The City Council of Elche is governed by the Regulation (EU) 2016/679 of the European Parliament and Council, dated the 27th of April, 2016, the General Data Protection Regulation (referred to hereinafter as GDPR), the Organic Law 3/2018 dated the 5th of December, on the Protection of Personal Data and the guarantee of digital rights (hereinafter referred to as the LOPD-GDD as per its Spanish acronym) and other applicable rules and regulations, in order to guarantee the protection of personal data of users and the security of information.
The objective of this Privacy Policy is to provide information on the way in which the City Council of Elche obtains, processes and protects personal data, as well as the rights of users in relation to the data supplied.
The personal data requested shall be strictly necessary to identify and deal with the request from the owner or to provide the services requested.
Protection of personal data
Data controller
City Council of Elche
TIN P0306500J
Address
Plaça de Baix nº 1, 03202 Elche
Telephone number
966658000
Data Protection Officer
Data Protection and Information Security Office
Email address
dpd@elche.es
Purposes
Management of administrative procedures and activities carried out by the City Council when exercising its Powers and complying with its obligations.
This entity can take automated decisions based on the legal coverage granted in article 41 of the Law 40/2015, dated the 1st of October, on the Legal System of the Public Sector. It would be any act or deed carried out entirely through electronic media in the scope of an administrative procedure and in which no individual has been directly involved.
The automated decision making must be provided for in a specific regulation, which includes the specifications, programming, maintenance, supervision and quality control. This regulation shall be made available to citizens in the electronic Office of this Entity.
Data storage
We store the data for as long as it is necessary to be able to comply with the legal obligations established by the administrative rules and regulations, and always, complying with at least the minimum time established to keep the information. In accordance with what is established in article 26 of the LOPD-GDD this Entity is legally allowed to process the data for archiving purposes in public interest, always complying with the existing law on archives and documentation.
Legitimation / Applicable legal basis
The City Council of Elche is mainly governed by the following regulatory framework with regard to the protection of personal data and information security:
Regulation (EU) 2016/679 from the European Parliament and Council, dated the 27th of April, 2016, regarding the protection of individuals when it comes to the processing of their personal data and the free circulation of this data (GDPR).
Organic Law 3/2018 dated the 5th of December, on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD).
Royal Decree 311/2022 dated the 3rd of May, through which the National Security Scheme is governed.
Regulatory developments, instructions, directives, rules and standards that are in force at all times on the protection of personal data and information security.
Furthermore, the Register of Data Processing Activities (RAT as per its Spanish acronym) managed by the City Council of Elche can be consulted.
The different municipal procedures and activities involve processing based on different legal grounds listed in the GDPR:
Consent of the interested party, when required.
Contractual relationship.
Vital interests of the interested party or other people.
Exercise public powers granted to the data controller and/or the data controller complying with a legal obligation.
Development of the municipal competences granted by the state and autonomous community legislation that governs the local system.
Significant basic legislation
Law 7/1985, dated the 2nd of April, Regulating the Basis of the Local Government System.
Law 39/2015, dated the 1st of October, on the Common Administrative Procedure of the Public Authorities.
Law 40/2015 dated the 1st of October, on the Legal System of the Public Sector.
Specific legislation of the municipal services. Depending on each data processing case.
Recipients
Users’ data can be passed on to the competent public and/or private entities, stakeholders or those necessary to process the procedures and/or manage the municipal activities, and in the cases provided for by the Law.
Rights
Anyone is entitled to obtain information about whether their personal data is being processed in this Entity or not.
Interested parties are entitled to access their personal data, for as long as their data is being stored and even obtain a copy of the data that is being processed.
Furthermore, they are also entitled to rectify the data if it is not correct. (For example, they can ask to have their address corrected, a name changed, etc.).
Interested parties are entitled to restrict the processing of their data, they have to ask the data controller about this, which must stop processing the data when citizens ask for their data to be corrected or removed, until their request has been resolved.
The interested parties can exercise their right to erasure (right to be forgotten) as long as the circumstances that are listed in the GDPR exist and in accordance with the provisions established in article 15 of the LOPD-GDD.
The affected party can exercise their right to object to the data processing, as long as there are reasons related to their personal situation, except for if they can prove that they have a legitimate interest, or it is necessary to make or defend themselves against any possible claims. Moreover, when the objective of the data processing is direct marketing.
The interested party shall have the right to data portability to obtain data in a structured commonly used and machine-readable format, which can be passed on directly to another data controller when the processing is based on the consent or it is carried out through automated means.
This request can be made:
Electronically through the procedure that is available in the Electronic Office.
In person through the Network of Municipal Citizen Service Offices (OMAC as per its Spanish acronym)
Email sent to: dpd@elche.es
In all of the cases, the City Council must check the identity of the interested party to make sure that they are the owner of the data that is being processed, which means that a copy or reference of the valid identification document (DNI, NIE, Passport) must be included. To this end, the City Council shall exercise its powers to check data, which are provided for in the eighth additional provision of the LOPD-GDD. If the interested party is being represented their legal representative must duly prove the power of attorney that has been granted to them.
International transfers
Data shall not be transferred abroad. In special cases whenever it is necessary, the corresponding authorisation from the Supervisory Authority shall be requested.
