Privacy and data protection policy

1. INTRODUCTION

Fundación de la Comunidad Valenciana para la Promoción Estratégica, el Desarrollo y la Innovación Urbana (hereinafter, the “Foundation”) reserves the right to modify this Policy in order to adapt it to legislative developments, case law, industry practices or its own interests. Any such modification will be announced in advance, so that you are fully aware of its contents.

To provide certain services, it is necessary to process your personal data. Accordingly, your data will be included in the relevant processing activities carried out by the Foundation and will be processed for the specific purpose of each activity, primarily in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR), and Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

An up-to-date list of the processing activities carried out by the Foundation is available at the following link: Record of processing activities.

2. GENERAL INFORMATION

Below, the Foundation provides general information regarding its safeguarding of privacy and protection of personal data in relation to the processing activities it carries out via its website and by other means:

2.1. Who is the Data Controller for your personal data?

Fundación de la Comunidad Valenciana para la Promoción Estratégica, el Desarrollo y la Innovación Urbana acts as the Data Controller. Its registered address for these purposes is:
C/ Joan Verdeguer, 16, 46024, València, Spain.
Data Protection Officer (DPO): dpdlasnaves@unive.es

2.2. For what purposes do we process your personal data?

The purpose of collecting and processing personal data via the various forms owned by the Foundation and made available to users is, depending on the specific case, to manage and respond to requests for information, questions, complaints, compliments, or suggestions related to its publications, services, activities, events or any other initiatives organised, offered, sponsored or supported by the Foundation.

2.3. What is the legal basis for processing your personal data?

The legal bases that legitimise us to process your personal data are:
(i) the consent you give by signing or accepting the relevant forms for one or more specific purposes;
(ii) where applicable, the performance of a contract to which you are a party, either as contractor or awardee;
(iii) compliance with a legal obligation, or the exercise of public powers or competences.

2.4. How long do we retain your personal data?

We will retain your personal data for the appropriate period necessary to maintain a record of service and manage our services efficiently, provided you do not request its erasure. Even if erasure is requested, data will remain blocked for as long as necessary and their processing limited solely to: complying with our legal or contractual obligations of any kind; during the statutory limitation periods for any liabilities on our part; or for the exercise or defence of claims arising from our relationship with the data subject.

2.5. Who is responsible for keeping data up to date?

To ensure the data in our files (electronic and/or paper) is always accurate, we will strive to keep it updated. To this end, users should make any necessary changes themselves where enabled to do so, or communicate them reliably to the relevant area or department of the Foundation.

2.6. Who may be recipients of your personal data?

Personal data will not be disclosed or communicated to third parties, except where necessary for the development, control and fulfilment of the stated purpose(s), or in the cases provided for by law.

2.7. Security of personal data

The Foundation will adopt the appropriate technical and organisational measures in its information systems, in accordance with Royal Decree 3/2010 of 8 January, which regulates the National Security Framework in the field of Electronic Administration. It will do so in compliance with the principle of proactive responsibility to guarantee the security and confidentiality of stored data and to prevent its alteration, loss, unauthorised processing or access, taking into account the state of the art, implementation costs, the nature, scope, context and purposes of processing, and the varying likelihood and severity of risks associated with each processing activity.

2.8. What are your data protection rights and how can you exercise them?

To exercise your rights of Access, Rectification, Erasure, Restriction, Portability, or, where applicable, Objection, you may submit a request in writing to:
C/ Joan Verdeguer, 16, 46024 Valencia, Spain.
Or to our Data Protection Officer: dpdlasnaves@unive.es

Your request must specify which right you wish to exercise and include (or, in the case of postal submission, attach) a copy of your national ID (DNI) or an equivalent identity document. If acting through a legal or voluntary representative, you must also provide proof of representation and their identification document. If you believe your data protection rights have been violated, you may file a complaint with our DPO (dpdlasnaves@unive.es) or with the Spanish Data Protection Agency (www.aepd.es).

Below you will find further information about exercising your data protection rights:

a) What are my rights?

Data protection regulations allow you to exercise the following rights before the Data Controller (the Foundation), in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPD-GDD):

• Right of Access
  You have the right to know:
  • Whether we are processing personal data concerning you.
  • The origin of your data, if you did not provide it.
  • The purposes of processing.
  • The categories of data involved.
  • The recipients or categories of recipients to whom your data has been or will be disclosed.
  • Where possible, the intended retention period (or the criteria used to determine it).
  • Your right to lodge a complaint with a supervisory authority.
  • Whether we use automated decision-making, including profiling.
• Right of Rectification
  You have the right to have your personal data rectified:
  • By completing them if they are incomplete.
  • By updating or correcting them if they are inaccurate or no longer reflect current reality.
  • Exercising this right ensures your data are accurate and complete.
• Right of Erasure (“Right to be Forgotten”)
  You have the right to have your personal data erased when:
  • The data is no longer necessary for the purposes for which it was collected or processed.
  • You withdraw the consent on which processing is based, with no other legal basis for processing.
  • You have successfully exercised your right to object to processing.
  • The data has been processed unlawfully.
• Right to Restriction of Processing
  You have the right to request the restriction of processing of your data (i.e., that we retain it but do not use it for processing purposes).
• Right to Object
  You have the right to ask us to stop using your personal data, for example, if you believe it is incorrect or no longer needed.
• Right to Data Portability
  Where processing is based on consent or necessary for the performance of a contract or pre-contract and is carried out by automated means, you have the right to data portability: to receive your data in a structured, commonly used and machine-readable format and to have it transmitted to a new controller. The Foundation will facilitate this transfer to the new controller upon request.

b) Who can exercise these rights before the Foundation?

• You, as the data subject, acting in your own name and right.
• Another person duly authorised, acting as:
  • Legal representative (e.g., parents or guardians on behalf of minors under 14 years, or legal guardians of persons with disabilities).
  • Voluntary representative (a person you have formally authorised for this purpose).

c) How and where can I exercise these rights?

• By post
  You can send your written request to:
  C/ Joan Verdeguer, 16, 46024 Valencia, Spain.
• Online
  You can email your request to: dpdlasnaves@unive.es

In both cases you must:

• Provide sufficient data and information to process your request. You may use the forms available from the Spanish Data Protection Agency (AEPD):
  https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos
• Sign the form manually or, if you have a recognised digital certificate, sign it electronically.
• Include a copy of your DNI, passport, NIE, or equivalent identification document. If acting on behalf of another person, also include their ID document and proof of your authorisation or legal representation.
• Send the form and supporting documents using one of the above methods.

d) Additional information

The Foundation will analyse whether your request complies with the law. It will notify you of its decision, and if accepted, will take the appropriate steps in accordance with the right exercised. If rejected, you will be informed of the legally established appeals process. If requests are manifestly unfounded or excessive (for example, repetitive), the Foundation may:
(i) Charge a fee proportional to the administrative costs incurred; or
(ii) Refuse to act.

For more information or clarification regarding your data protection rights, you may write to: dpdlasnaves@unive.es.

3. ADDITIONAL INFORMATION ON DATA PROTECTION

3.1. Service Providers

The personal data of the signatory of the contract, as well as of any individuals involved or in contact in the context of service provision, will be processed by Fundación de la Comunidad Valenciana para la Promoción Estratégica, el Desarrollo y la Innovación Urbana, in its capacity as Data Controller.

The legal basis for the processing of the data is the contractual relationship, for its formalisation and execution.

The purpose of the processing is to maintain the contractual relationship, including the related economic and technical aspects, as well as the development and management of the contracted service(s), and, where applicable, to provide information regarding any related incidents.

The data will be retained for the period necessary to fulfil the purpose for which they were collected and to determine any potential liabilities arising from that purpose and from the data processing. They may also be retained if required by competent public authorities (such as the Tax Agency, courts or tribunals).

Data will not be disclosed to third parties unless it is necessary or legally required to share them with public or private entities for the management of the contractual relationship, or in the cases provided for by law.

3.2. Social Media

Fundación de la Comunidad Valenciana para la Promoción Estratégica, el Desarrollo y la Innovación Urbana operates several social media profiles to share information about its activities and interact with users. Users of these social networks who voluntarily choose to follow or connect with the Foundation thereby consent to the processing of their personal data from their profiles for interaction purposes within the social media platform.

The Foundation does not collect data from social media for any purpose other than those stated above. The use of social networks involves an international transfer of data for service provision purposes. This communication is based on the adoption of standard contractual clauses by the social network provider, in accordance with European Commission Decision 2010/87.

Users can choose to unfollow or disconnect from the Foundation at any time.

Users must respect the rights of third parties, particularly regarding privacy and data protection, as well as intellectual and industrial property rights, in all content they publish on the Foundation’s social media pages.

The publication of any content that may infringe upon morality, public order, fundamental rights, public freedoms—especially honour, privacy or the image of third parties—and, more generally, human rights, is strictly prohibited. Users are solely responsible for any content they publish.

We recommend reviewing the privacy settings of each social media platform. Links to the relevant privacy policies are provided below:

• Twitter: https://twitter.com/en/privacy
• Facebook: https://en-gb.facebook.com/privacy/explanation
• Instagram: https://help.instagram.com/519522125107875

3.3. Email

Any personal data processed as a result of receiving and/or exchanging emails will be used for the purpose of responding to your request for information or enquiry, maintaining commercial or professional contacts and relationships arising from such exchanges, or, where applicable, for maintaining a contractual relationship.

3.4. Electronic Bulletin or Newsletter

Additionally, if you have expressly authorised it by ticking the relevant box or through a direct request, we will keep you informed about our activities.

Your consent for the processing of your personal data and their subsequent use for newsletter distribution can be withdrawn at any time. A link for this purpose is included at the footer of each newsletter. You may also unsubscribe at any time or contact us using the options provided at the end of this document.