The EU General Data Protection Regulation 2016/679 (GDPR) states that organisations that collect and/or process personal data must implement the necessary technical and organisational measures (art. 32 of the GDPR 2016/679) to ensure the protection of personal data, privacy and the rights and freedoms of data subjects, as well as to establish procedures to ensure the right to information of data subjects, which from the point of view of the web environment will be limited to web users.
Forum Business Travel (hereinafter BFT), with CIF B85987378 and address at calle Santísima Trinidad, 30, 3º4ª,28010, Madrid, telephone 91 391 84 75, email info@forumbusinesstravel.com informs you that we will process the personal data provided by you as a web user for various purposes. The identification and contact data provided by you in the registration process or when registering for an event will be kept for as long as the commercial, training or assistance relationship with our events is maintained, unless you oppose or limit it. The rest of the data associated with your person or the entity you represent will be kept for the time necessary to comply with legal obligations, depending on the data and/or documents where they were collected or included (e.g. web form, contracts, invoices, etc.). The data will not be passed on to third parties except in cases where there is a legal obligation, therefore, in that scenario, no consent from you would apply or that are necessary for the provision of service or mandate entrusted by you. You have the right to obtain confirmation as to whether FBT is processing your personal data, and therefore, you have the right to exercise your rights that the current regulatory framework confers on them.
The purpose of this "Privacy and Data Protection Policy" is to inform you of the conditions governing the collection and processing of your personal data by FBT or to safeguard your fundamental rights, honour and freedoms, all in compliance with the current regulations governing the protection of personal data according to the European Union and the Spanish State, as a member state.
In accordance with these regulations, we need your permission and consent for the collection and processing of your personal data, so here are all the details of interest to you about how we carry out these processes, for what purposes, which other entities may have access to your data and what your rights are.
2.2.- DATA CONTROLLER
The Data Controller is the natural or legal person, of a public or private nature, or administrative body, which alone or jointly with others determines the purposes and means of the processing of personal data. In the event that the purposes and means of the processing are determined by the law of the European Union or Spain, as a member state, it is FBT, who will act, in general, as the sole data controller.
2.3.- EXERCISE OF RIGHTS
You, as the owner of the data, may exercise your rights at calle Santísima Trinidad, 30, 3º4ª, 28010, Madrid, telephone 91 391 84 75 or by sending an email to the following email address info@forumbusinesstravel.com (stating in the subject line GDPR).
FBT has appointed a person to manage data protection, who is responsible for ensuring proper compliance with the current regulatory framework and implementation of security and confidentiality policies limited to the processing of data. This person is called Internal Coordinator of RGPD Compliance (Mr. Oscar García), if you need, you can contact him at the above address at the attention of info@forumbusinesstravel.com (please enter in the subject line to extend the GDPR info with the Coordinator)
2.4.- SECURITY MEASURES
FBT has adopted the necessary organisational and technical measures to guarantee the security and privacy of your data, avoid its alteration, loss, processing or unauthorised access, depending on the state of the technology, the nature of the data stored and the risks to which they are exposed. Among others, the following measures stand out:
1. Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
2. Restore availability and access to personal data quickly, in case of a physical or technical incident (through the correct management of privacy policies).
3. Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
4. Pseudonymise and encrypt personal data, in the case of sensitive data (establish that this type of data processing is not currently being carried out).
2.5.- PURPOSE OF THE PROCESSING
The purpose of data processing will be determined by an analysis of the basis of legitimacy that applies to the data or data and purpose or purposes, for which we detail below the intended uses and purposes. Even so, we will only carry out the processing of the purposes for which you have authorised us using the forms provided for this purpose on the website.
2.6.- LEGITIMISATION OF THE PROCESSING
The collection and processing of your data is always legitimised by one or more legal bases in accordance with Article 6 of the GDPR 2016/679.
2.7.- RECIPIENTS OF YOUR DATA
Sometimes, in order to comply with our legal obligations and our contractual commitment to you, we are obliged and required to transfer some of your data to certain categories of relevant public bodies such as the Tax Agency and similar when a service contract is entered into between the parties.
In the processing of your data carried out by FBT, we need to contract external services, in the technological field, which may involve your data being stored and/or processed by companies known as data processors.
2.8.- INTERNATIONAL TRANSFER OF DATA
At this time, the concept of data transfers outside the territorial scope of Spain and, by extension, the EU applies.
2.9.- DATA COLLECTION FORM
At present, the data that can be collected on the website is limited to the forms established for this purpose:
1. Event registration form:
The origin of the data is the data subject himself or his legal representative. The type of data collected and processed are name and surname, postal address, e-mail address, position and company name.
Derived from the formalisation of the registration to the event, as a factual fact that configures the basis of legitimacy for the processing of the data, FBT may use your contact details to send you information about upcoming events that it considers of interest to you.
Identifying and contact data will be kept indefinitely, except in the case of cancellation, opposition or limitation of processing.
2. Newsletter registration form:
The source of the data is the data subject or his or her legal representative. The type of data collected and processed are name and surname, postal address, e-mail address, position and company in which he/she works..
As a result of the formalisation of registration, a fact that constitutes the basis of legitimacy for the processing of data, FBT may use your contact details to send you information of its own interest and that of the sector.
Identifying and contact data will be kept indefinitely, except in the case of cancellation, opposition or limitation of processing.
2.10.- RIGHTS OF THE INTERESTED PARTIES
The current data protection regulations recognise a series of rights in relation to the use we make of the data. Each and every one of your rights are unipersonal and non-transferable, that is, they can only be exercised by the owner of the data, after verification of their identity by the data controller (in this case FBT)..
Here are the rights you are entitled to:
Request ACCESS to your personal data
Request RECTIFICATION of your detailss
Request the DELETION or erasure of your data (right to be "forgotten").
LIMIT or object to our use of your data Right to the PORTABILITY of your data for telecommunications or internet services.
Right to WITHDRAW your consent at any time
The right to lodge a data protection COMPLAINT with the Supervisory Authority: Data Protection Agency.
To exercise your rights of access, rectification, erasure, restriction or objection, portability and withdrawal of consent, you may do so in accordance with point 4 or through the State Authority designated for this purpose. Spanish Data Protection Agency
In addition to the aforementioned rights, if you believe that your data is not being collected or processed in accordance with current Data Protection legislation, you may file a complaint with the Referenced Control Authority.