Professional Documents
Culture Documents
WASLA PRIVACY AND PERSONAL DATA PROCESSING POLICIES - Final Version
WASLA PRIVACY AND PERSONAL DATA PROCESSING POLICIES - Final Version
The main purpose of this Policy is to inform the Holders of Personal Data of the rights that
are due to them, the procedures and mechanisms provided by WASLA to put into effect
those rights of the Holders, and to inform them of the scope and purpose of the processing
to which the Personal Data will be submitted in case the Holder grants his express, prior
and informed authorization.
1. LEGAL FRAMEWORK
2. DEFINITIONS
In accordance with current legislation on the matter, the following definitions are
established, which will be applied and implemented taking into account the criteria for
interpretation that guarantee a systematic and comprehensive application, and in line with
technological advances, technological neutrality and other principles and premises that
govern the fundamental rights that encircle, orbit and surround the right of habeas data
and protection of personal data.
3. PRINCIPLES:
WASLA will define its Personal Data Processing Policy in accordance with the following
principles.
- Principle of finality: The Processing of Personal Data shall be in line with a legitimate
purpose in accordance with the General Data Protection Regulation (Regulation (EU)
2016/679) and the complementary law, which must be informed to the Holder.
- Principle of freedom: The processing can only be practiced with prior, express and
informed consent of the Holder. Personal Data may not be obtained or disclosed without
prior consent, or in the absence of a legal or judicial mandate that discontinues consent.
- Principle of Transparency: The Processing must guarantee the right of the holder to
obtain, at any time and without restrictions, information about the existence of data
concerning him/her.
- Principle of confidentiality: All persons involved in the Processing of Personal Data are
obliged to guarantee the reservation of the information, even after ending their relationship
with any of the tasks that the processing comprises, and may only supply or communicate
Personal Data when this corresponds to the development of the activities expressly
authorized in the Law.
ALAPP will conduct the Processing of Personal Data for the fulfillment of the activities of
its corporate purpose, in conformity with the provisions of the General Data Protection
Regulation (Regulation (EU) 2016/679)
and other complementary provisions. The Processing may be conducted through
electronic, physical, automated means and / or using any known or to be known digital
means, which may vary depending on the way of collecting information.
The processing of the personal data of any person with whom WASLA had established or
established a relationship, permanently or occasionally, will be conducted within the legal
framework that regulates the matter and by virtue of its condition of academic and cultural
association.
4.1. The Personal Data processed by WASLA must be submitted strictly and only for the
purposes indicated below. Likewise, the persons in charge or third parties who have
access to the Personal Data by virtue of Law or contract, will maintain the Processing
within the following purposes:
(i) The proper development of its corporate purpose, including the use of data for the
execution of its activities;
(ii) Validate the information in compliance with the legal requirement of knowledge of the
user applicable to WASLA;
(iii) Properly provide high quality training and education services for multidisciplinary
professionals;
(iv) For the development of market research, statistics, etc., that allow WASLA's
competitiveness;
(v) To address in an efficient and timely manner the health and / or emergency
requirements that might arise during the provision of the service;
(vi) For the development of advertising campaigns, promotional material, etc., on social
networks and the media.
(vii) Manage all the information necessary to comply with WASLA's tax obligations and,
business, corporate and accounting records.
(viii) Comply with WASLA's internal processes in terms of administration of suppliers and
contractors.
(ix) The transmission of data to third parties with whom contracts have been concluded for
this purpose, for commercial, administrative, marketing and / or operational purposes
including, but not limited to, the issuance of ID cards, personalized certificates and
certifications to third parties, in accordance with the existing legal provisions.
(x) Keep and process, by computer or other means, any type of information related to the
patient's health status with the purpose of providing relevant services and products.
(xi) Security and improvement of service and the experience of the Holder through any
application, social network and / or web portal used by WASLA.
(xii) All other purposes determined by those responsible for Personal Data collection for its
due processing and which are communicated to the Holders at the time of collecting them.
4.2. Processing of sensitive data. Data categorized as sensitive may be used and
processed when:
(i) The Holder has given his/her explicit authorization for such processing, except in cases
where said authorization is not required by law.
(ii) The Processing is necessary to safeguard the vital interest of the holder and in case
he/she is deprived of his/her physical or legal capacities. In such events, legal
representatives must grant the authorization.
(iii) The Processing has a historical, statistical or scientific purpose. In this event,
measures leading to suppression of the identity of the Holders must be adopted.
4.3. Data Processing of children and adolescents: The Processing must ensure the
respect for the prevailing rights of minors. The Processing of personal data of minors is
proscribed, except for those data that are of a public nature. It is the duty of the State and
educational entities of all kinds to provide information and train legal representatives and
guardians on the potential risks that minors face in case of improper processing of their
personal data, and provide knowledge about the responsible and safe use, by the children
and adolescents, of their personal data, their right to privacy and the protection of their
personal information and that of others.
Consequently, WASLA will be strict in the handling of the personal data of all under-aged
users or visitors, and will only collect and process personal data of those children whose
parents, and / or guardians in charge, have expressed explicitly and in writing their
authorization for the purposes indicated in the respective privacy notice.
First Paragraph: The Personal Data provided by the Holder will be processed and used
only for the purposes set forth herein, and for a period counted from the moment the
authorization was granted until the period WASLA determines to be effective.
Second Paragraph: The information provided by the Holder may be shared with
agencies, bodies responsible for the information, service providers, commercial allies, their
allies, and third parties in general that provide services to WASLA or to third parties on
behalf of or at WASLA’s expense.
Third Paragraph: WASLA guarantees that the mechanisms through which it makes use
of Personal Data are safe and confidential, since they have IT security mechanisms and
suitable technological means to ensure that they are stored in such a way that unwanted
access is prevented by third parties.
As the party responsible for the Processing of Data, WASLA agrees with the Holders of
Personal Data to:
a) Guarantee the Holder of the information, at all times, the full and effective exercise of
the right of habeas data;
b) Keep and process by computer or other means, any type of information related to the
business, in order to provide the relevant services and products;
c) Request and keep a copy of the respective authorization granted by the holder for the
processing of personal data;
d) Duly inform the holder about the purpose of the collection and the holder's rights under
the authorization granted;
e) Keep the information under the necessary security conditions in order to prevent its
adulteration, loss, consultation, use or unauthorized or fraudulent access;
f) Timely update the information, considering this way all news concerning the owner's
data;
h) Process the enquiries and claims formulated in the terms indicated by the current
WASLA’s Personal Data Processing Policy;
i) Inform the Holder, at his/her request, about the use given to his/her data;
j) Inform the data protection authority when there are violations of the security codes and
when the administration of the information of the Holders is at risk;
k) Comply with the instructions and requirements issued by the with the Federal
Commissioner for Data Protection and Freedom of Information ('BfDI') and the various
supervisory authorities of the Länder.
l) Refrain from circulating information that is being contested by the Holder and whose
blocking has been ordered by the with the Federal Commissioner for Data Protection and
Freedom of Information ('BfDI') and the various supervisory authorities of the Länder;
m) Use only data whose processing is previously authorized according to the provisions of
the General Data Protection Regulation (Regulation (EU) 2016/679);
n) Inform through any electronic means the new mechanisms implemented so that the
Holders of the information make their rights effective, as well as any modification to the
Personal Data Processing Policy;
o) To ensure the proper use of the personal data of children and adolescents, in those
cases in which the processing of their data is authorized by their representative;
In accordance with laws currently in force, the Personal Data Holders have the following
rights:
a) Know, update and rectify their Personal Data before WASLA or those in charge of
the processing. This right may be exercised, among others, against partial,
inaccurate, incomplete, fractionated, misleading data, or data whose Processing is
expressly prohibited or not authorized;
b) Request proof of the Authorization granted to WASLA, unless the Law indicates
that said Authorization is not necessary;
c) Submit requests to WASLA or the person/entity in charge of the Processing
regarding the use that has been given to their Personal Data, and that they provide
such information to them;
d) Submit complaints the Federal Commissioner for Data Protection and Freedom of
Information ('BfDI') and the various supervisory authorities of the Länder for
violations of the Law.
e) Revoke their Authorization and / or request the deletion of their Personal Data from
the Institute's databases when the Federal Commissioner for Data Protection and
Freedom of Information ('BfDI') and the various supervisory authorities of the
Länder has determined, by means of a definitive administrative act, that the
Processing of the institute or the person/entity in charge of the processing has
engaged in conducts contrary to the Law or when there is no legal or contractual
obligation to keep the Personal Datum in the database of the responsible
person/entity.
f) Request access and gain access, free of charge, to their Personal Data that have
been processed in accordance with article 15 of the General Data Protection
Regulation (Regulation (EU) 2016/679)
g) Know the modifications to the terms of this Policy efficiently and in advance of the
implementation of the new modifications or, failing that, of the new information
processing policy.
h) Have easy access to the text of this Policy and its modifications.
i) Access, in an easy and simple way, to the Personal Data that are under the control
of WASLA to effectively exercise the rights that the Law grants Holders.
j) Know the unit in charge or the person empowered by WASLA before whom they
can submit complaints, queries, claims and any other request about their Personal
Data. The Holders may exercise their rights under the Law and conduct the
procedures established in this Policy, by presenting their national ID card or
original identification document. Minors may exercise their rights in person, or
through their parents or guardians who represent them before WASLA. Likewise,
the rights of the Holder may be exercised by the successors who can prove such
status, the representative and / or the attorney-in-fact of the holder with the
appropriate documentation.
With this procedure of Agreed Authorization, it is expressly guaranteed that the Personal
Data Holder knows and accepts that WASLA will collect, store, use, clean, analyze,
circulate, transmit, transfer, update or delete, according to the Law, the information for the
purposes for which it is informed prior to granting the authorization, and for the purpose
contained on this document.
(i) The complete identification of the person from whom Personal Data are
collected;
(ii) The Authorization referred to in numeral 6.1;
(iii) The purpose of the Processing of Personal Data, and;
(iv) The rights of access, correction, update or deletion of the Personal Data
provided by the Holder thereof.
WASLA will use its current mechanisms and will implement and adopt the necessary and
tending actions to keep suitable technical or technological records or mechanisms of when
and how it obtained authorization from the holders of personal data for their Processing.
To comply with the foregoing, paper files or electronic repositories can be created directly
or through third parties contracted for such purpose.
7.3 Privacy Notice. General information on data processing
For the data collected, an email will be sent to all persons of whom WASLA has Personal
Data informing them about the implementation of WASLA’s Personal Data Processing
Policy and how to exercise their rights.
In accordance with the law, the Privacy Notice is the physical, electronic, or in some other
format, document known, or to be known, that is made available to the Holder for the
processing of his/her personal data. Through this document, the Holder is provided with
the information regarding the existence of the policies of information processing that will be
applicable, the way to access said policies and the characteristics of the processing that is
to be given to personal data.
2. the rights of data subjects with regard to the processing of their personal data to
access, rectification, erasure and restriction of processing,
3. the names and contact details of the controller and the data protection officer,
The Holder, his representative, his successor or his attorney-in-fact may present, at any
time, queries, requests and / or claims before WASLA to know, update, rectify, request the
deletion of his Personal Data and / or revoke the authorization. For this reason, it is the
responsibility of the entire team of direct and indirect WASLA workers, without exception,
to comply with the Information Processing Policy, and especially with due attention to the
requests, complaints and claims that the Holder submits to the company for this concept.
To exercise his/her rights, the Holder or whoever acts on his/her behalf and
representation, may submit requests, complaints and / or claims before ALAPP by the
following means:
The area responsible for the management and Processing of the Databases, as the case
may be, will always be the person in charge of the customer service department, who will
be in charge of handling the requests, complaints and claims filed by the Holder in
exercise of his rights. Whatever means used, the person in charge will keep proof of the
query and its response.
8.1 Consultation
When the main request is a query, that is, to consult personal information of the Holder
that resides in the WASLA Databases, the procedure will be as established here:
(i) The query will be formulated by filling out the WASLA formats for Petitions, complaints
and claims available on the website or by email: : xxxx@xxxxxxx.xxx
(ii) Once the query has been received, a response must be sent to the Holder, whatever it
may be, within ten (10) business days following the date when the query was received.
(iii) If it is not possible to answer the consultation within the aforementioned period, the
Holder must be notified, explaining the reasons for the delay and indicating the date on
which the consultation will be responded, which may not exceed five (5) business days
following the expiration of the first term.
8.2 Claim
When the main request is a claim, that is, when the Holder considers that the information
contained in the WASLA Databases should be subject to correction, updating or deletion,
or when he/she notices the breach of any of the duties contained in the Federal Data
Protection Act of 30 June 2017 (implementing the GDPR by WASLA, the procedure will be
as established here:
(i) The claim will be lodged through a request addressed to the person Responsible or in
charge of the Information, with the Holder's identification number, the description of the
events that give rise to the claim, the address and the documents considered necessary.
(ii) If the claim is incomplete, the Holder, or whoever acts as him, will be required within
five (5) business days after receipt of the claim to correct errors.
(iii) If, after two (2) months from the date of the correction request, the Holder or whoever
acts as him, does not submit the requested information, it will be understood that the claim
has been withdrawn.
(iv) Once a claim is received with full requirements, it must be included in the databases in
a term not exceeding two (2) business days, identifying it as "claim in process" and the
reason for it. Such label must be kept until a decision is made on the claim.
(v) If, after two (2) months from the date of the correction request, the Holder or whoever
acts as him, does not submit the requested information, it will be understood that the claim
has been withdrawn.
(vi) The maximum deadline to respond to the claim will be fifteen (15) business days
counted from the next day after it is received. When it is not possible to respond the claim
within this term, the interested party will be informed of the reasons for the delay and the
date on which his claim will be responded, which may not exceed eight (8) business days
following the expiration of the term.
(vii) In the event that WASLA receives a claim and is not competent to resolve it, WASLA
will transfer the claim to whom it may concern, to the extent possible, within a maximum
term of two (2) business days and will inform the interested party of the situation.
(viii) When the request is made by a person other than the Holder and it is not proven that
the person acts on his/her behalf, the request shall be deemed as not filed.
As established in the provisions of numeral 8 above, WASLA will rectify, update or delete,
at the Holder’s request, any type of information according to the procedure and the terms
indicated in the previous article. In the case of rectification and / or update, the proposed
corrections must be duly substantiated.
Paragraph: The information Holder will have the right, at all times, to request the total or
partial deletion of his/her Personal Data and for this the procedure, established in point 8
above, will be followed. WASLA can only deny the deletion when:
i) The Holder has the legal and / or contractual duty to remain in the database;
ii) The deletion of the data hinders ongoing judicial or administrative proceedings, and;
iii) In all other cases referred to in section 57 and 58 of the Federal Data Protection Act of
30 June 2017 (implementing the GDPR), when appropriate.
WASLA will adopt the technical, human and administrative measures that are necessary
to grant security to the records, avoiding their adulteration, loss, consultation, or
unauthorized or fraudulent access or use; these measures will respond to the minimum
requirements of the legislation in force.
11. AUTHORIZATION OF COMMUNICATIONS THROUGH EMAIL AND / OR
SOCIAL NETWORKS
With the collection and due processing of personal data, WASLA will use its electronic
means such as the website, applications, social networks and / or any electronic means to
send communications to its members and / or anyone who participates in its events. The
information may contain, but is not limited to, services, research, projects, programs,
publications and academic events conducted by WASLA.
WASLA designates the customer service department, or whoever is acting on its behalf, to
fulfill the function of protecting Personal Data, as well as to process the requests of the
Holders, for the exercise of the rights of access, consultation, rectification, update, deletion
and revocation referred to the Federal Data Protection Act of 30 June 2017 (implementing
the GDPR), all other norms that regulate or complement them and the Personal Data
Processing Policy.
13. VALIDITY
This Policy is effective as of [date]. Personal Data that are stored, used or transmitted will
remain in our Database, based on the criteria of temporality and necessity, for as long as
necessary, for the purposes mentioned in this Policy for which they were collected.
Databases in which personal data will be recorded shall be valid for a period equal to the
time that the information is kept and used for the purposes described in this policy. Once
these purposes are fulfilled and, as long as there is no legal or contractual duty to retain
your information, your data will be removed from our databases.
Sincerely,
WASLA ASSOCIATION -