1. Who is the data controller
In the context of your contracting or registration as a member, the Cooperative femProcomuns SCCL will be responsible for data processing. CommonsCloud is a collective initiative co-produced through the cooperative femProcomuns SCCL with NIF F67139550 and address at Carrer Providencia 42, 08024 Barcelona, which acts as owner, promoter and manager
of the web domain CommonsCloud.coop and its subdomains.
The contact details of the Data Protection Officer are: <ahref=”mailto:firstname.lastname@example.org”> email@example.com.
2. A question of ethics
CommonsCloud and femProcomuns SCCL are particularly sensitive to the protection of personal data of users of Internet services. We are looking for the best way for users to regain control over their data and maintain anonymity when they prefer. We invite Users to reflect on these conditions
and contribute improvements to the CommonsCloud Agora.
3. Obligation to comply with data protection regulations
The personal data provided by the User will be treated with the appropriate degree of protection, in accordance with current legislation, with the necessary security measures to prevent its alteration, loss, processing or unauthorised access by third parties.
CommonsCloud tries to reduce access to personal data with the technical measures at its disposal.
Thus, entities that contract dedicated services will be able to self-manage, so that CommonsCloud’s technical persons will only access the maintenance part of the services, but not the data, unless the User explicitly requests an intervention in its service.
In order to comply with our Ethical Commitment, we follow the following general guidelines in relation to personal data:
- We apply the Data Protection Regulation (EU) 2016/679, the Organic Law 3/2018 of 5 December on Data Protection and Guarantee of Digital Rights, and other regulations.
- We respect the User’s data
- We do not offer, sell or transfer User data
- We require the agents with whom we contract and collaborate to have privacy policies that include practices of non-transfer of data and empowerment of the data subject (data owner)
- We take the necessary measures to keep the data secure and protected
- We only send information that the User request or authorise us to send and the User can change their mind at any time.
- We follow the transparency recommendation of the Regulation and try to make the consent and information texts clear
- The User’s data is only used for the purposes indicated and authorised by the User
4. What personal data do we process?
The personal data we hold belongs to the User and can only be processed by us if the User has given us its consent and for the specific purposes for which you have given us its consent.
We also use them for compliance with the law (e.g. entering invoicing data in accounting, etc.).
Personal data refers to any information that can identify the User directly (name) or indirectly (ID number). Other data available to us are: the e-mail address / business or private postal addresses / landline and/or mobile phone number, usernames, bank account. It is also possible that in the course of the contractual relationship the User may provide us with other personal data relating to their personal life (affiliations, beliefs, ethnic
origin, etc.). We only process this data if it is strictly necessary for the purpose of fulfilling the contract between us and the User.
5. How do we obtain users’ personal data?
We collect User data by means of a digital form. We always collect data directly from the User and never from third parties or requested through cookies.
6. For what purposes may we process personal data?
The purposes of the processing of the Users’ data are all or some of the following:
- The fulfilment of the corporate contract and/or the provision of services. As well as enabling the maintenance, development and management of the business relationship formalised by the contracting of products and/or services through this Website
- Fulfilment of legal obligations: invoicing, accounting, tax settlement and submission of informative declarations to the administrations. Management of the contractual relationship with the User.
- To send her information that may be of interest to her: To keep the User informed, including by electronic means, of products, services and news of CommonsCloud and other services and products of femProcomuns SCCL
- Respond to the User’s queries
- Keep in touch
- In the event of sending a CV through this Website, the data provided by the User will be processed in order to deal with her job application and, where appropriate, to enable her to find a job at CommonsCloud.
7. What is the legal basis for processing personal data?
There must be a legitimate reason for us to use the personal data of the Users. The lawful basis for processing personal data is one or more of the following:
- The consent of the User
- The performance of a contract: to carry out the services the User has commissioned from us and/or the management of the contractual relationship or to respond to her enquiries.
- Fulfilment of legal obligations involving the processing of personal data, such as invoicing, accounting, tax filing
- Our legitimate interest in being able to provide the service in the best possible conditions, so we will need to process the personal data of the Users.
8. Who can have access to the personal data of the Users?
Occasionally, personal data is accessed by third parties outside our company as service providers and data is transferred.
Specifically: the data may be processed by the following partners: the CommonsCloud co-producers, the femProcomuns partners and the Internet service providers necessary for the production of the services. These must sign an agreement for data processing with the cooperative as Data Controller. In no case will it be shared with other parties without the consent of the User.
If we enter into contracts that involve the transfer of data, we do so with trusted third parties to perform a variety of operations on our behalf. We only provide them with the information they need to perform the service, and we require them not to use your personal data for any other purpose. We
make every effort to choose trusted third parties, inform us of what data protection policies they have in place and ensure that we incorporate contractual commitment clauses whereby they undertake to implement appropriate security measures in the processing of User data.
9. Do we make international transfers of Users’ personal data?
We do not transfer personal data outside the EU area, but data may be subject to such transfer through the use of platforms with servers outside the EU area (cloud storage services or communication platforms).
In the event that such a transfer is necessary, providers will be chosen if they have systems in place that involve their acceptance of European legislation and have incorporated appropriate privacy compliance policies.
To minimise the chances of international data transfer, we have chosen storage services within the European area, with storage servers located within the EU area and certified as compliant with European regulations.
10. How long do we keep the data?
We only keep Personal Data for as long as we need it for the specific purpose, which may be to fulfil the User’s request, to manage the contractual relationship, to comply with our legal obligations
and/or to keep in contact with the User.
We always retain only the data that is strictly necessary for each purpose. We use the following criteria to determine the retention period of the User’s Personal Data:
• Personal data obtained by consent at the time of the order: for the duration of the contractual relationship;
• Personal Data received and/or created during the contractual relationship: for the duration of the performance of the contract.
• Personal Data obtained when contacting us only for an enquiry: for the time necessary to deal with the enquiry;
• Personal Contact Data limited to name, telephone number and e-mail address: indefinitely as long as the User does not ask us to delete it.
• Personal data necessary to comply with our legal or regulatory obligations as well as to administer our rights (e.g. to enforce our claims in court) or for statistical or historical purposes: the time necessary to be able to carry out the fulfilment of obligations, complaint, etc.
• Personal data to manage the contractual relationship: for the duration of the relationship.
When we no longer need to use the User’s personal data, we will delete it from our files.