We recommend that you read the following text carefully and if after doing so you have any doubt, you can get in touch with us through our email address firstname.lastname@example.org
RESPONSIBILITY FOR PROCESSING (PERSONAL DATA)
As well as the following companies of its group: HORA NOVA, S.A. A-07242753 Paseo Mallorca 9-A 07011 Palma
SECURING PERSONAL DATA
We gather personal information on the User through:
Requests for information and quotations on our products and services, as well as details provided for taking part in an event, activity or promotional event, etcetera, or data secured when the User acquires any of our products or services by means of the User providing information required to that effect, through means of email correspondence and/or forms made available to the User on the internet.
Cookies and other technology. If you wish to know more you are welcome to visit our Cookies Policy.
In the forms which are available on the websites, there is guidance as to which sections the User is obliged to complete so that if the sum total of the information required is not provided, we cannot meet the requirements of the User or provide the requested services.
So though this procedure we can lawfully obtain the following information:
- Christian name and surname
- Date of Birth
- National Identity Number
- Nationality and/or residential address
- Telephone number,
- Email address
- Web page
- (Geographical) Location
The Location of the Users will be used to optimise areas of targeted publicity. If the User doesn’t want the Majorca Daily Bulletin to have knowledge of his/her location, the User will need to configure their browser which will deactivate the geo-localisation function; browsing features (through cookies); tastes and preferences (through cookies): the IP address (through cookies): any opinion or comment that is freely given to us or is found in public profiles on news (for example through social networking such as Facebook or Twitter); any other information and/or archive file that is freely passed over to us.
On those websites where you can acquire something or where you can subscribe to some information or advertising service, your payment details will be requested, for example details of your banking card and any other information required to process your payment should that be necessary.
It may be that you are asked to share your location or geographical whereabouts. If this is the case then the purpose is to personalise advertising close to where you are located or to provide you with information on services where you are located. This information can also be used to carry out statistical studies and break down advertising services into branches.
You are free to get in touch with us if you have any questions or concerns regarding the processing of your personal data by emailing us on email@example.com.
YOUR COMMITMENT IS TO PROVIDE US WITH ACCURATE DETAILS AS AND WHEN REQUIRED
The Users of our websites should be certain that the information provided is true, accurate and up-to-date. In order that we have your most recent personal information on file, we would ask that you let us know of any changes in your circumstances.
As the User, it is important that you are the only person responsible for any direct or indirect damage resulting from providing us with inaccurate or false information leading to a fraudulent transaction.
CONSENT OF MINORS
It is essential that people under 16 years of age who use our websites have the express consent of their parents or legal guardians to do so. A copy of identity documentation of the minor and appropriate authorisation should be sent by email to firstname.lastname@example.org. We do not keep personal data on people under 16 years of age without the consent of their parents or guardians. Users need to declare and guarantee their being 16 years of age and over.
In the event that our website managers suspect that Users could be under age, their personal information will not be processed and their requests not replied to. We reserve the right to request sight of a national identity card of similar document to provide proof of their being of a legal age to use the website.
PURPOSE OF PROCESSING PERSONAL DATA
We hereby guarantee that all the personal data provided by users will be stored and processed by those responsible for the following purposes:
To respond to questions sent through completion of our contact form or which have been emailed to us at email@example.com about the processing of data where the legal basis for such processing is consent.
To manage letters to the director, formal complaints made by members of the public or any other communication received via this email address at any of our offices. The legal basis for processing the personal data is consent.
To manage and process requests for subscriptions received through completed forms requesting subscriptions and to offer the User the service that they request. The legal basis for processing the data is the setting up of a contract.
To manage the accounts of a registered User to guarantee correct carrying out of any service requested. The legal basis for processing of data in these cases is consent and /or setting up an account between the User and the Provider.
Promote the participation of registered Users in conferences, outings, events and activities of all kinds as requested by the User. The legal base for processing personal data is consent.
To reply to the questions of the User regarding privacy issues or User application for exercise of rights with regard to Data Protection sent to us via our email address firstname.lastname@example.org. The legal basis in this instance for use of personal data is legitimate interest.
To send the User emails in response to their questions, to send information sheets or commercial notices and other material specifically requested by the User through subscription to our publication. The legal basis for use of the data is consent.
To carry out analytical studies of the website for statistical purposes with the aim of improving information provided. The legal base for processing personal data in this instance is legitimate interest.
Legal obligations. There is the possibility that we are obliged to use, document and retain personal information for legal reasons and for the fulfilment thereof, such as prevention, detection and investigation of a crime, prevention of personal loss or fraud or in order to comply with internal and external audit requirements. Whilst bearing in mind our commitment to the security of information and protection of personal data, we are legally obliged to provide information if circumstances demand that we assist with crime prevention:
- By virtue of existing law, which could include laws outside of the country of residence of the User.
- To respond to investigations by tribunals, security organisations, regulatory bodies and other public and governmental institutions which could also include authorities with legal power outside the country of residence of the User.
- And to protect rights, privacy, security or property of those responsible for processing data and those of other people.
Before sending any requests or information through completing on-line forms or through an electronic email address on the internet, the User must give express confirmation that he/she has read this Privacy Statement, which to all legal intents and purposes confirms that the User gives his informed consent unequivocally, freely and specifically for the purposes set out herein.
Other company websites linked to those in the organisation who process personal data can contain subscription forms for the User to receive news, newsletters or for using purchasing services from those websites, or to receive information on activities. These websites could also contain personalization tools that would be shared with them.
We can use personal information to send and suggest adapted content such as news items, investigations reports and business information, and to personalise User experiences with our services and those of related companies. Some of these services could ask the User to share exact geographical location in such a way that we might be able to personalise your experience and promote precision in the services provided to you. If you agree to share your exact geographical whereabouts with us, you will be able to deactivate it at any time simply by adjusting the privacy configuration on your mobile device.
In some instances, third party tools and services are used for the management of the websites such as for investigative and analytical purposes, and email marketing campaigns. Some of these services could be carried out by third party organisations based in countries outside the European Union (Google, Mailchimp, Amazon Host, WordPress, etc.)
It is always our policy to use secure I.T. tools preferably linked to servers based in Spain, or in the event of that not being possible, to servers based in another member country of the European Union so that practices are carried out according to European law, and based on guidelines and recommendations by the Spanish Data Protection Agency, from the European Commission and in agreement with European Union laws governing international transfer of personal data including verification on the Privacy Shield list.
The majority of those third party operators are well able to show that they adhere to European ruling on data protection, to the extent that they use European-based servers and may even have an administration base in a European country. Nevertheless, in the event that there is a need for international transfer of personal data, accepting this Privacy Statement implies that you give your express consent to such a move, having been informed of the process of data handling in advance. In cases where a third party cannot guarantee a level of security that is the norm in Europe, relevant contractual assurances will be put in place for the User together with a prerequisite of the third parties’ adherence to Privacy Shield.
SECURITY MEASURES APPLIED TO THE PROCESSING OF PERSONAL DATA
In order to protect the personal data of Users and subscribers, Majorca Daily Bulletin ensures that it and its processors implement technical and organisational measures appropriate to the state of the art to protect personal data, taking into account the scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of data subjects, and endeavours to ensure the confidentiality, integrity, availability and resilience of the processing systems and services.
We always apply technical and organisational security measures to process personal data, giving assurances of confidentiality and minimising the risk of unauthorised access or inappropriate use of the personal data of the Users by third parties. We have already put in place, and consistently maintain, the levels of security demanded by current legislation to protect the Users’ personal data, bearing in mind the technology being used, the nature of the data and the possible risks.
The Majorca Daily Bulletin keeps a record of the personal data of the Users in encrypted form on secure servers in Spain and Europe, and in cases where it has to be stored in countries outside the European Union, verification of those third parties’ adherence to European norms and practices (Privacy Shield) is secured in advance. The data is thereby protected against the usual forms of cyber crime.
The Majorca Daily Bulletin makes use of encryption and authentication Protocol with a TLS 1.2 (strong) connection, ECDHE_RSA with P-256 (a strong key exchange), and AES_256-GCM (a strong cipher) guaranteeing that the personal data which we have requested from the Users is transmitted to our servers across an SSL (Secure-Socket-Layer) in order to protect the data from third party intervention.
The Majorca Daily Bulletin is capable of acting swiftly and efficiently to restore availability of, and access to, personal data in the event of a technical or physical disruption to our service.
NOTIFICATION OF A BREACH OF SECURITY OF PERSONAL DATA
In the event of a breach of security, unless it is improbable that the said security violation constitutes a risk to personal safety, the Spanish Data Protection Agency will be notified no more than 72 hours after the incident has occurred, along with a description of the nature of the violation of privacy, the possible risks that could result from it and the measures taken or proposed to rectify the breach of security; and where possible, it will be made known which are the categories and the approximate number of interested parties and the nature of the data affected.
Similarly, the Users who have been affected by such a breach of security will be notified in the shortest time frame possible, in circumstances where it is probable that the breach of security of personal data could mean a high risk of infringement of individual rights and liberties. Possible consequences resulting from such a breach will be detailed to the Users, along with a description of the measures proposed to correct the privacy violation.
EXERCISE OF RIGHTS
The User can, at any time, withdraw his consent and/or exercise his rights of access, rectification, suppression, limitation, opposition and portability (the ability of software to be transferred from one machine to another) provided in European legislation for Personal Data Protection, by sending an email to email@example.com or send instructions by post to Ediciones Jemma S.L., Paseo Mallorca 9-A, Palma de Mallorca 07011 (Spain). In such a case, the User should indicate the right he wishes to exercise and attach a copy of his identity card or other valid documentation which can include his personal email verification.
WHAT ARE THE USERS’ RIGHTS?
According to current legislation, the rights held by the User in relation to the collection and processing of personal data are:
The right to easy access of information, meaning the right he has to be informed in a concise, transparent, intelligible manner, with clear and simple language, about the use and processing of his personal data.
The right of access, which gives the User a legislative right to obtain information on what areas of his personal data are the object of processing, the end result of such processing, the different categories of personal information being processed, the term and criteria of database conservation, and to whom or to what organisations will such personal data be sent. The User also has a right to know if personal profiles of the User are set up using key information along with the consequences/results of processing provided personal details; the right to exercise correction or withholding of personal data and the right to limit or oppose data processing and the right to present a complaint to the Controlling Body.
The right to exercise correction to data allows the User to demand that wrongfully logged personal details be rectified, whether inaccuracy is due to a matter of error or whether data is incomplete.
The User has the right to exercise suppression or removal of data:
In cases where the processing of personal data becomes unlawful
When the User has withdrawn his consent to the use of personal data or if he has chosen to exercise his right to oppose the use of the data when a legal reason for it being processed no longer exists.
The User does not have the right to remove personal data:
When its processing remains necessary to exercise the right to freedom of expression and information
When the data is essential to comply with a legal requirement;
When the data is key to the the formulation, exercise or defence of legitimate claims or complaints
If the data remains important to public interest based on current legislation, for reasons of public health or for reasons of historic investigation whether it be statistical or scientific.
The User has the right to put a stop to the processing of recorded personal where there is supposition that its processing is being used for direct marketing or inaccurate profile building; the interests, rights and liberties of the User will prevail - especially where the User is a minor - against the legitimate interest of the person/people responsible for processing of the data and/or of third parties even if the data is being used for historic or statistical investigation; that is unless the data processing proves necessary for public interest.
The right to limitation of data processing means that the User has the right to decide what areas of his personal data he does not want used in the future. He is able to exercise this right when he has stated exactly what his wishes are in advance; and indeed when the processing of his personal data is being used for illicit purposes. Alternative to exercising his right to suppression of the data the User can decide how to limit processing of his personal data in future. If the User believes that his personal data is no longer necessary for the purposes for which he initially provided them, he can limit how third parties use the data but can retain the details to be used for his own interests, whether it be creativity or the exercise of, and the defence of, lawful claims and complaints.
In the case where limitation has been placed on the extent of processing of personal data, the restriction can be lifted if the User approves of it. Such would be the case where the data processing affected protection of judicial or physical rights of another person; of where a key motive existed for the public interest based on current legislation.
The User has the right to receive (a copy of) the personal data he has made available and to “portability” which is the transmission of such details to another data processor. This should be carried out using a structured, internationally-recognised technological format that is in common use. Transfer of such data is based on the consent that the User provided on a specific day for one or several purposes, or for the ratification of a contract of which he was a part.
The right of portability (ability of transfer of software or system from one machine to another) will not to be applied in the event that transmission becomes technically impossible; nor when it could negatively affect the rights and freedom of third parties; and not even when data processing has a mission of public interest based on current legislation.
The right to revoke consent is always applicable even when permission has been given for processing of personal data, for whatever purposes, such as for example with the aim of providing commercial information. Consent can be withdrawn at any moment.
The User has the right to make a complaint to a controlling Authority, allowing him to present a complaint to the Spanish Data Protection Agency, whose website is currently www.agpd.es.
We do not use a totally automated decision-making process in our contractual relationship with Users. If the contrary were to happen, we will keep the User informed and let him know what rights he has under current legislation.
FOR HOW LONG WILL WE MAKE USE OF YOUR PERSONAL DATA
RE-USE OF THIS POLICY
LEGISLATION AND JURISDICTION
The User accepts that the claims and complaints against those responsible for the processing of personal data emanating from the use of this web site specifically in connection with the User’s personal data will be heard by the appropriate tribunal located in Palma de Mallorca. If it is the data processors who have to make some kind of complaint or claim against the Users, it will be done through the appropriate legal authorities in the country where the User is living, or in Palma de Mallorca in the event that the complaints and claims are against professional or legal bodies not associated with User groups.
If the User accesses this site from a location outside of Spain, he or she is responsible for complying with all applicable local and international law.
Last update: 25/5/2018