1. Who is responsible for the data treatment of the interested parties?

The responsible person for data treatment of the interested parties is Scholas Occurrentes Foundation, CIF G87291365, with registered office at Calle Covarrubias 22, 28010, Madrid and business address at Calle Hortaleza 48, floor 1, 28004, Madrid (hereinafter “Scholas”).

The “Responsible Person” can be any natural or legal person, authority or other entity that, alone or together with others, determines the purposes and means of the data treatment. Likewise, “Interested party” is the natural person owner the data which is been treated.

Interested parties can contact Scholas through the email protecciondatos@scholasoccurrentes.org, or through the phone (+34) 910 609 641.

  1. Personal data and treatment of personal data

Personal Data” is all information about an identified or identifiable natural person (interested party). Identifiable natural person shall be any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of the identity, physical, physiological, genetic, psychic, economic, cultural or social of said person.

Likewise, “Treatment” is considered to be any use, operation or set of operations carried out on personal data or sets of personal data, whether by automated or non-automated procedures, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, broadcast or any other form of enabling access, collation or interconnection, limitation, deletion or destruction.

  1. Principles applied by Scholas with the data treatment of the interested parties:

Legality, lawful and transparency: The data is treated in a lawful, loyal and transparent manner in relation to the interested party.

Limitation of purpose: The data is collected for specific, explicit and legitimate purposes, and will not be further treated in an incompatible manner with those purposes.

Principle of minimization of data: The data will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is treated.

Principle of accuracy: The data will be exact and, if necessary, will be updated. The responsible person must take all reasonable measures to promptly delete or rectify inaccurate personal data regarding the purposes for which it is treated.

Principle of limitation of the conservation period: The responsible person will keep the data for no longer than necessary for the purposes of the treatment.

Principle of integrity and confidentiality: Scholas treats the data in a way that security is guaranteed, including protection against unauthorized or unlawful treatment and against its loss, destruction or accidental damage, through the application of appropriate technical and organizational measures.

  1. Purpose of the treatment of personal data

Following the principle of limitation of purpose, in Scholas treats the information provided by the interested parties, in order to meet their request and be able to carry out the activities of the foundation.

For this reason, Scholas will keep every interested party informed through various communication channels on issues related to its activity, destination of donated funds, educational programs and generally on its purpose and founding purpose, which focuses on education through the following lines of action: (i) promoting awareness campaigns on human values; (ii) Developing their own programs for the integration of children and youth in their communities and in the world; (iii) Supporting educational projects in a vulnerable situation; and (iv) Encouraging and facilitating the connection of schools and educational networks of different cultures and beliefs from all over the world.

  1. Time of conservation of personal data by Scholas

Following the principle of limitation of the retention period, personal data will be kept as long as the relationship maintained with the interested party subsists or until the interested party requests it’s deletion.

  1. Legitimation for the treatment of personal data by Scholas

The legal basis for the treatment of data of the interested parties is their consent, which is defined as “any manifestation of free, specific, informed and unequivocal by which the interested party accepts, either by means of a declaration or a clear affirmative action, the treatment of his/her personal data”.

The consent must be “unequivocal”, defined as consent that “has been provided through a statement by the interested party or through a clear affirmative action“. Tacit or default forms of consent are not supported as they are based on inaction. Likewise, the consent must be “explicit”, in situations of sensitive data treatment, automated decision-making and international data transfers.

Sensitive data is considered personal data that reveals racial or ethnic origin, political opinions, religious or philosophical convictions, union affiliation, genetic data, biometric data treated solely to identify a human being, health-related data, relative data to a person’s sexual life or sexual orientation.

However, the treatment of personal data can also be carried out when, at least one of the following conditions is met:

– Contractual relationship with the interested party;

– Vital interest of the interested party or of other persons;

– Legal obligation for the responsible person;

– Public interest or exercise of public powers;

– Prevailing legitimate interests of the controller or third parties to whom the data is communicated.

The Interested Party may at any time express their opposition to this type of treatment, and without terminating his/her relationship with Scholas, unless requested so.

If the interested party chooses to oppose the treatment, Scholas must also treat data by legal obligation, such as informing the Tax Agency of the donations received or complying with the regulations to combat money laundering and terrorist financing in front of the Secretary of Prevention of Money Laundering (SEPBLAC).

  1. To which recipients can Scholas communicate the personal data of interested party?

The data in the files owned by Scholas will be used for the purposes described in point 4 and may only be communicated to collaborators and / or service providers for the fulfillment of the purposes described in said point, always complying with the principle of integrity and confidentiality and applying the security measures provided by the data protection legislation. In this framework, international data transfers may be made.

A “File” is any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.

An international data transfer occurs when personal data that is treated by a controller or a responsible person in the European Economic Area (countries of the European Union, together with Iceland, Liechtenstein and Norway) is sent to a third country or international organization, outside said territory.

  1. Which are the interested parties’ rights when Scholas treats their personal data?

As established in articles 12 to 18 of Organic Law 3/2018 of December 5, the interested party has the possibility of exercising, at any time, the rights of access, rectification, deletion, and opposition to the treatment or limitation of this respect to your personal data. Likewise, the interested party has the right to withdraw the consent given for the treatment or communication of their data at any time and can request the portability of their data to the entity of their choice.

All these rights may be exercised by a written and signed request, together with an Identity Document, addressed to Scholas, Calle Hortaleza 48, piso 1, 28004, Madrid, or protecciondatos@scholasoccurrentes.org, also indicating the data that you wish to carry to the new Responsible for Treatment and your contact details.

Interested parties are informed that they have the right to make any claim before the Spanish Agency for Data Protection:

C/ Jorge Juan, 6. 28001-Madrid

Telf.: 901 100 099/ 91.266.35.1

www.agpd.es