Privacy Policy

PGR ASSOCIATION puts at your disposal through the web page www.patriciagarciarodriguez.com the present privacy policy with the purpose of informing you, in a detailed way, about how we treat your personal data and protect your privacy and the information you provide us. Should any changes be made to this policy in the future, we will inform you of these changes via the website or other means so that you can be aware of the new privacy conditions that have been introduced.

In compliance with Regulation (EU) 2016/679, General Data Protection and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, we inform you of the following:

Data Controller

Holder: PGR ASSOCIATION - NIF: G88072087

Registered office: CALLE SAN QUINTIN 11 28280 EL ESCORIAL MADRID

Phone: 690639528 - Email: rugby@patriciagarciarodriguez.com

Website: www.patriciagarciarodriguez.com

How we use your data

In PGR ASSOCIATION we collect and treat your personal information with generic character to manage the relationship that we maintain with you with the following main purposes that we have identified:

- Management and hiring of the products and services offered by our company

- Channel the requests for information, suggestions, and complaints that you may send us

- To keep you informed about events, offers, products and services that may be of interest to you through different communication channels provided that you have given your consent

- Managing work relationships, in the case of our employees

- Management of the commercial relationships with our suppliers

- Management of staff recruitment

Data collecting

We collect your personal information through different means, but you will always be informed at the time of collection through information clauses about the person responsible for the treatment, the purpose and legal basis of the treatment, the recipients of the data and the period of conservation of your information, as well as how you can exercise your rights in terms of data protection.

In general, the personal information that we process is limited to identifying data (name and surname, date of birth, address, ID card, telephone and email), contracted services and payment and billing data.

In the cases of management and selection of personnel, we collect academic and professional data in order to meet the obligations arising from the maintenance of the work relationship or, where appropriate, become part of our staff.

PGR ASSOCIATION uses social networks as another way to reach you. The information collected through the messages and communications that it publishes can contain personal information that is available online and accessible to the public. These social networks have their own privacy policies where it is explained how they use and share your information, so PGR ASSOCIATION recommends you to consult them before using them to confirm that you agree with the way your information is collected, treated and shared.

Through our web page we collect personal information related to your navigation through the use of cookies. In order to know clearly and accurately the cookies we use, what their purposes are and how you can configure or disable them, please refer to our Cookie Policy.

When you use our mobile app and to provide you with the services it offers, we use the geolocation data from your mobile device if you have this functionality enabled. If you do not have geolocation enabled, we will inform you and ask your permission in advance with a notification. Most mobile devices provide users with the ability to disable these services at will, usually through the device's configuration menu. If you have questions regarding how to activate/deactivate this functionality, please consult your device manufacturer's website or contact your phone operator.

User responsibility

When you provide us your data through electronic channels, you guarantee that you are older than 14 years old and that the data provided to PGR ASSOCIATION is true, exact, complete and updated. To this effect, the user confirms that he is responsible for the truthfulness of the communicated data and that they will maintain conveniently updated this information so that it responds to their real situation, being responsible for the false and inexact data that could be provided, as well as the damages, direct or indirect, that could be derived.

How long do we keep your data for?

In PGR ASSOCIATION we only keep your information for the period of time necessary to comply with the purpose for which it was collected, to comply with the legal obligations that are imposed on us and to attend the possible responsibilities that could derive from the compliance of the purpose for which the data was collected.

In the event that you wish to become part of our staff and apply for one of our jobs, the data provided will become part of our job bank and will be kept for the duration of the selection process and for a maximum of one year or until you exercise your right to delete it.

If at any time we have collected your data in order to contact you as a potential user of our services or to respond to a request for information made by you, such data will be kept for a maximum of one year from its collection, and will be deleted after this period if a contractual relationship has not been formalized or at the time you request it.

In any case, and as a general rule, we will keep your personal information as long as there is a contractual relationship that links us or you do not exercise your right to suppress and/or limit the treatment, in which case, the information will be blocked without giving it any use beyond its conservation, while it could be necessary for the exercise or defense of claims or could derive some type of responsibility that had to be attended.

Who do we share your data with?

As a rule, in PGR ASSOCIATION we do not share your personal information, except for those transfers that we must make based on legal obligations imposed.

Although it is not a data cession, to give you the requested service it could be that third companies, that act as our providers, access your information to carry out the service we have hired them. These persons have access to your data following our instructions and without being able to use them for a different purpose and maintaining the strictest confidentiality.

Likewise, your personal information will be at the disposal of the Public Administrations, Judges and Courts, for the attention of possible responsibilities born from the treatment.

International data transfers

There are no international transfers of your data to countries outside the European Economic Area (EEA).

We have agreed with our suppliers that, for the provision of the contracted service, they will make use of servers located in the EEA and if, in the future, we need to make use of servers located outside the territory of the EU, appropriate measures will be taken, which will be incorporated into this Privacy Policy, ensuring that these suppliers are under the Privacy Shield agreement or that there are other appropriate guarantees.

What are your rights in relation to the processing of your data and how can you exercise them?

Data protection regulations allow you to exercise your rights of access, rectification, deletion and portability of data and to oppose and limit their processing, as well as not to be subject to decisions based solely on the automated processing of your data, where applicable.

These rights are characterized by the following:

- Exercising them is free of charge, except in the case of manifestly unfounded or excessive requests (e.g., repetitive nature), in which case PGR ASSOCIATION may charge a fee proportional to the administrative costs incurred or refuse to act

- You can exercise the rights directly or through your legal representative or volunteer

- We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline can be extended by another two months.

- We are obliged to inform you about the means of exercising these rights, which must be accessible and not be able to deny you the exercise of the right for the sole reason of choosing another means. If the application is submitted by electronic means, the information will be provided by these means where possible, unless you ask us to do otherwise.

- If PGR ASSOCIATION does not give course to the request, it will inform you, at the latest in one month, of the reasons of its nonperformance and the possibility of claiming before a Control Authority

In order to facilitate the exercise of these rights, we provide links to the application form for each of the rights:

Form to exercise the right of access

Form to exercise the right of rectification

Form for the exercise of the right of opposition

Form to exercise the right of withdrawal ("right to forget")

Form to exercise the right to limit treatment

Portability Exercise Form

Exercise form not subject to automated individual decisions

To exercise your rights PGR ASSOCIATION offers you the following means:

1. By written and signed request addressed to PGR ASSOCIATION, CALLE SAN QUINTIN 11 28280 EL ESCORIAL MADRID Ref. Ejercicio de Derechos LOPD.

2. Sending scanned and signed form to the e-mail address CALLE SAN QUINTIN 11 28280 EL ESCORIAL MADRID indicating in the subject Ejercicio de Derechos LOPD.

In both cases, you must prove your identity by attaching a photocopy or, if necessary, a scanned copy of your ID card or equivalent document in order to verify that we are only responding to the interested party or his legal representative. In this case, you must provide proof of representation.

Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may file a complaint with the national control authority by addressing the Spanish Data Protection Agency, C/ Jorge Juan, 6 - 28001 Madrid.

How do we protect your information?

In PGR ASSOCIATION we are committed to protect your personal information.

We use measures, controls, and procedures of physical, organizational and technological character, reasonably reliable and effective, oriented to preserve the integrity and security of your data and guarantee your privacy.

In addition, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of your personal data.

In the case of the contracts we sign with our suppliers, we include clauses requiring them to maintain the duty of secrecy with respect to the personal data to which they have had access by virtue of the order placed, as well as to implement the technical and organizational security measures necessary to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services for processing personal data.

All these security measures are periodically reviewed to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed and there is no security system that is impenetrable. Therefore, in the case of any information being processed and under our control being compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Supervisory Authority and, where appropriate, those users who may have been affected so that they can take appropriate action.

____________________________________________________________ 

Guidelines on handling requests for exercising rights

The data supervisor shall inform all employees of the procedure for dealing with the rights of the data subjects, clearly defining the mechanisms by which the rights may be exercised (electronic means, reference to the Data Protection Officer if any, postal address, etc.) and taking into account the following:

o Upon presentation of their national identity card or passport, the holders of the personal data (interested parties) may exercise their rights of access, rectification, deletion, opposition, portability, limitation of processing and, where appropriate, the right not to be the subject of automated individual decisions. The exercise of these rights is free of charge.

o The data controller must respond to data subjects without undue delay and in a concise, transparent, intelligible manner, with clear and simple language, and must retain proof of compliance with the duty to respond to requests to exercise rights.

o If the request is submitted by electronic means, the information shall be provided by such means where possible, unless the data subject requests otherwise.

o Applications must be answered within one month of receipt and may be extended by a further two months, taking into account the complexity or number of applications, but in that case the person concerned must be informed of the extension within one month of receipt of the application, stating the reasons for the delay.

o If the application is not acted upon, the data controller will inform the interested party, without delay and no later than one month after receipt of the application, of the reasons for the failure to act and of the possibility of filing a complaint with the Spanish Data Protection Agency and of taking legal action.

In this sense and as a guarantee of compliance and exercise of proactive responsibility, it is recommended that the person responsible for the treatment implement effective mechanisms to register and attend to the requests received in relation to the exercise of rights in the area of data protection so that he or she is in a position to carry out an efficient management of the said requests, guarantee the traceability of the treatment given to them and comply with the response times stipulated by the regulations.

RIGHT OF ACCESS: In the right of access, the interested parties will be provided with a copy of the personal data available, together with the purpose for which they have been collected, the identity of the recipients of the data, the periods of conservation foreseen or the criterion used to determine it, the existence of the right to request the rectification or suppression of personal data as well as the limitation or opposition to its treatment, the right to file a claim with the Spanish Data Protection Agency and, if the data has not been obtained from the interested party, any available information about its origin. The right to obtain a copy of the data may not adversely affect the rights and freedoms of other interested parties.

- Form for the exercise of the right of access.

RIGHT OF RECTIFICATION: In the right of rectification, the data of the interested parties that were inaccurate or incomplete will be modified according to the purposes of the treatment. The interested party must indicate in the request what data it refers to and the correction to be made, providing, when necessary, the documentation justifying the inaccuracy or incompleteness of the data being processed. If the data have been communicated by the person responsible to other persons, he or she must notify them of the rectification of the data, unless this is impossible or requires a disproportionate effort, providing the data subject with information about the said recipients, if he or she so requests.

- Form for the exercise of the right of rectification

RIGHT OF DELETION: In the right of deletion, the data subjects will be deleted when they express their refusal of the treatment and there is no legal basis that prevents it, they are not necessary in relation to the purposes for which they were collected, they withdraw the consent given and there is no other legal basis that legitimizes the treatment or it is illegal. If the deletion derives from the exercise of the data subject's right to oppose the processing of his or her data for marketing purposes, the data subject's identification data may be retained in order to prevent future processing. If the data have been communicated by the person responsible to other persons, he shall notify them of the deletion of the data, unless this is impossible or requires a disproportionate effort, providing the data subject with information about the said recipients, if he so requests.

- Form for the exercise of the right of suppression.

RIGHT OF OPPOSITION: In the right of opposition, when the interested parties express their refusal to the processing of their personal data before the person responsible, the latter shall stop processing them as long as there is no legal obligation to do so. When the processing is based on a mission of public interest or on the legitimate interest of the person responsible, upon a request to exercise the right to oppose, the person responsible will stop processing the data unless there are compelling reasons that prevail over the interests, rights and freedoms of the data subject or are necessary for the formulation, exercise or defense of claims. If the data subject objects to the processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

- Form for the exercise of the right to oppose

PORTABILITY RIGHT: In the portability right, if the processing is done by automated means and is based on consent or is done under a contract, the persons concerned may request to receive a copy of their personal data in a structured format, commonly used and machine-readable. They also have the right to request that they be forwarded directly to a new controller, whose identity must be communicated, where technically possible.

- Form for the exercise of data portability

RIGHT OF LIMITATION TO THE PROCESSING: In the right of limitation to the processing, the interested parties may request the suspension of the processing of their data to contest its accuracy while the responsible person makes the necessary verifications or in case the processing is carried out on the basis of the legitimate interest of the responsible person or in compliance with a public interest mission, while it is verified whether these reasons prevail over the interests, rights and freedoms of the interested party. The data subject may also request the conservation of the data if he or she considers the processing to be unlawful and, instead of deletion, requests the limitation of the processing, or if even though the data controller no longer needs them for the purposes for which they were collected, the data subject needs them for the formulation, exercise or defense of claims. The fact that the data subject's data processing is limited must be clearly stated in the data controller's systems. If the data have been communicated by the person responsible to other persons, he shall notify them of the limitation of the processing of the data, unless this is impossible or requires a disproportionate effort, providing the data subject with information about such recipients, if he so requests.

- Form for the exercise of the limitation of the treatment.

RIGHT NOT TO BE OBJECTED TO AUTOMATED INDIVIDUAL DECISIONS: This right allows data subjects to request not to be subject to a decision based solely on the processing of their data, including profiling, which produces legal effects on them or significantly affects them in a similar way. It affects any form of processing of personal data that assesses personal aspects, in particular if it analyzes or predicts aspects related to job performance, financial situation, health, personal preferences or interests, reliability or behavior. This right does not apply when the processing is necessary for the conclusion or performance of a contract between him and the controller or if the processing is based on a consent given previously, although in these cases the controller must ensure the right of the data subject to obtain human intervention, to express his point of view and to challenge the decision. However, these exceptions do not apply to special categories of data, unless the data subject has given his explicit consent to the processing or the processing is necessary for reasons of an essential public interest set out in a law and with specific guarantees to protect the interests and fundamental rights of the data subjects concerned.

- Form for the exercise of the right not to be the subject of automated individual decisions 

Informative clause of the processing operation of clients/users

The data provided will be treated by PGR ASSOCIATION with the purpose of giving them the requested service and make their invoicing, as well as the elaboration of profiles. You can exercise your rights of access, rectification, suppression and portability of data and opposition and limitation to its treatment, as well as to oppose the adoption of automated individual decisions that produce legal effects on him or affect him significantly in a similar way before PGR ASSOCIATION, CALLE SAN QUINTIN 11 28280 EL ESCORIAL MADRID or in the e-mail address CALLE SAN QUINTIN 11 28280 EL ESCORIAL MADRID, attaching a copy of your ID card or equivalent document. You can extend this information in relation to the treatment of your personal data by consulting our Privacy Policy.

Likewise, we request your authorization to offer you products and services related to the contracted ones and to make you loyal as a user of our services.

YES

NO

Informative clause on the processing activity of potential clients/users

The data provided will be treated by PGR ASSOCIATION with the purpose of giving you the requested service or send you the required information. You can exercise your rights of access, rectification, suppression and portability of data and opposition and limitation to its treatment before PGR ASSOCIATION, CALLE SAN QUINTIN 11 28280 EL ESCORIAL MADRID or in the e-mail address CALLE SAN QUINTIN 11 28280 EL ESCORIAL MADRID, attaching a copy of your ID card or equivalent document. You can extend this information in relation to the treatment of your personal data by consulting our Privacy Policy.

Likewise, we request your authorization to send you advertising related to our products and services by any means (post, email or telephone) and to invite you to events organized by the company.

YES

NO