Basic Data Protection Information
Responsible: Sit Barcelona
Purpose: Provision of online services, management of web users, commercial communications related to our services.
Legitimation: Express consent and legitimate interest.
Recipients: No data is transferred to third parties, unless legally obliged to do so.
Rights: Access, rectify and delete data: Access, rectify and delete data, as well as other rights, as explained in the additional information.
Additional information: You can consult the additional and detailed information on Data Protection in the attached clauses found at https://sitbarcelona.com/privacy-policy/.
At SIT BARCELONA we work to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this. We care about your privacy and we believe that we must be transparent about this.
Therefore, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter, «GDPR») on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, «LSSI»), SIT BARCELONA informs the user that, as the party responsible for processing, it will incorporate the personal data provided by users in an automated file.
Our commitment starts by explaining the following to you:
- Your data is collected to improve the user experience by addressing your interests and needs.
- We are transparent about what data we collect about you and why we collect it.
- Our intention is to provide you with the best possible experience. Therefore, when we use your personal information, we will always do so in a compliant manner, and where necessary, we will ask for your consent.
- We understand that your information belongs to you. Therefore, if you choose not to give us permission to process it, you can ask us to stop processing it.
- Our priority is to ensure your security and to process your data in accordance with EU law.
Who is responsible for the processing of your personal information?
Identity: SIT BARCELONA
SIT BARCELONA has designated a Data Protection Delegate or an internal contact person within its organisation. If you wish to make an appointment regarding the processing of your personal data, you can contact him/her by email at email@example.com.
What personal information do we collect?
The personal data that the user may provide:
Name, address and date of birth.
Telephone number and e-mail address.
Information relating to payments and refunds.
IP address, date and time you access our services, internet browser you use and details of your device’s operating system.
Any other information or data you choose to share with us.
In some cases, it is mandatory to fill in the registration form to access and enjoy certain services offered on the website; likewise, not providing the personal data requested or not accepting this data protection policy means the impossibility of subscribing, registering or participating in any of the promotions in which personal data is requested.
Why and what do we process your information for?
At SIT BARCELONA we process the information provided by interested parties for the following purposes:
To contract any of our services, either online or physically at the centre.
To manage the sending of the information requested.
To develop commercial actions and carry out the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and the information tasks, being able to carry out automatic evaluations, obtain profiles and segmentation tasks of the clients in order to personalise the treatment according to their characteristics and needs and improve the client’s online experience.
Develop and manage contests, sweepstakes or other promotional activities that may be organised.
In some cases it will be necessary to provide information to Authorities or third party companies for auditing purposes, as well as to handle personal data from invoices, contracts and documents in order to respond to claims from customers or Public Administrations.
We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of Processing Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the RGPD.
What is the legitimacy for the processing of your data?
The processing of your data may be based on the following legal bases:
Consent of the data subject for the contracting of services and products, for contact forms, requests for information or registration in newsletters.
Legitimate interest for the processing of our customers’ data in direct marketing actions and express consent of the data subject for all matters relating to automatic assessments and profiling.
Compliance with legal obligations for fraud prevention, communication with authorities and third party claims.
How long do we keep your information?
The processing of the data for the purposes described will be maintained for the time necessary to fulfil the purpose for which it was collected (for example, for the duration of the commercial relationship), as well as for the fulfilment of the legal obligations arising from the processing of the data.
To whom is your data communicated?
In some cases, only when necessary, SIT BARCELONA will provide user data to third parties. However, the data will never be sold to third parties. External service providers (e.g. payment providers or delivery companies) with whom SIT BARCELONA works may use the data to provide the corresponding services, however, they will not use this information for their own purposes or for transfer to third parties.
SIT BARCELONA endeavours to guarantee the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have the appropriate measures in place to protect personal data. These third parties are obliged to ensure that the information is handled in accordance with data privacy regulations.
In some cases, personal data may be required by law to be disclosed to public bodies or other parties, only what is strictly necessary for the fulfilment of such legal obligations will be disclosed.
Personal data obtained may also be shared with other group companies.
Where is your data stored?
In general, data is stored within the EU. For data that is sent to third parties outside the EU, we will ensure that they offer a sufficient level of protection, either because they have Binding Corporate Rules (BCR) or because they have signed up to the «Privacy Shield».
What rights do you have and how can you exercise them?
You can address your communications and exercise your rights by sending a request to the following e-mail address: firstname.lastname@example.org
Under the provisions of the GDPR you can request:
Right of access: you may request information about the personal data we hold about you.
Right of rectification: you can communicate any changes to your personal data.
Right to erasure and the right to be forgotten: you can request the deletion of your personal data after it has been blocked.
Right to limit processing: this means restricting the processing of personal data.
Right to object: you can withdraw your consent to the processing of your data, opposing further processing.
Right to portability: in some cases, you may request a copy of the personal data in a structured, commonly used and machine-readable format for transmission to another controller.
Right not to be subject to individualised decisions: you can ask not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect the data subject.
In some cases, your request may be refused if you request the deletion of data necessary for compliance with legal obligations.
In addition, if you have a complaint about the processing of your data, you can lodge a complaint with the data protection authority.
Who is responsible for the accuracy and veracity of the data provided?
The user is solely responsible for the truthfulness and accuracy of the data included, exonerating SIT BARCELONA from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the registration or subscription form. SIT BARCELONA reserves the right to terminate the services contracted with users in the event that the data provided is false, incomplete, inaccurate or not up to date.
SIT BARCELONA accepts no responsibility for the veracity of information that is not of its own creation and for which another source is indicated, and therefore accepts no responsibility whatsoever for hypothetical damages that may arise from the use of this information.
SIT BARCELONA reserves the right to update, modify or delete the information contained in its web pages and may even limit or deny access to said information. SIT BARCELONA is exonerated from liability for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by SIT BARCELONA, provided that it comes from outside sources.
Likewise, the user certifies that he/she is over 14 years of age and that he/she has the necessary legal capacity to give consent for the processing of his/her personal data.
How do we handle children’s personal data?
In principle, our services are not specifically addressed to minors. However, in the event that any of them are aimed at minors under the age of fourteen, in accordance with article 8 of the RGPD and article 7 of the LO3/2018, of 5 December (LOPDGDD), SIT BARCELONA will require the valid, free, unequivocal, specific and informed consent of their legal guardians in order to process the personal data of minors. In this case, the DNI or other form of identification of the person giving consent will be required.
In the case of persons over fourteen years of age, data may be processed with the consent of the user, except in those cases in which the law requires the assistance of the holders of parental authority or guardianship.
What security measures do we implement to protect your personal data?
SIT BARCELONA has adopted the legally required levels of security for the protection of Personal Data, and endeavours to install any other additional technical means and measures within its reach to prevent the loss, misuse, alteration, unauthorised access and theft of the Personal Data provided to SIT BARCELONA.
SIT BARCELONA is not responsible for hypothetical damages that may arise from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operational functioning of this electronic system, caused by reasons beyond the control of SIT BARCELONA; delays or blockages in the use of this electronic system caused by deficiencies or overloading of telephone lines or overloading of the Data Processing Centre, the Internet system or other electronic systems, as well as damage that may be caused by third parties through illegitimate interference beyond the control of SIT BARCELONA. Nevertheless, the user must be aware that Internet security measures are not impregnable.
Links to other websites
However, if you do not want cookies to be installed on your hard drive, you can configure your browser to prevent the installation of these files. For more information, please see our Cookies Policy https://sitbarcelona.com/cookies/.