This is the data protection policy of the Consorci de l'Auditori i l'Orquestra. It refers to the data of natural persons with whom it relates in the exercise of its powers and functions. The treatment is carried out in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016) and state regulations on this matter.
Who is responsible for the processing of personal data?
The person responsible for the processing of personal data is the Consorci de l'Auditori i l'Orquestra (from now on, the Consortium), with NIF Q-5856358-F and address at Carrer de Lepant, 150, Barcelona (CP 08013 ), email address firstname.lastname@example.org, www.auditori.cat.
With what criteria do we treat personal data.
In the treatment of data we fully assume the principles of the General Data Protection Regulation.
a) We treat them lawfully (only when we have a legal basis that allows us to do so and with transparency towards the interested party).
b) We use them for specific, explicit and legitimate purposes that we explain at the time of obtaining them. Subsequently we do not treat them in a manner incompatible with these purposes.
c) We only process adequate, relevant and limited data to what is necessary in each case and for each purpose.
d) We strive to keep the data up-to-date.
e) We keep them for the necessary time, complying with the regulations governing the conservation of public information.
f) We apply the appropriate technical or organizational measures to avoid unauthorized or illegal processing, or its loss, destruction or accidental damage.
Who is the Data Protection Officer?
The Data Protection Delegate (DPD) is the person who oversees compliance with the Consortium's data protection policy, ensuring that personal data is treated appropriately and that people's rights are protected. Among its functions is that of attending to any doubt, suggestion, complaint or claim of the people whose data is being processed. The Data Protection Officer can be contacted in writing at our postal address and telephone number or directly at the email address email@example.com.
For what purpose we process the data and to whom we communicate it.
The Consortium processes personal data mainly to provide programming and ticket sales services, to send communications relating to our activities and services and to develop commercial relationships with our suppliers. We list the main purposes below.
Ticket and subscription services. For the management of the sale of tickets, season tickets and other services and products of the Consortium, we record the data of the people who purchase them. We obtain the essential data to formalize the purchase and use them solely for this purpose.
contact We attend to inquiries from people who use the contact forms on our website. The data is used solely for this purpose and is not communicated to other people.
Staff selection. We receive CVs and call for personnel selection processes. The data provided by the interested parties make it possible to evaluate the merits and analyze the suitability of the candidate's profile based on the vacant or newly created positions. They are not communicated to other people.
Information on activities and services. With the explicit authorization of each person, we use the contact details they have provided to inform us of our initiatives, services or activities. We do this through different channels depending on how each person has authorized it. They are not communicated to other people without their consent.
Data management of our suppliers. We record and process the data of the suppliers from whom we obtain services or goods. It can be the data of people who act as freelancers and also data of representatives of legal entities. We obtain the essential data to maintain the commercial relationship and use them solely for this purpose. In compliance with legal obligations (tax regulations) we communicate data to the tax administration.
Registration of documents. We register the data of the senders or recipients of documents in the Register, we use their data to record the entries and exits of documents and to monitor actions. According to the procedure, the data can be communicated to other public administrations to ensure the intercommunication and coordination of records.
Video surveillance When entering our facilities, you are informed, where appropriate, of the existence of video surveillance cameras by means of approved signs. The cameras record images only at the points where it is justified to guarantee the safety of goods and people. Images are used for this purpose only. In justified cases we communicate the data to the security bodies and forces or to the competent judicial bodies.
What is the legal justification for data processing.
The data treatments we carry out have different legal bases, depending on the nature of each treatment.
Compliance with legal obligations. The processing of data in the context of administrative procedures is carried out following the regulatory rules of each of the procedures. It is carried out in compliance with legal obligations.
In compliance with a contractual relationship. Case of relations with our customers and suppliers and all the actions and uses of the data that these commercial relations entail.
Based on consent. When we send information about our initiatives, services or activities, we process the contact details of the recipients with their authorization or explicit consent. It is also based on consent that we obtain browsing data from the person who visits our website, consent that can be revoked at any time by uninstalling cookies.
For legitimate interest. The images we obtain from the video surveillance cameras are processed in the legitimate interest of our institution to preserve its assets and facilities.
How long we keep the data.
The retention time of the data is determined by different factors, mainly the fact that the data remains necessary to serve the purposes for which they have been collected in each case. Secondly, they are kept to deal with possible responsibilities for the processing of the data by the Consortium, and to meet any request from other public administrations or judicial bodies.
Consequently, the data must be kept for the time necessary to preserve its legal or informative value or to certify compliance with legal obligations, but not for a period longer than necessary in accordance with the purposes of the treatment.
In certain cases, such as the data appearing in the accounting documentation and invoicing, the tax regulations oblige to keep them until the responsibilities in this matter are prescribed.
In the case of data that are processed exclusively on the basis of the consent of the person concerned, they are kept until this person revokes this consent.
Finally, in the case of images obtained by video surveillance cameras, they are kept for a maximum of one month, although in the case of incidents that justify it, they are kept for the time necessary to facilitate the actions of the bodies and security forces or judicial bodies.
The regulations governing the conservation of public documentation, and the opinions of the National Commission for Documentary Access, Evaluation and Selection are a reference determine the criteria we follow in the conservation or elimination of the data.
What rights do people have in relation to the data we process.
As provided for in the General Data Protection Regulation, the people whose data we process have the following rights:
To know if they are treated. Anyone has, in the first place, the right to know whether we process their data, regardless of whether there has been a previous relationship.
To be informed upon collection. When personal data is obtained from the interested party himself, at the time of providing it, he must have clear information about the purposes for which it will be used, who will be responsible for the treatment and the main aspects derived from this treatment.
To access it. Very broad right that includes the right to know precisely which personal data are being processed, what is the purpose for which they are being processed, the communications to other people that will be made (if applicable) or the right to obtain ne copy or to know the expected term of conservation.
To request its rectification. It is the right to have inaccurate data rectified that is the object of treatment by us.
To request its deletion. In certain circumstances there is the right to request the deletion of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and justified their treatment.
To request the limitation of the treatment. Also in certain circumstances the right to request the limitation of data processing is recognized. In this case they will cease to be processed and will only be kept for the exercise or defense of claims, in accordance with the General Data Protection Regulation.
To portability. In the cases provided for in the regulations, the right to obtain one's own personal data in a commonly used, machine-readable, structured format is recognized, and to transmit them to another data controller if the interested person so decides.
To oppose the treatment. A person can adduce reasons related to their particular situation, reasons that will lead to them ceasing to process their data to the degree or extent that may cause them harm, except for legitimate reasons or the exercise or defense against claims.
To not receive information. We immediately respond to requests not to continue receiving information about our activities and services, when these shipments were based solely on the consent of the person receiving them.
How rights can be exercised or defended.
The rights we have just listed can be exercised by sending a request to the Consortium at the postal address or the other contact details indicated in the heading.
If a satisfactory response has not been obtained in the exercise of the rights, it is possible to submit a claim to the Catalan Data Protection Authority, through the forms or other channels accessible from its website (www.apd.cat).
In all cases, whether to submit complaints, ask for clarification or send suggestions, it is possible to contact the Data Protection Officer by email to the address firstname.lastname@example.org.