Privacy Policy
This is the data protection policy of the Banyoles city council. It refers to the data of natural persons with whom it interacts in the exercise of its powers and functions. Given the functions of the Banyoles city council, some processing is the result of providing services to other public administrations that have delegated functions to it. The processing is carried out in compliance with the General data protection regulation (Regulation (EU) 2016/679 of the European parliament and of the Council, of April 27, 2016) and the state regulations on this matter.
Who is the controller for the processing of personal data?
The controller for the processing of personal data is the Banyoles city council (hereinafter, the City council), with CIF P1701600G and address at Passeig de la indústria, 25, Banyoles (CP 17820), oac@ajbanyoles.org, www.banyoles.cat.Criteria for processing personal data
In the processing of data, we fully assume the principles of the General data protection regulation.
a) We process them lawfully (only when we have a legal basis that allows us to do so and with transparency towards the data subject).
b) We use them for the specific, explicit, and legitimate purposes explained at the time of collection. Subsequently, we do not process them in a way incompatible with these purposes.
c) We process only adequate, relevant, and limited data to what is necessary in each case and for each purpose.
d) We strive to keep the data up to date.
e) We keep them for the necessary time, complying with the regulations governing the conservation of public information.
f) We apply appropriate technical or organizational measures to prevent unauthorized or unlawful processing, or its accidental loss, destruction, or damage.
Who is the Data protection officer
The Data protection officer (DPO) is the person who supervises compliance with the City council’s data protection policy, ensuring that personal data is processed appropriately and that people’s rights are protected. Among their functions is to address any doubts, suggestions, complaints, or claims from the people whose data is processed. You can contact the Data protection officer by writing to Passeig de la indústria, 25, Banyoles (CP 17820), tel. 972570050 or at dpd@ajbanyoles.org.Purpose of processing and to whom it is communicated
The City council processes data to exercise its powers and functions. The City council’s services are described on its website and its electronic office. A full description of the processing operations and the purposes for which the data is used can be found in the Register of processing activities of October 14, 2022. You can also consult the previous ones: Register of processing activities of June 22, 2020, Register of processing activities of October 31, 2019, Register of processing activities of April 10, 2019, and the Register of processing activities of May 25, 2018.
Census registration
Residents of the municipality must be included in the register of inhabitants. At the City council, we carry out the necessary procedures to keep it updated based on the information provided by the interested parties and by ex officio actions of our services. The register data serves to prove residence in the municipality, to know the address for notification purposes, to perform statistics, to form the electoral census, and other purposes established in the Law on the bases of local regime and other regulations governing the register. The communication of register data is limited to cases authorized by the regulations which provide, among other cases, for communication to other administrations when it is necessary to know a citizen’s address in the context of an administrative procedure.
Administrative procedures and formalities
In accordance with the requests of the interested parties, we use their data to follow the specific processing of each formality. The catalog of formalities and the procedure followed can be consulted at the City council’s electronic office. Depending on the procedure, data may be communicated to other competent administrations in the matter. In some cases, they must be published in compliance with the principle of transparency.
Tax management and collection
The management of taxes and the collection of other public law income involves the processing of a significant volume of personal data, which is processed continuously and sometimes comes from other administrations. They are processed solely for this purpose. Always following the governing regulations, data may be communicated to other administrations. In some cases, they must be published for notification purposes. In the case of the City council, these actions have been delegated to the Consell comarcal del pla de l’estany.
Services
For the provision of services, we process the data provided by the beneficiaries or those obtained from other administrations. Offering these services often involves monitoring and obtaining new data from the people who use them. As a general criterion, data is not communicated to other people without the explicit consent of the service user.
Activities
In organizing cultural, leisure, training, or sports activities, we receive data from the people who register, for the purpose of organizing the activity. As a general criterion, data is not communicated to other people without the explicit consent of the person participating in the activity.
Contact
We handle inquiries from people who use the contact forms on our website. The data is used solely for this purpose and is not communicated to other people.
Personnel selection
We receive CVs and announce personnel selection processes. The data provided by interested parties allows for the evaluation of merits and the analysis of the suitability of the candidates’ profiles based on vacant or newly created positions. They are not communicated to other people.
Sending information
With the explicit authorization of each person, we use the contact details provided to inform them of our initiatives, services, or activities. We do this through different channels depending on how each person has authorized it. They are not communicated to other people without their consent.
Management of our suppliers’ data
We record and process data from suppliers from whom we obtain services or goods. This can include data of individuals acting as self-employed and also data of representatives of legal entities. We obtain the essential data to maintain the commercial relationship and use them solely for this purpose. In compliance with legal obligations (tax regulations), we communicate data to the tax administration.
Video surveillance
Access to our facilities is informed, where applicable, of the existence of video surveillance cameras through standardized signs. The cameras record images only in areas where it is justified to guarantee the safety of property and people. The images are used solely for this purpose. Images of public roads are also recorded as support for traffic actions and for reasons of public safety and to ensure compliance with ordinances. The location of these cameras can be consulted here. The images are intended exclusively for these purposes. In justified cases, we communicate the data to security forces or competent judicial bodies.
Legal basis for data processing
The data processing we carry out has different legal bases, depending on the nature of each treatment.
Compliance with legal obligations
The processing of data in the context of administrative procedures is carried out following the regulatory rules of each procedure. It is carried out in compliance with legal obligations.
Fulfilling a mission in the public interest
Processing resulting from the provision of our services is justified by satisfying the public interest. The images we obtain with video surveillance cameras are also processed to preserve the public interest.
Performance of a contractual or pre-contractual relationship
We process our suppliers’ data following the public sector’s own contracting regulations, to the degree and extent necessary for the development of the contractual relationship. In another sense, but also within the framework of contractual or pre-contractual relationships, we process data of people who participate in selection processes or who join our institution.
Based on consent
When we send information about our initiatives, services, or activities, we process the contact details of the recipients with their explicit authorization or consent.
How long we keep the data
The storage period for the data is determined by different factors, mainly the fact that the data remains necessary to meet the purposes for which they were collected in each case. Secondly, they are kept to face possible liabilities for the processing of data by the City council, and to meet any requirements from other public administrations or judicial bodies.
Consequently, the data must be kept for the time necessary to preserve its legal or informative value or to prove compliance with legal obligations, but not for a period longer than necessary according to the purposes of the processing.
In certain cases, such as data appearing in accounting documentation and invoicing, tax regulations require them to be kept until the liabilities in this matter prescribe.
In the case of data processed exclusively according to the consent of the interested person, they are kept until that person revokes such consent.
Finally, in the case of images obtained by video surveillance cameras, they are kept for a maximum of one month, although in the case of incidents that justify it, they are kept for the time necessary to facilitate the actions of security forces or judicial bodies.
The regulations governing the conservation of public documentation and the opinions of the National commission for access, evaluation and documentary selection are a reference and determine the criteria we follow in the conservation or deletion of data.
What rights do people have in relation to the data we process
As provided for in the General data protection regulation, the people whose data we process have the following rights:
To know if they are being processed. Anyone has, first of all, the right to know if we process their data, regardless of whether there has been a previous relationship.
To be informed at the time of collection. When personal data is obtained from the data subject, at the time of providing it, they must have clear information about the purposes for which it will be used, who will be the controller, and the main aspects derived from this processing.
To access it. A very broad right that includes knowing precisely which personal data are being processed, what the purpose of the processing is, the communications to other people that will be made (if applicable), or the right to obtain a copy or to know the expected conservation period.
To request rectification. This is the right to have inaccurate data being processed by us corrected.
To request erasure. In certain circumstances, there is the right to request the erasure of data when, among other reasons, they are no longer necessary for the purposes for which they were collected and justified the processing.
To request restriction of processing. Furthermore, under certain circumstances, the right to request the restriction of processing of your data is recognized. In this case, the data will no longer be processed and will only be stored for the establishment, exercise, or defense of legal claims, in accordance with the General Data Protection Regulation.
To portability. In the cases provided for in the regulations, the right to obtain one’s own personal data in a structured, commonly used, machine-readable format and to transmit them to another controller if the interested person so decides is recognized.
To object to processing. A person may plead reasons related to their particular situation, reasons that will mean their data will stop being processed to the degree or extent that could cause them harm, except for legitimate reasons or the exercise or defense against claims.
To not receive information. We immediately attend to requests to stop receiving information about our activities and services, when these mailings were based solely on the consent of the recipient.
How to exercise or defend rights
The rights just listed can be exercised by sending a request to the City council at the postal address or other contact details indicated in the header.
If a satisfactory response has not been obtained in the exercise of rights, it is possible to file a complaint with the Catalan data protection authority, through forms or other channels accessible from its website (www.apd.cat).
In all cases, whether to file complaints, request clarifications, or send suggestions, it is possible to contact the Data protection officer by email at dpd@ajbanyoles.org.
