CEOE PRIVACY AND COOKIES POLICY
Last update: February 18, 2021
The Spanish Confederation of Business Organizations (CEOE) complies with rigorous standards and policies when handling your personal data. To this end, we implement the requirements contained in the European Union’s General Data Protection Regulation (“GDPR“) as well as in other legal provisions that may be applicable such as Law 3/2018 of December 5, 2018 on the protection of personal data and guarantee of digital rights.
Therefore, CEOE, Calle Diego de León 50 7ª Planta , 28006, Madrid, respects your privacy and that of your personal data. To this end, we aim to ensure that your personal data is protected by adopting technical and organizational security measures that meet current security standards.
2.PERSON IN CHARGE OF THE TREATMENT
Who is responsible for your data?
Data Protection Delegate or Security Officer:
3. PURPOSE OF DATA PROCESSING AND CATEGORIES OF DATA PROCESSED
For what purpose and for how long will we process your personal data?
CEOE, will treat your data as a user, manually and/or automated, for the following specific purposes:
What categories of data do we process?
In accordance with the aforementioned purposes, CEOE processes the following categories of data:
The user guarantees that the data provided are true, accurate, complete and updated, being responsible for any damage or loss, direct or indirect, that could be caused as a result of the breach of such obligation.
In the event that the user provides data of third parties, he/she declares to have the consent of the same and undertakes to transfer the information contained in this clause, exempting CEOE from any liability in this regard. However, CEOE may carry out verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with data protection regulations.
When personal data are collected through the form, it will be necessary that you provide, at least, those marked with an asterisk, since, if these data considered necessary are not provided, CEOE will not be able to accept and manage the Web service or consultation formulated.
How long do we keep your data?
CEOE will keep users’ personal data only for the time necessary to carry out the purposes for which they were collected, as long as you do not revoke the consents granted. Subsequently, if necessary, it will keep the information blocked for the legally established periods of time. The data will also be kept for as long as the relationship of interest between you and CEOE is maintained , and for the legal or contractual periods foreseen for the exercise of any action or claim at the disposal of the interested party or CEOE.
Will you need to provide us with all your data?
Yes, it will be necessary that you provide us with all the personal data identified as mandatory in the registration form as they constitute a contractual requirement within the specific program determined in this website and the purposes outlined above that gives you advantages as a user as well as a legitimate interest.
Are categories of personal data to be processed?
What security measures do we implement to protect your data?
CEOE will treat your Data in accordance with the security requirements applicable to data processing in accordance with art. 32 RGDP.
To this end, we have extensive technical and organizational protection measures in place that meet internationally recognized IT standards and are regularly reviewed.
In this way, we ensure that your Data is adequately protected at all times against misuse or any other form of prohibited processing.
CEOE adopts the security levels required by the Data Protection Regulation approved by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), having implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk arising from the processing of personal data, such as accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data, capable in particular of causing physical, material or immaterial damage. Notwithstanding the foregoing, Internet security measures are not impregnable and there may be leaks due to malicious actions by third parties.
CEOE will block the data when they are no longer necessary or relevant for the purpose for which they were collected, in accordance with the provisions of the legislation on data protection. However, it may continue to use the data for the purposes of sending commercial communications indicated above as long as the user does not revoke the consent given.
In the data collection forms that CEOE may establish from time to time, the fields marked with an asterisk or “required” are mandatory, so if the user does not provide the corresponding data, CEOE may deny the corresponding service.
CEOE undertakes to respect your confidentiality and to use the data in accordance with the purposes of the treatment, as well as to comply with its obligation to save them and take all measures to prevent alteration, loss, treatment or unauthorized access, in accordance with the provisions of the RGPD.
4. DATA COMMUNICATIONS
To which recipients will your data be communicated?
CEOE will share your Data with third parties for the purposes specified in this Informative Note on data protection and specifically with the Stripe payment platform when accessing or contracting specific content related to the purposes and object of the website.
When communicating your Data, we will always take appropriate measures to ensure that your Data is processed, protected and communicated in accordance with applicable legal obligations.
In general, your Personal Data will remain at CEOE’ s head office as far as possible.
In this respect, we also respect the principle of data minimization.
CEOE informs the user that their data may be communicated to other Organizations that are part of CEOE as a Business Confederation as well as with the Entities and Public Administrations, whether Spanish or European, responsible for the management of European Funds, in order to meet their requests, manage the services contracted and inform you about services, events and news related to our business and the object and purpose of this website.
CEOE may also share your Data with other third parties, such as external service providers or IT service providers, CRM, external consultants or collaborating partners for the purposes set forth in this Policy or in the framework of any other legal reporting or information duty.
CEOE will ensure that such third parties comply with their respective confidentiality obligations.
In order to ensure compliance with the requirements under data protection regulations, CEOE will sign agreements with all third parties with whom it shares its Data.
Additionally, we inform you that certain data, within the framework of the regulations in force or the contractual relationship that you may have with CEOE, may be communicated to:
What do we do in case of international data transfer?
In the event that within the scope of the processing operations described in the preceding paragraphs, your Data are processed in countries outside the EU or the European Economic Area (“EEA”) in respect of which there is no adequacy decision by the European Commission, CEOE will ensure that your Data will be treated in accordance with European data protection standards.
To the extent necessary and in order to ensure the security of data transfers to recipients in countries outside the EU or EEA, we will use international transfer agreements on the basis of Standard Contractual Clauses or other mechanisms that allow the transfer of data under data protection regulations, including the adoption of appropriate technical and organizational protection measures for the protection of the data transmitted.
You may obtain a copy of these assurances by contacting our data protection officer or CEOE‘s security officer as indicated below.
Certain countries outside the EU have already been officially declared by the EU as countries with an adequate level of data protection similar to the European level. This means that, in accordance with applicable data protection regulations, any transfer to those countries does not require separate official approval or separate agreement.
5. LEGITIMACY IN THE TREATMENT
What is the legitimacy for the processing of your data?
Personal Data means any information about an identified or identifiable natural person (“Data”).
As a user, you give your consent to CEOE may process the personal data you provide when filling out a form or sending an email, for example making a query or making a request for reports, products, events, market research, press releases (articles, interviews, newsletters and own or outside magazines), participation in social networks, training activities in order to attend and manage your specific request, being these data collected necessary for the maintenance and fulfillment of this relationship, all in relation to the aims and objectives of the CEOEXEUROPA platform.
Does the data subject have the right to withdraw his/her consent?
Yes, the data subject has the right to withdraw his/her consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
CEOE also carries out processing with your prior, express and free consent as a contact user in accordance with the consent (art. 6(1) para. 1(a), art. 7 GDPR, and/or art. 9(2)(a), art. 7 GDPRor on the basis of its legitimate information interest in order to maintain commercial relations as well as to send you communications, invitations to events, and information from Confederación Empresariales and to send you e-mails of various types that are part of its marketing and promotion activity of the company. CEOE as a Business Organization.
As a user, you may revoke said consent at any time by sending a written request to the following postal address: CEOE, Calle Diego de León 50 7ªplanta or to the e-mail address email@example.com.
Will there be automated individual decisions and/or profiling, which produce legal effects or affect the data subject significantly in a similar way?
CEOE may consider relevant to concur a legitimate interest for better development and monitoring of this CEOEXEUROPA Platform that provides benefits and support in the management of European funds for business organizations and companies, segmenting and profiling its users, including paying users, who access the platform that is the subject of this website.
Profiling consists of using your personal data to evaluate certain aspects of your personality within this Program through the CEOEXEUROPA Platform, analyzing or predicting aspects related to your tastes or preferences in relation to the use of the contents and uses of the web or platform due to your age, sex and to be able to adjust the information, consultations to your particular profile, evaluate your reliability, behavior regarding the contents offered in this platform, measuring your level of loyalty or interest in the objectives and purposes of this web.
Sometimes, these profiles lead to fully automated decisions, i.e. without human intervention, as this allows us to make homogeneous decisions, the same for everyone, which take into account objective data or propensities based on age, place of residence, economic capacity, inclusion or not in solvency or insolvency files, training, profession, economic activity, etc.
This is the case when certain requests or requests for the physical purchase of certain paid content from the stripe platform, for example, are answered automatically via the web.
6. YOUR RIGHTS AS A DATA SUBJECT AND YOUR RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
As a user/stakeholder affected by the processing, you may exercise certain rights in relation to us under the GDPR and other applicable data protection regulations by contacting our information or contact service whose contact details are set out in section 9 of this document. The following section contains an explanation of your rights as a data subject under the RGDP.
6.1 Rights of users/stakeholders
As a data subject, in particular you are entitled to exercise the following rights under the RGDP against CEOE:
if the Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; if you withdraw the consent on which the processing is based and the processing is not based on another legal basis; if you object to the processing of your Data and no other legitimate grounds for the processing prevail, or if you object to the processing for direct marketing purposes; if the Data have been unlawfully processed, unless the processing is necessary: for compliance with a legal obligation requiring the processing of your Data;in particular with respect to the legal deadlines for the retention of documentation; for the formulation, exercise or defense of claims.
You may obtain the limitation of the processing of your Data: if you contest the accuracy of the Data, for a period of time that allows us to verify the accuracy of the Data; if the processing is unlawful and you object to the deletion of your Data and request instead the limitation of its use; if we no longer need your Data, but you need it for the formulation, exercise or defense of claims; if you have objected to the processing, while we verify whether our legitimate reasons prevail over yours.
At your request, we will transfer your Data to the extent technically feasible to another data controller.
However, you only have this right if the processing has your consent as a legal basis. Instead of receiving a copy of your Data, you may also request that we transmit your Data directly to another data controller that you specify.
Right of opposition (art. 21 RGDP):
You may object at any time, on grounds relating to your particular situation, to the processing of your Data, in case of processing based on your consent or on our legitimate interest or on the legitimate interest of a third party. In this case, we will stop processing your Data.
The latter does not apply if we can demonstrate compelling legitimate grounds for the processing that override your interests, or if we need your Data for the formulation, exercise or defense of claims or suggestions.
6.2 Deadline for the attention of the rights of the interested parties
CEOE always tries to respond to your requests within 30 days.
However, this period may be extended for reasons related to the right of the person concerned or the complexity of his request.
6.3 Restrictions on providing information when addressing data subjects’ rights
In certain situations, we may not be able to provide you with information about all of your Data due to legal provisions or requirements. If we are forced to deny your request for information in such a case, we will also inform you at the same time of the reasons for the denial.
6.4 Complaint to the supervisory authority
CEOE takes your complaints and rights very seriously. However, in the event that you believe that we have not fully addressed any claim or complaint regarding the protection of your data, you have the right to file a complaint with the Spanish Data Protection Agency.
You can consult the text of the RGDP on the following web page:
8.MODIFICATIONS TO THIS DATA PROTECTION NOTICE
In the event that there are significant changes in the way we treat your Data, we will inform you of these changes in a timely manner through this website or other means established for this purpose with you.
Cookie is a file that is downloaded to your computer when you access certain web pages. Cookies allow a website, among other things, to store and retrieve information about the browsing habits of a user or its equipment and, depending on the information they contain and the way you use your computer, can be used to recognize the user.
The user’s browser stores cookies on the hard disk only during the current session, occupying minimal memory space and not harming the computer.
Cookies do not contain any specific personal information, and most cookies are deleted from the hard drive at the end of the browser session (so-called session cookies).
Most browsers accept cookies as standard and, independently of them, allow or prevent temporary or stored cookies in the security settings.
Without your express consent -through the activation of cookies in your browser will not link in cookies stored data with your personal data provided at the time of registration or purchase.
What types of cookies does this page or WEBSITE use?
Cookies allow the owner of the page or WEBSITE, store or retrieve certain information on multiple variables, such as; the number of times the page has been visited by the USER, ensure the USER session while browsing the web page or SITE, the way you use your computer etc, all in order to be recognized as a USER. It should be noted that blocking all cookies may disable certain services and functionalities.
|Type of cookie
|Store authentication details
|Verify authentication and authenticated user data
|Stores personal dashboard and admin interface configurations
|Used to distinguish users
|Used to distinguish users
|Used to limit the percentage of requests
|Used to limit the percentage of requests
|Includes campaign information related to the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads on-site conversion tags will read this cookie, unless you disable it.
|It includes a token that can be used to retrieve a client ID from the AMP Client IDs service. Other possible values indicate disqualifications, in-progress requests or errors obtained when retrieving an ID from the AMP Client IDs service
How to disable or delete Cookies
You can allow, block or delete cookies installed on your computer by configuring the browser options installed on your computer.
The Help function of most browsers will tell you how to set your browser to not accept cookies, to notify you each time you receive a new cookie, and to turn off all cookies completely.
In general, we inform you that browsers offer the following configuration options in relation to the installation of cookies:
You can allow, block or delete cookies installed on your computer by configuring the browser options installed on your computer:
Please send any applications/requests to:
CEOE (CONFEDERACIÓN ESPAÑOLA DE ORGANIZACIONES EMPRESARIALES), Calle Diego de León 50 7ª Planta, 28006 Madrid
Please send any request via email to the following email address: firstname.lastname@example.org
CEOE is not responsible for the processing of your personal data on websites that are not under the domain of CEOE, to which you can access through the various links contained in our website, nor for the security measures adopted by any other website that allows a link to ours.
THIS DATA PROTECTION LEGAL NOTICE SHALL PREVAIL OVER ANY OTHER LEGAL NOTICE/DATA PROTECTION CLAUSE THAT CONTAINS ANY CONDITION THAT CONTRADICTS WHAT IS SET FORTH HEREIN.
More information about www.ceoexeuropa.es at: