Data Protection Officer

Contact e-mail: giraom@yahoo.es 
(this email only works for contact or consultation purposes, the exercise of rights regarding the protection of personal data must be made using the standard forms available at the electronic headquarters of the Town Hall of Las Navas de la Concepción).
Telephone: 627 670 111

In accordance with the General Data Protection Regulation of the European Union and Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights, all citizens who provide personal data to the Town Hall of Las Cabezas de San Juan (hereinafter, the Town Hall) through any of its communication channels (website, electronic headquarters, general access portal (page), ordinary or electronic mail, social networks, post offices, Diputación registry offices or any other public administration) is informed that their data is processed by the Town Council of Las Navas de la Concepción Pl. de España, 7, 41460 Navas De La Concepción ( Las ), Sevilla.

No personal data of users is collected through this website without legitimisation, nor is it transferred to third parties, except by legal mandate.

The portal owned by the Town Hall contains links to third party websites whose privacy policies are not related to this one. By accessing such websites you can decide whether to accept their privacy and cookie policies. In general, if you browse the Internet you can accept or reject third-party cookies from the configuration options of your browser.

 


Data controller

The personal data that may be collected directly from the interested party will be treated confidentially and will be incorporated into the corresponding processing activity owned by the City Council.

An updated list of the processing activities carried out by the City Council is available in the City Council’s register of processing activities.

 


Purpose

The purpose of the data processing corresponds to each of the processing activities carried out by the City Council and is accessible in the register of processing activities.

Legitimisation

The processing of your data is carried out in order to comply with legal obligations on the part of the City Council, for the fulfilment of missions carried out in the public interest or in the exercise of public powers conferred on it, as well as when the purpose of the processing requires your consent, which must be given by means of a clear affirmative action.

You can consult the legal basis for each of the processing activities carried out by the City Council in its register of processing activities.

Retention of data

The personal data provided will be kept for the time necessary to fulfil the purpose for which they are collected and to determine any possible liabilities that may arise from the purpose, in addition to the periods established in the archives and documentation regulations.

Communication of data

In general, personal data will not be communicated to third parties, unless legally obliged to do so, which may include communications to the Ombudsman, Judges and Courts, interested parties in proceedings related to the complaints submitted.

You can consult the recipients for each of the processing activities carried out by the City Council in the register of processing activities.

Rights of data subjects

Any person has the right to obtain confirmation of the processing of their data carried out by the City Council.

They may exercise their rights of access, rectification, deletion and portability of their data, of limitation and opposition to its processing, as well as the right not to be subject to decisions based solely on the automated processing of their data, where applicable, before the Town Council of Las Navas De La Concepción Pl. de España, 7, 41460 Navas De La Concepción ( Las ), Seville, or at its electronic headquarters.

Cookies

In this link you can access the cookies policy of the Town Hall:

Cookie policy of the Town Hall

 
 

You can consult the REGISTER OF PROCESSING ACTIVITIES:

What are the different processing activities of Las Cabezas de San Juan Town Council.

Purposes for which they are carried out.

Legitimisation of the processing.

Personal data collected for said processing.

Period of conservation of the personal data.

Security measures adopted.

Reasons for possible transfers and recipients.

Reasons for possible international transfers.

Procedure for exercising rights of access, rectification, erasure and portability, limitation and/or opposition to processing.

Link to the Register of Processing Activities

In accordance with data protection regulations, all citizens whose personal data is processed by the Town Council of Las Navas De La Concepción, may exercise their rights of access, rectification, opposition, deletion (“right to be forgotten”), limitation of processing, portability and not to be subject to individualised decisions, by accessing the link “submission of documents” in the E-Office.

These rights are characterised by the following:

They can be exercised free of charge.
If the requests are manifestly unfounded or excessive (e.g. repetitive nature), the data controller may:
Charge a fee proportional to the administrative costs incurred.
Refuse to act.
Requests must be responded to within one month, although, taking into account the complexity and number of requests, the deadline may be extended for a further two months.
The data controller is obliged to inform you about the means to exercise these rights. These means must be accessible and this right cannot be denied on the sole ground that you choose another means.
If the request is submitted by electronic means, the information will be provided by these means where possible, unless the data subject requests otherwise.
If the data controller does not comply with the request, he/she will inform you, at the latest within one month, of the reasons for his/her inaction and the possibility to complain to a supervisory authority.
You may exercise your rights directly or through your legal representative or volunteer.
It is possible that the person in charge may be the one to deal with your request on behalf of the data controller if both have established this in the contract or legal act that binds them.
Right of access

The right of access is your right to ask the data controller whether or not it is processing your personal data and, if it is processing your personal data, to obtain the following information:

A copy of your personal data which are the subject of the processing
The purposes of the processing
The categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
the intended period of retention of the personal data, or, if this is not possible, the criteria used to determine this period
the existence of the right of the data subject to request from the controller: rectification or erasure of his or her personal data, restriction of the processing of his or her personal data or objection to such processing
The right to lodge a complaint with a supervisory authority.
where the personal data have not been obtained directly from you, any available information about their origin
The existence of automated decisions, including profiling, and at least in such cases, meaningful information about the logic applied, the significance and the intended consequences of that processing for the data subject
Where personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards under which the transfers are made
Right of rectification

Exercising this right means that you may obtain rectification of your personal data which are inaccurate without undue delay from the controller.

Taking into account the purposes of the processing, you have the right to have incomplete personal data supplemented, including by means of an additional statement.

In your request, you should indicate which data you are referring to and the correction to be made. In addition, where necessary, your request must be accompanied by documentation justifying the inaccuracy or incompleteness of your data.

Right to object

This right, as its name indicates, means that you may object to the controller processing your personal data in the following cases:

When they are subject to processing based on a public interest mission or legitimate interest, including profiling:

The controller will stop processing the data unless it can demonstrate compelling grounds which override the interests, rights and freedoms of the data subject, or for the formulation, exercise or defence of claims.

Where the purpose of the processing is direct marketing, including also the aforementioned profiling:

Once this right has been exercised for this purpose, the personal data will no longer be processed for these purposes.
Right to erasure (“to be forgotten”)

You may exercise this right against the data controller by requesting the deletion of your personal data in the following circumstances:

If your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
If the processing of your personal data has been based on the consent you have given to the data controller, and you withdraw your consent, provided that the processing is not based on another legitimate ground.
If you have objected to the processing of your personal data when exercising the right to object in the following circumstances
The controller’s processing was based on legitimate interest or the performance of a task carried out in the public interest, and no other grounds have prevailed to legitimise the processing of your data.
To have your personal data processed for the purposes of direct marketing, including profiling in connection with such marketing
If your personal data have been unlawfully processed
If your personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller
If the personal data have been obtained in connection with the provision of information society services referred to in Article 8(1) (conditions applicable to the processing of data of minors in connection with information society services).

Furthermore, the GDPR in regulating this right connects it in a certain way with the so-called ‘right to be forgotten’, so that this right of erasure is extended in such a way that a controller who has made personal data public is obliged to instruct controllers who are processing such personal data to erase any links to such personal data, or copies or replicas of such data.

However, this right is not unlimited, so that it may be feasible not to proceed with erasure where processing is necessary for the exercise of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, for reasons of public interest, in the field of public health, for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of claims.

Right to limitation of processing

This new right consists of your obtaining the limitation of the processing of your data by the data controller, although it can be exercised in two ways:

You may request the suspension of the processing of your data:

When you contest the accuracy of your personal data, for a period of time that allows the data controller to verify it.
When you have objected to the controller’s processing of your personal data on the basis of legitimate interest or public interest mission, while the controller verifies whether these grounds prevail over yours.

Ask the data controller to retain your data:

Where the processing is unlawful and you have objected to the erasure of your data and instead request the restriction of their use
When the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the formulation, exercise or defence of claims.
Right to portability

The purpose of this new right is to further strengthen control over your personal data, so that where processing is carried out by automated means, you receive your personal data in a structured, commonly used, machine-readable and interoperable format and can transmit them to another controller, provided that the processing is legitimate on the basis of consent or in the context of the performance of a contract.

However, this right, by its very nature, cannot apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the controller.

Right not to be subject to automated individual decisions

This right aims to ensure that you are not subject to a decision based solely on the processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Profiling means any form of processing of your personal data that evaluates personal aspects, in particular analysing or predicting aspects related to your job performance, financial situation, health, personal preferences or interests, reliability or behaviour.

However, this right does not apply where:

It is necessary for the conclusion or performance of a contract between you and the controller.
The processing of your data is based on your prior consent.

However, in these first two cases, the controller must guarantee your right to obtain human intervention, to express your point of view and to challenge the decision.

It is authorised by Union or Member State law and appropriate measures are put in place to safeguard the rights and freedoms and legitimate interests of the data subject.

In turn, these exceptions do not apply to special categories of data (Article 9(1)), unless Article 9(2)(a) or (g) applies and the appropriate measures referred to in the previous paragraph have been taken.

Right to information

When collecting your personal data, the controller must comply with the right of information.

In order to comply with this right, the AEPD recommends that this information be provided to you in layers or levels so that:

You are provided with basic information at a first level, in summary form, at the same time and in the same medium in which your personal data are collected.
And, on the other hand, the rest of the information is sent to you, in a medium that is more suitable for its presentation, compression and, if desired, archiving.

The information to be provided by layers or levels would be the following: the exercise or defence of claims.

1st layer: Basic information (summary)
The identity of the controller
A simple description of the purposes of the processing, including profiling, if any
The legal basis of the processing
whether or not transfers are envisaged Whether or not transfers to third countries are envisaged
Reference to the exercise of rights
 2nd Layer: Additional information (detailed)
Contact details of the data controller. Identity and details of the representative (if any). Contact details of the data protection officer (if any).
Extended description of the purposes of the processing. Time limits or criteria for data retention. Automated decisions, profiling and logic applied.
Details of the legal basis for the processing, in cases of legal obligation, public interest or legitimate interest. Obligation or not to provide data and consequences of not providing data.
recipients or categories of recipients adequacy decisions, safeguards, binding corporate rules or specific situations applicable.
How to exercise the rights of access, rectification, erasure and portability of data, and limitation of or opposition to their processing. The right to withdraw the consent given. Right to complain to the Supervisory Authority.
Data not obtained directly from you

In the event that your personal data have not been obtained directly from you, you will be provided, in addition to the information indicated above:

In the basic information (1st layer, summarised):

the source (provenance) of the data

And in the additional information (2nd layer, detailed):

detailed information on the origin of the data, including whether the data originate from publicly available sources
the category of data being processed

This information shall be provided to you within a reasonable period of time, at the latest within one month, except that:

If the personal data are to be used for a communication to the data subject, at the latest at the time of the first communication to that data subject

If it is intended to be disclosed to another data subject, at the latest at the time when the personal data are first disclosed.

Regulations

 

– European Data Protection Regulation

– Organic Law on Personal Data Protection and Digital Rights Guarantees

 

 

Supervisory authorities

 

Spanish Data Protection Agency

Transparency and Good Governance Council

Transparency and Data Protection Council of Andalusia

 

Entities dependent on the Provincial Council

 

Seville Provincial Council’s Data Protection Page