Lleida, or by email: administracio@fundaciojoanoro.org.

Links to third-party websites

The Website may include hyperlinks or links to third-party websites not affiliated with Fundació Joan Oró. The owners of these websites have their own privacy policies and are responsible for their files and privacy practices.

Complaints to the supervisory authority

If the User believes there is a problem or infringement of the applicable regulation in the processing of their personal data, they have the right to file a complaint with a supervisory authority. In Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).

---

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and agreed with the conditions regarding the protection of personal data contained in this Privacy Policy and accept the processing of their personal data for the purposes, terms, and conditions indicated. The use of the Website implies acceptance of this Privacy Policy.

Fundació Joan Oró reserves the right to modify its Privacy Policy according to its discretion or due to changes in legislation, jurisprudence, or the Spanish Data Protection Agency’s guidelines.

Changes or updates to the Privacy Policy will not be explicitly notified to the User. Therefore, it is recommended to check this page periodically to stay informed of the latest changes or updates.

This Privacy Policy was last updated to comply with Regulation (EU) 2016/679 of the European Parliament and the Council, of April 27, 2016, on the protection of natural persons regarding the processing of personal data, and Organic Law 3/2018, of December 5, on Personal Data Protection and the Guarantee of Digital Rights.