Privacy notice
Introduction
FUNDACIÓN AGENCIA ARAGONESA PARA LA INVESTIGACIÓN Y EL DESARROLLO (hereinafter ARAID) informs users of the website about its policy regarding the processing and protection of personal data of users and clients that may be collected through browsing its website. In this regard, ARAID, guarantees compliance with current regulations on personal data protection, reflected in the General Data Protection Regulation (GDPR) (EU) 2016/679 and in Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights.
Who is the data controller?
| Data controller | FUNDACIÓN AGENCIA ARAGONESA PARA LA INVESTIGACIÓN Y EL DESARROLLO |
TAX ID (CIF) | G99085797 |
Address | Avda. de Ranillas, 1-D, Planta 2ª, Oficina B, 50018, Zaragoza |
Telephone | 976 51 50 65 |
What data processing activities does ARAID carry out and for what purposes are they performed?
In compliance with Article 30 of the GDPR, ARAID, as the data controller, maintains a record of processing activities with the following purposes:
RECORD OF PROCESSING ACTIVITIES | PURPOSE OF PROCESSING |
| Employee onboarding/offboarding and contract management | HR management (recruitment, personnel administration, payroll) |
| Occupational Risk Prevention (ORP) | HR management: monitoring employee health and safety |
| Time tracking and working hours register | HR management: recording employees’ working time |
| Regulatory and legal compliance | General administrative management: compliance with legal obligations |
| Corporate/institutional images and audiovisual materials | Marketing and communication: management of images for corporate or institutional purposes |
| Administrative management | General administrative management of candidates, employees, contact persons and website users |
| General accounting management | Tax and accounting management of employees, suppliers and clients |
| Invoicing and collections management | Tax and accounting management: invoicing and collections from suppliers and clients |
| Data management in public procurement procedures | General administrative management of public procurement procedures with suppliers |
| Website user management | Website user management: registration, monitoring and user support |
| Scientific output | Registration, evaluation, monitoring and dissemination of the scientific activity of researchers affiliated with ARAID |
For what purposes are personal data processed?
ARAID processes the information provided through this website for the following purposes:
To respond to any questions and comments submitted via the contact form.
To maintain the relationship with website users.
Under no circumstances will ARAID process personal data for purposes other than those stated above.
Will commercial information be sent?
At no time will ARAID use the information provided by the user and/or collected through the website to send commercial information. If the information were to be used for this purpose, ARAID would always obtain the user’s prior consent and would do so in accordance with the applicable data protection legislation.
How long will personal data be retained?
The personal data provided will be kept for as long as the relationship between the parties is maintained, until the data subject requests erasure, or for the number of years necessary to comply with legal obligations.
After that, the data will be deleted in accordance with data protection legislation. This involves keeping the data “blocked” (i.e., with restricted access), so that it will only be available upon request by Courts and Tribunals, the Ombudsman, the Public Prosecutor’s Office, or the competent Public Administrations, for the duration of any applicable statutory limitation periods for potential claims. Once this period has elapsed, the data will be permanently deleted.
How have the personal data been obtained and what categories of data are processed?
The personal data processed by ARAID come from the data subject at the time they are entered into the contact form.
The category of data processed through the contact form is:
Identification data: email address, first name and last name (mandatory fields).
However, as this is a communication channel, the data subject may include additional personal data in their message when providing their opinion or submitting questions or comments.
What is the legal basis for using your data?
The legal basis for processing personal data is the explicit consent granted by the data subject at the moment they accept this privacy policy prior to sending their personal data through the contact form (art. 6.1.a GDPR).
To which recipients will the data be disclosed?
Personal data will not be disclosed to any third parties, except where their involvement is necessary for the proper management and delivery of the service.
Personal data will not be transferred outside the European Economic Area (EEA). Therefore, no international data transfers will take place.
What are your rights when you provide your consent?
Any person has the right to obtain confirmation as to whether or not ARAID is processing their personal data.
Data subjects have the right to:
Request access to their personal data
Request rectification or erasure
Request restriction of processing
Object to processing
Request data portability
Data subjects may access their personal data and request the rectification of inaccurate data or, where applicable, request erasure when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
In certain circumstances, data subjects may request the restriction of the processing of their data, in which case the data will only be retained for the establishment, exercise or defence of legal claims.
In certain circumstances, and for reasons relating to their particular situation, data subjects may object to the processing of their data. ARAID will stop processing the data, unless there are compelling legitimate grounds, or the processing is necessary for the establishment, exercise or defence of legal claims. Data subjects may also request the portability of their data.
How can rights be exercised?
To exercise the rights of access, rectification, erasure, objection, restriction of processing and data portability, data subjects must contact ARAID at: Avda. de Ranillas, 1-D, 2nd Floor, Office B, 50018 Zaragoza (Spain).
You may also contact ARAID by email at araid@araid.es.
Requests to exercise rights must be accompanied by reliable proof of the data subject’s identity, as well as the right they wish to exercise, the content of the request, and an address for notifications.
Can you file a complaint with the AEPD?
Data subjects also have the right to effective judicial protection and to submit a complaint with the supervisory authority—here, the Spanish Data Protection Agency (Agencia Española de Protección de Datos)—if they consider that the processing of personal data relating to them infringes the GDPR. They may submit a written complaint to: Spanish Data Protection Agency (Agencia Española de Protección de Datos), C/Jorge Juan nº 6, 28001 Madrid or by accessing its electronic office: https://sedeagpd.gob.es/sede-electronica-web/