Data protection policy 

This is the data protection policy of the Institute for Economic Promotion of Palafrugell. Refers to the data of individuals associated with those in the exercise of its powers and functions. Given the functions of the the Institute for Economic Promotion of Palafrugell some treatments are the result of the provision of services to other government functions delegated to it. The treatment is carried out in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of  European Parliament and of the Council of 27 April 2016, and the state regulations on this matter.

 

Who is responsible for the processing of personal data?

The person responsible for the processing of personal data is Palafrugell City Council (hereinafter, the City Council), with CIF P1712400I and address at Cervantes Street, 16, Palafrugell (CP 17200), telephone 972613100, email address ajuntament@palafrugell.cat, and web address www.palafrugell.cat.

 

By what criteria do we treat personal data 

In the processing of data we fully assume the principles of the General Data Protection Regulation.

  1. We treat them lawfully (only when we have a legal basis that allows us to do so and with transparency before the interested party).
  2. We use them for specific, explicit and legitimate purposes that we explain when we obtain them. Subsequently, we do not treat them in a manner incompatible with these purposes.
  3. We process only the appropriate data, relevant and limited to what is necessary in each case and for each purpose.
  4. We strive to keep the data up to date.
  5. We keep them for the necessary time, complying with the regulations governing the preservation of public information.
  6. We apply appropriate technical or organizational measures to prevent unauthorized or unlawful treatment, or its accidental loss, destruction, or damage.

 

Who is the Data Protection Officer

The Data Protection Officer (DPD) is the person who supervises compliance with the data protection policy of Palafrugell City Council, ensuring that personal data is properly processed and the rights of individuals are protected. Its functions include answering any questions, suggestions, complaints or grievances from the people whose data is being processed. You can contact the Data Protection Delegate by writing to Cervantes Street, 16, Palafrugell (CP 17200) or to the email address secretaria@palafrugell.cat.

 

For what purpose do we process the data and to whom do we communicate it 

The City Council processes the data to exercise its powers and functions. The City Council’s services are described on its website and in its electronic headquarters. A complete description of the treatments and the purposes for which the data is intended can be found in Registration treatment activities of the City

 

Registration

The inhabitants of the municipality must appear in the census of inhabitants. At the City Council we carry out the necessary procedures to keep it up to date based on the information provided by the interested parties and by ex officio actions of our services. The census data are used to prove residence in the municipality, know the address for notification purposes, perform statistics, form the electoral census and other purposes established in the Law of Bases of Local Regime and other regulations governing the census. The communication of census data is limited to cases authorized by the regulations that provide, among other cases, for communication to other administrations when it is necessary to know the address of a citizen in the context of an administrative procedure.

 

Administrative procedures and formalities

Based on the requests of the interested parties, we use their data to follow the processing of each procedure. The catalog of procedures and the procedure followed can be consulted in the electronicDepending on the procedure, the data may be communicated to other competent administrations in the matter. In some cases they must be published in compliance with the principle of transparency.

 

Tax management and collection

The management of taxes and the collection of other public law revenues involves the processing of a significant volume of personal data, data that is processed continuously and that sometimes comes from other administrations. They are treated solely for this purpose. Always following the regulations, the data can be communicated to other administrations. In some cases they must be published for notification purposes. In the case of the City Council, these actions have been delegated to the Tax Management Body of the Girona Provincial Council.

 

Services

For the provision of services we process the data provided by the beneficiaries or those we have obtained from other administrations. Offering these services often involves tracking them and obtaining new data from people who use them. The catalog of services can be consulted in the electronic. As a general rule do not communicate the information to others without the explicit consent of the service user.

 

Activities

In the organization of cultural, recreational, educational or sporting receive data from people they unroll, in order to organize the activity. As a general rule do not communicate the information to others without the explicit consent of the person involved in the activity.

 

Contact

We take care of queries from people who use the contact forms on our website. The data is used for this purpose only and is not communicated to other people.

 

Staff selection

We receive resumes and convene staff selection processes. The data provided by the interested parties make it possible to evaluate the merits and analyze the adequacy of the profile of the candidates according to the vacancies or newly created. They do not communicate to other people.

 

Sending information

With the explicit permission of each person we use the contact details you have provided to inform us of our initiatives, services or activities. We do this through different channels depending on how each person has authorized it. They are not communicated to other people without their consent.

 

Management of data from our suppliers 

We record and process the data of the suppliers from whom we obtain services or goods. They can be the data of people who act as self-employed and also data of representatives of legal persons. We obtain the data necessary to maintain the business relationship and use them solely for this purpose. In compliance with legal obligations (tax regulations) we communicate data to the tax administration.

 

Video surveillance

Access to our facilities is reported, where applicable, of the existence of video surveillance cameras using approved signs. The cameras record images only of the points where it is justified to ensure the safety of property and people. Images are used for this purpose only. Images of the public road are also recorded in support of traffic actions and for reasons of public safety and to ensure compliance with the ordinances. The location of these cameras can be found in the appendix at the bottom of this page. The images are intended exclusively for these purposes. In justified cases, we communicate the data to the security bodies or forces or to the competent judicial bodies.

 

What is the legal legitimacy for the processing of data

The data processing we carry out has different legal bases, depending on the nature of each processing.

 

Compliance with legal obligations 

The processing of data in the context of administrative procedures is carried out in accordance with the rules governing each of the procedures. It is carried out in compliance with legal obligations.

 

Fulfill mission in public interest

The treatments resulting from the provision of our services have their justification in satisfying the public interest. Also the images we get with the video surveillance cameras are treated to preserve the public interest.

 

Compliance with a contractual or pre-contractual relationship 

We process the data of our suppliers following the regulations of the public sector, in the degree and with the necessary scope for the development of the contractual relationship. In another sense, but also in the framework of contractual or pre-contractual relations, we process data on people who participate in selection processes or who join our institution.

 

Based on consent 

When we send information about our initiatives, services or activities, we process the contact details of the recipients with their explicit authorization or consent.

 

How long we keep the data 

The retention time of the data is determined by different factors, mainly the fact that the data are still necessary to meet the purposes for which they were collected in each case. Secondly, they are retained to deal with possible responsibilities for the processing of data by the City Council, and to meet any requirements of other public administrations or judicial bodies.

Consequently, the data must be kept for the time necessary to preserve their legal or informative value or to prove compliance with legal obligations, but not for a longer period than necessary in accordance with the purposes of the processing.

In certain cases, such as the data contained in the accounting documentation and invoicing, the tax regulations require them to be kept until they prescribe the responsibilities in this matter.

In the case of data that is processed exclusively on the basis of the consent of the person concerned, it is kept until that person revokes that consent.

Finally, in the case of images obtained by video surveillance cameras, they are kept for a maximum of one month, although in the case of incidents that justify this, the time necessary to facilitate the actions of the security forces is retained. or of the judicial organs.

The regulations governing the conservation of public documentation, and the opinions of the National Commission for Access, Evaluation and Documentary Selection are a benchmark that determine the criteria we follow in the conservation or disposal of data.

 

What rights do people have in relation to the data we process

As provided for in the General Data Protection Regulations, the persons from whom we process data have the following rights:

To know if they are treated. Anyone has, in the first place, the right to know whether we process their data, regardless of whether a previous relationship has existed.

To be informed in the collection. When personal data is obtained from the same person concerned, at the time of providing it must have clear information of the purposes for which it will be used, who will be responsible for the processing and the main aspects arising from this processing.

To access it. A very broad right that includes knowing exactly what personal data are being processed, what the purpose is for which they are processed, communications to other people that will be made (if any) or the right to obtain them. ne copy or know the expected shelf life.

To request rectification. It is the right to rectify inaccurate data that is processed by us.

To request its deletion. In certain circumstances, there is the right to request the deletion of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and justified their processing.

To request the limitation of the treatment. Also in certain circumstances the right to request the limitation of data processing is recognized. In this case they will no longer be processed and will only be kept for the exercise or defense of claims, in accordance with the General Data Protection Regulations.

To portability. In the cases provided for in the regulations, the right to obtain one’s own personal data in a structured machine-readable common format is recognized, and to transmit them to another data controller if the person concerned so decides.

To oppose treatment. A person may adduce reasons related to their particular situation, reasons that will lead to the cessation of processing of their data to the extent or to the extent that it may cause harm, except for legitimate reasons or the exercise or defense against claims.

Not to receive information. We immediately respond to requests not to continue receiving information about our activities and services, when these submissions were based solely on the consent of the recipient.

 

How rights can be exercised or defended

The rights we have just listed can be exercised by sending a request to the City Council at the postal address or other contact details indicated in the heading.

If a satisfactory response has not been obtained in the exercise of the rights, it is possible to submit a complaint to the Catalan Data Protection Authority, through the forms or other channels accessible from its website (www.apdcat.cat).

In all cases, whether to submit complaints, request clarifications or send suggestions, it is possible to contact the Data Protection Officer by e-mail at secretaria@palafrugell.cat.

 

Annex. Location of surveillance cameras

  • Local Police Building
  • Can Mario Square
  • municipal waste
  • Building Can Bech
  • Citizen Advice Bureau (OAC)
  • Municipal pool
  • Light Llofriu
  • Tourist Office Palafrugell
  • Access street Chopitea Calella
  • Access Street Charity
  • Access Street Concord
  • Access walk Cipselo Llafranc
  • Lighthouse of San Sebastian