PLANIFICACIÓN RESIDENCIAL Y GESTIÓN, S.A.U. (PRYGESA) reserves the right to amend this Policy for the purpose of adapting it to regulatory changes, judicial criteria, practices in the sector or in the best interests of the organisation. Any changes made to this policy will be announced with due notice so you can be made perfectly aware of their content.
The processing of your personal data is necessary for providing you with certain services. To that end, said personal data will be included in the corresponding processing activities by PRYGESA and will be processed for the specific purpose of each process, mainly in accordance with the regulations provided by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), as well as Spanish Constitutional Law 3/2018, of 5 December, on personal data protection and the guarantee of digital rights (LOPD-GDD).
I. GENERAL INFORMATION
PRYGESA provides general information on the protection of privacy and of personal data applied to the processing activities it undertakes at Portal level, as well as by other means:
1. Who is the Data Controller responsible for your personal data?
PRYGESA is the Data Controller, with registered office at Glorieta de Caminos 6 y 7, 4ª planta, 28020 Madrid (Spain), CIF tax code: A84114305.
Furthermore, PRYGESA receives advice and supervision from our Data Protection Officer firstname.lastname@example.org.
2. Why do we process your personal data?
Depending on the case in question, the purpose for collecting and processing personal data via the various forms owned by PRYGESA and made available to Users is to manage and respond to requests for information, questions, complaints, congratulations or suggestions regarding the publications or any service or activity, act or event provided, offered, sponsored and/or supported by PRYGESA.
3. What are the legal grounds on which your personal data are processed? In other words, why can we process your personal data?
The legal grounds on which we are able to process your personal data are as follows: (i) the consent you provide by signing or accepting the forms in question, for one or more specific purposes; and, where appropriate, (ii) the performance of a contract to which you are party as contractor or contractee.
4. How long do we keep your personal data?
We will store your personal data for the corresponding period in order to keep a record of service and manage our services efficiently, provided that the data subject does not ask for their data to be erased. When such a request is made, the personal data will be blocked but not deleted for the time necessary and will only be processed for one of the following reasons: compliance with legal/contractual obligations of any nature to which we are subject and/or for the legal periods required for the expiry of any liabilities on our part and/or the exercise or defence of complaints stemming from the relationship maintained with the data subject.
5. Who must update the data?
Furthermore, in order for the data stored in our electronic and/or paper files to always correspond to reality, efforts will be made to keep them up-to-date. For this purpose, the User must make any such changes either directly when duly authorised to do so or via reliable communication to the relevant PRYGESA area or department.
6. With whom might your personal data be shared?
Personal data will not be transferred to or shared with third parties unless necessary for development, control and compliance with the aforementioned purpose(s), under the circumstances provided for by law.
7. Personal data security
PRYGESA will adopt all the necessary technical and organisational measures in its IT system to comply with the principle of proactive responsibility in order to guarantee the security and confidentiality of the data stored, thereby preventing alteration, loss, processing or unauthorised access based on the start of the art, the cost of application and the nature, scope, content and purposes of the processing, as well as risks of variable likelihood and severity associated with each processing activity.
8. What are your data protection rights and how can you exercise them?
You are entitled to exercise the rights of access, rectification, erasure, limitation, portability and, where applicable, opposition. To do so, you must write to PRYGESA at Glorieta de Caminos 6 y 7, 4ª planta, 28020 Madrid (Spain). The letter must state which of these rights you wish to exercise and also include a photocopy of your DNI or equivalent identification document. If you are acting through a legal or voluntary representative, you must also provide a document that certifies such representation and an identification document of the representative. Furthermore, if you believe that your personal data protection rights have been breached, you may lodge a complaint with our Data Protection Officer email@example.com or, where applicable, the Spanish Data Protection Agency (www.aepd.es).
More information can be found below on the exercise of your data protection rights:
1. What are my rights?
2. Who can exercise these rights with PRYGESA?
3. How and where can I exercise these rights?
4. Additional information
1) What are my rights?
Data protection regulations enable you to exercise the rights of access, rectification, opposition, portability, erasure (“right to be forgotten”), processing limitation and to not be subject to automated individual decision-making with the data controller, PRYGESA, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”), as well as Spanish Constitutional Law 3/2018, of 5 December, on personal data protection and the guarantee of digital rights (LOPD-GDD):
- Right of access
You are entitled to know:
* Whether we are processing personal data that concern you.
* The origin of your data, if you did not provide them yourself.
* The purpose for processing your data.
* The data categories involved.
* The recipients or recipient categories with which the personal data were or will be shared.
* If possible, the scheduled period for which the personal data will be stored (or, if not possible, the criteria used for determining this period).
* The right to lodge a complaint with a control agency.
* If we make automated decisions – including profiling – using your personal data.
- Right of rectification
You are entitled to rectify your personal data by:
* Completing them, if they are incomplete.
* Updating or correcting them, if for any reason they no longer reflect the current reality or are inaccurate.
* By exercising the right to rectification, we will guarantee that all your personal data are accurate and complete
- Right to erasure
You are entitled to have your personal data erased under any of the following conditions:
* The data are no longer necessary for the purposes for which they were collected or processed.
* You withdraw the consent on which we based the processing of your data and processing cannot take place on any other legal grounds.
* You have successfully exercised your right to oppose the processing of your data.
* The personal data have been processed unlawfully.
- Right to restrict processing
You will be entitled to obtain a restriction on the processing of your personal data (i.e., that we keep your personal data without using the same for the stated purposes).
- Right to oppose processing
You will be entitled to ask us to stop using your personal data, for example, when you believe that the personal data we hold about you may be incorrect or you believe that we no longer need to use them.
- Right to data portability
When the processing of your data is based on consent or is necessary for the performance of a contract or pre-contract and is automated, you will be entitled to the portability of your data; i.e., that we provide them to you in a structured, machine-readable format of common use, as well as that we provide them to a new data controller. This is why PRYGESA will facilitate the portability of your data to the new data controller.
2) Who can exercise these rights with PRYGESA?
You, as data subject or owner of the personal data, acting in your own name and on your own behalf.
Through someone else who acts as a duly accredited legal representative (e.g., when the holders of parental authority act on behalf of a minor under the age of 14 or when action is taken as the legal representative of someone with functional diversity) or voluntary representative (someone to whom you freely and voluntarily grant powers of representation to this end).
3) How and where can I exercise these rights?
You can submit your request by sending it to the following postal address: Glorieta de Caminos 6 y 7, 4ª planta, 28020 Madrid (Spain)
You can submit your request by sending an e-mail to the following address firstname.lastname@example.org.
In both cases, you must:
- Provide sufficient details and information so as to enable a response to the request. To this end, you may use the template forms made available by the Spanish Data Protection Agency https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos
- Hand sign the document or, where applicable and a recognised digital certificate is available, sign it electronically.
- Attach a photocopy of your DNI, Passport, NIE or other equivalent identification document. When acting on behalf of a third party, a copy of their DNI or equivalent identification document must also be included, as well as the document accrediting representation of the data subject.
- Send the form and documents proving your identity by any of the afore-mentioned means.
4) Additional information
PRYGESA will study whether the request is supported by law or not. It will notify the requesting party of the decision reached and act accordingly: if accepted, it will adopt the pertinent measures based on the right exercised; if rejected, it will indicate the legally provided system for appeals. In the event that requests clearly have no legal basis or are excessive (e.g., repetitive), PRYGESA may: (i) Charge a fee in proportion to the administrative costs incurred; (ii) Refuse to act.
For more information or clarification about your personal data protection rights, you may contact our Data Protection Officer email@example.com.