Language

Privacy Policy

PRIVACY POLICY

Data Controller
In accordance with current legislation, we hereby inform you that the data provided will be processed by the Fundación Científica de la Asociación Española Contra el Cáncer (hereinafter, "Foundation"), whose contact details are as follows:

  • Tax Number: G-28655033.
  • Registered Office: Calle Teniente Coronel Noreña, 30, 28045, Madrid.
  • E-mail: dpo_fc@contraelcancer.es.
Through the Foundation's Grant Management System (GMS) platform, hereinafter referred to as "Portal" or "Platform", the different users (hereinafter referred to as "Users") are able to keep a centralised monitoring of their participation, both in terms of applications and projects submitted, as well as their evaluations.

Origin of the Data
The data processed by the Foundation for the purposes listed in this Privacy Policy come from the user himself/herself as they have been made available by the Foundation.

Obligation to provide the Data
The data requested in the forms are, in general, obligatory (unless otherwise specified in the required field) in order to comply with the purposes for which they are being collected.
Therefore, if the User does not provide them or does not provide them correctly, the User's requests cannot be met, without prejudice to the fact that the user may freely view certain contents of the Platform.

Purposes, lawfulness and category of the Subjects and Data
The data will be processed for the main purpose of managing the different processes of the activities related to the different research projects which were presented, including the management of the application, the award, the evaluation and monitoring process, and communications, among others.
This involves the following General Processing Purposes:
  1. Manage the registration and participation of Users in the Platform, the lawful basis being the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data:
  • Identification data: Name and surname, ID card number. Image.
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research Center.
  • Financial and bank details: account number, financial and tax documents.
 
2. To maintain the User Profile accessible on the Portal, the lawful basis being the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname, ID card number, Image.
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research Center.
 
3. To inform Users about projects, services and/or events in which the Foundation participates or organises, unless otherwise indicated or the interested party exercises their right to oppose the sending of the same to the address dpo_fc@contraelcancer.es, the legitimate interest of the Foundation being the lawful basis for the processing.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname.
  • Contact details: Telephone number, e-mail address, postal address.
 
4. Profiling of Users with internal data. The purpose of this profiling is to send personalised information on projects, services, campaigns, events in which the Foundation participates or organises, unless otherwise indicated or the interested party exercises their right to oppose the sending of the same to the address dpo_fc@contraelcancer.es, the lawful basis for the processing being the legitimate interest of the Foundation.

Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research Center.
 
5. To control Users access to the Platform, as well as to give them access to the different services provided by the Platform for each User, the lawful basis for the processing being the legitimate interest of the Foundation.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname, username and password.
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research Center.
 
6.  To carry out quality and satisfaction surveys of the Users, linked to the use of the Platform in order to optimise and make modifications to improve the functionalities offered therein, the legitimate interest of the Foundation being the lawful basis for the processing.
Processed Data: The Foundation may process the following categories of personal data.
  • Identifying data: Name and surname, ID card number,
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
 
7. To carry out anonymous statistical reports on the access habits and the activity carried out by Users in the Portal, the legitimate interest of the Foundation being the lawful basis for the processing.
Processed Data: The Foundation may process the following categories of personal data:
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research Center.
 
8. To comply with the legally established obligations, the basis of the processing being the fulfilment of the Foundation's legal obligations.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname, ID card number, image.
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research Center.
  • Financial and bank details: account number, financial and tax documents.
Specific purposes and category of data for users: Applicant, Grant Manager; Collaborator; and Research Center Manager
If you fall into this category, in addition to the purposes provided for, your data may be used for the following purposes:
  1. To manage the applications to the different calls for proposals, including the evaluation and awarding of contracts, the lawful basis being the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname, ID card number, image.
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.
 
2. To manage the follow-up of the awarded projects, at the administrative and financial level, being the lawful basis the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname, ID card number,
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.
  • Financial and bank details: account number, financial and tax documents.
 
3. To manage the scientific and divulging follow-up of the awarded projects, the lawful basis being the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname, picture
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.
 
4. To manage direct communication between the members of the Research Team, through the Platform, with the lawful basis being the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname,
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.
 
5. Carry out statistical reports on the monitoring and management of the Calls for Proposals, the lawful basis being the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data:
  • Identifying data: Name and surname, ID card number, image.
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.
 
6. To carry out quality surveys on the management of the Foundation in the process of application, awarding and monitoring of the project in order to produce aggregate data reports, for statistical and analytical purposes by the Foundation, with the legitimate interest of the Foundation as the lawful basis.
Processed Data: The Foundation may process the following categories of personal data:
  • Data on personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.

Specific purposes of users with the category of: Reviewers
If you fall into this category, in addition to the purposes provided for, your data may be used for the following purposes:
  1. To carry out a profiling based on the internal data available to the Foundation, with the sole purpose of being able to assign to the Reviewer the projects that are of interest/field, the lawful basis for this profiling being the legitimate interest of the Foundation.
  2. To make the assignments to the projects to be evaluated by each Reviewer, the lawful basis being the execution of the contractual relationship.
Processed Data: The Foundation may process the following categories of personal data of professional reviewers in the scientific field.
 
  • Identifying data: Name and surname, ID card number,
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.
  • Financial and bank details: account number, financial and tax documents.

Processed Data: The Foundation may process the following categories of personal data of Patient Advocate Reviewers.
  • Identifying data: Name and surname(s) and ID card number.
  • Data about personal and social characteristics: date of birth, place of birth, nationality, and gender.
  • Contact details: Telephone number, e-mail address, postal address.
  • Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research center.
  • Health data: relationship to the disease, type of cancer and treatment.

Third Party Data
In the event that third party data is provided through the Portal, said Users state that they are legally entitled to do so, or, where appropriate, have the consent of those affected, undertaking to transfer to them, the holders of such data, the information contained in this Privacy Policy and exempting Fundación from any liability in this regard. Nevertheless, the Foundation may carry out the necessary verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with data protection regulations.

Conservation
The data of the different categories of Users will be kept until they request their cancellation, oppose, revoke their consent or, where appropriate, except for those for which there is a legal obligation to keep them for a longer period.
In any case, data relating to invoicing or accreditation of legal obligations will be kept for the legally required period of 10 years.
Likewise, in the event of having data which, due to their characteristics, are subject to specific regulations, they shall be kept for the period established therein.

Data Communication
The Reviewers, in accordance with their profile and contractual functions, (may access certain information from Applicants, Grant Manager, Research Center Manager, and/or Collaborators) in the capacity of data processor, such processing having been contractually regularised.
All this, without the said parties using the data for their own purposes, the Foundation being at all times responsible for the processing of Users' data.
In addition to the above, your data may be disclosed to a third party in the following cases:
  1. Where provided for by law, to Public Administrations (e.g., Courts and Tribunals, Law Enforcement Agencies, Tax Authorities, etc.).
  2. In the cases established in certain Calls for Proposals, to the Spanish Research Agency (AEI) for the external evaluation of the projects. All of the above, without using said data for its own purposes, with Fundación being at all times responsible for the processing of Users' data.
  3. In cases of collection, to the banks and financial institutions involved in the processing of the payment.
International Data Transfers
In order to perform the contractual relationship with Users, it is absolutely necessary to process data outside the national territory. In the event of processing outside the territory, an adequate level of protection will be guaranteed in accordance with the applicable legislation, either because the country of destination offers such a guarantee, or because the person or entity in charge of the processing has contractually undertaken to do so through its own mechanisms.
In any case, we inform you that the Portal is hosted on the systems of a provider whose servers are located in AWS EU Frankfurt and guarantees compliance with the appropriate European regulations. For further information, please contact our Data Protection Officer at dpo_fc@contraelcancer.es.

User Responsibility
The User guarantees that he/she is over eighteen (18) years of age and that the data provided to the Foundation are true, accurate, complete and up to date. To this effect, the User is responsible for the veracity of all the data provided and will keep the information provided suitably updated, in such a way that it corresponds to his/her real situation.
In any case, the User shall be liable for any false or inaccurate information provided through the Platform and for any damages, direct or indirect, that this may cause to the Foundation or to third parties.

Exercise of Rights
As the owner of the data, the User may send a letter to the Foundation, to the addresses indicated in the heading of this Privacy Policy, proving his/her identity, at any time and free of charge, in order to exercise the following rights:
  1. Right of Access: You have the right to be informed by the Foundation whether or not it is processing your personal data and, if so, to have access to such data and to receive information on the purposes for which they are processed, the categories of data affected by the processing, the recipients to whom your personal data were communicated and the foreseen period of data retention, among other information.
  2. Right of Rectification and Deletion: You will have the right to request the deletion of personal data provided that the legal requirements are met, and the rectification of inaccurate data concerning you when, among other reasons, they are no longer necessary for the purposes for which they were collected.
  3. Limitation of processing, withdrawal of consent and opposition to processing in whole or in part: In certain circumstances (e.g., in case the applicant contests the accuracy of his or her data, while the accuracy of the data is being verified), you may request that we restrict the processing of your personal data, which will only be processed for the exercise or defence of claims. You also have the right to withdraw your consent and to object to the processing at any time, on grounds relating to your particular situation, where the processing is based on our legitimate interest or on the legitimate interest of a third party (including processing for the purposes of direct marketing and profiling). In this case, the Foundation will cease processing, unless legitimate grounds can be demonstrated.
  4. Portability of your data: You will have the right to receive the personal data that you have provided to the Foundation in a structured, common, and machine-readable format, and to be able to transmit them to another data controller without being prevented from doing so by the data controller to whom you have provided them, in the cases legally foreseen for this purpose.
  5. Automated individual decisions: In addition to the above-mentioned rights, in case of automated decisions, including profiling, you have the right to obtain human intervention by the Foundation and to express your point of view and challenge the decision.
  6. Other: Similarly, where personal data are transferred to a third country or to an international organisation, you have the right to be informed about how you can access or obtain a copy of the appropriate safeguards relating to the transfer.

Likewise, you may lodge a complaint regarding the protection of your personal data with the Spanish Data Protection Agency at the address C/ Jorge Juan, 6, 28001 - Madrid, when the interested party considers that Fundación has infringed the rights recognised by the applicable data protection regulations.

Security measures
The Foundation will treat the User's data at all times in an absolutely confidential manner and will keep the mandatory duty of secrecy with respect to the same, in accordance with the provisions of the applicable regulations, adopting for this purpose the necessary technical and organisational measures to ensure the security of your data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

Changes
Fundación reserves the right to revise its Privacy Policy at any time it deems appropriate, in which case it will be communicated to Users. For this reason, we ask the User to regularly check this privacy statement to read the most recent version of the Foundation's Privacy Policy.

Declaration of Conformity
The User declares to have been informed of the conditions on personal data protection, accepting the content of this Privacy Policy.

Last update: April 2023