DATA CONTROLLER

FANDANGO FORMENTERA SL, with place of business at Avda. Miramar 1, EDI. Porto Ale 7871 Es Pujols. Formentera and with Tax ID number B42990812 (hereinafter FANDANGO), hereby notifies that:

a) it guarantees the protection of personal data voluntarily provided by the user when communicating with FANDANGO:

  • via email
  •  when filling in data collection forms,
  • formalizing a contractual relationship or
  • using any other service on the website that involves providing data.

b) it treats the data it collects in accordance with the European Data Protection Regulation 679/2016, of April 27, hereinafter GDPR, and in accordance with the provisions of this policy, which it makes public based on the principle of proactiveresponsibility and information transparency, and aims to demonstrate that unambiguous consent from the interested party is being obtained through it.

USE OF THIS DATA

The personal data obtained and processed by FANDANGO, through this website, fairs, contracts, conferences, newsletters, draws, or other means, shall be appropriate, relevant and limited to what is necessary in relation to the purposes for which they are treated, including and not limited to:

  •  For the data collection forms on the website and other unspecified voluntary data provision, the purpose being to respond to a specific request, such as answering queries, subscribing to and sending newsletters, commercial contacts, registration for conferences, sending documentation and information related to the services and, in any case, commercial and/or advertising communications.
  • For contracting services: The purpose is to establish and maintain the contractual relationship that may be established, in accordance with the nature and characteristics of the service contracted; for the maintenance of records and to carry out research and development in this field.

In all cases, personal data will be kept in a way that allows the identification of the
interested parties only for the time necessary for the purposes of the treatment. These
conservation periods will only be extended when the purposes are for scientific,
historical or statistical research.

LEGITIMACY OF THE PROCESSING.

The legal basis or legitimation of FANDANGO’s data processing depends on the different processing activities, the type of personal data holders and purposes thereof, thus our basis of legitimacy is:

– Acceptance or express consent for the Interested Parties who contact FANDANGO to request information, make enquiries, subscribe to receiving information and newsletters, training, etc., and who voluntarily provide the requested personal data.

– Contract for customers who access FANDANGO services and give their consent through the formalization of the contract.

– Prevailing legitimate interests of FANDANGO or third parties to whom the data is communicated for when contact data is collected beyond the forms indicated in the purpose of treatment section (example: receipt of business cards, email enquiries) . The interested party will respond, in any case, to the veracity of the data provided, with FANDANGO reserving the right to exclude all false or illegal data, without prejudice to other actions that may proceed in Law. FANDANGO warns that, except for the existence of legally constituted representation, no interested party may use the identity of another person and communicate their personal data, so at all times they must bear in mind that they are required to communicate personal data corresponding to their own identity to FANDANGO and that they are adequate, relevant, current, accurate and true. For this purpose, the interested party will be solely responsible for any direct and / or indirect damage caused to third parties or to FANDANGO due to the use of another individual’s personal data, or their own personal data when they are false, erroneous, not current, inappropriate or impertinent. Likewise, anyone reporting third party personal, shall be liable to the latter regarding the disclosure requirements established in the GDPR regarding personal data which has not been collected from the data subject, and / or for the consequences of not having informed them.

The services provided by FANDANGO are aimed at professionals of legal age. Any minors using the services offered must have been previously authorized by their parents, guardians or legal representatives since they are considered responsible for the acts carried out by the minors in their charge.

DISCLOSURE OR TRANSFERS

Disclosures: FANDANGO only discloses personal data to third parties to meet its contractual or legal obligations of the service, with providers or public or private organizations.

In such cases, the owner consents to said disclosure, and can obtain information about this by exercising their rights.

International transfers: When developing our activity we use service providers domiciled outside the European Economic Area, to whom we provide data, carryingout international data transfer. The laws of these countries may differ from the European ones in terms of the recognition of rights or the non-existence of a control authority that manages or takes responsibility in this matter.
The legitimate basis for making these transfers is consent and legitimate interest. The providers that we use and whose privacy policy you can consult are the following:

  • Google, Inc: https://policies.google.com/privacy?hl=es&fg=1
  • Microsoft: https://privacy.microsoft.com/es-es/privacystatement
  • Dropbox: https://www.dropbox.com/privacy
  • Facebook: https://es-es.facebook.com/about/privacy
  • Sendinblue: https://es.sendinblue.com/legal/privacypolicy/
  • WordPress: https://automattic.com/privacy/
  • Twitter: https://help.twitter.com/es/rules-and-policies/update-privacy-
    policy
  • Instagram: https://help.instagram.com/155833707900388

USER’S RIGHTS

Users may at any time exercise their recognized rights over their personal data, as well as the revocation of consent for the aforementioned uses, by means of written communication with the request or the right they are exercising, addressed to FANDANGO or electronically via e-mail to comunicacion@fandango.com, including in both cases a photocopy of their ID card or other similar identity identification document, in order to exercise their recognized rights, which are as follows:

  • Access: Request if this organization is treating your data.
  • Rectification. Request data to be modified if they are incorrect.
  • Erasure. Request the deletion of data in legally established cases
  • Opposition. Stop processing data, except for justified reasons.
  • Treatment limitation, they will only be kept by FANDANGO for the exercise or Right to data portability: if you want your data to be processed by another
    SUPPLIER, FANDANGO will facilitate the portability of your data to the new
    controller.

For more information on the exercise of these rights, you can consult the citizen’s guide published by the Spanish Data Protection Agency. If you believe that the processing of your personal data is in breach of the law, you can
lodge a complaint: 

  • with those responsible for FANDANGO and / or the aforementioned data protection officer; or
  • before the Spanish Agency for Data Protection, at the following address: C / Jorge Juan, 6, CP 28001, Madrid (Spain).

SOURCE OR ORIGIN OF THE DATA

The data collected which will be processed by FANDANGO are those collected in each case through the corresponding questionnaire and come from the interested party. In those cases in which data are obtained from third party websites or are not obtained directly from the data subject, FANDANGO will previously inform the owner in the terms established in the GDPR, basically the source of origin and category of data processed.

SECURITY MEASURES

The personal information provided or collected from users and for which FANDANGO is responsible, is structured in files, which may be automated or not, and FANDANGO keeps a record of processing activities in accordance with current legislation. Furthermore, each time data is processed FANDANGO establishes the appropriate technical and organizational measures that guarantee the confidentiality, integrity, availability and resilience of the data included in a processing operation and that are necessary to guarantee its adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, and that incline towards:

  1. Pseudonymisation and encryption of personal data.
  2. The ability to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
  3. The ability to restore availability and access to personal data quickly, in the event of a physical or technical incident.
  4. The process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to guarantee the processing security.