Taxixi — Your taxi in Fuerteventura

1. Basic information on data protection

CONTROLLER

City Council of Puerto del Rosario

Tax ID: P3501800A

CONTACT

Calle Fernández Castañeyra, 2, 35600, Puerto del Rosario, Las Palmas

ayuntamiento@puertodelrosario.org

928 85 01 10

PURPOSE

The management of your request, doubt or enquiry and any administrative processing that may arise from it.

LEGAL BASIS

Compliance with a legal obligation (Article 6.1(c) of the GDPR), performance of a task carried out in the public interest or in the exercise of official authority (Article 6.1(e) of the GDPR). Consent of the data subjects, where required (Article 6.1(a) of the GDPR).

RECIPIENTS

Public Administrations in the exercise of their powers, when necessary to manage your request.

RIGHTS

Data subjects may request access to, rectification or erasure of their data, as well as exercise other rights or withdraw, where appropriate, the consent given through the website and/or the electronic headquarters, at Calle Fernández Castañeyra, 2, 35600, Puerto del Rosario, Las Palmas, or by sending an email to adpo@puertodelrosario.org

ADDITIONAL INFORMATION

You must read the detailed information on data protection below

2. Detailed information on data protection

The personal data linked to the website and the electronic headquarters under the responsibility of the City Council of Puerto del Rosario comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

2.1. Who is the Data Controller?

Controller’s details:

CONTROLLER: City Council of Puerto del Rosario

Tax ID: P3501800A

Address: Calle Fernández Castañeyra, 2, 35600, Puerto del Rosario, Las Palmas

Telephone: 928 85 01 10

DATA PROTECTION OFFICER (DPO) details:

APDTIC PROFESIONALES, S.L.

dpo@puertodelrosario.org

The City Council of Puerto del Rosario is responsible for maintaining a record of processing activities under its responsibility in compliance with the duties set out in Article 30 of the GDPR.

2.2. For what purpose do we process your personal data?

The City Council of Puerto del Rosario will process the personal data of data subjects, in general, to:

1. The City Council of Puerto del Rosario will process the personal data of data subjects, in general, to:

2. Verify or check the accuracy of the personal data that data subjects state are already held by public administrations or that were previously provided.

3. Send notifications and handle appeals.

4. Manage requests for information, suggestions, general communications and send newsletters.

2.3. What is the legal basis for processing your data?

The City Council of Puerto del Rosario is legitimised to carry out the processing of personal data in accordance with the lawfulness principle set out in Article 6 of the GDPR and, specifically, to:

As a general rule, in the case of administrative procedure activity the legal basis for processing will be the performance of a task carried out in the public interest or in the exercise of official authority, taking into account Law 39/2015, of 1 October, on the common administrative procedure; Law 9/2017, of 8 November, on public sector contracts; Law 39/2015, of 1 October, on the common administrative procedure, etc. In certain cases the processing will be legitimised by the consent of the data subjects. In any case, the legal basis will be included in the basic information clauses available in the personal data collection forms.

2.4. To which recipients will your data be communicated?

Your data may be communicated, in accordance with current legislation and whenever necessary to manage the procedure or request, to other public administrations in the exercise of their powers, to financial entities, to official journals, websites or notice boards of the City Council of Puerto del Rosario to provide the legally required publicity in procedures where necessary.

The basic information clauses will in any case include the specific recipients of the data.

2.5. How long will we keep your personal data?

The personal data provided will be kept as long as you do not request their deletion or cancellation and as long as they are adequate, relevant and limited to what is necessary for the purposes for which they are processed.

2.6. Will data be transferred to third countries?

No international data transfers will be made.

2.7. What are your rights when you provide us with your personal data?

Access: the right to obtain confirmation as to whether or not we are processing your personal data, to know what they are, what they are used for, how long they will be kept, their origin and whether they were or will be communicated to a third party.

Erasure: the right to request the deletion of personal data when they are inadequate, excessive or no longer necessary for the purposes for which they were collected, including the right to be forgotten.

Objection: the right to object, in certain circumstances, to the processing of your personal data or to request that the processing be stopped.

Restriction of processing: the right to request, in the circumstances established by law, that your data not be processed beyond their mere conservation.

Portability: the right to receive personal data in a structured, commonly used and machine-readable format, and to transmit them to another controller, where technically feasible.

2.8. Will you be able to withdraw your consent?

You will have the possibility and the right to withdraw your consent for any specific purpose given at the time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.

2.9. Where can you exercise your rights?

The data subject may exercise their rights free of charge, receiving a response within the periods established in the GDPR and the LOPDGDD, by the following means:

In writing at the registry of the City Council of Puerto del Rosario. This request must be signed and accompanied by a copy of the ID card or passport of the data subject. If acting through a legal representative, the representative’s ID and the document accrediting the representation must also be provided.

If the City Council of Puerto del Rosario has reasonable doubts regarding the identity of the natural person making the request, it may request the additional information necessary to confirm the identity of the data subject. The City Council of Puerto del Rosario must respond to the request within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests received. The data subject will in any case be informed within one month of receipt of the request.

Any data subject may also address their request to exercise rights to the Data Protection Officer at the following email address: dpo@puertodelrosario.org

For more information: https://www.aepd.es/reglamento/derechos/index.html

2.10. How can you lodge a complaint with the Supervisory Authority?

If your rights have not been respected you may lodge a complaint in writing with the Spanish Data Protection Agency (AEPD) at Calle Jorge Juan, 6-28001-Madrid or use the electronic headquarters: https://sedeagpd.gob.es/sede-electronica-web/

In both cases, you must attach the relevant documentation.

2.11. What security measures are in place?

In compliance with Article 32 of the GDPR and taking into account the provisions of Additional Provision One of the LOPDGDD 3/2018, the City Council of Puerto del Rosario has security measures established by its internal security regulations that follow the National Security Scheme (ENS) regulated by Royal Decree 311/2022, of 3 May.

APPLICABLE REGULATIONS

3. Data Protection Rights

The data protection regulations allow any person to exercise their rights of access, rectification, erasure and data portability, objection and restriction of processing, as well as not to be subject to decisions based solely on automated processing of their data.

3.1. Right of access

The data subject has the right to be informed:

of the purposes of the processing, as well as the categories of personal data processed and any possible disclosures of data and their recipients
of the storage period for the data, where possible. If not, the criteria used to determine this period
of the right to request rectification or erasure of data, restriction of processing, or to object to it
of the right to lodge a complaint with the supervisory authority
to obtain, where the personal data have not been obtained from the data subject, any available information as to their source
to receive information on appropriate safeguards if an international transfer of data takes place
to obtain a copy of the data undergoing processing
of the existence of automated decisions (including profiling), the logic involved and the consequences of this processing.

This must be distinguished from the right of access of interested parties to administrative files regulated by Law 39/2015, of 1 October, on the Common Administrative Procedure of Public Administrations, as well as the right of access regulated by Law 19/2013, of 9 December, on transparency, access to public information and good governance.

3.2. Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data, as well as to have incomplete personal data completed, including by means of an additional statement.

3.3. Right to erasure (right to be forgotten)

The data subject may request the erasure of personal data when any of the cases provided for in the legislation applies, especially where the purpose that motivated the processing disappears, or where personal data have been processed unlawfully.

This right is excepted in cases where it must be overridden for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

3.4. Right to restriction of processing

Allows the data subject to obtain from the controller restriction of processing when:

the accuracy of the data is contested, while such accuracy is being verified by the controller
the processing is unlawful but the data subject opposes the erasure of the data and requests the restriction of their use instead
the controller no longer needs the data for the purposes of the processing, but the data are required by the data subject for the establishment, exercise or defence of legal claims
the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject

3.5. Right to data portability

The data subject shall have the right to receive from the controller the personal data concerning him or her, in a structured, commonly used and machine-readable format, or to have them transmitted to another controller where technically feasible.

3.6. Right to object

The data subject may object to processing:

When, on grounds relating to his or her particular situation, the processing of the data must cease, unless a legitimate interest is demonstrated which overrides the interests, rights and freedoms of the data subject, or the processing is necessary for the establishment or defence of legal claims.
When the processing is for direct marketing purposes.

Forms to exercise your rights:

4. Record of processing activities

Article 30 of Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) establishes that each controller shall maintain a record of processing activities (RPA) carried out and containing the information indicated below:

The name and contact details of the controller and of the data protection officer.
The purposes of the processing.
A description of the categories of data subjects and of the categories of personal data.
The categories of recipients to whom the data have been or will be disclosed.
Transfers of personal data, if any.
Where possible, the envisaged time limits for erasure of the different categories of data.
A general description of the technical and organisational security measures.

Likewise, as regulated in Article 31.2 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), all entities included in Article 77.1 of this organic law must make public an inventory of their processing activities containing the information established in Article 30 of the GDPR and the legal basis legitimising the processing of personal data.

In accordance with this regulation, a record of processing activities carried out by the City Council of Puerto del Rosario is maintained:

LINK TO THE RECORD OF PROCESSING ACTIVITIES IN THE TRANSPARENCY PORTAL

5. Data Protection Officer (DPO)

Article 37.1 of Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) establishes that public authorities and bodies are required to designate a Data Protection Officer (DPO).

The City Council of Puerto del Rosario has duly appointed its DPO, as can be verified at: DPO Query

Data Protection Officer: APDTIC PROFESIONALES, S.L.
Contact: dpo@puertodelrosario.org

Its functions are defined in Article 39 of the GDPR and consist mainly of informing and advising the City Council of Puerto del Rosario and its staff about their obligations regarding the processing of personal data, and monitoring compliance therewith. It must also cooperate with the Spanish Data Protection Agency (AEPD) and act as a contact point between it and the City Council of Puerto del Rosario.

In turn, any citizen may contact the Data Protection Officer if they have doubts about the processing of their data by the City Council of Puerto del Rosario or do not agree with it. To do so, you can contact the Data Protection Officer of the City Council of Puerto del Rosario by writing to the email address dpo@puertodelrosario.org

More information: Spanish Data Protection Agency – Data Protection Officer.