FGUMA Legal and data protection notice

The GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA is an entity that is committed to not only offering its clients and users maximum quality in the services it provides, but also in scrupulously complying with current legislation on privacy matters and the internet.

For this reason, through this notice, the information society services provider provides the data that it is obligated to make available to consumers and users pursuant to the provisions of art. 10 of Law 34/2002, of 11 July, on information society services and electronic commerce, and of the European regulations on Personal Data Protection. It will do so in accordance with the following terms:

FIRST. This website is the property of the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA, with Tax Identification Code G29817301, with registered address at Avenida de la Estación de El Palo, no. 4, 29017 – Málaga, and email address info@fguma.es

The GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA is registered in the Teaching Foundations Registry of the Ministry of Education under number 325.

SECOND. All of the trademarks, logos, trade names, distinctive signs, services, content, videos, texts, photographs, graphics, images, software, links, and information of any kind that appear on this website are also the property of the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA and as such, they cannot be reproduced, distributed, publicly disclosed, transformed, or modified without its express written authorisation.

The GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA expressly reserves the rights of reproduction, modification, adaptation, public disclosure, maintenance, correction of errors, assignment, sale, rental, loan, and any other intellectual or industrial property right on the content of the website. Exercise of the aforementioned rights is prohibited without its express authorisation.

The creation of a link to another webpage or website on the internet does not in any case imply the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA’s acceptance or approval of its content or services and as such, it does not accept any responsibility for it.

Whoever proposes creating a link on this website must request the prior approval of its owner. The owner reserves the right to claim possible damages that may be caused by the establishment of this link without the necessary authorisation.

THIRD. Privacy Policy: The GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA has proceeded to comply with the current personal data protection regulations. It has adopted all the necessary technical and organisational measures to guarantee the security of its clients’ and users’ personal data and to prevent their alteration, loss, processing, or unauthorised access to them.

The personal data that may be collected through this website will be processed fairly and lawfully pursuant to the principles and rights included in the Personal Data Protection legislation.

Said data may be incorporated into files that are duly registered with the Spanish Data Protection Agency, which are under the responsibility of the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA, with the specific purposes that arise from properly carrying out the requested services and for sending communications (including ADVERTISING and newsletter subscription) that may be to their interest and always related to the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA’s own services.

Your data cannot be transferred to third parties without your consent, with the exceptions established in the law and in the case of processors (if you would like more information about the latter, you may request it from us).

Nevertheless, in order to be able to provide you with the requested services, the following transfers are necessary, which you expressly consent to upon contracting with or making other requests of us:

  • University of Málaga.
  • Public and/or private bodies and entities that intervene in an event, course, or activity or those to whom data must be transferred as required by law.

In order to be able to contract with this entity, you must be of legal age.

We may occasionally request and process sensitive data related to health, food allergies, disabilities, or other information for the organisation of a specific activity, given that without this data, we would not be able to provide the service of interest in the proper conditions. Nevertheless, the purpose of data processing by the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA is not specifically the collection of this type of information.

You should know that transfers of data to third countries may occur for the organisation of and participation in activities, events, or courses that are held in those countries. That is to say, if you sign up for a course in Málaga that is held in the United States of America (for example), we necessarily have to transfer your data to the local organisers. This transfer is legally based on both your express consent and on article 49.1.b of the General Data Protection Regulation, that is, when the international transfer:

“…is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request.”

In the event that users were provided with the possibility of creating personal access keys—composed of a client code (login) and a password—in order to be able to visit restricted-use areas, they will be the only ones who may use them and, in consequence, will be responsible for all operations performed with said keys.

To this end, the user must select characters that are not easily identifiable and keep them secret. Facilitating, using, attempting to decrypt the access keys of others, or revealing them to other unauthorised persons is considered a severe violation of the norms of use and security. If the user has reasons to believe that his/her key is or may be known by any person who is not authorised to know it, he/she must immediately bring this to the knowledge of the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA so that he/she may be assigned a new one.

Website users may exercise their rights to access, rectification, erasure, and others related to their data before the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA through email, the website, letter, or appearing in person at the address indicated at the beginning.

Privacy policy summary

Basic data protection information

ControllerGENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA
PurposeManagement of your data to provide services, respond to queries, invoice , and/or send you commercial communications (including your subscription to newsletters).
Legal standingService provision agreement and the data subject’s consent. Legitimate interest.
RecipientsUniversity of Málaga. Cases required by law, processors, entities that necessarily participate in the activities and services. There may be international data transfers.
RightsAccess, rectify, and erase data, as well as other rights as explained in the additional information.
Additional informationSee text below

Additional information about data protection

FIRST. Who is the controller of your data?
Identity: GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA-Tax Identification Code: G29817301.
Address: Avenida de la Estación de El Palo, no. 4, 29017 – Málaga.
Tel.: (+34) 951 952 640
Email: info@fguma.es

SECOND. For what purpose is your data processed?
Your data will be processed for the purpose of providing you services related to our activity, respond to your queries, invoice you, and also to send you advertising communications about the same matters, including your subscription to newsletters.

The data that are processed are obligatory and must be provided in all cases; on the contrary, the service requested cannot be provided nor can the other purposes indicated be fulfilled.

THIRD. How long will your data be stored?
The personal data provided will be stored whilst the service provision relationship is maintained or whilst the data subject does not request its erasure. Nevertheless, your data will be blocked during the pertinent prescribed time frames in the event there is any liability on our part.

FOURTH. What are the legal grounds for the processing of your data?
The legal grounds for the processing of your data are the execution of the service provision agreement and legitimate interest.

The commercial communications that may be sent by the controller are based on your consent, which you provided expressly and freely and which may be revoked at any time by requesting it.

Your consent may always be revoked; revocation must be expressly communicated.

FIFTH. To which recipients will your data be communicated?
The data will be disclosed—as per the law—to the Public Administrations with competence in this matter and to our processors (if you would like more information on their identities, you may request it from us).

Nevertheless, in order to be able to provide you with the service requested, certain transfers are necessary, which you expressly consent to upon contracting with us. Details on the transfers are described in the preceding paragraphs.

Occasionally, there may be international data transfers based on the place where the requested course, event, or activity takes place, as explained in the preceding paragraphs.

SIXTH. What are your rights upon facilitating your data?
Your rights are those regulated in the European General Data Protection Regulations, that is to say:

  • Right to access or rectify your data, to their erasure, to opposition to and limitation of their processing, and to their transfer.
  • Right to revoke your consent when it was given for a specific purpose.
  • These rights can be exercised through certified letter or appearing in person as well as by writing to our headquarters. A form for this purpose may be requested beforehand.
  • You also have the right to make a claim before the Supervisory Authority when you are not satisfied with the exercise of your rights by submitting a written request through its Registry (physical or electronic).
  • If you would like more information on what each of your rights consists of, you can request it from us through any channel.

SEVENTH. What is the origin of your data?
Your data have been received:

  • Because you directly provided us with them.

The data that are processed may consist of names, surnames, identity document, telephone numbers, email addresses, addresses, bank information, data on minors, professional curriculum vitae or commercial information, personal characteristics, and possibly sensitive data.

EIGHTH. Data Protection Officer:
The person designated as the Data Protection Officer at the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA is Ms Susana Castillo Cerdán, with the same address and telephone as said entity and the email address lopd@fguma.es

NINTH. Record of personal data processing activities at the GENERAL FOUNDATION OF THE UNIVERSITY OF MÁLAGA

  1. Training activities and other services. Purpose of the processing: Management and control of the data collected for the carrying out of educational activities and other services provided by the controller. Sending of communications and publicity related to the activities and services. The grounds for processing are the data subject’s consent and the professional services provision agreement.
  2. Agenda of clients, suppliers, users, and contacts in general. Purpose of the processing: Processing of data collected from clients, website users, members, suppliers, collaborators, and contacts in general in order to contact and carry out administrative processes and for advertising messages related to the controller’s activity. The processing is based on the data subject’s consent or on the existence of a contractual or precontractual relationship.
  3. Invoicing, accounting, and the tax authority. Purpose of the processing: Processing of data necessary for compliance with the tax and accounting obligations of the file’s controller. They are processed due to a legal imperative (tax regulation).
  4. Board of Trustees Members. Purpose of the processing: Management and control of the data of people or entities that form the Foundation’s Board of Trustees. They are processed due to a legal imperative (legislation on Foundations) and due to the data subject’s express consent.
  5. Patients (Health and Medical Research Centre – CIMES) and services of the Health and Medical Research Centre (CIMES). Purpose of the processing:
    Collection and processing of data from CIMES patients and users in order to be able to provide them the Centre’s own services. Management of medical records. The data will be processed due to the data subject providing their express consent and due to compliance with the obligations agreed upon between the CIMES and public bodies of a healthcare nature.
  6. Human resources. Purpose of the processing: Processing of the data of people who provide professional services to the file’s controller (hired personnel) and the processing of curriculum vitae data for the company’s personnel selection processes. Workplace monitoring through fingerprint records (employees clock in and clock out). They are processed due to a legal imperative (workplace regulations) and due to the data subject’s express consent (in the case of curriculum vitae).
  7. Video surveillance and security. Purpose of the processing: Collection and processing of data through surveillance video cameras to safeguard the security of the facilities where the controller’s activity is carried out. They are processed according to the legal grounds of Instruction number 1/2006, of 8 November, on the Spanish Data Protection Agency and with the consent of the data subject, who is informed of the recording by means of informational posters and notes. Suppliers: companies or professionals who sell or provide products or services to the
  8. Care of citizens’ rights. Purpose of the processing: Processing of data collected to attend to data subjects’ requests for the exercise of the rights of access, rectification, erasure, opposition, limitation, or transfer on matters of data protection, pursuant to the law.
  9. Notification of security breaches. Purpose of the processing: Processing of data to manage the procedure for the notification of security breaches on data protection matters, according to the law.

We have detailed information available to all users on said registry of activities pursuant to article 30.1 of the European General Data Protection Regulation. You can expressly request it via the following address lopd@fguma.es.