FUNDACIÓ NOUS CIMS, as the Data Controller and manager of this website, in compliance with the provisions of Regulation (EU) 2016/679, General Data Protection Regulation (GDPR), and Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, makes this privacy policy available to you with the aim of providing detailed information on how we process your personal data and protect your privacy and the information you provide to us.

In this privacy policy, we explain your rights regarding your personal information and how to exercise them. Additionally, should you need to contact the competent data protection authority, we provide the necessary contact details.

‘Us’ as Data Controllers of the processing of your personal information	dentity: FUNDACIÓ NOUS CIMS Tax ID (NIF): G-66621350 Registered Address: C/Entença 332-334, 7th Floor, 08029 Barcelona, Spain. Phone: +34 677 92 02 50 Email: lopd@nouscims.com
Our Data Protection Officer (DPO)	If you have any questions, concerns, or suggestions regarding how we use your personal data, you can contact our Data Protection Officer, Áureos, Consultoría Legal y Tributaria, via the following email address: xavi@aurisadvocats.com.

How do we collect your personal data?

As a general rule, most of your personal information is provided directly by you, either in person at physical locations, via phone, email, web forms, or by responding to surveys. However, we may also obtain information from:

• Projects carried out by the Foundation.
• A third party that has previously obtained your explicit consent, such as other non-profit organizations engaged in social or charitable activities.
• Publicly accessible sources.
• Cookies enabled on our website. For more information on how we use cookies, please visit our cookie policy.
• Our access systems when applicable. For example, entry and reception logs, time-tracking systems for employees, CCTV cameras, communication systems, instant messaging, email, or social networks.

What could happen if you do not provide your personal data?

When required by law to collect your personal data or when this data is essential for the formalization of a contract with you, if you choose not to provide this information, we may not be able to deliver the requested service. In cases where we are forced to cancel your order or service for this reason, we will notify you in advance when necessary.

What is the purpose of processing your personal data?

We will provide a detailed table listing the purposes for which we collect your data and the legal basis that legitimizes us to do so.

Purpose of Processing

Why do we collect your information?
Legal basis for processing your personal information

1.Providing our services

(1) Contractual execution

(2) Legitimate interest

2. Registering as a website user

(1) Express consent from the data subject

(2) Contractual execution

3.Managing our relationship with our users and scholarship recipients, including:

• (1) Notifying you about changes to our contractual terms or policies
• (2) Requesting you to complete a survey or provide feedback on our services

(1) Contractual execution

(2) Compliance with a legal obligation

(3) Legitimate interest (to update our records and understand the opinions of our users about our services)

4.Sending commercial communications, newsletters, and advertisements through any communication channel

(1) Express consent from the data subject

(2) Legitimate interest (provided the user has not expressed a desire to opt out)

5.Responding to inquiries and/or providing requested information

(1) Legitimate interest

(2) Contractual execution

(3) Consent from the data subject

(4) Compliance with a legal obligation

6.Managing user interactions on our social media platforms

(1) Compliance with a legal obligation (e.g., removing offensive, racist, vulgar, or defamatory comments; maintaining a respectful and inclusive environment; preserving the privacy of minors, etc.)

(2) Legitimate interest (e.g., removing third-party advertisements from our networks)

7.Using analytical data to improve website/app navigation, implement marketing strategies, and optimize hiring processes through cookies

(1) Legitimate interest

(2) Consent from the data subject (e.g., accepting the use of analytical cookies)

8.Administering and protecting our business and website (includes identifying navigation issues, data analysis, web/app testing, etc.)

(1) Compliance with a legal obligation

(2) Legitimate interest (e.g., business management, network security, fraud prevention, etc.)

9.Providing personal information to authorities or by legal/judicial request

(1) Compliance with a legal obligation

10.Ensuring greater security at our physical premises (e.g., installing CCTV cameras or access controls)

(1) Legitimate interest and third-party interest (e.g., detecting harmful acts against employees or users)

11.Ensuring workplace safety, personnel administration, and employability of candidates

(1) Compliance with a legal obligation

(2) Legitimate interest (e.g., improving the experience of employees in their roles)

12.Suggesting and recommending products and services that may be of interest

(1) Legitimate interest

13.Updating and improving our user records

(1) Compliance with a legal obligation

(2) Contractual execution

(3) Legitimate interest (e.g., verifying that we can maintain contact with users regarding offered services)

14.Responding to potential claims

(1) Legitimate interest

15.Providing claims forms to users upon request (via contact form, phone, or email)

(1) Compliance with a legal obligation

16.Monitoring the procedure for resolving online disputes (European Commission ODR platform: http://ec.europa.eu/consumers/odr/)

Tracking user claims and processes with consumer agencies (register with an identifying key)

(1) Compliance with a legal obligation

With whom might we share your personal data?

We may need to share your personal information with:

1. Other projects within the Foundation.
2. Subcontracted companies or service providers that we use to deliver our services. For example, other non-profit organizations dedicated to social or charitable initiatives, etc.
3. Third-party entities to execute student scholarships. You can access the complete list of entities to which Nous Cims may transfer personal data through this link:
   https://www.nouscims.com/wp-content/uploads/2023/10/Entidades_18_10_2023_11_27.xlsx
4. Third parties necessary for the management of the Foundation. For example, lawyers, accounting services, IT services, etc.
5. Banks we work with.

All the providers and entities we collaborate with are contractually bound to us. We can guarantee that they comply with all the necessary security measures to safeguard your personal information and that they will use this data solely and exclusively for the specified purposes, in accordance with our instructions.

We will also share personal information with law enforcement agencies when required by law.

Where do we store your personal data?

All the information you provide us, whether through this website or other channels, will be stored on the cloud servers of Amazon Web Services (AWS). These servers are located within the European Economic Area (EEA).

Where do we store your personal data?

All the information you provide us, whether through this website or other channels, will be stored on the cloud servers of Amazon Web Services (AWS). These servers are located within the European Economic Area (EEA).

For How Long Will We Keep Your Personal Information?

Your personal data will be kept throughout the duration of our contract or commercial relationship, unless stated otherwise by the exercise of the right to access, rectification, erasure, restriction, portability or to withdraw consent. Nevertheless, we will keep specific personal data during the maximum 2-year term by legal imposition to respond to the Authority when required for legal prosecution purposes regarding unlawful web usage.

Hereby we inform you that our conservation policies meet the legal terms regarding conservation:

a) General rule

In virtue of what is stated in art. 30 of the Commerce Code, all business data will be kept during 6 years.

This affects all accounting, tax, labour or commercial documentation, including mail.

b) Specific terms

Our company must also set minimum deadlines in regards to the type of data and considering the different prescription periods, which each department must know.

This table lists the prescription periods that affect or may affect our organization:

Subject	Period	Rule
Labour infringements	3 years	Art. 4.1 RD 5/2000
Social security regarding infringements	4 years	Art. 4.2 RD 5/2000
Prevention of occupational hazards for the purposes of infractions	5 years	Art. 4.3 RD 5/2000
Fiscal for the purpose of tax debts	4 years	Art. 66 Ley 58/2003
Tax for the purposes of checks on compensated fees or applied deductions	10 years	Art. 66 bis Ley 58/2003
Accounting and commercial	6 years	Art. 30 del CC
Crimes against Public Finance and Social Security	10 years	Art. 131 LO 10/1995

Our Communications

All the personal information you provide will be incorporated into our information systems. By accepting this privacy policy, you are giving Fundació Nous Cims your express consent to carry out the following activities and/or actions, unless you indicate otherwise:

1. Sending commercial, promotional, and direct marketing communications through any enabled communication channel, to inform you about activities, services, promotions, advertisements, news, offers, and other information regarding the services and products related to us and our group.
2. Sending communications via electronic means, as long as you have subscribed to our NEWSLETTER and have not unsubscribed.
3. Retention of data for the periods stipulated in applicable provisions.

How to stop receiving marketing communications (opt-out)?

At any time, you may revoke any express consent you have given us to send you commercial information. To do so, you can request to unsubscribe via the opt-out option enabled on our app/website or by sending us an email with the subject “unsubscribe” to lopd@nouscims.com.

In compliance with the Law on Information Society Services and Electronic Commerce (LSSICE), we never send SPAM, and therefore, you will not receive commercial emails unless they have been requested or authorized by you. However, all our communications will provide you with the option to revoke your consent.

We will not process your personal data for any purpose other than those described, except as required by law or judicial mandate.

User Responsibility – Declaration of Truthfulness

By providing us with your personal information through electronic channels, you declare that you are over 14 years old and that all the data provided to Fundació Nous Cims is true, accurate, complete, and up-to-date.

To this end, the user confirms responsibility for the truthfulness of the data provided and agrees to keep this information properly updated to reflect their real situation. Furthermore, the user accepts responsibility for any false or inaccurate data they may provide, as well as for any direct or indirect damages that may arise as a result.

If you send us your CV

If you wish to send us your CV through our website or email, we inform you that the data provided will be processed to include you in any selection processes that may exist, analyzing your professional profile to select the most suitable candidate for the potential vacancy.

We do not accept CVs submitted through other channels (e.g., hand-delivered or in paper format). If there are any changes to the data provided, we kindly ask you to inform us in writing as soon as possible, so we can keep your data duly updated.

Retention of CVs

CVs will be retained for a maximum period of one year, after which they will be securely destroyed, and all included data will be deleted. We guarantee full respect for confidentiality. In this regard, once the aforementioned period has elapsed, if you wish to continue participating in potential selection processes, you will need to submit your CV again.

Special Consideration for CVs from Scholarship Recipients

CVs submitted through the platform by scholarship recipients are processed to include you in the selection processes of FUNDACIÓ NOUS CIMS, projects linked to the Foundation, or third-party companies that collaborate with it. The platform used in the selection process by FUNDACIÓ NOUS CIMS utilizes Artificial Intelligence to create profiles that serve as a basis for automated decision-making.

The legal basis for processing this information is your consent, and you can oppose or withdraw your consent at any time to avoid being subject to profiling or automated decision-making.

If there are any changes to your data, we kindly ask you to notify us in writing as soon as possible to keep your information duly updated.

CVs will be retained for a maximum period of one year, after which they will be securely destroyed, and all included data will be deleted. We guarantee full respect for confidentiality. In this regard, once the aforementioned period has elapsed, if you wish to continue participating in potential selection processes, you will need to resubmit your CV.

How Do We Keep Your Information Secure?

We take the protection of your data very seriously. For this reason, we ensure the implementation of appropriate physical, organizational, and technological security measures, controls, and procedures to prevent your information from being accidentally lost, misused, or accessed maliciously.

We limit access to your data to authorized individuals and entities and ensure that all our staff is adequately trained. Everyone involved in processing your personal data is subject to a duty of confidentiality.

Additionally, we apply technical procedures to respond to any suspicion of a potential data security breach. If necessary, we will notify you and the relevant supervisory authority (the AEPD in Spain) in accordance with current regulations.

How to Exercise Your ARCOLP Rights?

Both the GDPR and the regulation transposed into Spanish law (LOPDGDD) guarantee you the ability to exercise the following rights. You can exercise them at any time and always free of charge:

These are your rights related to your personal data:

Right to access	Allows the interested party to acknowledge and obtain information about their personal data submitted to processing.
Right to rectification or deletion	It allows to correct errors and modify the data that proves to be inaccurate or incomplete.
Right to erasure	Allows data that turns out to be inadequate or excessive to be deleted.
Right to withdraw consent	The right of the interested party to not carry out the processing of their personal data or to cease it.
Restriction of personal data processing	Involves the marking of personal kept data, with the purpose of limiting its’ future processing.
Portability of data	Facilitation of the data subject to processing to the interested party, so that he or she can transmit it to another person in charge, without impediments.
The right not to be subject to automated individual decisions (including the elaboration of profiles)	the right not to be the subject of a decision based on automated processing that produces effects or significantly affects the User.

To Exercise Any of the Mentioned Rights

You can write to us with your request at the specifically designated email address: lopd@nouscims.com.
You may also directly contact our Data Protection Officer at: xavi@aurisadvocats.com.

You will need to include in your request information about what you need with precision and, in any case, provide proof of your identity that is valid under the law.

The Supervisory Authority for Data Protection

We hope to resolve any questions or concerns you may have regarding your personal information. However, if you wish to file a complaint with the competent authority, you have the right to do so.

In Spain, the highest authority on data protection is the Spanish Data Protection Agency (AEPD):
https://www.aepd.es/es – Tel: 91 266 35 17

 

Changes to This Privacy Policy

Fundació Nous Cims reserves the right to modify this policy to adapt it to legislative or judicial developments.