PRIVACY POLICY AND PROCESSING OF INFORMATION
-
01 Personal data: any information about an identified or identifiable person (the interested party). An identifiable person is any person whose identity can be determined, directly or indirectly, using an identifier, such as a name, an identification number, location data, an online identifier or one or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that person.
-
02 Processing: any operation or set of operations carried out on personal data or a set of personal data by automated or non-automated procedures, such as collection, registration, organisation, structuring, conservation, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of enabling access, confrontation or interconnection, limitation, deletion or destruction.
-
03 Profiling: any form of automated processing of personal data consisting of using these data to evaluate personal aspects of a person; in particular, to analyse or predict aspects relating to that person’s professional performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.
-
04 Pseudonymisation: processing of personal data in a way that such data cannot be attributed to an interested party without using additional information, provided that this information is separated and subject to technical and organisational measures aimed at ensuring that the personal information is not attributed to an identified or identifiable person.
-
05 File: a structured set of personal data accessible following certain criteria, be it centralised, decentralised or distributed functionally or geographically.
-
06 Responsibility for the processing: the physical or legal person, public authority, service or any other body that, alone or acting with others, decides the purpose of the processing.
-
07 Person in charge of the processing: the physical or legal person, public authority, service or any other body that processes personal data on behalf of the person responsible for the processing.
-
08 Recipient: the person to whom personal data are communicated, whether a third party or not. However, public authorities that may receive personal data relating to a specific investigation should not be considered as recipients.
-
09 Third party: physical or legal person, public authority, service or body other than the interested party, the person responsible for the processing, the person in charge of the processing and the persons authorised to process personal data under the direct authority of the person responsible or the person in charge.
-
10 Consent of the interested party: any manifestation of free, specific, informed and unequivocal will by which the interested party accepts, through a statement or a clear affirmative action, the processing of personal data affecting the interested party.
-
11 Control authority: the independent public authority established by a member state, in accordance with the provisions of article 51 of the GDPR.
-
12 Cross-border processing:
a) The processing of personal data carried out in the context of the activities of establishments in more than one member state of a person responsible or in charge of the processing in the European Union, if the person responsible or in charge is established in more than one member state, or
b) The processing of personal data carried out in the context of the activities of a single establishment of a person responsible or in charge of the processing in the European Union, but which affects or may substantially affect interested parties in more than one member state.
-
NIF: ESQ5856181B
-
Address: Plaça dels Àngels núm. 1, Ciutat Vella, 08001 Barcelona
-
Telephone: 93 412 08 10
-
Email: macba@macba.cat
PURPOSE
LEGAL BASIS
CONSERVATION
Provision of the services you request from us
Contractual relationship
10 years
Sending activity information by email or post
Contractual relationship and consent
Until consent is revoked
Information request
Consent
1 year
Donation management
Contractual relationship and legal obligation.
10 years
People management
Contractual relationship and legal obligation.
5 years
Supplier management
Contractual relationship and legal obligation.
5 years
Attention to legal and contractual obligations
Contractual relationship and legal obligation.
5 years
Image management
Consent and art. 8 LO 1/1982
Until consent is revoked
Library management
Consent and contractual relationship
Until consent is revoked
Video surveillance
Legitimate interest. Security maintenance
Maximum 30 days from its capture
Those who may have access to the data are:
-
01 Personnel duly authorised by the person responsible for the processing.
-
02 The suppliers needed to comply with the services you request or to comply with legal and contractual obligations
-
03 The public administration within the remit of its powers.
-
04 Social networks, provided you have previously consented to the dissemination of your identifying data.
-
01 Microsoft. For more information you can click:
-
02 Google Workspace. For more information you can click:
-
03 Social networks listed on our website.
-
01 The personal data are not accurate.
-
02 The processing is unlawful.
-
03 The person responsible for the processing no longer needs to process the data.
-
04 When the reasons for ceasing to process the data alleged by the affected person prevail over those of the person responsible for the processing.
To exercise the above rights, you can write to the registered address of the person responsible for the processing, or send an email to dpd@macba.cat with the text ‘DATA PROTECTION’ in the subject box and attaching a photocopy of your DNI, NIE or passport to this email.
Depending on the request made by the person concerned, the mandatory data are already marked on the collection forms. If the mandatory data are not provided, the right to participate in the activity could be affected or the service requested may not be provided.
Personal data are stored in the general administration database of the person responsible for the processing, who, in any case, guarantees the technical and organisational measures to preserve the integrity and security of the information they deal with.
This privacy policy only applies to this website. The person responsible for the processing does not guarantee compliance with these rules on other websites, nor are they responsible for access through links from this site.