Controller

The Controller of the personal data collected, accessed, processed and/or stored by this entity is:

Missionary Daughters of the Heart of Mary
C/ Mayor, 107
25200 Cervera (Lleida) – SPAIN
Tel. +34 973 530 855
Fax +34 973 531 143
Email: infoweb@mariaguell.org

You may contact these addresses for any matter related to the processing of personal data.

Purpose

Personal data are processed for specific, explicit and legitimate purposes, in particular:

  • The established contractual relationship.

  • The links generated in contractual relationships that may be entered into between the entity and the data subjects.

  • Compliance with the signed contract and with legal obligations under applicable regulations.

Processing may also occur in connection with the entity’s legitimate purposes, such as sending information to provide data subjects with better and faster access to and management of products or services, provided there is a lawful basis.

In no case will this entity make automated decisions based on profiling.

Retention periods

Data will be kept:

  • For the periods required by data protection regulations and applicable sectoral regulations, or

  • For as long as contractual relationships remain in force.

After such periods, data will be duly blocked to comply with legal requirements or until the general limitation period, except where the law establishes other mandatory retention periods.

Lawful basis

The lawful basis for processing is:

  • Compliance with the legal obligations of the established legal relationship, or

  • The data subject’s consent.

For any other processing not covered by regulations or by the contractual relationship, the data subject’s consent will be obtained.

Providing the requested data may be necessary. Refusal to provide them may prevent fulfilment of rights and obligations under applicable regulations or signed contracts.

Recipients

The recipient of the personal data processed is the entity itself, for:

  • Internal administrative and legal purposes, or

  • Compliance with legal obligations towards clients, suppliers, data subjects or employees.

However, to fulfil contractual obligations and legal duties/powers related to the entity’s legitimate purposes, it may be necessary for other companies or professionals to access and/or process personal data, as permitted by law.

Cloud infrastructure

The entity may contract part of its digital infrastructure under a cloud computing model, with processors and servers located in the EU. If it becomes necessary to use cloud services with servers in the USA, this would only occur under EU–US type agreements such as the Privacy Shield framework.

In any case, such access will be subject to a contract between Controller and Processor and/or in accordance with applicable legal provisions.

Rights

Any person has the right to obtain confirmation as to whether personal data concerning them are being processed.

Data subjects may exercise, among others, the rights of:

  • Access

  • Rectification

  • Erasure

  • Restriction of processing

  • Objection

In the event of restriction, data will only be retained for the exercise or defence of legal claims, compliance with judicial requirements, or legal obligations.

The entity recognises and will address any other right recognised by applicable law.

Source of the data

The personal data processed are provided by the data subjects themselves and are adequate, relevant and limited to what is necessary to formalise the legal relationship in accordance with the entity’s legal competences.

Appropriate security measures and all other requirements required by applicable personal data protection regulations apply to all personal data held by the entity.