- ASSOCIACIÓ CULTURAL MIRA; C/ Badajoz, 127, naus 3-4; 08018 Barcelona (henceforth referred to as MIRA)
- By email – email@example.com.
SCOPE OF THE POLICY
WHAT WE USE YOUR DATA FOR
MIRA makes use of your personal data (name, surname[s], email, telephone and any other information necessary for the management and administration of its services) for the following purposes:
- CONTRACTUAL: (i) for the requirements of the retail of tickets, passes and accreditations, as well as for the management of any other aspect related to the event.
- COMMERCIAL: (i) any marketing or commercial activity carried out across any media, including web-based and digital media, with consent from the user.
- OTHER (LEGITIMATE INTEREST): (i) to send product and service recommendations, taking into consideration past purchases, (ii) also for prevention, investigation and detection of fraud, and (iii) to respond to customer inquiries.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
The period of retention for your personal data will vary depending on what service(s) you choose to contract. In any case, your data will be kept for the duration of the commercial relationship. Once said the commercial relationship has ended, we will keep your data sealed during the statute of limitations relating to the obligations that may arise from the processing of your data and/or the applicable legal periods. Your data will remain at the disposal of the competent authorities as concerns the possible responsibilities arising from said processing.
By way of example, and without limitation, the following schedules and deadlines may be taken as references:
- Data of job applicants – 1 year.
- Documentation relating to personal obligations that do not have a fixed statute of limitations: 5 years (art.1964.2º of the Civil Code).
- Books, correspondence, documentation and supporting documents concerning the business: 6 years (art.30 of the Commercial Code).
- Documentation related to tax obligations: 4 years (66 to 70 of Law 58/2003, of December 17, 2003, General Tax Law).
- Documentation related to compliance with social security obligations: 4 years.
- Laboir documentation (actions arising from employment contracts): 1 year (article 59 of Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers’ Statute Law).
- Documentation related to health data on Occupational Risk Prevention: 4 years (Article 22 of Law 31/1995, of November 8, 1995, on Occupational Risk Prevention).
- Documentation related to compliance with data protection obligations: 3 years (art.78 LOPDGD).
- Documentation related to legislation concerning the prevention of money laundering: 10 years.
As the owner of the rights relating to your personal information, you retain control over said data. As such, we also ensure that said information is accurate and correct.
Your exercisable rights:
- Right of access: you may consult whether we are processing your personal data in relation to MIRA.
- Right of rectification and deletion: you may access your personal information and request rectification or erasure of your personal data when such data is incorrect or no longer necessary for the purposes for which it was collected.
- Right of objection: you may object to the processing of your personal data, except in such cases where either legitimate reasons or the exercise or defense of possible legal claims require us to keep such data sealed for the corresponding periods associated with such legal obligations.
- Right of limitation of processing: you may request that the processing of your personal data be ceased, while the accuracy or lawfulness of your data is being verified, and during the exercise or defense of legal claims or litigation.
- Right of portability: You may request the transfer of the data you have provided to us to another data controller in certain circumstances.
Your rights may be exercised free of charge.
HOW CAN YOU COMPLAIN TO THE SUPERVISORY AUTHORITY?
If a user considers that there is a problem with the way in which MIRA is handling their data, they can address their complaints either to the address stated in the header, or to the corresponding data protection supervisory authority, in this case, the Spanish Data Protection Agency, Agencia Española de Protección de Datos (AEPD).
At MIRA, we maintain the highest levels of security required under the law in order to protect your personal information from accidental loss and from unauthorized access, processing or disclosure, taking into account the state of the technology used for storage, the nature of the data stored and the risks to which it is exposed. When we receive your data, we follow rigorous procedures and implement security features to prevent unauthorized access.
The actions described in this section, aimed at ensuring a level of security appropriate to the risk identified will include, if necessary, the following measures:
- Anonymization and encryption of personal data.
- Measures for ensuring the permanent confidentiality, integrity, availability and resilience of processing systems and services.
- Measures for restoring availability and access to personal data quickly in the event of a physical or technical incident.
- A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the security of data processing.
- Periodic evaluations of the risk of destruction, loss or accidental/illicit modification of data transmitted, retained or processed in any other form, or the unauthorized communication of; or access to, said data.
- Measures to ensure that any person acting under the authority of MIRA who has access to personal data is only authorized to process said data under the instruction of MIRA.
Any personal data that may be collected will be treated with absolute confidentiality. MIRA commits to keep said data secret and reaffirms its obligation to maintain secrecy by adopting all necessary measures to prevent their alteration, loss and unauthorized access or treatment, in accordance with the provisions of the applicable legislation.
ACCEPTANCE AND CONSENT
The user declares that they have been informed of the conditions concerning personal data protection, accepting and consenting to the processing of such data by MIRA in the manner and for the purposes indicated in this policy.
MIRA reserves the right to modify this policy in order to adapt it to new legislation or jurisprudence, as well as to other industry practices. In such cases, MIRA will communicate on this page the changes introduced, within a reasonable period in advance of their implementation.