Data Protection and Privacy Policy

1. Who are we and why do we process your Personal Data?

The City Council of Alcázar de San Juan (hereinafter, the City Council), executes and carries out the competencies and activities attributed to local entities by current legislation. Likewise, it is responsible for all those activities within the municipality that can be carried out for the benefit of the citizens and as an expression of public interest, as well as activities related to private law and that are oriented to public benefit.

In this sense, the City Council uses, at all times, personal data in accordance with the current regulations on Personal Data Protection and, specifically, respecting the guiding principles for the processing of personal data established in Article 5 of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and in the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

2. How can you contact the Data Controller and its Data Protection Officer?

For the purposes of current legislation on data protection, as well as for the purposes of this privacy policy, the City Council of Alcazar de San Juan will have the status of Data Controller, being located at Calle Santo Tomas, 1 Alcazar de San Juan.

In addition, for any question related to the protection of Personal Data, you can contact the Delegate of Protection of the City Council, through the e-mail address: dpd@aytoalcazar.es or by other conventional means of contact, at the headquarters of the City Council.

3. What is the purpose of this Privacy Policy?

By means of this Privacy Policy, the persons concerned are informed who use or request the services and resources made available by the City Council, on the processing of personal data to be carried out on the basis of such procedures, as well as for any processing of personal data that is carried out as a result of the interaction between the person concerned and the City Council, either through web resources, apps or computer, as well as through direct contact.

This Privacy Policy may be modified in order to adapt, at any time, to the current legislation on data protection and the activity of the City Council; such changes will be reported through the communication channels of the City Council. In any case, it is advisable to visit it every time you are going to use the services provided by the web or the App.

4. Purposes foreseen for the processing and legal basis for the processing.

The main purpose of the processing of the personal data of the person concerned will be to execute the functions and obligations of the Municipality within the scope of its powers, in accordance with the requirements indicated by the regulations in force.

In general, therefore, we are dealing with data processing necessary for the fulfillment of a mission carried out in the public interest or performed in the exercise of public powers. covered by Article 6.1.e of the General Data Protection Regulation, or processing operations that it is required to carry out by a legal obligation that applies to it (Article 6.1.c). Examples of these treatments are:

• The data of the person concerned will be processed on the occasion of all applications or requests that generate the initiation of an administrative procedure, in accordance with the regulations in force (Law 39/2015, of October 1, of the Common Administrative Procedure of Public Administrations).
• The data necessary for the maintenance of public records managed by the City Council, such as the Municipal Register of Inhabitants, will be processed.
• The personal data of the interested parties will be processed in connection with the administrative procedures processed by the City Council, such as applications for authorizations and concessions, licenses, grants, subsidies, the processing of the appropriate disciplinary proceedings and any other administrative procedure entrusted to the City Council.
• Personal data will be processed for the purpose of organizing the agenda of events and institutional acts of the City Council, including the management of municipal media.
• Personal data will be processed as necessary for actions of a technical nature, within the scope of competence of the City Council, including management of municipal assets, issuance of reports, management studies, etc..

On the other hand, the City Council carries out data processing based on the consent of the interested party and which originate from the contact between the citizens and the Administration, such as the reception of requests for information, complaints, suggestions, etc.

For such processing, the data subject’s consent will be required in accordance with the General Data Protection Regulation, and must always be informed, free, specific and given by the data subjects by means of a clear affirmative action. Among them we can find:

• Sending institutional information on the activities of the City Council, including sending both by ordinary and electronic means.
• Sending health alerts, notices or any others related to matters within the competence of the City Council, including sending through ordinary and electronic means.
• Processing of personal data of the interested party in relation to queries, requests, suggestions and information requested through conventional and electronic channels enabled by the City Council.
• Use of cookies to optimize the services provided to the interested party. You can access more information on the use of cookies in the City Council through the specific links on the municipal web portal and the various municipal web portals.

In addition, the City Council may process the data of a data subject for the performance of a contract or in application of pre-contractual measures, in accordance with Article 6.1 letter b, of the General Data Protection Regulation.

• The personal data of interested parties, such as suppliers, contractors or personnel in the service of the City Council will be processed for the purpose of carrying out the municipal economic management.
• The data of public employees assigned to the City Council will be processed for the proper management of municipal human resources and compliance with current regulations on civil service and social security.

Finally, it is possible to carry out data processing in compliance with legal obligations contained in current regulations and applicable to the City Council of Alcazar de San Juan, according to Article 6.1 letter c, of the General Data Protection Regulation.

• Communications of data to other administrations as a result of reporting obligations.
• Communications of data by virtue of requirements of other administrations or organizations.
• Fulfillment of obligations contained in current regulations.

Through the following link, you can consult in its entirety the Register of Treatment Activities published by the City Council.

5. What Personal Data does the City Council collect and how does it use it?

The personal information that the City Council collects about the interested parties and how it does so may vary depending on the service or procedure involved. In any case, the personal data collected by the City Council are exclusively necessary to carry out the requested procedure and are relevant to its purpose. Failure to provide them will prevent the completion of the procedures requested by the interested party.

Under no circumstances will the City Council use the personal data of the interested parties for purposes that are not legitimate or different from the purpose for which they were collected or compatible with the same.

On the other hand, we inform that the City Council does not collect personal data of the interested parties with the purpose of adopting any type of automated decision, nor for profiling, market research, etc.

To provide personal data to the City Council, the interested party must be over 14 years of age, and the provision of Personal Data of third parties is not allowed without the prior unequivocal and express consent of these. In this sense, the person who breaches such obligations shall be liable for any damages and/or losses that may be caused by such breach.

6. For how long does the Municipality keep the Personal Data?

The personal data provided by the interested parties to the City Council are kept for the time strictly necessary to fulfill the purpose for which they have been collected and to determine the possible responsibilities that may arise from the purpose of the processing.

Once the processing activity has been completed, they will be kept in accordance with the provisions in force regarding document archiving of the Junta de Comunidades de Castilla La Mancha, and in accordance with the legally established deadlines. Once these deadlines have expired, the City Council will proceed to the deletion of the Personal Data, and provided that no liability of any kind can be demanded derived from a legal relationship or obligation or from the execution of a contract, or from the application of pre-contractual measures requested by the interested party.

7. Does the City Council share the Personal Data it processes?

The City Council does not provide third parties with the personal data of the data subject, except in those cases in which it incurs a legal obligation to do soThis could be the case of communication with State Security Forces and Corps, courts and tribunals and/or other agencies and administrations or public entities with jurisdiction. Any communication of personal data not provided for in the regulations will require the consent of the data subject.

8. Does the City Council carry out International Transfers of Personal Data?

The Municipality does not transmit Personal Data outside the European Economic Area.

In some cases, an International Transfer of Personal Data could be contemplated which, in any case, would be covered by the Decisions of the European Commission or the adoption, by means of adequate guarantees, of the appropriate security measures, and would always be limited to the provision of services that our Suppliers would perform on behalf of the City Council.

9. Does the City Council apply security measures to the Personal Data it processes?

The security measures that the City Council has in place to ensure the security of personal data correspond to those provided for in the Annex II (Security measures) of Royal Decree 3/2010, of January 8, 2010.The National Security Scheme in the field of Electronic Administration is regulated by the National Security Scheme (Esquema Nacional de Seguridad en el ámbito de la Administración Electrónica).

In addition to these measures, the City Council has adopted the necessary levels of protection depending on the technique, the costs of implementation, and the nature, scope, context and purposes of each treatment it performs, as well as risks to the rights and freedoms of natural persons.

10. How can I exercise my rights?

Any interested party has the right to obtain, free of charge, information about the processing of their personal data carried out by the City Council, as well as to withdraw the consent given for the processing of their personal data, provided that such processing is not based on another type of legitimation.

The data subject may exercise his or her rights of access, rectification, deletion and portability of your data, limitation and opposition to its processing.The user has the right not to be subject to decisions based solely on the automated processing of their data, when appropriate, before the City Council through the postal address above, or through the email address: dpd@aytoalcazar.es

You may also submit your request to exercise your rights in person or by other means permitted by applicable law.

The City Council will respond to the exercise of rights of each interested party within a maximum period of one month. This period could be extended for an additional two months, taking into account the complexity and number of applications, although the City Council will inform the interested party of the extension within one month of receipt of the application, indicating the reasons for the delay.

Likewise, the interested party may send any claim he/she considers appropriate to the Spanish Data Protection Agency, when he/she has not obtained satisfaction with regard to the exercise of his/her Rights, both in time and in form. For more information: www.agpd.es