Private policy

Data processing manager

Entity name: FUNDACION CARTIF (hereinafter, CARTIF).
Address: Parque Tecnológico de Boecillo, Parcela 205. 47151 Boecillo (Valladolid), Spain.
Telephone: +34 983 546 504.
Contact: E-mail
Contact of the Data Processing Delegate: PRODAT CYL, S.L.U.
Contact DPD: E-mail / +34 983 363 893.

Claims mailbox: E-mail

Processing of data collected through the website

The data that CARTIF may collect for the use, navigation of the website, through our forms, via email or on the occasion of the contractual relationship that binds you with CARTIF are personal data. When completing each of the forms present on our website there will be a series of mandatory data, whose fields are marked with the * symbol. In the case of not filling in such fields, the described purposes of each of the forms cannot be carried out. On some occasions, we inform you that by simple use and navigation on our Website, CARTIF will store data related to:

  • IP address
  • Browser version
  • Operating System
  • Duration of the visit

Such information can be stored through Google Analytics, so we refer to Google’s Privacy Policy, since it collects and processes such information.
In the same way, the Google Maps utility is provided on the Website, which can have access to your location, in the event that you allow it, in order to provide you with greater specificity about the distance and / or our paths venues In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and treatment of such data. CARTIF reserves the right to modify or adapt this Privacy Policy at all times. Therefore, we recommend that you check it every time you access the Website.

Information provided through the emails available in the web:

  1. Purpose: To answer your request for information.
  2. Legitimation: The consent given by you at the time you send us the request via email.
  3. Recipients: The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when the sea is in accordance with the provisions of current regulations on data protection.

Work with us:

  1. Purpose. Involve you in the personnel selection processes carried out by CARTIF.
  2. Legitimation. The consent granted by the interested party that you give us by virtue of your spontaneous application.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection.

General web contact form:

  1. Purpose. Manage the request for queries and general information about CARTIF.
  2. Legitimation. The consent of the interested parties who subscribe to this service by checking the box intended for this purpose.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection.

Sending and subscribing to the Newsletter / Newsletter

  1. Purpose. Manage the sending of the CARTIF Newsletter or Newsletter to users who subscribe to them.
  2. Legitimation. The consent of the interested parties who subscribe to this service by checking the box intended for this purpose.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection.

Other data processing

Exclusively for professional contacts

  1. Purpose. At CARTIF we process your personal data in order to maintain the professional relationship that we have between us.
  2. Legitimation. The legitimate interest pursued by the controller.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection.

Exclusive for contacts through social networks

  1. Purpose. At CARTIF we process your personal data for the following purposes:
    • Answer questions, requests or requests.
    • Manage the requested service, answer the request, or process a request.
    • Establish a user-responsible relationship, and create a community of followers.
  2. Legitimation. The legitimate interest of the data controller, as well as the acceptance of a contractual relationship in the environment of the corresponding social network.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection. However, we recommend reviewing the privacy policy of the social networks that we mainly use since social networks, being North American, can transfer data to the United States.

Exclusively for clients

  1. Purpose.
    • Invoices, delivery notes, budgets and contracts. At CARTIF we process your personal data in order to manage the services derived from the contractual relationship, as well as the commitments derived from the contract.
    • Advertising. At CARTIF we process your data in order to offer you our products and services / courses, activities and workshops / our activity.
  2. Legitimation.
    • Invoices, delivery notes, budgets and contracts. The legitimacy for the treatment of your data is the execution of a service provision contract and in compliance with the following legal obligations that apply to us:
      • The terms of conservation of your data once the contractual relationship ends are based on compliance with the provisions of the Commercial Code.
      • Communication of your data when requested by the Tax Inspection is protected by General Tax Law 58/2003, of December 17.
    • Advertising. The legitimacy for the treatment of your data is the consent of the interested party.
  3. Recipients.
    • Invoices, delivery notes, budgets and contracts. In general, the recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection. In those cases where necessary, customer data may be transferred to the following organizations, in compliance with a legal obligation:
      • The data necessary for compliance with the legal obligation may be transferred to the Spanish Tax Agency.
      • To the corresponding banking entities, to be up to date with payments.
      • In the event that it is requested, your data will be transferred to the Labor Inspection.
    • Advertising. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection.

Exclusive for speakers

  1. Purpose. Your data will be processed in order to manage your relationship with the entity due to your participation in the presentation.
  2. Legitimation. Execution of the legal relationship between the parties, as well as the consent that you grant us as an interested party.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection and those cases in which you have granted us your consent to basic information.

Exercise of GDPR rights

  1. Purpose. To respond to data subjects’ requests regarding data protection.
  2. Legitimation. Processing necessary to comply with a legal obligation applicable to the General Data Protection Regulation.
  3. Recipients. The recipients of your data will be the IT department, the Delegate of Data Protection, the address or administration of the entity depending on of the request, as well as the third parties to whom your data will be transferred as long as the the applicable requirements regarding data protection.

Security breach

  1. Purpose. Manage and resolve the security breach in terms of data protection, as well as the possible communication to those affected.
  2. Legitimation. Treatment necessary for compliance with a legal obligation applicable to the General Data Protection Regulation.
  3. Recipients. The recipients of your data will be the IT department, the Data Protection Officer, the management or administration of the entity depending on the request, as well as the third parties to whom your data is transferred, provided that the applicable requirements are met, in terms of data protection.

Exclusive for Andin App (Google Play Store / Android)

  1. Purpose. In order to provide the service object of the application, CARTIF will process the contact list data and GPS position of the mobile device after prior download and authorisation by the user.
  2. Legitimation. The consent of the interested parties after downloading the app.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection and those cases in which you have granted us your consent to basic information.

Exclusive for app Tool For PED (https://tools.cartif.es/ped-tool)

  1. Purpose. In order to provide you with help an information for the use of the apllication and to respond to the queries you send us through the contact form, CARTIF will process your personal data.
  2. Legitimation. The consent of the interested parties when they register in the app.
  3. Recipients. The recipients of your data will be the different areas of our entity, as well as the third parties to whom we transfer your data, when it is lawful in accordance with the provisions of current regulations on data protection and those cases in which you have granted us your consent to basic information.

Conservation deadlines

Treatment of data collected through the website

Information provided through emails made available on the web.Once we have responded to your request for information, the data will be kept for a maximum of 6 months as evidence against possible future claims.
Work with us.Under CARTIF’s conservation policy, your personal data will be kept for a maximum period of ONE YEAR from the receipt of the curriculum vitae.
Sending and subscribing to the Newsletter.Your personal data will be kept until you cancel your subscription to the Newsletter.
General contact form.Once we have responded to your request for information, the data will be kept for a maximum of 6 months as evidence of possible future ones. claims.

Other treatments

Exclusive for professional contacts.Until our professional relationships end or you decide to cancel or oppose the treatment of your contact data.
Exclusive for contacts through social networks.Your personal data will be kept for the time necessary to fulfill the purpose for which it was collected.
Exclusively for clients: invoices, delivery notes, budgets and contracts.Your personal data will be processed until the contractual relationship ends. Once the same, and for commercial purposes, your data will be kept for a period of 6 years in compliance with the provisions of the Commercial Code. For tax purposes, your data will be kept for a period of 4 years in compliance with the provisions of the General Tax Law.
Exclusive for clients: Advertising.Your personal data will be processed until the consent granted for this purpose is revoked.
Exclusive for speakers.Your personal data will be kept for the duration of your relationship with the entity. The images and recordings published on the entity’s social networks and website will be preserved unless you request their deletion.
Exercise of GDPR rights.During the time necessary to resolve the claim and, subsequently, duly minimized and blocked until compliance with legal obligations regarding data protection.
Security breach.During the time necessary to manage and resolve the breach and, subsequently, duly minimized and blocked until compliance with legal obligations regarding data protection.
Exclusive for Andin App.Your personal data will be kept for the time necessary to fulfil the purpose for which they were collected, until you request the deletion or revocation of your consent.

International transfers

CARTIF does not plan to make international data transfers, in those cases in which it is necessary, only be made to entities that have demonstrated that they comply with the level of protection and guarantees in accordance with the parameters and requirements provided in the current regulations on data protection, such as the European Regulation, or when there is legal authorization to carry out the international transfer, as the consent of the interested party. In any case, the corresponding information will be provided to the interested party.

What are your rights in relation to data processing?

You as the data owner have the right to obtain confirmation of the existence of a treatment of your data, to access your personal data, request the rectification of data that are inaccurate or, where appropriate, request the deletion, when among other reasons , the data is no longer necessary for the purposes for which it was collected or you, as interested party, withdraw the consent granted. CARTIF will process and keep your data in accordance with current regulations, without prejudice to the fact that as interested party you can request in any case, the limitation of the processing of your data. In certain cases, you can exercise your right to data portability, which will be delivered in a structured format, in common use or machine readable to you or to the new data controller you designate. You will have the right to revoke the consent for any of the treatments for which you have granted it at any time. To exercise your rights, contact us through the email address protecciondedatos@cartif.es. We have forms for the exercise of all the aforementioned rights, however, you can also use those prepared by the Spanish Agency for Data Protection. You will have the right to file a claim with the Spanish Data Protection Agency in the event that you consider that the exercise of your rights has not been properly addressed. The maximum term to resolve will be one month from the receipt of your request. In the event of any modification of your data, we thank you for duly informing us in writing in order to keep your data updated.


Logo CARTIF

Copyright © Fundación CARTIF. All rights reserved.


Share This