At ASOCIACION FICBUEU, we understand that maintaining a transparent relationship with you is essential. Therefore, we present our Privacy Policy below, so that you are properly informed at all times about how we collect and securely process any data you provide us with.

Your data will be processed in accordance with current legislation, specifically in accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It also complies with Organic Law 3/2018 of December 5 on the Protection of Personal Data and Guarantee of Digital Rights.

A careful reading of our Privacy Policy will provide you with the necessary information to understand how we will use the data you provide to us. 

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

If you, or an authorized person, have provided us with your data, we inform you that ASOCIACION FICBUEU, with VAT number: ESG94146362, is responsible for the processing of your data. This data will be processed in accordance with the provisions of current regulations on the protection of personal data.

There may be other data controllers involved in the processing we carry out. In that case, we will always inform you about who is the data controller and provide you with their identification details.

The Website may include hyperlinks or links that provide access to third-party websites other than ficbueu.com, and therefore are not operated by ASOCIACION FICBUEU. The owners of such websites will have their own data protection policies and will be responsible for their own processing and privacy practices.

At ASOCIACION FICBUEU, we commit to comply with the obligation of confidentiality regarding personal data and its duty to keep it secure. We take the necessary measures to prevent its alteration, loss, unauthorized access, or unauthorized processing, as established in the Regulation.

2. WHERE DO WE PROVIDE INFORMATION?

At ASOCIACION FICBUEU, we provide information through the website ficbueu.com in the corresponding section for the privacy policy. More information can be found in the “Legal Notice” section.

3. WHAT PERSONAL DATA DO WE PROCESS?

The personal data we process are:

• The data that you voluntarily decide to provide us.
• Data derived from the communications you have with us.
• Information related to your browsing behavior in the case of Online Services (IP address or information derived from cookies or similar devices – you can refer to our Cookie Policy on the website).
• Information that is available from publicly accessible sources, which we can legitimately access.
• Data that arises from the contractual or pre-contractual relationship you have with us, including your image. We will always inform you in such cases regarding the possibility of capturing your image.
• Data that third parties provide to us about you, with a legitimate basis for doing so or with your consent.
• Data of third parties that you provide to us, with the prior consent of the respective third party.

You can find more information in the section on activity logs of this privacy policy.

4. HOW DO WE HANDLE DATA?

At ASOCIACION FICBUEU, we always handle your personal data in strict compliance with current legislation. Additionally, we inform you that we have appropriate technical and organizational measures in place to ensure an optimal level of security. This means that only authorized individuals will have access to the data, that we will keep it intact, avoiding any intentional or accidental loss, and that we have strengthened our data processing systems and services.

However, since ASOCIACION FICBUEU cannot guarantee the invulnerability of the internet or the complete absence of hackers or others who may fraudulently access personal data, we commit to promptly notify you when a security breach involving personal data occurs, which is likely to result in a high risk to the rights and freedoms of individuals. In accordance with Article 4 of the GDPR, a personal data breach is understood as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

The operations, procedures, and technical processes, whether automated or non-automated, that we carry out, enabling the collection, storage, modification, transfer, and other actions regarding personal data, are considered as the processing of personal data.

5. WHAT IS THE LEGAL BASIS FOR DATA PROCESSING?

The legal basis for the processing of personal data will be determined by the contractual or pre-contractual relationship, the employment relationship, or any other relationship necessary for the data processing, such as explicit consent.

6. HOW DO WE MANAGE ELECTRONIC COMMUNICATIONS?

In accordance with the provisions of Law 34/2002 of July 11, on Information Society Services and Electronic Commerce, and Directive 2002/58/EC, we inform you that you may receive commercial communications and information through this electronic communication system (emails, automated response messages from forms, and other communication systems) when you have given us your consent or when they are commercial communications regarding products or services similar to those previously provided by the data controller.

If you do not wish to receive such communications and information, you can notify us through this same channel, indicating “UNSUSCRIBE FROM COMMERCIAL COMMUNICATIONS” in the subject line, so that your personal data can be removed from our database. Your request will be processed within 1 month of its submission. If we do not receive a specific response from you, we will understand that you accept and authorize our organization to continue sending such communications.

In the event of receiving such communications through these means, please be informed that the messages are intended solely for the recipient and may contain privileged or confidential information. If you are not the intended recipient, please be notified that the use, disclosure, and/or unauthorized copying of the content is prohibited under applicable law.

7. HOW LONG DO WE RETAIN YOUR DATA?

Personal data related to individuals that ASOCIACION FICBUEU collects through any means will be retained until the data subject requests its deletion. Likewise, it will be retained for as long as the relationship that gave rise to the data processing remains in effect, always respecting the legal retention periods. After this period, personal data will be deleted from all ASOCIACION FICBUEU systems.

8. WILL YOUR DATA BE DISCLOSED TO THIRD PARTIES?

There will be no transfer, transmission, or transfer of personal data, except as already informed, unless required by law. If your data is requested by the Public Administration or Autonomous Institutions within the scope of their expressly assigned functions, it will be transmitted.

If there is a transfer, transmission, or transfer of personal data outside of the aforementioned cases, you will be informed in advance so that, if applicable, you can give your consent

However, in order to organize ourselves properly, have good operations and procedures that guarantee effective management, it may be necessary for ASOCIACION FICBUEU to contract the services of advisors, professionals, or other service companies to process data under our instructions.

This third-party processing is regulated by a contract that is made in writing or by any other legally accepted form that allows its conclusion and content to be proven. It explicitly specifies that the data processor will process the data in accordance with our instructions and will not apply or use them for a purpose other than stated in the contract, nor will they be disclosed, not even for their storage, to other individuals.

9. WHAT ARE YOUR RIGHTS?

Data protection regulations grant you the following rights:

• Right of access: It is the right of the User to obtain confirmation from ASOCIACION FICBUEU whether or not their personal data is being processed and, if so, to obtain information about their specific personal data and the processing that ASOCIACION FICBUEU has carried out or is carrying out, as well as, among other things, information available on the origin of such data and the recipients of the communications made or planned with regard to them.
• Right to rectification: It is the right of the User to have their inaccurate or incomplete personal data modified, taking into account the purposes of the processing.
• Right to erasure (“the right to be forgotten”): It is the right of the User, provided that current legislation does not establish otherwise, to obtain the erasure of their personal data when they are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn their consent to the processing, and there is no other legal basis for the processing; the User objects to the processing, and there are no legitimate grounds for the processing to continue; the personal data have been unlawfully processed; the personal data must be erased in compliance with a legal obligation; or the personal data have been obtained in connection with the offer of information society services to a child under 14 years of age. In addition to erasing the data, the data controller, taking into account the available technology and the cost of implementation, shall take reasonable steps to inform other data controllers processing the personal data of the data subject’s request for erasure of any links to, or copy or replication of, those personal data.
• Right to restriction of processing:  It is the right of the User to restrict the processing of their personal data. The User has the right to obtain the restriction of processing when they contest the accuracy of their personal data; the processing is unlawful; the data controller no longer needs the personal data, but the User needs them for the establishment, exercise, or defense of legal claims; and when the User has objected to the processing.
• Right to data portability: Where the processing is carried out by automated means, the User has the right to receive their personal data from the data controller in a structured, commonly used, and machine-readable format, and to transmit those data to another data controller. Where technically feasible, the data controller will transmit the data directly to that other controller.
• Right to object: It is the right of the User to object to the processing of their personal data or to the cessation of processing by ASOCIACION FICBUEU.
• Right not to be subject to a decision based solely on automated processing, including profiling: It is the right of the User not to be subject to an individualized decision based solely on automated processing of their personal data, including profiling, unless otherwise provided by current legislation.

If you wish to obtain more information regarding the processing of your data, rectify any inaccurate data, object to and/or limit any processing that you consider unnecessary, or request the cancellation of the processing when the data is no longer necessary, you can address your request in writing to ASOCIACION FICBUEU at C/ Montero Ríos 191 BAJO, 36930 – Bueu (Pontevedra) or by email to info@ficbueu.com.

• Your communication should include the following information: your full name, the request or inquiry, your address, and contact details. 
• The exercise of these rights must be carried out by the user themselves. However, they may be executed by an authorized person acting as a legal representative. In such a case, documentation evidencing this representation of the data subject must be provided. 

Furthermore, we would like to inform you that you can withdraw your previously given consent without affecting the lawfulness of the processing carried out prior to such withdrawal. To do so, you should send your request to the same address mentioned in the previous paragraph. In this case, you must include a copy of your ID card or any other document proving your identity with your request.

If you believe that there is a problem or infringement of the current regulations in the way your personal data is being processed, you have the right to effective judicial protection and the right to lodge a complaint with a supervisory authority, particularly in the State where you have your habitual residence, place of work, or the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/) – C/ Jorge Juan, 6 28001-Madrid – Fax: 914483680 – Tel: 901 100 099 – Email: ciudadano@agpd.es

10. WHAT IS THE PURPOSE AND LEGAL BASIS FOR DATA PROCESSING, AND HOW LONG WILL THE DATA BE RETAINED?

We detail below the purposes of the data processing carried out by any or all of the Data Controllers listed above.

DATA PROCESSING ACTIVITY	PURPOSE OF PROCESSING	LEGAL BASIS	RETENTION PERIOD
Labour management	Personnel management for employment contracts, file control, payroll management	Contractual relationship	5 years from the termination of the contract
Tax and accounting management	Processing necessary for compliance with fiscal and accounting obligations	Contractual relationshipLegal obligation for the data controllerLegitimate interests of the data controller or third parties	5 years from the termination of the contractAs long as necessary to fulfill legal obligations
Contact management	Processing of data to maintain communication with interested parties	Contractual relationshipLegitimate interests of the data controller or third partiesExpress consent of the data subject	5 years from the termination of the contractUntil cancellation and/or opposition by the data subjectUntil relevant loss of use
Occupational risk prevention	Compliance with current legislation on occupational risk prevention and health monitoring	Contractual relationshipLegal obligation for the data controller	Until the end of the contractual relationshipThe period established by specific regulations
Management of associates	Necessary procedures with the organization’s associates: enrollment, collection of fees, informational mailings, and other approved actions according to the organization’s statutes	Contractual relationshipExpress consent of the data subject	Express consent of the data subjectUntil the end of the contractual relationshipThe period established by specific regulationsAs long as necessary to fulfill legal obligations
Media management	Processing of images and/or videos for dissemination in media and social networks and promotion of activities	Express consent of the data subject	Until cancellation and/or opposition by the data subjectUntil relevant loss of use
Customer management	Processing of data necessary for the maintenance of commercial/contractual relationships with customers, invoicing, after-sales service, sending promotions and advertising, and customer loyalty.	Contractual relationshipBusiness relationship	5 years from the termination of the contractThe period established by specific regulations
Workplace monitoring	Monitoring of employee attendance (vacations, absences, time tracking)	Contractual relationshipLegal obligation for the data controllerLegitimate interests of the data controller or third parties	Until the end of the contractual relationship
E-commerce	Processing and management of orders and purchases made through web platforms.	Contractual relationshipBusiness relationship	5 years from the termination of the contractThe period established by specific regulations
Organization of events and activities	Management and coordination of activities and events related to the organization’s activities (Short Film Festival, Cinematographic Conferences, etc.). Attendance and participant control.	Contractual relationshipExpress consent of the data subject	Until cancellation and/or opposition by the data subjectAs long as necessary to fulfill legal obligations

11. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary for the User to have read and agree to the conditions regarding the protection of personal data contained in this Privacy Policy, as well as to accept the processing of their personal data so that the Data Controller can proceed with it in the manner, within the deadlines, and for the purposes indicated. The use of the Website implies acceptance of its Privacy Policy.

ASOCIACION FICBUEU reserves the right to modify its Privacy Policy according to its own criteria or due to a legislative, jurisprudential, or doctrinal change by the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. It is recommended that the User periodically check this page to stay informed of the latest changes or updates.

This Privacy Policy was updated to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights.

This Privacy Policy document was last reviewed on : 24/04/23