PrivacyPolicy

NOUS CIMS FOUNDATION, as Data Controller and responsible for this website, in accordance with the provisions of Regulation (EU) 2016/679, General Data Protection and the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, provides you with this privacy policy in order to inform you, in detail, about how we treat your personal data and protect your privacy and the information you provide us.

In this privacy policy we explain your rights regarding your personal information and how to exercise them. Additionally, in case you need to contact the competent data protection authority, we provide you with the contact details.

We, the data controllers of your data. Identity: NOUS CIMS FOUNDATION

ID: G-66621350

Registered office: C/Entença 332-334, Planta 7, 08029 Barcelona, Spain.

Phone: 677 92 02 50

Email: lopd@nouscims.com
Our Data Protection Officer (DPO) If you have any questions, doubts or suggestions regarding how we use your personal data, you can contact the Data Protection Officer, Auris Consultoria Legal i Tributària, at the e-mail address xavi@aurisadvocats.com.

What type of information about you may we collect?

Personal data collected from users and customers can be grouped according to the following categories:

  • Basic and contact information: such as your name, your cognates, your user name or similar identifier, your marital status, qualifications, date of birth or gender. It also includes your email address and telephone number. Also financial and economic data of suppliers and users.
  • Data of the young people who obtain the scholarship: we collect their name, surname, age, date of birth, DNI, NIE or Passport, email, completed address, name of the school, institute or entity with which it is linked. Likewise, we collect your authorization to send information and participate in WhatsApp groups and social networks, and your authorization for the use of your images.
  • Data of parents or legal guardians of the children receiving scholarships: we collect their name and surname and ID card, NIE or passport, email, full address. We also collect their authorization for minors to receive information and participate in WhatsApp groups and social networks. Also the authorization for the use of images of minors. Their economic or financial information may also be collected.
  • Professional and occupation data: this category would include your professional interests and your professional identity published online. For example, your LinkedIn profile.
  • Technical data: including IP address, registration data, browser and version used, time zone and usage, type of plugins installed in your browser, operating system and other technology used while accessing our platform.
  • Data from your user account: such as your profile name and password, subscription/purchase history, interests, preferences, suggestions submitted by you or any type of survey you have answered.
  • Navigation data: includes information related to the way you navigate when you visit our platform.
  • Marketing and communication preferences: we collect your preferences to receive commercial communications and news from us, the consents granted for it and the channel of your choice.
  • Images captured by video surveillance cameras: here are grouped the images that could be captured by video surveillance cameras in our offices.
  • Special categories of data: we inform you that NOUS CIMS FOUNDATION treats special categories of data for the execution of the purposes provided in the areas of action of the Foundation and aimed at the following groups: vulnerable youth, people affected by a cancer diagnosis, family members of these groups, people or groups in poverty, etc..
  • App Zingland: NOUS CIMS FOUNDATION has an app so that the entire community of scholarship holders can be connected. To register you need an email and a password and accept the Terms and Conditions of Use that are exposed in the platform itself.

How do we collect your personal information?

As a general rule, most of your personal information is provided to us directly by you, either in person at physical points of sale, by telephone, mail, web forms or by responding to surveys. However, we may also obtain information from:

  1. The different projects carried out in the Foundation.
  2. From a third party that has previously received your express consent to do so, such as other non-profit organizations dedicated to social works or purposes.
  3. Publicly accessible sources
  4. About the cookies we enable on our website – For more information about the use of our cookies, you can visit our cookies policy.
  5. Our systems of access to the facilities, if any. Such as, for example, check-in and check-out registers, employee punch-in and check-out systems, video surveillance cameras, communication and instant messaging systems, email or social networks.

What can happen if you do not provide us with your personal information?

If we are required by law to collect your personal information or, if it is essential to enter into a contract with you, if you do not provide us with your personal information, it may not be possible for us to serve you. In the event that we need to cancel your order for this reason, we will notify you first when necessary.

For what purposes do we process your personal information?

Attached is a detailed table with the purpose for which we collect your data and the legal basis that legitimizes us for which.

Purpose of processing

Why do we collect your information?

 Legal legitimacy

to process your personal information
To provide you with our services (1) Contractual performance

(2) In own legitimate interest (e.g. to manage possible non-payments)
Register as a web user (1) Express consent of the data subject

(2) Contractual performance
Manage our relationship with our customers, which includes:

 

(1) Notifying you of changes to our terms of engagement or policies.

 

(2) Requesting you to respond to a survey or rate our services

 (1) Contractual performance

(2) Fulfilment of a legal obligation

(3) In our own legitimate interest (to update our records and to know what our customers think about our services).
Sending commercial communications, bulletins, newsletters, newsletters and advertising, by any communication channel (1) Express consent of the data subject

(2) In your own legitimate interest (provided you have not expressed your wish to stop receiving communication, ‘opt-out’).
Respond to queries and/or provide information requested by the interested party. (1) Legitimate self-interest

(2) Contractual performance

(3) Consent of the data subject

(4) Fulfilment of a legal obligation
Managing user interactions on our social networks (1) Compliance with a legal obligation (for example, to remove offensive, racist, rude or libellous comments; to maintain an environment of respect and integration, to preserve the privacy of minors, etc.).

(2) Legitimate self-interest (when we remove third-party advertisements from our networks, for example).
Use analytical data to improve the web browsing/app usage experience, implement marketing strategies and optimize recruitment processes through the use of cookies. (1) Legitimate self-interest

(2) Consent of the data subject (by accepting the use of analytical cookies, for example).
Manage and protect our business and our website. This includes detecting navigation problems, data analysis, web/app testing, etc. (1) Fulfilment of a legal obligation

(2) Legitimate self-interest (running our business, providing security for our networks, preventing fraud, etc.)
Providing personal information to the authorities or as required by law. Fulfilment of a legal obligation.
Improve the security of our physical facilities (installation of CCTV/video surveillance cameras, access control). In legitimate interest and in the interest of third parties. For example, to detect the commission of an act harmful to our employees or customers.
Ensure job security, personnel administration and employability of candidates. (1) In compliance with a legal obligation.

(2) In our own and third parties’ legitimate interests. To improve the experience of our employees in the performance of their duties.

With whom may we share your personal information?

We may need to share your personal information with:

  • Other Foundation projects.
  • Third-party companies that we subcontract or service providers that we use to provide our services. For example, other non-profit entities engaged in social works or purposes, etc.

Providers of payment gateways, warehouses or transportation services.

  • Third parties we need to run our business. For example, lawyers, management, IT.

All the suppliers we work with are contractually bound with us. We can guarantee that they comply with all necessary security measures to safeguard your personal information, that they will use your personal data exclusively for the specified purposes, in accordance with our instructions.

We will also share personal information with law enforcement agencies where we are required to do so by law.

Where do we host your personal information?

All the information you provide to us, both through this website and through other channels, will be hosted on Amazon Web Service’s cloud servers. These servers are hosted within the European Economic Area.

How long will we keep your personal data?

Your data will be kept for the duration of your business relationship with us or for as long as you exercise your right of cancellation or opposition, or limitation of processing. However, we will keep certain personal, identification and traffic data for a maximum period of 2 years in case it is required by judges and courts or to initiate internal actions arising from the misuse of the website.

We also inform you that our information conservation policies are in accordance with the time periods established by the different legal responsibilities for statute of limitations purposes:

  1. a) General Rule: Pursuant to that set forth in Article 30 of the Commercial Code, and apart from other criteria, all documents and/or information of the company shall be kept for 6 years. This affects all accounting, tax, labor or commercial documentation, including correspondence.
  2. b) Specific deadlines: Our company also has to set minimum deadlines depending on the type of data to be processed and taking into account the different statute of limitations, which each department must be aware of.

This table lists the deadlines that affect or may affect our organization:

Subject Prescription Regulations
Labor for infringement purposes 3 years Art. 4.1 RD 5/2000
Social Security for infringement purposes 4 years Art. 4.2 RD 5/2000
Prevention of Occupational Risks for the purpose of infractions 5 years Art. 4.3 RD 5/2000
Tax for tax debt purposes 4 years Art. 66 Law 58/2003
Taxation for the purpose of verifying quotas offset or deductions applied 10 years Art. 66 bis Law 58/2003
Accounting and commercial 6 years Art. 30 of CC
Crimes against the Treasury and Social Security 10 years Art. 131 LO 10/1995

You will not be subject to decisions based on automated processing that produce effects on your data.

Our Communications

All personal information you communicate to us will be incorporated into our information systems. If you accept the present privacy policy, it means that you give Nous Cims Foundation the express consent to the fact that you carry out the following activities and/or actions, as long as you do not tell us otherwise:

 

  • To send you commercial, promotional and direct marketing communications by any means of communication enabled, to inform you of activities, services, promotions, advertising, news, offers and other information about services and products related to us and our group.
  • To the sending of communications by electronic means, provided that you have subscribed to our NEWSLETTER and have not unsubscribed.
  • The retention of data for the periods provided for in the applicable provisions

How to stop receiving marketing communications (opt-out)?

At any time, you can revoke any express consent you have given us to send you marketing information. To do so, you can request to unsubscribe by using the opt-out option when it is enabled in our app/web, or by sending us an email with the subject “unsubscribe” to lopd@nouscims.com.

In accordance with the LSSICE, we never carry out SPAM, therefore, we will not send you commercial emails if they have not been requested or authorized by you. However, in all our communications, you will have the possibility to revoke your consent.

We will not process your personal data for any other purpose than those described, except by legal obligation or court order.

User responsibility – Declaration of truthfulness

By providing personal information through electronic channels, the user declares that he/she is over 14 years old and that all data provided to Nous Cims Foundation are true, accurate, complete and updated. To this effect, the user confirms that he/she is responsible for the veracity of the data communicated and that he/she will keep this information conveniently updated so that it corresponds to his/her real situation, being responsible for any false or inaccurate data that he/she may provide, as well as for any damages, direct or indirect, that may arise.

If you send us your CV

In the event that you want to send us your CV through our website/email, we inform you that the data provided will be processed to make you participate in the selection processes that may be carried out, conducting an analysis of your professional profile in order to select the most suitable candidate for the eventual vacancy.

We do not accept resumes submitted through other channels (e.g. hand-delivered on paper). In case of any change in the data, please inform us in writing as soon as possible, in order to keep your data updated.

CVs will be kept for a maximum period of one year, after which they will be securely destroyed and all data included will be deleted. We guarantee total respect for confidentiality. In this sense, after this period, if you wish to continue to participate in possible selection processes, you will have to resubmit your resume.

The data may be processed and/or communicated to the companies in our group during the time your curriculum vitae is kept and for the same purposes as mentioned above.

Special consideration to the CVs of young scholarship holders

The CVs added through the platform by the young scholarship holders are processed to make them part of the selection processes of the NOUS CIMS FOUNDATION, projects linked to the Foundation or by third party companies that collaborate with it. In case of any modification in the data, please inform us in writing as soon as possible, in order to keep your data updated.

CVs will be kept for a maximum period of one year, after which they will be securely destroyed and all data will be deleted. We guarantee total respect for confidentiality. In this sense, after the aforementioned period, if you wish to continue participating in possible selection processes, you will have to resubmit your resume.

How do we keep your information secure?

We take the protection of your data very seriously. For this reason, we ensure that appropriate physical, organizational and technological security measures, controls and procedures are in place to prevent your information from being accidentally lost, used or accessed maliciously.

We limit access to your data to authorized persons and entities, and we make sure that all our staff is properly trained. All those involved in the processing of your personal data are bound by a duty of confidentiality.

Additionally, we apply technical procedures to react to any suspected data security breach. If necessary, we will notify you of this, as well as the supervisory authority (the AEPD in Spain), in accordance with current regulations.

How to exercise your ARCOLP rights?

Both the RGPD and the standard of transposition into Spanish law (the LOPDGDD), guarantees you the exercise of the following rights. You can exercise them at any time and always free of charge:

Right of access             The right to request the restriction of the processing of your data.
Right of rectification  The right to request correction of errors in personal information.
Right of cancellation/deletion (right to be forgotten)             The right to request that we delete your personal information – in some situations.
Right of limitation      The right to request the restriction of the processing of your data.
Right of opposition    The right to object to:

– to the processing of your data for direct marketing (including profiling).

– in certain circumstances to the fact that we continue to process your data. For example, processing carried out on the basis of our legitimate interest.
Right of portability The right to receive your personal information in a structured form, in a readable format and/or to transmit this data to a third party – in specific situations.
Automated individual decisions              The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects.

To exercise any of the aforementioned rights, you can write to us with your request to the e-mail address specifically provided for this purpose: lopd@nouscims.com.

You can also contact directly with our Data Protection Officer: xavi@aurisadvocats.com

You will have to attach to your request information about your exact needs and, in any case, proof of your identity, valid in law.

The data protection supervisory authority

We look forward to resolving any issues or concerns you may have regarding your personal information. But if you wish to lodge a complaint with the competent authority, you are entitled to this.

In Spain, the highest authority on data protection is the Spanish Data Protection Agency (AEPD).

https://www.aepd.es/es – Tel: 91 266 35 17.

 

Changes to this privacy policy

Nous Cims Foundation reserves the right to modify this policy to adapt it to new legislation or jurisprudence.