Information Sharing and Data protection

  1. Basic information on data protection

RESPONSIBLE

VALENCIAN ANTI-FRAU AGENCY

NIF: Q4601431B

CONTACT

Phone: 962787450

C/ Navellos, 14-3. 46003 València

PURPOSE

The management of your request, doubt or query and the administrative processing that may arise from it.

LEGITIMACY

Compliance with a legal obligation (Article 6(1)(c) of the GDPR), the performance of a task in the public interest or the exercise of public authority (Article 6(1)(e) of the GDPR). Consent of the data subjects, when required (Article 6.1.a of the GDPR).

TARGET AUDIENCE

The Public Administrations in the exercise of their powers, when necessary for the management of their application.

RIGHTS

Interested parties may request access, rectification or deletion of their data, as well as exercise other rights or withdraw, where appropriate, the consent granted through the website and/or the electronic headquarters, at the address C/ Navellos, 14-3. 46003 València or by sending an email to dpd@antifraucv.es

ADDITIONAL INFORMATION

You should read the detailed information on data protection below

  1. Detailed information on data protection

The personal data linked to the website and the electronic office under the responsibility of the VALENCIAN ANTIFRAU AGENCY comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in which it respects the processing of personal data and the free movement of such data (GDPR) and Organic Law 3/2018,  of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

2.1 Who is the Data Controller?

Data of the Data Controller:

  • RESPONSIBLE: VALENCIAN ANTI-FRAU AGENCY
  • NIF: Q4601431B
  • Address: C/ Navellos, 14-3. 46003 València
  • Phone: 962787450

Data of the DATA PROTECTION OFFICER:

The VALENCIAN ANTIFRAU AGENCY is responsible for keeping a record of the processing activities under its responsibility in compliance with the duties established in article 30 of the GDPR.

2.2 For what purpose do we process your personal data?

The AGENCIA VALENCIANA ANTIFRAU will process the personal data of the interested parties, in general, to:

  1. Manage the different administrative procedures and report on their processing.
  1. Verify or verify the accuracy of the personal data that the interested parties declare are already in the possession of the public administrations or that they have previously approached.
  1. To make notifications and process appeals.
  1. To manage requests for information, suggestions, communications in general and to send newsletters.

2.3 What is the legal basis for the processing of your data?

The VALENCIAN ANTIFRAU AGENCY is entitled to carry out the processing of personal data in accordance with the principle of lawfulness of the processing indicated in article 6 of the GDPR and, specifically, to:

  • In general, in the case of administrative procedure activity, the legal basis for the processing will be the fulfilment of a task in the public interest or the exercise of public power, taking into account Law 39/2015, of 1 October, on the common administrative procedure; Law 9/2017, of 8 November, on public sector contracts; Law 39/2015, of 1 October, on the common administrative procedure, etc.
  • In certain cases, the processing will be legitimised by the consent of the interested parties.
  • In any case, the basis for the legitimacy will be included in the basic information clauses available in the personal data collection forms.

2.4 To whom will your data be communicated?

Your data may be communicated, in accordance with current legislation and whenever necessary for the management of the procedure or request, to other public administrations in the exercise of their powers, to financial institutions, to official newspapers, websites or notice boards of the VALENCIAN ANTIFRAU AGENCY to give the legally required publicity in the procedures where necessary.

The basic information clauses will include, in any case, the specific recipients of the data.

2.5 How long will we keep your personal data?

The personal data provided will be kept as long as you do not request their deletion or cancellation and provided that they are adequate, pertinent and limited to what is necessary for the purposes for which they are processed.

2.6 Will data transfers be made to third countries?

There will be no international data transfers.

  • What are your rights when you provide us with your personal data?
  • Access: the right to obtain confirmation as to whether or not we are processing your personal data, to know what they are, what they are used for, how long they will be kept, the origin of the same and whether they were communicated or will be communicated to a third party.
  • Rectification: the right to request the rectification of inaccurate data and the completion of incomplete personal data.
  • Erasure: the right to request the deletion of personal data when they are inadequate, excessive or no longer necessary for the purposes for which they were collected, including the right to be forgotten.
  • Opposition: the right to object, in certain circumstances, to the processing of your personal data or to request that the processing be stopped.
  • Limitation of processing: the right to request, in the circumstances established by law, that your data not be processed beyond the mere retention of the same.
  • Portability: the right to receive personal data in a structured, commonly used and machine-readable format, and to be able to transmit them to another controller, whenever technically possible.

2.8 Will you have the possibility to withdraw your consent?

You will have the possibility and the right to withdraw your consent for any specific purpose granted at the time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.

2.9 Where can you exercise your rights?

The interested party may exercise their rights at no cost, receiving a response within the deadlines established in the GDPR and the LOPDGDD, by the following means:

  • In writing in the registry of the VALENCIAN ANTIFRAU AGENCY. This application must be signed together with a copy of the ID card or passport of the interested party. In the event that the legal representative is being acted upon, the ID card and the document accrediting the representative’s presentation must also be brought to the test.
  • If the VALENCIAN ANTIFRAU AGENCY has reasonable doubts in relation to the identity of the natural person making the request, it may request the additional information necessary to confirm the identity of the interested party.
  • The VALENCIAN ANTI-FRAU AGENCY must respond to the request within one month of receipt. This period may be extended by a further two months if necessary, taking into account the complexity and number of applications received. The interested party, in any case, will be informed within one month of receipt of the request.
  • Any interested party may also send their request to exercise their rights to the Data Protection Officer at the following email address: dpd@antifraucv.es.

2.10 How can you make a complaint to the Supervisory Authority?

In the event that your rights have not been respected, you can file a complaint by writing to the Spanish Data Protection Agency (AEPD) located at Calle Jorge Juan, 6-28001-Madrid or use the electronic office: https://sedeagpd.gob.es/sede-electronica-web/.

In both cases, the relevant documentation must be attached.

2.11 What are the security measures?

In compliance with article 32 of the GDPR and taking into account the one established in the First Additional Provision of the LOPDGDD 3/2018, the VALENCIAN ANTIFRAU AGENCY has security measures established by its internal security regulations that follow the National Security Scheme (ENS) regulated by Royal Decree 311/2022, of 3 May.

 

  • Data protection regulations allow any person to exercise their rights of access, rectification, deletion and portability of data, opposition and limitation of their processing, as well as not to be subject to decisions based solely on the automated processing of their data.

    Right of access

    The affected person has the right to be informed:

    • the purposes of the processing, as well as the categories of personal data processed and the possible data communications and their recipients
    • of the data retention period, if possible. If not, the criteria for determining this period
    • the right to request the rectification or deletion of the data, the limitation of processing, or to oppose it
    • of the right to lodge a complaint with the supervisory authority
    • to obtain, where the personal data have not been obtained from the data subject, any available information on their origin
    • to be informed of appropriate safeguards if an international data transfer occurs
    • to obtain a copy of the data subject to processing
    • the existence of automated decisions (including profiling), the logic applied and the consequences of this processing.

    It must be distinguished from the right of access of interested parties to administrative files regulated by Law 39/2015, of 1 October, on the common administrative procedure of Public Administrations, as well as the right of access regulated in Law 19/2013, of 9 December, on transparency, access to public information and good governance.

    Right to rectification

    The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data as well as the completion of incomplete personal data, including by means of an additional statement.

    Right to erasure (right to be forgotten)

    The affected person may request the deletion of personal data when any of the cases contemplated in the legislation occur, highlighting those cases in which the purpose that motivated the processing disappears, or that the personal data have been processed unlawfully.

    This right is excepted, in cases where it must prevail, for the performance of a mission carried out in the public interest or in the exercise of public powers conferred on the person responsible.

    Right to restriction of processing

    It allows the data subject to obtain from the data controller the restriction of data processing when:

    • the accuracy of the data is challenged, while such accuracy is verified by the responsible party
    • the processing is unlawful but the data subject requests the limitation of its use instead of the deletion
    • the data controller no longer needs the data for the purpose of the processing, but the data subject does need the data to exercise any of their rights
    • The affected party exercised their right to object to the processing, while it is verified whether the legitimate reasons of the controller prevail over the affected party

    Right to portability

    The data subject shall have the right to receive his/her personal data from the data controller, in a structured, commonly used and machine-readable format, or to request that they be transmitted to another data controller when technically possible.

    Right to object

    The affected person can object to treatment:

    • When, for reasons related to their personal situation, the processing of the data must cease, unless a legitimate interest is proven, which prevails over the interests, rights and freedoms of the data subject, or is necessary for the exercise or defence of claims.
    • When the processing is for direct marketing.

    Forms for exercising your rights:

     

Article 30 of the General Data Protection Regulation (GDPR) (EU) 2016/679 establishes that each controller shall keep a record of the processing activities (RAT) that it carries out and with the information indicated below:

  • The name and contact details of the controller and the data protection officer.
  • The purposes of the processing.
  • A description of the categories of data subjects and categories of personal data.
  • The categories of the recipients of the data.
  • Transfers of personal data, if any.
  • The deadlines for the deletion of the different categories of data, where possible.
  • An overview of technical and organizational security measures.

Likewise, as regulated in article 31.2 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), all entities included in article 77.1 of this organic law must make public an inventory of their processing which will include the information established in article 30 of the GDPR and its legal basis for the processing of data of a legal nature personnel.

In accordance with these regulations, a record is kept of the processing activities carried out by the VALENCIAN ANTIFRAU AGENCY:

Direct access to the Register of personal data processing activities

 

Article 37.1 of the General Data Protection Regulation (GDPR) (EU) 2016/679 establishes that public authorities and bodies are obliged to appoint a Data Protection Officer (DPO).

The VALENCIAN ANTIFRAU AGENCY has appointed its DPO correctly, as can be seen at: DPO Consultation

Their functions are defined in article 39 of the GDPR and consist mainly of informing and advising AGENCIA VALENCIANA ANTIFRAU and its workers on the obligations incumbent on them in the processing of personal data, and the supervision of their compliance. Likewise, it must cooperate with the Spanish Data Protection Agency (AEPD) and act as a point of contact between it and the VALENCIAN ANTIFRAU AGENCY.

In turn, any citizen may contact the Data Protection Officer if they have any doubts about the processing of their data by the VALENCIAN ANTIFRAU AGENCY or are not satisfied with it. To do this, you can contact the Data Protection Officer of AGENCIA VALENCIANA ANTIFRAU by writing to the email address dpd@antifraucv.es

More information: Spanish Data Protection Agency Data Protection Officer