Privacy Policy - Irídia Privacy Policy - Irídia

Privacy Policy

At Irídia we work to ensure that personal data, and especially sensitive data, are protected and used appropriately. We treat data confidentially, rigorously, responsibly, fairly, transparently and under security measures. For this reason, and in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016, RGPD), we hereby inform you of our data privacy policy.

Who is responsible for processing your data?

The legal entity responsible for data processing is Iridia Association, Centre for the Defence of Human Rights. Our main contact is [email protected], telephone 693563529, web www.iridia.cat and address C/ Riera d’Escuder 38, Nau 1 baixos, 08028 Barcelona.

How have we obtained your data?

We have your data so that at the time you have provided us through a web form, by mail or in writing, when joining the entity, to receive advice or to establish contact.

What data do we process?

Depending on the purpose of the data, these are personal, as well as Name and Surname, ID number, gender, age, email, telephone, address, bank account, although in cases of legal advice and litigation cases can also be treated sensitive data, relating to convictions and criminal offences, health data and data relating to minors.

For what purpose do we process your data?

At Irídia we treat the information provided by the interested parties according to their typology. The data of clients and suppliers with whom there is a commercial relationship are treated for fiscal and commercial purposes, the data of workers for the purpose of labor management, the data of candidates and associated persons for the purpose of relationship management, and the data of cases attended (sensitive data) in order to establish relationships, legal and judicial steps, make referrals and communication with institutions.

There are no plans to create profiles, make automated decisions with the data or cross-check data.

How long will we keep your data?

As long as the data subject does not request the deletion of the data, the data will be kept until the end of the relationship or, in cases where there is a legal obligation, will be kept for less than 5 years.

What allows us to use your data?

The condition, as a legal basis, that Irídia may process these data is the consent of the person concerned, by contract between the parties or by legal obligation. Above all, data of a judicial nature, data of a health nature, or data relating to minors, are processed with the explicit consent of the person concerned. It is always possible to withdraw the consent to the use of the data at any time.

To whom and why could we provide your data to third parties?

Personal data may be transferred to third parties for the provision of services, with limited access to its purpose and by means of a data protection contract.

In the referral of cases, the referral is direct, with explicit consent and does not store personal data or sensitive data of the person concerned.

Sensitive data relating to the cases that we carry may be transferred to institutions for judicial management of the case or by legal obligation. In cases of strategic litigation the data may be transferred to the media with the explicit consent of the person concerned.

In order to compile statistics iridium may dissociate the numerical data according to personal characteristics, without revealing the origin of the data, maintaining confidentiality and anonymity.

Do we make international data transfers?

Today Irídia does not produce international data transfers either inside or outside the European Union. However, we have begun to study data protection in greater depth in this regard as it is anticipated that in the future international transmissions of data may be made, such as transfer to third parties.

Which are the rights of the person concerned?

The interested party has the right to request access to their information and the processing activity that is done, as well as to request changes, modifications or deletions of both the data and the processing of these. This does not include data that we are obliged to keep for administrative, legal or security purposes. In order to exercise their rights, the interested party may contact iridio by e-mail at [email protected], and their request will be dealt with within a maximum period of one month.

Applied measures and good practices

In Irídia we keep the record of data processing activities updated, as we work with data that may pose a risk to the rights and freedoms of interested parties, relating to convictions, criminal data, health data and data of minors, therefore we work to ensure at all times that the security measures are applied.