Logo Fundación Xana
Corazón blanco Collaborate
Corazón multicolor
Botón desplegable menú Botón cerrar desplegable menú
Corazón blanco Collaborate

PRIVACY POLICY



In accordance with the provisions set forth in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, “GDPR”) and Organic Law 3/2018, of 5 December, on Personal Data Protection and the guarantee of digital rights (hereinafter, “LOPDGDD”), the purpose of this Privacy Policy is to inform data subjects who visit or use the website https://fundacionxana.org/ (hereinafter, the “Website”) of the processing of their personal data.



1. Who is the Data Controller?

The Data Controller for the processing of your personal data is Xana Foundation, with Tax Identification Number (NIF) G-56290885 and registered address at Avinguda d’Europa, 119, 08850, Gavà, Barcelona (hereinafter, the “Xana Foundation” or the “Foundation”).
You can also contact the Foundation through the email address rgpd@fundacionxana.org


2. How do we obtain your personal data? Data collection

Personal data may come from the following sources:

  • Personal data that you provide us directly, for example, through one of the forms enabled on our website or when you contact us through any of our contact channels.
  • Personal data indirectly provided to us by social workers at hospitals or entities with whom you collaborate or are in contact in order for you to be a beneficiary of one of the Foundation’s projects.
  • Data we collect through cookies and similar technologies when you visit the website. The Foundation uses various technologies to collect and store information and this may include the use of cookies or similar technologies to identify your browser or device. You can obtain more information through our Cookies Policy.


3. For what purpose and on what legal grounds do we process your personal data? How long are the data stored?

The Foundation processes your data based on your collaborative relationships with us. The data we collect are only those which are strictly necessary to manage the established relationships, and is appropriate, relevant, not excessive and limited to what is necessary in relation to the purposes for which they are processed.
Below, we describe the purposes for which the Foundation collects and processes your personal data, categorized according to your collaborative relationship with us:


DATA SUBJECTS:

If we do not have a collaborative relationship with you, but you choose to interact with us, the Foundation may process your personal data for the following purposes:

  • La Managing, processing and addressing possible requests, comments and/or queries qyou make through any of our contact channels. The legitimate grounds for the processing shall be your consent expressed with a clearly affirmative action when making said request, comment and/or query.
    In the event that you have provided your consent for this purpose, your data shall be stored until we have finished managing your request, comment and/or query. In any case, when you request to withdraw your consent, your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
  • If you subscribe to our Newsletter, we process the data in order to manage the delivery settings for the newsletter related to the projects, activities and other news of Xana Foundation. The legitimate grounds of the processing shall be your consent expressed with a clearly affirmative action when registering to receive said newsletters and/or checking the corresponding box.
    In this regard, we remind you that you can unsubscribe from the Newsletter at any time through the mechanism that has been enabled for this purpose and/or by following the instructions available in the newsletter itself.
    In the event that you have provided us with your consent for this purpose, your data will be stored until you request to withdraw your consent, in which case your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.


VOLUNTEERS:

If you are a volunteer, your personal data will be processed by the Foundation in order to:

  • Process your request, manage and participate in our projects, events, activities, services and volunteering events. The legitimate grounds for the processing of your request shall be your consent expressed when registering as a volunteer, while the management and participation is carried out based on the execution of the existing contractual relationship between you and the Foundation.
    The data will be stored until the end of your volunteer relationship with us, and your data shall subsequently be duly blocked during the periods resulting from the prescription of legal actions related to this processing.
  • Manage and address possible consultations and/or requests that you make. The legitimate grounds for processing shall be your consent expressed with a clearly affirmative action when making said consultation and/or request.
    In the event that you have provided your consent for this purpose, your data shall be stored until we have finished managing your query and/or request. In any case, when you request to withdraw your consent, your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
  • Send you notifications in order to keep you informed about the projects in which you act as a volunteer and about activities of interest to the Foundation related to your volunteer profile. The legitimate grounds of the processing is the legitimate interest of the Foundation.
    The data shall be stored until you object to the processing, unless the Foundation proves compelling legitimate reasons for the processing to prevail over your interests, rights and freedoms, or for the formulation, exercise or defence of claims, and the data shall be duly blocked.


PARTNER OR DONOR:

If you are a partner or donor, your personal data shall be processed by the Foundation in order to:

  • Process your application, and to manage your status and to participate according to your status as a partner or donor of the Foundation. The legitimate grounds for the processing of your request shall be your consent expressed when registering as a partner or donor, while the management and participation is carried out based on the execution of the existing contractual relationship between you and the Foundation.
    The data will be stored until the end of your relationship as a partner or donor with us, and your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
  • Manage the donations and financial contributions that you make to the Foundation, including managing certificates of donation as well as for accountability purposes. The legitimate grounds for the processing is the contractual relationship established between the Foundation and the partner.
    The data will be stored until the end of your relationship as a partner or donor with us, and your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
  • Manage and address possible consultations and/or requests hat you make. The legitimate grounds for processing shall be your consent expressed with a clearly affirmative action when making said consultation and/or request.
    In the event that you have provided your consent for this purpose, your data shall be stored until we have finished managing your query and/or request. In any case, when you request to withdraw your consent, your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
  • Send you communications in order to keep you informed about our projects, campaigns and activities that may be of interest to you. The legitimate grounds of the processing is the legitimate interest of the Foundation.
    The data shall be stored until you object to the processing, unless the Foundation proves compelling legitimate reasons for the processing to prevail over your interests, rights and freedoms, or for the formulation, exercise or defence of claims, and the data shall be duly blocked.


BENEFICIARIES:

If you (and the minor of whom you are the parent or legal guardian) are a beneficiary of one of the Foundation’s projects, we shall process your personal data (and that of the minor of whom you are the father, mother or legal guardian) in order to: :

  • Manage and process your inclusion, as well as that of the minor of whom you are the father, mother or legal guardian, as a beneficiary in our projects so that the Foundation can provide the relevant service. The legitimate grounds of the processing is the execution of the existing contractual relationship between you, as a beneficiary, and the Foundation.
    The data shall be stored until the end of your relationship as a beneficiary with us, and shall be subsequently duly blocked during the periods resulting from the prescription of legal actions related to this processing.
  • Manage and address possible consultations and/or requests that you make. The legitimate grounds for processing shall be your consent expressed with a clearly affirmative action when making said consultation and/or request.
    In the event that you have provided your consent for this purpose, your data shall be stored until we have finished managing your query and/or request. In any case, when you request to withdraw your consent, your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.


CLIENTS:

If you are a client, your personal data will be processed by the Foundation in order to:

  • Manage the sales of different products or merchandising carried out through the Foundation’s online store This purpose includes managing the payment, shipping and possible returns of the products you may purchase, in addition to managing requests for information about the availability of our products or merchandising. The legitimate grounds of the processing is the execution of the existing contractual relationship between the client and the Foundation.
    The data shall be stored until the end of your contractual relationship with us, and shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
  • Manage and address possible consultations and/or requests that you make. The legitimate grounds for processing shall be your consent expressed with a clearly affirmative action when making said consultation and/or request.
    In the event that you have provided your consent for this purpose, your data shall be stored until we have finished managing your query and/or request. In any case, when you request to withdraw your consent, your data shall be subsequently duly blocked for the periods of time resulting from the prescription of the legal actions related to this processing.
  • Send you communications about our products or services that may be of interest to you. The legitimate grounds of the processing is our legitimate interest in keeping you informed about products or services similar to those initially that you have contracted.
    The data shall be stored until you object to the processing, unless the Foundation proves compelling legitimate reasons for the processing to prevail over your interests, rights and freedoms, or for the formulation, exercise or defence of claims, and the data shall be duly blocked.


4. To whom do we disclose your personal data?

We shall not disclose your personal data to third parties except to government agencies, organizations and/or competent authorities and the relevant law enforcement agencies and bodies, in cases where there is a requirement, a legal obligation or we consider that there are sufficient indications and/or suspicions that there may be an illegal act or criminal offense.
Notwithstanding the above, we inform you that your personal data may be accessed by third-party providers who act and process your personal data on behalf of Xana Foundation as data processors. We have entered into the corresponding data processing contract with all our suppliers in accordance with personal data protection regulations.


5. Are international transfers of personal data carried out?

Xana Foundation does not directly transfer your data outside the European Economic Area ("EEA"), and in the case that this were to occur on some occasion, you will be informed of said transfer ahead of time and it will be carried out, in any case, on the basis of the signing with said companies located outside the EEA of standard data protection clauses approved by the European Commission for international transfers, or on the basis of the adoption of any of the other appropriate guarantees provided for in articles 44 to 50 of the GDPR.
However, we inform you that the access and processing of your personal data by our email marketing provider, The Rocket Science Group LLC (“MailChimp”), entails that your data will be transferred to the United States, a country that has been declared to have an adequate level of protection by the European Commission for personal data transferred from the EU to US companies participating in the new framework (“Data Privacy Framework EU-US”), pursuant to the decision dated 10 July 2023. In this sense, The Rocket Science Group LLC is an active participant in the EU-US Data Privacy Framework.


6. What are your rights?

We inform you that you can exercise the following rights:

  • Right of access: You have the right to consult whether or not your personal data are being processed, and, if applicable, receive a copy of the personal data that we process about you.
  • Right to rectification: You have the right to obtain rectification of your personal data when they are inaccurate or to request that it be completed if it is incomplete.
  • Right to erasure (or “right to be forgotten”):: You have the right to request the erasure of your personal data in cases where your data are no longer required to carry out the purpose for which it were collected, when you withdraw your consent in cases where this is the legitimate grounds of the processing, whenever you object and other reasons do not prevail, when your data are processed unlawfully or in cases where the erasure entails compliance with a legal obligation. However, this right is not unlimited, so it may be feasible not to proceed with the erasure in certain circumstances.
  • Right to object: You have the right to object at any time, in relation to your particular situation, to the processing of your personal data so that we stop processing it for a specific purpose.
  • Right of limitation: You have the right to request the limitation of the processing of your personal data, with the suspension or storage of your data, depending on the circumstances.
  • Right of data portability: You have the right to receive the personal data that you have provided to us in a structured, commonly used, machine-readable and interoperable format, as well as to transfer them to another entity.

We inform you that Xana Foundation does not make any automated decision-making regarding your personal data.
Likewise, when the personal data processing is based on your consent, you may withdraw said consent at any time,, without this affecting the legality of the processing based on consent prior to your withdrawal.
You can exercise your rights by email at rgpd@fundacionxana.org or by mail to Xana Foundation, Avinguda d’Europa, number 119, Block O, Apartment 10, 08850, Gavà, Barcelona. We aim to help you whenever you wish to exercise your rights, although in some cases we may have legitimate reasons to reject your request.
We will review your request and provide you with a response within one (1) month of receiving it. However, we may have to extend this period by an additional two (2) months, in cases where this is necessary for us to provide an adequate response (for example, if the request is complicated to manage and we need more time to do so). In any case, we will inform you about the reasons for said delay. If we decide not to take action on the request, we will also inform you of the reasons for not doing so.
If you do not agree with the decision we make in relation to your request to exercise your rights or if you have any claim, you can lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).


7. Additional information:

  • Privacy Policy Updates: We may update this Privacy Policy from time to time to reflect changes in the way we process personal data or to clarify certain information included in this Privacy Policy. For this reason, we recommend reviewing this Privacy Policy on a regular basis. However, we will notify you directly about any material changes to it or how we use your personal data whenever we are required by law to do so.
  • Third-party personal data: If the personal data provided belongs to a third party, you guarantee that you have informed said third party of the aspects contained in this Privacy Policy, and you have obtained their consent to provide us with their data for the purposes indicated in this Privacy Policy.


Last update: March 2024.