Privacy policy

FUNDACIÓ PRIVADA NOUS CIMS

This Privacy Policy governs the processing of personal data carried out by Fundació Privada Nous Cims through the website www.nouscims.com, the digital platforms and applications linked to the Foundation, the various social programs it develops, and the different channels of interaction with beneficiaries, participants, collaborators, educational institutions, professionals, and other individuals interested in its activities.

The purpose of this policy is to provide clear and transparent information on how the Foundation collects, uses, protects, and stores personal data, as well as on the rights of data subjects in relation to the processing of their personal data.

1. Identification of the Data Controller

The data controller responsible for the processing of personal data is:

Fundació Privada Nous Cims
Tax ID (NIF): G-66621350
Address: C/ Entença 332-334, 7th floor 08029 Barcelona (Spain)

Email: lopd@nouscims.com
Website: www.nouscims.com

Nous Cims is a non-profit organization dedicated to promoting innovative social projects aimed at improving employability, emotional well-being, and the overall development of vulnerable groups, especially women, youth, and children.

The Foundation develops various initiatives and social programs, including, among others:

  • ZING Programme, aimed at supporting educational continuity and employability for young people.
  • Unkover, a vocational guidance program.
  • KOMTÜ, a program for emotional well-being in educational centers.
  • KOA, a secondary mental health prevention program for adolescents.
  • DOMUM, an emotional well-being program aimed at individuals undergoing oncological processes.
  • Global development programs related to education, nutrition, and employability in countries in Latin America and Africa.

The processing of personal data is carried out within the framework of the implementation of these programs, as well as for the institutional and organizational management of the Foundation.

2. Data Protection Officer

Nous Cims has appointed a Data Protection Officer. For any inquiries related to the processing of personal data, you may contact:

Auris Consultoría Legal y Tributaria

Email: xavi@auris.legal

You may also contact the Foundation at:
lopd@nouscims.com

3. Personal Data We Process

The personal data processed by Nous Cims depends on the relationship each individual has with the Foundation and the program or activity in which they participate.

In general terms, identifying and contact data may be processed, such as name and surname, identity document, date of birth, postal address, email address, or phone number.

When a person participates in one of the Foundation’s social programs, additional data necessary for the proper management of the program may be processed, such as educational or academic information, data relating to the educational institution, professional information, financial data related to scholarships or aid, as well as information required to monitor participation in the program.

In the case of programs aimed at minors or young students, data may be processed both from the participants and from their parents, guardians, or legal representatives, for the purpose of managing their participation and obtaining the necessary authorizations.

Additionally, in certain social programs, special categories of personal data may be processed, such as information related to the social, educational, or emotional well-being of participants, when necessary to assess their situation or to properly carry out program activities. When processing involves special categories of personal data, such processing will only be carried out when strictly necessary for the implementation of the Foundation’s social programs and based on the explicit consent of the data subject or their legal representatives, or on other legal bases provided for in Article 9 of Regulation (EU) 2016/679.

When a person interacts with the Nous Cims website and its platforms, certain technical or browsing data may also be processed, such as IP address, online identifiers, device type, or information about the use of the website.

Additionally, the Foundation may process images, voice recordings, or audiovisual materials obtained במסגרת activities, events, or programs, provided that the appropriate authorization has been obtained.

4. How We Obtain Personal Data

In general, personal data is obtained directly from the data subject when they:

  • complete forms available on the website and the Foundation’s own platforms such as GEM, Salesforce, or other technological platforms that may be used by Nous Cims.
  • request information about programs or activities
  • register for one of the Foundation’s programs
  • participate in educational, social, or therapeutic activities
  • subscribe to the newsletter or informational communications
  • submit a professional or volunteer application
  • interact with the Foundation through social media

In certain cases, data may be provided by educational institutions, partner entities, social organizations, or other public or private institutions involved in the programs, provided that such entities have an appropriate legal basis for sharing the data.

Data may also be obtained from publicly accessible sources or through the use of cookies or similar technologies.

5. Purposes of Processing and Legal Bases

Personal data is processed for various purposes related to the Foundation’s activities.
Firstly, data is used to manage individuals’ participation in social and educational programs. This includes the evaluation of applications, selection of participants, monitoring of their participation, management of scholarships or financial aid, organization of training or mentoring activities, evaluation of program impact, statistical analysis, program follow-up studies, and the improvement of the initiatives carried out. This processing is based on the performance of a contractual or pre-contractual relationship with the data subject and on compliance with legal obligations.
Data may also be processed to manage relationships with educational institutions, partner entities, suppliers, or professionals involved in the Foundation’s projects. This processing is based on the performance of contractual or pre-contractual relationships with such entities or professionals, as well as on the Foundation’s legitimate interest in developing and coordinating its social programs and projects.
Additionally, data is used to respond to inquiries, information requests, or communications received through the website or other contact channels. This processing is based on the implementation of pre-contractual measures at the request of the data subject, as well as on the Foundation’s legitimate interest in properly managing received communications and providing the requested information.
When an individual subscribes to the newsletter or expressly authorizes the sending of informational communications, Nous Cims may send information about the Foundation’s programs, activities, or initiatives. This processing is based on the data subject’s consent or on legitimate interest when there is a prior relationship.

Data may also be processed to ensure the proper technical functioning and security of the website and the digital platforms used by the Foundation. This processing is based on the Foundation’s legitimate interest in ensuring the security of its information systems and the proper delivery of digital services, in accordance with Article 6.1(f) of Regulation (EU) 2016/679.
The Foundation may use technological tools based on algorithmic support systems or artificial intelligence in order to improve certain organizational processes, such as identifying potential matches between mentors and participants in its programs. This processing is based on the performance of the existing relationship with program participants, as well as on the Foundation’s legitimate interest in improving the management and operation of its social initiatives, in accordance with Article 6.1(b) and 6.1(f) of Regulation (EU) 2016/679.

In all cases, these tools act solely as support systems for analysis and decision-making processes. The final assignment of mentors and any relevant decisions are always reviewed and made by the program’s human team. Therefore, no decisions are made based solely on automated processing that produce legal effects or significantly affect participants, within the meaning of Article 22 of the GDPR.

Individuals who have participated in the Foundation’s programs, activities, or initiatives, as well as those who have requested information about them through the website or other contact channels, may receive informational communications related to such programs, as well as new initiatives, activities, or projects promoted by the Foundation. This processing is based on the Foundation’s legitimate interest in maintaining a relationship with individuals who have participated in or shown interest in its programs, in accordance with Article 6.1(f) of Regulation (EU) 2016/679, as well as the provisions of Article 21.2 of Law 34/2002 on Information Society Services and Electronic Commerce, when there is a prior relationship with the data subject. In any case, data subjects may object at any time to receiving this type of communication through the mechanisms provided in each communication or by contacting the Foundation through the contact channels indicated in this policy.

6. Communications with Participants and Users

Within the framework of its programs, Nous Cims may communicate with participants, beneficiaries, or interested individuals through different channels.

These communications may be carried out via email, phone calls, SMS messages, or instant messaging applications such as WhatsApp, whenever necessary for program management, the organization of activities, or the transmission of relevant information.

In certain programs or activities, communication groups may be created using messaging tools in order to facilitate coordination among participants, professionals, and educational teams.

The use of these channels will be limited to purposes related to the Foundation’s activities and will always be carried out in compliance with the privacy of participants.

7. Follow-up After the Completion of Programs

In certain social programs, particularly those related to education, employability, or emotional well-being, the Foundation may maintain contact with participants after their formal participation in the program has ended.

This contact aims to carry out follow-up actions, evaluate the social impact of projects, provide ongoing support to beneficiaries, and improve the initiatives developed by the Foundation.

This processing is based on the Foundation’s legitimate interest in evaluating and improving the impact of its social projects, as well as in maintaining relationships with the beneficiaries of its programs.
Data subjects may object to these communications at any time.

8. Data Recipients and Data Processors

For the development of its activities, Nous Cims may disclose personal data to:

  • educational institutions
  • partner entities
  • social organizations
  • public administrations
  • program funding entities
  • technology providers or professional service providers

In the course of its activities, the Foundation uses technological tools for program management and coordination, including data management platforms and customer relationship management (CRM) systems, such as the Salesforce platform and the GEM platform. The Foundation may also use other technological tools necessary for the operation of its website and the provision of digital services, including tools aimed at improving website accessibility for persons with disabilities.

When these technology providers access personal data in order to provide their services, they do so as data processors, in accordance with Article 28 of Regulation (EU) 2016/679, and are subject to the შესაბამის contracts that ensure compliance with data protection obligations and the implementation of appropriate technical and organizational measures.

Through the following link, you can access all the entities to which Nous Cims may disclose personal data:
https://www.nouscims.com/wp-content/uploads/2023/10/Entidades_18_10_2023_11_27.xlsx

Data may also be disclosed to public or judicial authorities where there is a legal obligation to do so.

9. Use of Virtual Assistants and Informational Chats

Fundació Privada Nous Cims may provide users with virtual assistants or informational chat tools on its websites, digital platforms, or within the framework of the various programs developed by the Foundation.

These tools are designed to provide general information about the Foundation’s programs, activities, and initiatives, as well as to facilitate basic guidance for users. Such tools may include, for example, the KAI informational chat linked to the KOMTÜ program, the WUDI employability chat linked to the ZING program, and the ORIENT vocational chat linked to the UNKOVER program.
These systems may operate through automated responses generated from pre-configured information, and their purpose is exclusively informational. The responses provided by these assistants do not constitute individualized professional advice nor do they replace psychological, educational, healthcare, or any other type of professional assistance.

The use of these tools is based on the Foundation’s legitimate interest in providing digital channels for information and guidance related to its programs and activities, in accordance with Article 6.1(f) of Regulation (EU) 2016/679.

Users should avoid entering sensitive personal data or identifying information about minors or other individuals in these chats, unless it is strictly necessary for the inquiry.

If users provide personal data through these systems, such data may be processed by the Foundation for the purpose of managing the operation of the service, improving the quality of the information provided, and ensuring the security of the system.

The technical operation of these virtual assistants may involve the use of technology providers specialized in automated communication tools, who will act as data processors, subject to the obligations established under data protection regulations.

In all cases, the Foundation adopts reasonable measures to limit the processing of personal data in these services and to ensure that their use is intended solely for informational purposes related to its programs and activities.

10. International Data Transfers

As a general rule, the personal data processed by Fundació Privada Nous Cims is stored in technological infrastructures located within the European Economic Area (EEA), including cloud storage services provided by technology providers that comply with the security and data protection standards required under European regulations.
However, in certain cases, some of the technology providers used by the Foundation for the provision of digital services, platform hosting, management tools, or communication systems may involve remote access to personal data from third countries outside the European Economic Area.

Likewise, within the framework of certain cooperation or global development programs promoted by the Foundation, which may take place in countries in Latin America or Africa, it may be necessary to process certain personal data in those territories or to allow access to information by partner entities located outside the European Economic Area.

When international transfers of personal data take place, Nous Cims will adopt the necessary measures to ensure that such transfers are carried out in accordance with the provisions of Chapter V of Regulation (EU) 2016/679 (GDPR).

In particular, these transfers may be based, as appropriate, on:

  • adequacy decisions adopted by the European Commission regarding the destination country;
  • the execution of Standard Contractual Clauses approved by the European Commission with the providers or entities receiving the data;
  • the application of other appropriate safeguards предусмотрено by data protection regulations.

In all cases, the Foundation will ensure that providers and entities that may access personal data offer sufficient guarantees to implement appropriate technical and organizational measures that ensure a level of protection equivalent to that required under European regulations.

11. Data Retention

Personal data will be retained for the time strictly necessary to fulfill the purposes for which it was collected and to properly manage the relationship with the data subject within the framework of the activities, programs, or services carried out by Fundació Privada Nous Cims.

Once the relationship with the data subject has ended or the purpose for which the data was collected has been fulfilled, the data may be retained in a duly restricted (blocked) form for the period necessary to address any potential legal liabilities arising from the processing, as well as to comply with applicable legal obligations.
In particular, certain data may be retained for the periods established by tax, accounting, commercial, administrative, or contractual regulations, among others, in accordance with the provisions of the Commercial Code, tax regulations, and other applicable legal provisions.

In the case of data processed within the framework of social, educational, or emotional well-being programs, the Foundation may retain certain information for a maximum period of five years from the end of participation in the program, when necessary to carry out social impact evaluations, statistical analyses, program follow-up studies, or improvements to the initiatives developed, provided that such processing is carried out applying appropriate measures to protect the privacy of data subjects, such as pseudonymization or anonymization of the data whenever possible.

Furthermore, when the Foundation’s programs or activities are fully or partially funded through public grants, institutional agreements, donations, or other sources of funding, certain data may be retained for the period necessary to comply with justification, audit, control, or accountability obligations required by funding entities or applicable regulations.

Once the legally established retention periods have expired, personal data will be securely deleted or anonymized, unless it must be retained in a duly restricted (blocked) form for the establishment, exercise, or defense of legal claims.

12. Information Security

Fundació Privada Nous Cims implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of the personal data it processes, with the aim of preventing unauthorized alteration, loss, processing, or access, in accordance with Article 32 of Regulation (EU) 2016/679 (GDPR).
These measures are adopted taking into account the state of the art, the nature of the data processed, the scope of the processing, the context in which it is carried out, and the potential risks to the rights and freedoms of individuals.

In particular, the Foundation implements security measures aimed at protecting information systems and personal data against unauthorized access, data loss, or misuse. These measures include, among others, the establishment of access controls to information systems, the implementation of internal data protection and information security policies, staff training and awareness, as well as the supervision and evaluation of technology providers that may have access to personal data.

Furthermore, Nous Cims has internal procedures in place for the detection, management, and notification of security incidents or potential personal data breaches, in order to respond promptly to any risk that may affect information security and, where applicable, to comply with the notification obligations established under data protection regulations.

Access to personal data is limited solely to those individuals who need it for the performance of their duties within the framework of the Foundation’s activities, all of whom are subject to confidentiality obligations and to the requirements established under data protection regulations.

The Foundation periodically reviews its security measures in order to adapt them to technological developments, changes in its information systems, and the risks associated with the processing of personal data.

13. Processing of Data Through Video Surveillance Systems

In certain facilities of Fundació Privada Nous Cims, video surveillance systems may be in place for the purpose of ensuring the safety of individuals, property, and the Foundation’s premises.
The images captured by these systems will be processed exclusively for this purpose and will be managed in accordance with the provisions of Article 22 of Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights, as well as Regulation (EU) 2016/679.

The legal basis for this processing is the Foundation’s legitimate interest in ensuring the security of its facilities and of the individuals who access them, in accordance with Article 6.1(f) of the GDPR.
Images captured by the cameras will be retained for a maximum period of 30 days, unless they must be kept for a longer period to provide evidence of acts that threaten the integrity of individuals, property, or facilities, or when they must be made available to competent authorities.

Access to the images will be limited to authorized personnel of the Foundation and, where appropriate, to competent authorities when necessary for the investigation of facts that may constitute an infringement or criminal offense.

Data subjects may exercise their data protection rights under the terms set out in this Privacy Policy.

14. Internal Information or Whistleblowing Channel

Fundació Privada Nous Cims has an internal information or whistleblowing channel designed to enable the confidential reporting of potential irregularities, regulatory breaches, conduct contrary to the Foundation’s Code of Ethics, or any actions that may be unlawful or contrary to the principles governing the organization’s activities.

This internal reporting system is managed in accordance with the provisions of Law 2/2023 of February 20, on the protection of persons who report regulatory infringements and on the fight against corruption, as well as with applicable data protection regulations.

Personal data provided through the whistleblowing channel will be processed exclusively for the purpose of managing, analyzing, investigating, and, where appropriate, resolving the reports received, as well as for adopting any corrective or disciplinary measures that may be necessary.

Access to the information will be strictly limited to authorized personnel responsible for managing the channel or, where applicable, to external providers acting as data processors, ensuring at all times the confidentiality of the identity of the reporting person, the individuals concerned, and any third parties mentioned in the report, in accordance with the applicable regulations.

Personal data processed within the framework of the internal information channel will be retained for the time strictly necessary to determine whether to initiate an investigation into the reported facts and, where appropriate, for the time required to process the corresponding procedure and comply with applicable legal obligations.

15. Data Subjects’ Rights

Data subjects may exercise at any time the rights granted to them under personal data protection regulations.

In particular, they have the right to request access to their personal data, the rectification of inaccurate data, the erasure of data when, among other reasons, it is no longer necessary for the purposes for which it was collected, as well as the right to object to processing, the right to restriction of processing, and the right to data portability, under the terms set out in the General Data Protection Regulation.

Where the processing of data is based on the data subject’s consent, they may withdraw such consent at any time, without affecting the lawfulness of the processing carried out prior to its withdrawal.

To exercise any of these rights, the data subject may submit a request to the Foundation via email at lopd@nouscims.com, clearly indicating the right they wish to exercise and providing the necessary information to verify their identity.

Data subjects may also contact the Foundation’s Data Protection Officer for any matters related to the processing of their personal data.

16. Complaints to the Supervisory Authority

If an individual considers that the processing of their personal data does not comply with applicable data protection regulations, they have the right to lodge a complaint with the competent supervisory authority.

In Spain, the supervisory authority for data protection is the Spanish Data Protection Agency (AEPD).

You can find more information on how to file a complaint with the AEPD through its official website: https://www.aepd.es

In any case, before lodging a complaint with the supervisory authority, data subjects may contact the Foundation or its Data Protection Officer in order to attempt to resolve any issues related to the processing of their personal data.

17. Changes to the Privacy Policy

Fundació Privada Nous Cims may modify this Privacy Policy when necessary to adapt it to legislative or case law changes, or to modifications in the programs, services, or activities carried out by the Foundation.

In the event of significant changes in the processing of personal data, the Foundation will duly inform users through the website or by other appropriate means of communication.

The current version of the Privacy Policy will always be available on the Foundation’s website.

Last updated: March 18, 2026

Resumen de privacidad

Our website uses its own and third party cookies. A cookie is a file that is downloaded to your computer when accessing certain web pages to, among other purposes, ensure the correct functioning of the web page, allow faster access to the selected service, store and retrieve information about user navigation  and the equipment used, and even, depending on the information the cookie contains, they can be used to recognize a returning user. Cookies are only associated with an anonymous user and the computer or device. They do not provide references to personal data, unless expressly authorized by the user.

The user can, at all times, accept or reject installed cookies that are not strictly necessary for the proper functioning of the website and service access. To able or dissable you must navigate to the Cookie Setting Panel provided in our website.

Likewise, you can configure your browser at any time without damaging the User's ability to access the contents. However, we inform you that the rejection of cookies may decrease the proper functioning of the website.