Data protection policy

DATA PROTECTION

This is the data protection policy of the Gironès County Council. It refers to the data of natural persons with whom it interacts in the exercise of its powers and functions. Given the functions of the Gironès County Council, some data processing activities result from the provision of services to other public administrations that have delegated functions to it. Data processing is carried out in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016) and Organic Law 3/2018 of 5 December on the protection of personal data and the guarantee of digital rights (LOPDGDD).

Who is responsible for the processing of personal data?

The data controller is the Gironès County Council (hereinafter, the County Council), with Tax ID P6700003D and registered office at Riera de Mus street, 1-A, Girona (17003), email address info@girones.cat, www.girones.cat.

What criteria do we apply when processing personal data?

In processing personal data, we fully adhere to the principles of the General Data Protection Regulation:

a) Data are processed lawfully (only when we have a legal basis that allows us to do so) and transparently.
b) Data are collected for specific, explicit and legitimate purposes, which are explained at the time of collection, and are not further processed in a manner incompatible with those purposes.
c) Only data that are adequate, relevant and limited to what is necessary for each purpose are processed.
d) We strive to ensure that data are kept up to date.
e) Data are kept for no longer than necessary, in accordance with regulations governing the retention of public information.
f) Appropriate technical and organisational measures are applied to prevent unauthorised or unlawful processing, loss, destruction or accidental damage.

Who is the Data Protection Officer?

The Data Protection Officer (DPO) supervises compliance with the data protection policy of the Gironès County Council, ensuring that personal data are processed appropriately and that individuals’ rights are protected. Among their duties is responding to any questions, suggestions, complaints or claims from data subjects. The DPO can be contacted in writing at Riera de Mus street, 1-A, Girona (17003), or by email at dpd@girones.cat.

For what purposes do we process data and to whom are they disclosed?

The County Council processes data in order to exercise its powers and functions. Its services are described on its website and electronic headquarters. A complete description of processing activities and purposes is available in the Register of Processing Activities, accessible via the corresponding link.

Administrative procedures and formalities

Based on applications submitted by interested persons, their data are used to carry out the processing of each procedure. The catalogue of procedures can be consulted via the corresponding link. Depending on the procedure, data may be communicated to other competent public administrations. In some cases, publication is required to comply with transparency obligations.

Services

To provide services, we process data provided by beneficiaries or obtained from other administrations. Service provision often involves follow-up and the collection of new data from users. As a general rule, data are not disclosed to third parties without the explicit consent of the service user.

Activities

In organising cultural, leisure, educational or sporting activities, we collect data from participants in order to manage the activity. As a general rule, data are not disclosed to third parties without the explicit consent of the participant.

Contact

We handle enquiries submitted through the contact forms on our website. Data are used solely for this purpose and are not disclosed to third parties.

Staff selection

We receive CVs and conduct staff selection processes. The data provided allow us to assess merits and suitability for vacant or newly created positions. Data are not disclosed to third parties.

Information distribution

With the explicit authorisation of each individual, we use the contact details provided to inform them about our initiatives, services or activities, using the channels authorised by each person. Data are not disclosed without consent.

Management of suppliers’ data

We record and process data of suppliers from whom we obtain goods or services, including self-employed individuals and representatives of legal entities. Only essential data for maintaining the commercial relationship are processed. In compliance with legal obligations (tax regulations), data are communicated to the tax authorities.

Video surveillance

Access to our facilities is signposted, where applicable, to inform of video surveillance. Cameras record images only in justified areas to ensure the safety of people and property. Images are used solely for this purpose and may be communicated to law enforcement or judicial authorities when justified.

Legal basis for data processing

Data processing is based on different legal grounds depending on the nature of the processing:

– Compliance with legal obligations.
– Performance of a task carried out in the public interest.
– Performance of a contractual or pre-contractual relationship.
– Consent of the data subject.

Data retention period

Data are retained for as long as necessary to fulfil the purposes for which they were collected and to meet legal obligations or potential liabilities. Accounting and invoicing data are retained in accordance with tax regulations. Data processed solely on the basis of consent are retained until consent is withdrawn. Video surveillance images are retained for a maximum of one month, unless required for investigations.

Rights of data subjects

Data subjects have the right to: be informed, access their data, request rectification or erasure, request restriction of processing, data portability, object to processing, and not receive further information.

How to exercise these rights

Requests can be submitted to the County Council using the contact details provided. Complaints may be lodged with the Catalan Data Protection Authority (www.apd.cat). The Data Protection Officer can be contacted at dpd@girones.cat.