Controller – Who is the controller of the personal data that you supply?
- UNIVERSITY OF DEUSTO
- NIF ES 34 R4868004E
- Avenida de las Universidades, 24-Bilbao (CP-48007)
Data Protection Officer (DPO):
Audit and Internal Control Director
Telephone: 94 413 94 30
Purpose – Why do we process your data?
University of Deusto stores and processes the data you supply to manage the EDI incubation process for promoting Big Data experimentation in Europe. As coordinator of EDI, University of Deusto will exclusively share the collected data with members of the EDI consortium, all of them based in Europe. Aggregated data about collected information regarding EDI incubation will be generated and published publicly. Only when EDI participants sign a contract with the consortium and receive funding from the project could their personal data be supplied to European Commission, since it is the funding body of the EDI project.
Legal ground – What is the legal basis to process your data?
The legal basis to store, share and process your data is the informed consent obtained from you by ticking the box explicitly authorizing the University of Deusto to do so, according to the General Data Protection Regulation (GDPR).
- If you do not supply the requested data, your service request will not be satisfied.
- If we send you any dissemination or communication information about our activities and services or carry out any profiling about your interactions with us, this will be exclusively about the EDI project.
Data Processors – Who will be able to process your data?
Processing your request does not imply that we can share data with third parties. This will not be the case unless there is legal enforcement to do so. Besides, we will not make international transfers of the collected data.
Preservation – How long will we keep your data?
- The gathered personal data will be kept during the lifetime to the project.
- Data which entails economic or financial management by University of Deusto will be kept during 5 years, bearing in mind the tax regulations the organization is subject to.
- The data will be kept for statistical purposes, first removing personal identification data.
- The data needed to send communications related to the project and profiles will be kept until the person explicitly requests their records to be removed.
Rights – Which are your rights when you supply your data?
- Every person has the right to obtain confirmation on whether the University of Deusto is processing their personal data or not.
- The person concerned has the right to access their personal data, to request its rectification in case personal data is not accurate or, in its case, to request their removal when, among other reasons, data is no longer necessary for the purposes it was collected for.
- In some circumstances, the person concerned may request restriction of processing of their personal data. In such case, data will only be kept to process legal claims.
- In some circumstances and for motives related to their particular situation, the person concerned can object to the processing of their personal data. University of Deusto will stop managing their data, unless there are legal grounds for processing such data, or to be able to defend from potential legal complaints.
- The person concerned can request data portability in order to obtain the data that they have supplied to University of Deusto in a structured manner, of common use and enabling mechanical processing, to be downloaded or communicated by University of Deusto to another entity.
- The person concerned can exercise his or her rights by sending an email to the following address firstname.lastname@example.org which will be available in our web page.
- Besides, it can issue a complaint to the Spanish Data Protection Agency, especially when their data protections rights have not been respected, in the postal and electronic address indicated in the web page www.agpd.es.
Security – How is the data collected protected?
Data will be treated in a confidential manner and subject to suitable technical and organization measures to avoid their counterfeiting, loss or unauthorized access and processing.