Col·legi Oficial d'Enginyeria Tècnica en Informàtica de Catalunya, COETIC, with CIF G62641311 and headquarters in Via Laietana 39, Barcelona, can collect non-sensitive personal data of its users through this platform and store them in an automated file, which is owned by COETIC and registered with the Spanish Data Protection Agency. COETIC is responsible for processing these personal data and applies all legally established measures (*).
These personal data of the users, which are strictly those necessary for providing this service of certification of work experience, will not be transferred or communicated to third parties by COETIC, except for legal requirements and express requests of the users themselves for communicating them to the entities with which COETIC has concluded agreements and established procedures to properly perform these communications.
Nor will the personal data be used for any other purpose than the provision of the CEPRAL service of COETIC. Authorised access for processing these data will be granted only to the members of the CEPRAL assessment board and to the administrative and technical service staff, who are bound by contract to use it exclusively for the purposes of the service and to guarantee professional secrecy sine die.
The very nature of the CEPRAL service generates new personal data, as the certification, which obviously contains identifying information of the user and can be looked up by third parties who the user himself/herself authorised by facilitating them access with the means provided by the service for this purpose. In this case, COETIC acts merely as an intermediary between the user and the third party to whom the user himself/herself has provided access. COETIC therefore is exempted from any liability in respect of this transfer of personal data which was carried out by the user himself/herself.
The personal data will be kept for 10 years, which is the expiry date of the CEPRAL certifications, and will then be deleted ex officio, communicating this action to the user of the certification, and keeping only a minimum internal record of the data for historical and statistical purposes, and for which the same guarantees and obligations regarding privacy and data protection will apply. In the case of users who have initiated a certification process but have not yet completed it, the period for ex officio deletion shall be 5 years of inactivity in the service.
The registered users may exercise their rights on the aforementioned personal data in accordance with the current legislation (*). Specifically, the rights of access, rectification, deletion, limitation/opposition to the processing and portability of personal data. These can be exercised from the web platform of the CEPRAL service of COETIC, directly in some cases and in using the support form in the assistance section of the service in the rest of the cases. They can also be exercised by writing directly to COETIC, which has a Data Protection Officer (DPO), either with an email to email@example.com or with a letter to the offices located in Via Laietana 39, 3a. 08003 Barcelona.
(*) EU General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council of 27 April 2016, and previously, Organic Law 15/1999 of 13 December 1999 on the Protection of Personal Data.