Privacy Policy
We provide the Privacy Policy in order to inform you in detail about how we treat your personal data and protect your privacy and the information you provide to us.
If, in the future, we make changes to this Privacy Policy, we will notify you through this web page or by other means, so that you will be aware of the new privacy conditions that will be adopted.
We inform you below, in the form of questions and answers, of the conditions under which our entity treats your personal data:
Who is responsible for the processing of your data?
- Identity: PABLO HORSTMANN FOUNDATION (hereinafter, the Foundation). TAX ID: G-
- Address: Camino del Sur, 50, 28109 – Alcobendas, Madrid, Spain
- Telephone: 91 650 19
- E-mail: info@fundacionpablo.org
For what purposes do we process your personal date?
We process the personal data you provide for the following purposes:
- The management of relations with our suppliers, as well as the invoicing and payment of For this purpose, it is mandatory for the supplier to provide us with their data, otherwise the contract could not be executed.
- To register and manage their participation in the events organized by the Foundation. The provision of data for this purpose is mandatory, otherwise the fulfillment of the purpose will be
- The management of the sponsorship relationship that binds you to the The provision of data for this purpose is mandatory, otherwise the fulfillment of the purpose will be prevented.
- Processing of your registration as a member of the Foundation and management of your relationship with The provision of data for this purpose is mandatory, otherwise the fulfillment of the purpose will be prevented.
1 See section 8.1 of the Personal Data Protection
- Management of donations made by interested parties to the The provision of data for this purpose is mandatory, otherwise the fulfillment of the purpose will be prevented.
- Registration and management of the collaborative relationship that links health volunteers with the Foundation. The provision of data for this purpose is mandatory, otherwise the fulfillment of the purpose will be
- To channel requests for information, suggestions and complaints that you may send us, to contact the sender of the information, to respond to your request or query and to follow up Providing the data for this purpose is voluntary, although, if you do not do so, we will not be able to respond to your request, query or complaint. Therefore, the communication of your personal data for these purposes is a necessary requirement for us to be able to respond to such requests.
- The sending of commercial communications of our activities, services, events, calls, conferences and presentations of the Foundation. If you are a sponsor, partner, donor or health volunteer, we will send you these communications, unless you express your will against it by checking the corresponding box at the time of providing your data or, subsequently, by communicating it to us through any
On the other hand, if you are not one of the aforementioned recipients, we will not send you commercial information, unless you expressly authorize us to do so. The authorization is voluntary and your refusal would only result in you not receiving commercial offers of our products or services.
In connection with the sending of such communications, based on the information provided, we may develop commercial profiles, to offer you the activities and services that best suit your interests.
- If you send us your CV, we will process it in order to have information about those who wish to do an internship and/or work with us in order to be able to carry out the corresponding personnel selection processes.
- If you become a friend or follower of ours on social networks, we will process your data to keep you informed of our activities and promotions through these The fact of providing the data for this purpose is voluntary, although, if you do not do so, you will not be able to be our friend or follower in the corresponding social network. The categories of data processed for this purpose are identification data.
For how long will we process your data?
We only keep your data for the period necessary to fulfill the purpose for which they were collected, to comply with the legal obligations imposed on us and to meet the possible responsibilities that may arise from the fulfillment of the purpose for which the data were collected.
The data for the management of the relationship with suppliers and the billing and collection of services will be retained for this purpose for as long as the contract is in force. After the termination of this relationship, if applicable, the data may be kept for the time required by applicable law and until the expiration of any liabilities arising from the contract.
The data for sending commercial communications of activities or services will be kept indefinitely, until, where appropriate, you express your desire to delete them or your desire to stop receiving such communications.
The data for the management of events organized by the Foundation will be kept for this purpose until the end of the event. After the end of the event, if applicable, the data may be kept for the time required by applicable law and until the statute of limitations for any liabilities arising from their participation in the event.
The data for the management of sponsorship will be kept for as long as the relationship is in force and, even after that, for as long as required by the applicable legislation and until the expiration of any liabilities arising from the sponsorship relationship.
The data for the processing of your registration as a member and management of the relationship with the Foundation will be retained for as long as you remain a member and, even after that, for as long as required by applicable law and until any liabilities arising from the relationship expire.
The data for the management of the donations that the interested parties make to the Foundation will be kept for as long as they maintain their status as donors and, even after that, for as long as required by the applicable legislation and until any liabilities arising from the donation expire.
The registration and management data of the collaboration relationship that links health volunteers with the Foundation will be kept for as long as they maintain their status as health volunteers and, even after that, for as long as required by the applicable legislation and until any liabilities arising from the collaboration relationship expire.
The data processed to respond to requests, inquiries or complaints will be retained for the time necessary to respond to them and give them definitively closed. Subsequently, they will be kept as a communications history for a period of one year, unless you request their deletion before.
The data that you provide us with or that we obtain to take part in a specific open personnel selection process will be retained until the process is concluded and then cancelled, unless the candidate is selected, in which case it will be incorporated into your employee file. In the latter case, as well as when you provide us with your CV spontaneously, simply so that we can take it into account in future selection processes, the data will be retained for a maximum of one year since the last update. You must keep the personal data you provide us with up to date; in particular, those relating to training and professional experience.
Occasionally, during the selection processes, job portals may be used to search for candidates that match the professional profiles that are of interest to us, subject to the Privacy Policies of such platforms. The categories of personal data processed in these cases are the following: identification data, personal characteristics data, employment details data, academic and professional data, and any other information that the candidate has posted on the job portal or included in his or her CV.
The data provided through social networks will be retained as long as you remain a friend or follower of ours on the corresponding platform.
What is the legitimacy for the processing of your data?
The legal basis for processing the data of suppliers, event participants, sponsors, partners, donors and health volunteers is the legal relationship between the parties.
The prospective offer of activities and services to our sponsors, partners, donors or health volunteers is based on the satisfaction of the legitimate business interest consisting in being able to offer them information about other activities or services and thus achieve their loyalty. This legitimate interest is recognized by the applicable legal regulations (General Data Protection Regulation), which expressly permits the processing of personal data on this legal basis for direct marketing purposes. However, we remind you that you have the right to object to this processing of your data by any of the means provided for in this clause.
The prospective offer of products and services to recipients other than those indicated above is based on the consent of the data subject. This consent may be revoked at any time, with no consequences other than the cessation of the receipt of advertising and without affecting the processing of data previously carried out.
The processing of personal data in response to your requests for information, requests, inquiries and complaints is based on the consent of the person concerned. This consent may be withdrawn at any time, although this will not affect the lawfulness of the processing previously carried out.
The legitimate basis for the processing of CVs that you submit to us or that we obtain from employment platforms for a specific open personnel selection process is the existence of a pre- contractual relationship. In addition, further data may be collected during interviews or selection processes, the processing of which has the same basis.
The legal basis for processing the data contained in your CV, if you have asked us to keep it after a selection process or if you have sent it to us spontaneously, is your consent, which may be revoked at any time. However, data processing carried out previously will not lose its lawfulness because the consent has been revoked.
The data provided through social networks will be processed on the legal basis of your consent, being able to revoke it at any time, although this will not affect the lawfulness of the processing previously carried out.
The categories of data processed are those requested in each case the form or contract through which you provide us with your data.
To which receipients will your data be communicated?
Personal data will not be communicated to third parties, except if you are a supplier, a donor partner, a sponsor, a participant in a funding project or an event, in which case your data may be communicated to the following entities:
- The competent Public Administrations, in the cases provided for in the Law and for the purposes defined
- The financial entities through which the collection is
The personal data provided will be subject to international transfers due to the use, by the Foundation, of Zoom (entity located in the USA) to carry out the events organized by the Foundation. This entity offers adequate data protection guarantees by applying the Standard Contractual Clauses approved by the European Commission for international data transfers.
Although it is not a transfer of data, it may be that third party companies, acting as our suppliers, access your information to carry out the service. These third parties access your data following our instructions and without being able to use it for a different purpose and maintaining the strictest confidentiality and on the basis of a contract in which they undertake to comply with the requirements of the current regulations on the protection of personal data.
What are your rights when you provide us with your data?
Any person has the right to obtain confirmation as to whether or not we are processing personal data concerning him/her. The persons concerned have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Under the conditions provided for in the General Data Protection Regulation, data subjects may request the limitation of the processing of their data or their portability, in which case we will only keep them for the exercise or defense of claims.
In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. If you have given consent for a specific purpose, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal. In such cases, we will stop processing the data or, as the case may be, we will stop processing the data for that purpose on except for compelling legitimate reasons, or the exercise or defense of possible claims.
In addition, data protection regulations allow you to object to being the subject of decisions based solely on automated processing of your data, where applicable.
The aforementioned rights are characterized by the following:
- It is free of charge, except in the case of manifestly unfounded or excessive requests (e.g. repetitive nature), in which case a fee proportional to the administrative costs incurred may be charged or a refusal to act may be
- You may exercise your rights directly or through your legal representative or
- Your request must be responded to within one month, although, taking into account the complexity and number of requests, the deadline may be extended by a further two
- We are required to inform you about the means to exercise these rights, which must be accessible and we may not deny you the exercise of the right solely because you choose another means. If the request is submitted electronically, the information will be provided by electronic means whenever possible, unless you ask us to do
- If, for any reason, the request is not granted, we will inform you, within one month at the latest, of the reasons for this and of the possibility to complain to a supervisory
In order to facilitate the exercise of the aforementioned rights, we provide below links to the application form for each of them:
- Form to exercise the right of access
- Form for exercising the right of rectification
- Form for exercising the right to object
- Form for exercising the right of deletion ("right to be forgotten")
- Form for exercising the right to limit the processing of personal data
- Form for exercising the right to portability
- Form of exercise of the right not to be subject to automated individual decisions
In all cases, you must prove your identity by attaching a photocopy or scanned copy of your ID card or equivalent document, or a document proving representation, if the right is exercised through a representative.
All the aforementioned rights may be exercised through the means of contact with the entity listed at the beginning of this clause.
Faced with any violation of your rights, especially when you have not obtained satisfaction in its exercise, you can file a complaint with the Spanish Data Protection Agency (contact details available at www.aepd.es), or other supervisory authority competent. You can also obtain more information about your rights by contacting these agencies.
How do we protect your personal data?
We are firmly committed to protecting the personal data we process. We use reasonably reliable and effective physical, organizational and technological measures, controls and procedures aimed at preserving the integrity and security of your data and ensuring your privacy.
In addition, all personnel with access to personal data have been trained and are aware of their obligations in relation to the processing of their personal data.
In the case of the contracts we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the order made, as well as to implement the necessary technical and organizational security measures to ensure the confidentiality, integrity, availability and permanent resilience of the systems and services for the processing of personal data.
All these security measures are reviewed periodically to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed and no security system is impenetrable, so in the event that any information under our control and under our control is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the Control Authority and, where appropriate, those users who may have been affected to take appropriate action.
What is your responsability as data owner?
By providing us with personal data, the person who does so guarantees that he/she is over 14 years of age and that the data provided is true, accurate, complete and up to date.
For these purposes, the interested party is responsible for the veracity of the data and must keep them conveniently updated so that they correspond to their real situation, being responsible for false and inaccurate data that may be provided, as well as for the damages, direct or indirect, that may arise.
If you provide data of third parties, you assume the responsibility to inform them in advance of all the provisions of Article 14 of the General Data Protection Regulation under the conditions set forth therein.