Data Protection

Personal Data protection


The Data Controller:

The Data Controller Responsible for Processing the Personal Data collected, accessed, processed and/or kept by this entity is:

RESIDENCIA CORDIMARIANA HIJAS DEL CORAZÓN DE MARÍA. CIF R2500265J Avda. Balmes, 28 – 25006, Lérida

The Data Protection Officer’s contact details are: dpd@residencia-cordimariana.org

You can contact either postal or email address mentioned above to solve any issue relating to Personal Data Processing.

Purpose:

The personal data that are object of processing by this entity are such for specific, explicit and legitimate purposes, in particular those for the established contractual relationship, as well as for the links generated in contractual agreements that may be signed between the entity and the data subjects and the resulting obligations understood as necessary to comply with the requirements stated for a contract signed by each party, and fulfil the legal obligations set out in the current regulation.

Any processing connected to legitimate purposes of this entity may arise, such as management of information transmission to facilitate the data subjects a better and faster access and control of products and services. All this, providing that it is legally authorized to do it.

In no case will this entity make automated decisions based on profiles.

The personal data provided will be stored for the legal time-limits set in both data protection and sectorial legislation, or as long as contractual relations prevail. After complying with the established time-limits, data will be duly blocked to meet legally enforceable provisions or until the general accomplishment of tasks, except those situations in which Law authorises any other retention period.

Legitimacy:

The lawfulness to process personal data in this entity derives from complying with legal obligation of an established relationship or the subject’s unambiguous consent, respecting everything concerning rights and obligations arising from the legislation in force, as well as respect for freedoms of the data subjects.

For any other data processing not protected under this Regulation or under a contractual basis, the subject’s consent is requested.

It may be necessary to provide the required data. The refusal to provide them may involve inability to objectify rights and obligations considered in current Regulation or signed contracts.

Recipients:

The recipient of personal data subject to processing by this entity is the entity itself that use them for internal administrative and legal purposes or legal obligations to customers, suppliers, data subjects or employees.

However, to meet contracts and obligations – legal capacities of the legitimate purposes of this entity, it may be possible that notification, access and / or processing of personal data by third parties or professionals are necessary where permitted by applicable law.

Equally, this entity can contract part of its digital infrastructure according to a “cloud-computing” model, so it has processing managers with servers located in the EU. If USA-located cloud services were needed, they would only be arranged under EU-USA-fostered agreements like Privacy Shield.

In any event, as far as such access and/or processing is permitted by the regulation, those will be dependent on a priori contract existence between the Data Controller and the Data Processor and/or in accordance with legal provisions covered by rules.

Rights:

Any person has the right to obtain confirmation as to whether or not data related to him are being processed by this entity.

This entity cooperates in complying with legislation in force, especially concerning personal data.

The data subjects will have the right to access their personal data, as well as to obtain from the controller the rectification of inaccurate or incomplete personal data or, whether the case, to request data blocking when, among other reasons, they are no longer needed for the tasks for which they were collected.

To the extent deemed necessary and if legally permitted, the data subjects may request restrictions on their data processing, in which case they will only be maintained for purposes of proof in complaints, cooperation in judicial injunctions or legal requirements.

Under certain circumstances, and on grounds relating to their particular situation, the data subjects may object to their data being processed. This entity will stop processing them, except for the reasons given previously.

Likewise, this entity admits and attends any other right that the current regulation recognises to any user.

Source:

The personal data collected, processed and stored in this entity have been provided by the data subjects themselves and they are adequate, relevant and not excessive in relation to performing the legal relationship with this entity in accordance with its lawful powers.

Any personal data that are in possession of this entity have as their source those allowed by Law or that have been explicitly given by the data subject.

All personal data are subject to the appropriate security measures and other applicable requirements by the personal data processing regulation in force.