DATA PROTECTION POLICY
PRIVACY POLICY
KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL is an organization that collects personal data through the various means at its disposal, which entails a significant responsibility to design and organize procedures in a manner consistent with legal compliance regarding data protection. Therefore, KAIRÓS SOCIAL INITIATIVE COOPERATIVE will adopt all necessary security measures to ensure the protection of the data collected.
In carrying out these responsibilities, and with the aim of establishing the general principles that should govern the processing of personal data within the Organization, KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL hereby adopts this Personal Data Protection Policy, which it notifies and makes available to all its stakeholders, while also complying with the following regulations:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
- Law 34/2002 of July 11 on Information Society Services and Electronic Commerce (LSSI-CE).
I. SCOPE OF APPLICATION
This Personal Data Protection Policy applies to KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL, its governing bodies, management, and staff, as well as to all individuals associated with the Organization, expressly including service providers with access to data (“Data Processors”).
The data controller for the personal data collected by the Organization is: KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL, with Tax ID Number (CIF): F50905124, whose representative is: GREGORIO CENTRO OTAL (hereinafter, the Data Controller). Their contact information is as follows:
Address: 14 El Globo St., Storefront, Zaragoza, Zaragoza, 50015
Phone number: 976-279-175
Contact email: info@kairos.es
II. INFORMATION ABOUT THE DATA CONTROLLER AND THE PROCESSING OF PERSONAL DATA AT KAIRÓS SOCIAL INITIATIVE COOPERATIVE
Additional information on data processing refers to a set of more specific and detailed explanations that organizations must provide to data subjects regarding how their personal data is processed. This concept stems from the principle of transparency under the General Data Protection Regulation (GDPR) and supplements the basic information initially provided, offering a greater level of detail regarding the processing activities.
Below, KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL provides additional information regarding the data processing it carries out:
| LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA | ||
| Data processing | Standing | |
| INTERNS | Legal obligation under the LOE | |
| INAEM STUDENTS | Performance of a service agreement and/or sales contract | |
| WORKERS | Performance of an employment contract | |
| CURRICULA | Express consent of the data subject | |
| WEB FORM | Express consent of the data subject | |
| USERS | Applicable legal requirements | |
| VOLUNTEERS | Applicable legal requirements | |
| RECIPIENTS OF YOUR PERSONAL DATA | ||
| Data processing | Forecast of transfers | International transfers |
| INTERNS | No transfers are expected | No |
| INAEM STUDENTS | No transfers are expected | No |
| WORKERS | No transfers are expected | No |
| CURRICULA | No transfers are expected | No |
| WEB FORM | No transfers are expected | No |
| USERS | No transfers are expected | No |
| VOLUNTEERS | No transfers are expected | No |
| THEIR RIGHTS AND THE RESOURCES AVAILABLE TO THEM |
|
Anyone has the right to obtain confirmation as to whether KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL is processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request the correction of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. Under certain circumstances, data subjects may request that the processing of their data be restricted; in such cases, we will retain their data solely for the purpose of asserting or defending legal claims, as well as to comply with legally established retention periods. In addition, individuals may object to the processing of their personal data. Therefore, KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL will cease to process your data, except for legitimate and compelling reasons, or in connection with the handling of any claims. Similarly, when certain conditions are met and it is technically feasible, data subjects have the right to have their personal data transmitted directly to another data controller or processor, upon request. To exercise the rights listed above, please contact us by sending a written request to: ● KAIRÓS SOCIAL INITIATIVE COOPERATIVE 14 El Globo Street, LOCAL, ZARAGOZA, ZARAGOZA, 50015, or by email to info@kairos.es. We recommend that you include a copy of your ID with your application. |
III. PRINCIPLES GOVERNING THE PROCESSING OF PERSONAL DATA
The Personal Data Protection Policy is a proactive measure designed to ensure compliance with applicable laws in this area and, in connection therewith, to respect the right to honor and privacy in the processing of personal data belonging to all individuals associated with KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL.
In accordance with the provisions of this Policy, this document sets forth the principles governing data processing within the organization and, consequently, the procedures and organizational and security measures that the individuals covered by this Policy undertake to implement within their areas of responsibility.
In light of the foregoing, KAIRÓS SOCIETY FOR SOCIAL INITIATIVES will ensure compliance with the following principles:
- Lawfulness, fairness, transparency, and purpose limitation.
The data subject must always be informed of the data processing through established clauses and procedures; such processing shall only be considered lawful if consent has been obtained (with special attention given to consent provided by minors), or if there is another valid legal basis, and the purpose of the processing is consistent with applicable regulations.
- Data minimization.
The data processed must be adequate, relevant, and limited to what is necessary in relation to the various purposes of the processing.
- Accuracy.
The data must be accurate and, if necessary, kept up to date. In this regard, the necessary measures will be taken to ensure that personal data that is inaccurate in relation to the purposes of the processing is erased or rectified without delay.
- Limitation on the retention period.
The data will be retained in a form that allows for the identification of the data subjects for no longer than is necessary for the purpose of the processing in question.
- Integrity and Confidentiality.
Personal data will be processed in such a way as to ensure appropriate security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, through the implementation of appropriate technical and organizational measures.
- Data transfers.
It is prohibited to purchase or obtain personal data that originates from unlawful sources, or in cases where such data has been collected or transferred in violation of the law, or where its lawful origin cannot be sufficiently guaranteed.
- Hiring suppliers with access to data.
Only suppliers who provide sufficient guarantees that they will implement appropriate technical and security measures in the processing of data will be selected for engagement. A contract setting forth these terms will be executed with such suppliers.
- International data transfers.
Any processing of personal data subject to European Union regulations that involves the transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements set forth in applicable law.
- Rights of affected individuals.
The Organization will facilitate the exercise by data subjects of their rights of access, rectification, erasure, restriction of processing, objection, and data portability, establishing internal procedures for this purpose, and in particular, the forms necessary and appropriate for the exercise of these rights, which must meet, at a minimum, the applicable legal requirements in each case.
KAIRÓS SOCIAL INITIATIVE COOPERATIVE will ensure that the principles set forth in this Personal Data Protection Policy are taken into account:
- In the design and implementation of all work procedures
- In the products and services offered
- In all contracts and obligations they enter into or assume, and
- When implementing any systems or platforms that allow employees or third parties to access them and/or that collect or process personal data.
IV. PERSONAL DATA OF MINORS
In accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights, only individuals aged 14 or older may lawfully give their consent for the processing of their personal data by KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL. In the case of a minor under 14 years of age, the consent of the parents or guardians is required for the processing, and such processing will only be considered lawful to the extent that they have authorized it.
V. CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL undertakes to notify the user without undue delay in the event of a personal data breach that is likely to result in a high risk to their rights and freedoms. In accordance with Article 4 of the GDPR, a personal data breach is defined as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Personal data will be treated as confidential by the data controller, who undertakes to ensure, through a legal or contractual obligation, that such confidentiality is respected by its employees, partners, and any person to whom the information is disclosed.
VI. COMMITMENT OF THE STAFF OF KAIRÓS SOCIAL INITIATIVE COOPERATIVE
Accordingly, we hereby confirm that the employees of KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL have been informed of this Policy and acknowledge that personal information is an asset of KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL; in this regard, they agree to abide by it and commit to the following:
- Take the data protection awareness training offered by KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL.
- Implement the user-level security measures applicable to your position, without prejudice to any responsibilities for their design and implementation that may be assigned to you based on your role within KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL
- Use the established forms for affected users to exercise their rights, and notify KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL immediately so that a response can be provided.
- Notify KAIRÓS SOCIEDAD COOPERATIVA DE INICIATIVA SOCIAL, as soon as you become aware of any deviations from the provisions of this Policy, particularly regarding “Personal Data Security Breaches,” using the form provided for this purpose.
VII. MONITORING AND EVALUATION
KAIRÓS SOCIAL INITIATIVE COOPERATIVE will conduct an annual review, assessment, and evaluation—as well as whenever there are significant changes in data processing—of the effectiveness of the technical and organizational measures designed to ensure the security of processing.
KAIRÓS SOCIAL INITIATIVE COOPERATIVE