PRIVACY POLICY

AREA OF APPLICATION

TREATMENT OF PERSONAL DATA

DATA QUALITY

Users must keep their data permanently updated, and if it is not possible to update them on-line, they must inform Euro-Funding, as the person responsible for the processing, of any changes that may occur at any time.

Euro-Funding will cancel, erase and/or block the data when it is inaccurate, incomplete or no longer necessary or pertinent for its purpose, in accordance with the provisions of data protection legislation and once the appropriate legal deadlines for processing have expired.

TRANSPARENCY AND LEGALITY OF TREATMENT

Euro-Funding does not collect personal data in an illicit or opaque way for the interested parties.
If you provide Euro-Funding with personal data about third parties, you must inform the owner of the data of this fact, as well as the provisions of this Privacy Policy.

Euro-Funding reserves the right to modify this Privacy Policy in order to keep it permanently adapted to the current legislation on data protection.

DATA SECURITY

Euro-Funding has adopted all technical and organizational security measures in accordance with the nature of the data, to guarantee the security of personal data, and to avoid its alteration, loss, treatment or unauthorized access.

This privacy policy only applies to the www.euro-funding.com website and Euro-Funding does not guarantee such privacy on the sites of third party companies which link to this site or which are linked from this site.

RIGHTS OF THE INTERESTED PARTIES

The data protection regulations guarantee users the following rights:

  • Access: Allows the User to know what information is held, where it has been obtained from, to whom it has been provided and what uses it has been put to.
  • Rectification: Allows the User to rectify any erroneous or outdated data.
  • Deletion: Allows the user to stop processing their data.
  • Opposition: Allows the user to stop using their data for a specific purpose.
  • Limitation: Allows the user to restrict the processing of their data, but so that they are retained for some subsequent purpose.
  • Portability: Allows the User to obtain a copy of their data in electronic format and, in certain circumstances, request that they be communicated to another service provider. It is only applicable for computerized treatment carried out with the consent of the User or for the fulfillment of a contract.

Users are informed that they may exercise the aforementioned rights before Euro-Funding, as well as revoke the consents they have given, by mail to Plaza de la Independencia 8, floor 2 28001 Madrid-Spain or by e-mail (prodatos@euro-funding.com).

If your request is not attended to in time and form, we inform you that you may exercise your right to file a complaint with the Spanish Data Protection Agency as the competent control authority (www.aepd.es).

ORDER OF PERSONAL DATA PROCESSING

In the event that your relationship with the Euro-Funding Group involves an order for processing from the Euro-Funding Group companies to you or vice versa, the party in charge of the processing will assume the following obligations in accordance with the provisions of Article 28 of the RGPD:

  • To access personal data only when it is essential for the proper performance of the services for which it has been contracted.
  • To treat the data according to the instructions received from the person in charge.
  • Follow the procedures and instructions received from the person responsible, especially with regard to the duty of information and, where appropriate, obtaining the consent of those affected.
  • Immediately inform the person responsible if he detects that any of the instructions from the person responsible violates current regulations on data protection.
  • Not to destine, apply or use the personal data with a purpose different from the provision of the contracted services or in any other way that implies a breach of the instructions of the responsible.
  • Not to disclose, transfer, assign or otherwise communicate the personal data, either verbally or in writing, by electronic means, paper or by computer access, not even for its conservation, to any third party, unless there is prior authorization or instruction from the person responsible.
  • Except for the auxiliary services inherent to the activity of the person in charge, in the event that it is necessary to subcontract all or part of the contracted services in which the processing of personal data is involved, this must be communicated in advance and in writing to the person in charge with a minimum of 1 month’s notice, indicating the processing to be subcontracted and clearly and unequivocally identifying the subcontracting company and its contact details. Subcontracting may be carried out if the person responsible does not express his or her opposition within the established period. The subcontractor, who will also have the status of data processor, is also obliged to comply with the obligations established in this document for the data processor and the instructions given by the data controller. The processor shall remain fully responsible to the data controller for compliance with the obligations.
  • Give notice to the person in charge, as soon as possible, and within a maximum period of two (2) working days, of any request to exercise the right of access, rectification, suppression, opposition, limitation of the treatment, portability of the data and not to be subject to automated individualized decisions, made by a person whose data have been treated by the person in charge for the purpose of providing the contracted services, so that it can be resolved within the periods established by the regulations in force.
  • To make available to the person in charge all the necessary information to prove the fulfillment of his/her obligations, as well as to carry out the audits or inspections carried out by the person in charge or another auditor authorized by him/her.
  • In the event that the person in charge is required to transfer or allow access to personal data for which the person in charge is responsible to a third party under the applicable law of the Union or the Member States, he shall inform the person in charge of that legal requirement in advance, unless it is forbidden for reasons of public interest.
  • Once the contractual relationship agreed upon between the data controller and the data processor has been fulfilled or terminated, the data controller shall provide the data processor with precise instructions as to the destination of the data, and may choose between its return, referral to another service provider or complete destruction, provided that there is no legal provision requiring the data to be retained, in which case it may not be destroyed.
  • To adopt and apply the appropriate technical and organizational measures to guarantee a level of security that avoids its alteration, loss, treatment or unauthorized access, taking into account the state of technology, the nature of the stored data and the risks to which they are exposed, in accordance with the provisions of article 32 of the RGPD. Such measures may include, among others:
    • the pseudonymization and encryption of personal data;
    • the ability to guarantee the confidentiality, integrity, permanent availability and resilience of the processing systems and services, as well as the availability and access to personal data in a prompt manner in the event of a physical or technical incident.
    • A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the security of processing.
  • In the event of a breach of the security of personal data in the information systems used by the person in charge of providing the contracted services, the person in charge must notify the person in charge, without undue delay, and in any case before the maximum period of 72 hours, of the breaches of the security of the personal data in his charge of which he is aware, together with all the relevant information for the documentation and communication of the incident in accordance with the provisions of article 33.3 of the RGPD.
  • To comply with any other obligation that corresponds to him as a person in charge of the treatment by virtue of the regulations in force at every moment in the matter of data protection and privacy online.