Information on the processing of Cybasque users’ personal data
1. Information for the User
Who is responsible for processing your personal data?
The Association of Cybersecurity Industries of Euskadi (Cybasque) is the CONTROLLER of the USER’S personal data and informs you that these data will be processed in accordance with Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD).
Why do we process your personal data?
To maintain a commercial relationship with the user. The processing operations envisaged are:
- To process the registration of companies in the Community.
- To process and keep individual user profiles active.
- To handle requests, enquiries, respond to consultations, or any kind of request made by the USER through any of the contact methods made available on the Cybasque website.
On what grounds may we process your personal data?
Because the processing is legitimised under Article 6 of the GDPR as follows:
- With regard to the personal data of representatives of companies and organisations interested in registering in the Community, the processing will be necessary for compliance with the Community Terms of Use.
- When processing data of individual users, Cybasque will act as data processor, while the registered organisation enabling specific users in each case will be the controller. This relationship is governed by the data protection annex set out in the Community Terms of Use.
How long will we keep your personal data?
They will be kept for no longer than necessary to maintain the purpose of the processing or while legal obligations require their retention and, when they are no longer necessary for that purpose, they will be deleted using appropriate security measures to guarantee data anonymisation or their complete destruction.
Who do we share your personal data with?
No communication of personal data to third parties is envisaged except, where necessary for the development and execution of the purposes of the processing, to our service providers related to communications, with whom Cybasque has signed the confidentiality and data processing agreements required by current privacy legislation.
What are your rights?
The user has the following rights:
- Right of access: Data subjects have the right to know whether their data are being processed, as well as to access or obtain a copy of their personal data.
- Right to rectification: Data subjects may request the correction or updating of their data when they are inaccurate.
- Right to erasure: Data subjects may also request the deletion of their data when, among other reasons, they are no longer necessary for the purposes for which they were collected.
- Right to portability: Individuals have the right to have the personal data they have provided transmitted directly to another controller in a structured, commonly used and machine-readable format, where technically possible.
- Right to restriction: In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defence of legal claims.
- Right to object: In certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data. The controller will stop processing the data, except where there are compelling legitimate grounds or for the exercise or defence of possible legal claims.
Likewise, data subjects may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that their data protection rights have been infringed.
Contact details to exercise your rights:
The Association of Cybersecurity Industries of Euskadi (Cybasque). Paseo Uribitarte, 3, 3ª planta, Bilbao, 48001.
Email: info@cybasque.eus.
2. Mandatory or Optional Nature of the Information Provided by the User
By ticking the relevant boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, users expressly, freely and unequivocally accept that their data are necessary for the provider to process their request, while the inclusion of data in the remaining fields is voluntary. The user guarantees that the personal data provided to Cybasque are truthful and undertakes to communicate any modification thereof.
Cybasque informs users that all data requested through the website are mandatory, as they are necessary for the provision of an optimal service to the user. If all data are not provided, it is not guaranteed that the information and services provided will be fully tailored to their needs.
3. Security Measures
In accordance with current regulations on the protection of personal data, Cybasque complies with all provisions of the GDPR and the LOPDGDD for the processing of personal data under its responsibility, and expressly with the principles described in Article 5 of the GDPR, according to which they are processed lawfully, fairly and transparently in relation to the data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Cybasque guarantees that it has implemented appropriate technical and organisational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect users’ rights and freedoms and has communicated the appropriate information to enable them to exercise those rights.
The Association of Cybersecurity Industries of Euskadi (Cybasque). Paseo Uribitarte, 3, 3ª planta, Bilbao, 48001.
Email: info@cybasque.eus.