The Corell Foundation (hereinafter Foundation) in accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT of 27 April 2016 on the protection of individuals with regard to the processing of personal data.

We want to maintain a transparent relationship, informing you about how we collect and securely handle any information you provide to us. To this end, we have drawn up this Privacy Policy (hereinafter the "Policy") which will allow you to consult the information you need and clear up any doubts you may have. The identification details of our Foundation are:

FUNDACIÓN CORELL with CIF: G 81844896 c/ Orense 36, 1º G - 28020 Madrid Tlf: 91 866 90 10 e-mail: info@fundacioncorell.es

We also inform you that your data will be processed in accordance with the provisions of the regulations in force on personal data protection, and specifically in accordance with the provisions of Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and the free movement of such data.

It is important that you read this Policy carefully as it will provide you with the information you need to make an informed choice when providing us with your personal data.

You should be aware that the Policy applies to all processing of personal data carried out in any of the Corell Foundation's programmes or activities.

The website you are visiting uses cookies to improve navigation and obtain statistical data. Cookies are text files that are installed on the computer from which you access this page and automatically send information to our server. Cookies are not computer viruses. They do not damage your computer or slow down its operation. You can delete them at any time, or refuse them by configuring your browser software.

If you do not wish to receive these cookies, you can set your browser to reject them. Otherwise, we understand that we have your consent to their installation.

This Policy does not apply to third party websites, including those to which you may have access through a web link from our environment.

We hope you find this information useful, however, should you require any further clarification, please contact us on 918669010 or email info@fundacioncorell.es.

DOES THE FOUNDATION HAVE A DATA PROTECTION OFFICER?

The Foundation does not have a Data Protection Delegate as this is not a legal requirement due to the fact that the activity it carries out is unrelated to commercial processing and the data processing it carries out is limited to that necessary for the fulfilment of its aims and objectives set out in its own Articles of Association.

WHO IS THE DATA CONTROLLER?

Whenever we collect your personal data we will provide you with the necessary information so that you are informed about why and for what purpose we are going to use it, the legal basis for its processing, as well as your rights and contact details.

WHAT PERSONAL DATA DO WE PROCESS AND HOW DO WE COLLECT IT?

By way of example, we process personal data that:

• You voluntarily provide us with
• Any information derived from the access and use of the service or from the relationship with the Foundation, including images in those cases in which you are previously informed of the possibility of capturing images.
• Data arising from your communications with us.
• Your image in video surveillance treatments or when you go to an event with certain public repercussions, always having informed you of the possibility of capturing images of the event.
• Such information as we can legitimately infer from the data we process.
• Those corresponding to your own browsing on our website, including the IP address or information derived from cookies or similar devices (on which you can obtain more details in the Cookies Policy of our website).
• Those corresponding to their social media profiles.
• Information to which we could legitimately have access because it is available from publicly accessible sources.
• Third-party information that you provide to us, subject to the consent of those concerned.
• Those provided to us by third parties with your consent or on a legitimate basis.

FOR WHAT PURPOSE AND ON WHAT GROUNDS DO WE PROCESS YOUR PERSONAL DATA?

1. Management of your application for enrolment in any of the Corell Foundation's programmes.

To participate in our programmes, you must first register, for which we will ask you for the information that is strictly necessary for the programme and we will process it in accordance with the information we provide you with at the time of registration. If you need a reminder, please refer to our Policy or send us an enquiry. Your application for registration and the consent you show when registering is the legitimate basis that enables us to process it.

2. Management of your relationship with us

We process your personal data mainly to manage the relationship you maintain with us as a participant in our projects, user or interested party linked to the Corell Foundation in any way, as well as to deal with any complaints, queries, questions or suggestions you may send us. The execution of the relationship itself is the legitimate basis that entitles us to the treatment.

3. Compliance with accounting, legal, fiscal and administrative obligations.

The Corell Foundation is obliged to comply with current accounting, legal, fiscal and administrative regulations. We will process your data to the extent necessary to comply with our legal obligations. The legitimate basis for this processing is legal compliance.

4. Management of user services

In the different relations that we maintain with you, you will find our contact details, postal mail, telephone and/or e-mail, in case you wish to make any type of suggestion, complaint or query. Your data will be processed in order to be able to respond to your request.

5. Analysing your browsing habits

We will process the data derived from your browsing in our online environments in accordance with what is set out in our Cookies Policy. The basis that legitimises us to carry out this processing is your consent.

6. Learn more about their social media profiles

Fundación Corell treats the information you share with us through your profile on social networks. For more information, see the section "How does Corell Foundation treat your social media profiles?

7. Organising and managing conferences and events

In these cases, the interested party who wishes to participate will voluntarily register by filling in the forms provided by the Corell Foundation for this purpose and we will process the data in order to manage the participation of the interested party and the publicity linked to the corresponding action.This treatment will only be carried out if Fundació Corell has the consent of the interested party, which is manifested by their participation and for the management of their participation.

8. To manage contact data in the framework of contractual relations or for the purpose of sending non-commercial information and invitations to events.

Corell Foundation may process contact data or data of representatives of third parties with whom we maintain contractual relations, for the sole purpose of managing the contractual relationship. The legitimate basis that enables us in this case, to process your data is the execution of the contract. However, Fundación Corell may also process the contact details of potential clients, legal entities, representatives of institutions, representatives of public bodies, journalists, analysts or investors who have voluntarily provided us with their details, in order to send them non-commercial information and invitations to Fundación Corell events.The legitimate basis that enables us, in this case, to process their data is the consent of the interested party, which is expressed when they provide us with their contact details.

9. Avoiding liabilities to the Social Security General Treasury and guaranteeing the quality of the service provided by our suppliers.

Corell Foundation may process personal data of employees of suppliers, provided to us either by the supplier or by the supplier's own employee. The purpose of this processing is to guarantee the quality of the service provided by the supplier, to facilitate access to the Foundation's facilities and to avoid possible liabilities before the General Treasury of Social Security for possible overdrafts of the supplier, within the framework of articles 42 and 43 of the Statute of Workers. The legitimate basis that enables us to carry out this processing is our legitimate interest in controlling the relationship with our suppliers and the responsibilities associated with these relationships.

10. Events

The management of those people who are invited or sign up for an event organised or promoted by Fundació Corell, are other treatments that can be carried out. In the case of events, it is possible that Corell Foundation may take images of the event in order to disseminate it publicly, of which the interested party will be informed so that they can either decline to attend the event or exercise their rights. The consent of the data subject is the legitimate basis that enables us to process your data in this case.

11. Candidates

In the event that you contact us showing interest in joining the staff of the Corell Foundation, we will process your data, along with all the documentation you send us, in order to assess your profile and consider you for possible vacancies, should there be any recruitment process.

5. HOW DO WE PROCESS YOUR PERSONAL DATA?

We undertake to process your data in accordance with the provisions of the applicable regulations and, in particular, to process the data to which we have access by applying the appropriate technical and organisational measures to ensure an adequate level of security, guaranteeing at all times the ongoing confidentiality, integrity, availability and resilience of the processing systems and services.

TO WHICH RECIPIENTS WILL YOUR DATA BE COMMUNICATED?

• Third parties to whom we are required by law to disclose your data, for example, tax authorities or social security authorities.
• Third parties with whom we have to share your data to confirm your membership of a particular group in order to participate (e.g. the case of the Ministry of Transport Training Aid Scheme or other official national or international institutions) as a result of being activities subject to subsidy regulations.
• Third parties to whom we are required to disclose your data in order to fulfil the basic purposes of the relationship.

Finally, we inform you that we maintain relationships with suppliers who provide us with certain services. In the course of these services, these suppliers may have access to your information, although they will process it as Data Processors with the same guarantees that we apply to the processing of your data.

We inform you that the Corell Foundation limits the processing of personal data to the territory of the European Union and that in the event of any access being carried out outside the European Union by any of our data processors, we will inform you of this through this Policy.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

In each case, the duration of the processing will be sufficient to fulfil our obligations to the data subject and to the relevant authorities. In any case, the personal data you provide to us will be kept for as long as our relationship with you lasts and you do not request their deletion. Subsequently, and where appropriate, we may keep them blocked for the period of limitation of criminal, civil, commercial and/or administrative liabilities.

WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?

At any time, you may exercise a number of rights with regard to the processing of your data. These rights are inherent to each individual and therefore cannot be waived. We describe them below and explain what each of them consists of:

• Right of access. By exercising this right, you may obtain information about the processing that we carry out on your personal data.
• Right of correction. You may correct or amend your data if it is inaccurate or incomplete to ensure that the information we may hold about you is correct.
• Right of deletion (or right to be forgotten). You may request the deletion of your personal data when any of the cases contemplated apply. For example, unlawful processing of data, or when the purpose for which the data was processed or collected has disappeared. However, a series of exceptions are regulated in which this right does not apply. For example, when the right to freedom of expression and information must prevail.
• Right to object. By means of this right you may oppose the processing of your personal data: (i) where, for reasons relating to your personal situation, the processing of your data must cease unless a legitimate interest is demonstrated, or it is necessary for the exercise or defence of claims, or, (ii) where the processing is for the purpose of direct marketing.
• Right to restrict processing. You may ask us to restrict the processing of your data when processing (i) where the accuracy of the data is contested, while we verify the contested data (ii) where the processing is unlawful, but you object to the erasure of your data and request the restriction of the processing instead (iii) where you are the one who needs the data in case of a complaint (iv) and even where you have objected to the processing of your data for the performance of a task carried out in the public interest or for the fulfilment of a legitimate interest, which must be verified. In such cases, we will only keep it for the exercise or defence of claims.
• Right of portability. You may request the portability of your data in electronic form, as well as the possibility of transferring it to another entity.

To exercise these rights you can contact the Corell Foundation, at the address that will be offered at the time of collecting your data, enclosing a copy of your ID card or equivalent document, and indicating the reference treatment.

Likewise, at any time, you may withdraw the consent given without affecting the lawfulness of the processing already carried out, by sending your request to the same address indicated in the previous paragraph. In this case it is also necessary to accompany your request with a copy of your ID card or equivalent document proving your identity.

In the event that you consider that we have processed your data in an inappropriate manner not in accordance with the regulations on the processing of personal data or you do not agree with the way we have dealt with the exercise of your rights, you may contact the supervisory authority, in the case of Spain, the Spanish Data Protection Agency (Agencia Española de Protección de Datos).

WHAT HAPPENS IF YOU PROVIDE US WITH THIRD PARTY DATA?

In the event that, in the course of a relationship with us, you provide us with data of third parties, we remind you that you are solely responsible for having obtained their prior consent to communicate the data to the Corell Foundation, for the purpose that in each case you are informed, as well as for having informed them of the existence and content of this Policy.

It is responsible for holding harmless Corell Foundation from any liability arising from the lack of information and / or consent to the / the third party.

HOW DO WE HANDLE YOUR DATA ON SOCIAL MEDIA?

We encourage you to avoid including personal information - yours or others' - when you engage with us on social media. However, if you nevertheless choose to include personal information, you should be aware that your data will be processed by us in accordance with this Policy.

Specifically, the data you provide us with through any social network will be processed for the purpose of relating and interacting with you on the different social networks in order for you to get to know us better, as well as our activities or values. This channel is not the ideal one for you to make complaints or suggestions, however, in the event that you send us through social networks any type of request, claim, suggestion or complaint related to any of our programmes or activities, we inform you that we will analyse it and respond to it.

The legitimate basis for this processing is the execution of your status as a user friend or follower of our social profile. We inform you that we will process your data for a period of 2 years after you stop following our social profile. It is important to note that, when interacting with us through social networks, the terms of use established by the owner of the social network are beyond our control. They are therefore not covered by the content of this Policy. We recommend that you ensure that you are aware of and agree with their legal terms and conditions and privacy rules before you continue to use them or provide any personal information.

CAN WE CHANGE THE TERMS OF POLITICS?

We may amend this Policy at any time, but we will always inform you of any significant changes by providing you with an appropriate notice. Modifications, in any event, will not apply retroactively and will be effective from the date of posting. We encourage you to periodically review the Policy.

WHAT ARE YOUR RESPONSIBILITIES?

You are responsible for each of the data you provide us with, for the veracity, inaccuracy, updating, validity and authenticity of the same, as well as for the consent you provide for them to be used and/or processed. You are also responsible for the data of third parties that you provide to us and for which you are obliged to obtain their consent. And do not forget that you are responsible for periodically consulting this Policy and any updates to it that may be made.

What definitions do you need to know in order to better understand the Policy?

We would like to make it easier for you to define some of the terms mentioned in this document:

"Personal data" means any information relating to natural persons that identifies them or makes them identifiable (i.e. makes it possible in some way to identify you).

"User" or "data subject" - except in cases in which you provide us with data of third parties, you must understand that you are the owner of your data indistinctly.

"Controller" means the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of the processing.

"processor" means a natural or legal person, public authority, service or other body processing personal data on behalf of the controller.

"Third party" means a natural or legal person, public authority, service or body other than the data subject, the controller, the processor and the persons authorised to process personal data under the direct authority of the controller or the processor.

"Recipient" means the natural or legal person, public authority, service or other body to whom personal data are disclosed, whether or not it is a third party.

"Consent" - means any freely given, unambiguous, specific and informed indication of your consent to the processing of your data, either by a declaration or by a clear affirmative action.

"processing of personal data" means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Transfer' or 'disclosure' means any disclosure of data to a natural or legal person, public authority, agency or other body, whether or not a third party is involved.

"Foundation" - Short form of referring to the Corell Foundation, which in any case will be the Data Controller.