Privacy policy

Persons responsible for the treatment

• Responsible for Treatment: Fundación Centro Tecnolóxico da Carne de Galicia
• CIF: G32273427
• Address: Avenida de Galicia, 4. Parque Tecnolóxico de Galicia. San Cibrao das Viñas. 32900. Ourense.
• Email to exercise rights: dpto_administracion@ceteca.net

Purposes and legal bases

Completing the basic information on data protection that is provided through each of the data collection methods, additional information is provided below regarding the purposes, legitimizing bases and other information of the following files or treatments:

• Users of the website

Through the website, personal data is collected for various purposes, among others:

• Contact section to raise questions, complaints, suggestions or claims. The legality of the treatment is based on 6.1.a. GDPR “the interested party gave his consent to the processing of his personal data for one or more specific purposes.”
  
  The data will be kept as long as the purpose for which it was provided is maintained and, once completed, it will remain blocked during the statute of limitations for processing responsibilities.

• Analysis of browsing habits through analytical cookies (see Cookies Policy published on the website). The legality of the treatment is based on 6.1.a. GDPR “the interested party gave consent to the processing of his or her personal data for one or more specific purposes.”
  
  The data will be kept for the periods established in the Cookies Policy and, in any case, as long as the consent previously given is not revoked.

• Online sale: The legality of the treatment is based on 6.1.b. GDPR “the processing is necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures.”
  
  The data will be kept as long as the purpose for which it was provided is maintained and, once completed, it will remain blocked during the statute of limitations for processing responsibilities.

• Application management section: The legality of the processing is based on 6.1.b. GDPR “the processing is necessary for the execution of a contract to which the interested party is a party or for the application at the request of the interested party of pre-contractual measures.”
  
  The data will be kept for a maximum period of 2 years, without prejudice to the fact that the interested person may withdraw their consent at any time. If the candidate is hired, they will be kept as long as the contractual relationship remains in force and, once completed, they will remain blocked during the prescription periods for responsibilities derived from the treatment.

Data transfers or communications

For the management of certain services offered by the entity, it is necessary to allow access to certain data to third party service providers contracted for this purpose. In this sense, the entity proceeds to subscribe to the respective necessary data processor contracts, and has given the precise instructions to the different service providers or data processors, to ensure the security and integrity of the data to which they have access for the provision of the contracted service.

Outside of the above cases, your personal data will not be transferred to third parties, except in the cases legally provided for.

Profiles and international data transfers

There is no provision for profiling, nor is there any provision for international data transfers.

Revocation of consent

In those cases, in which the processing of personal data is based on consent, the interested parties are informed of the right to withdraw their consent at any time, in a simple and free manner, by writing to the address of the person responsible for the processing or to through “email”. The revocation of consent will not affect the legality of the processing based on consent prior to its withdrawal.

Rights of interested parties

The data protection regulations grant a series of rights to the interested parties or owners of the data, these rights that assist them are the following:

• Right of access: right to obtain information about whether your own data is being processed, the purpose of the processing being carried out, the categories of data being processed, the recipients or categories of recipients, the conservation period and the origin of said data.
• Right to rectification: right to obtain rectification of inaccurate or incomplete personal data.
• Right to object: right to oppose a certain treatment based on the consent given.
• Right to deletion: right to obtain the deletion of data in the following cases:
  • When the data is no longer necessary for the purpose for which it was collected
  • When the owner of the same withdraws consent
  • When the interested person opposes the treatment
  • When they must be deleted in compliance with a legal obligation
  • When the data have been obtained by virtue of an information society service based on the provisions of art. 8 section 1 of the European Data Protection Regulation.
• Right of limitation: right to obtain limitation of data processing when any of the following situations apply:
  • When the interested person challenges the accuracy of the personal data, during a period that allows the company to verify its accuracy.
  • When the treatment is illicit and the interested person opposes the deletion of the data.
  • When the company no longer needs the data for the purposes for which it was collected, but its owner needs it for the formulation, exercise or defense of claims.
  • When the interested person has opposed the processing while it is verified whether the legitimate reasons of the company prevail over those of the data owner.
• Right to portability: the right that when the treatment is carried out by automated means, the interested person receives their personal data in a structured, commonly used, machine-readable and interoperable format, and can transmit them to another person responsible for the treatment, provided that the treatment is legitimized based on consent or within the framework of the execution of a contract.
  • This right, by its very nature, cannot be applied when the processing is necessary for the fulfillment of a mission of public interest or in the exercise of public powers conferred on the controller.
• Right not to be subject to automated individual decisions: right not to be subject to a decision based solely on the processing of personal data, including profiling, in a way that produces legal effects on the interested person or significantly affects him or her. similar way.

This right will not be applicable when:

• It is necessary for the conclusion or execution of a contract between you and the person responsible
• The processing of your data is based on your previously given consent

* In these first two cases, the person responsible must guarantee the right of the interested parties to obtain human intervention, express their point of view and challenge the decision.

• It is authorized by Union or Member State law and appropriate measures are established to safeguard the rights and freedoms and legitimate interests of the person concerned.

* In turn, these exceptions will not apply to special categories of data (art.9.1), unless article 9.2. letter a) or g) applies and the appropriate measures mentioned in the previous paragraph have been taken.

Interested persons may exercise the indicated rights by contacting the entity, in writing, sent to “email” indicating in the Subject line the right they wish to exercise, or if they prefer, send their request to the postal address of the company, this being “Address”.

In this sense, the entity will respond to your request as soon as possible and taking into account the deadlines provided in the regulations on data protection. On the other hand, it should be taken into account that the interested person or owner of the data may at any time file a claim with the Spanish Data Protection Agency www.aepd.es.

Security

The security measures adopted by the entity are those required in accordance with the provisions of article 32 of the RGPD. In this sense, the entity, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.

In any case, the entity has implemented sufficient mechanisms to:

• Ensure the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
• Restore availability and access to personal data quickly, in the event of a physical or technical incident.
• Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.
• Pseudonymize and encrypt personal data, if applicable.