Colexio Profesional de Enxeñaría Técnica en Informática de Galicia, CPETIG with headquarters in Rúa Lope de Gómez de Marzoa, Santiago de Compostela, can collect non-sensitive personal data of its users through this platform and store them in an automated file, which is owned by CEPTIG and registered with the Spanish Data Protection Agency. CPETIG is responsible for processing these personal data and applies all legally established measures (*).
These personal data of the users, which are strictly those necessary for providing this service of certification of work experience, will not be transferred or communicated to third parties by CPETIG, except for legal requirements and express requests of the users themselves for communicating them to the entities with which CPETIG has concluded agreements and established procedures to properly perform these communications.
Nor will the personal data be used for any other purpose than the provision of the CEPRAL service of CEPTIG. Authorised access for processing these data will be granted only to the members of the CEPRAL assessment board and to the administrative and technical service staff, who are bound by contract to use it exclusively for the purposes of the service and to guarantee professional secrecy sine die.
The very nature of the CEPRAL service generates new personal data, as the certification, which obviously contains identifying information of the user and can be looked up by third parties who the user himself/herself authorised by facilitating them access with the means provided by the service for this purpose. In this case, CPETIG acts merely as an intermediary between the user and the third party to whom the user himself/herself has provided access. CPETIG therefore is exempted from any liability in respect of this transfer of personal data which was carried out by the user himself/herself.
The personal data will be kept for 10 years, which is the expiry date of the CEPRAL certifications, and will then be deleted ex officio, communicating this action to the user of the certification, and keeping only a minimum internal record of the data for historical and statistical purposes, and for which the same guarantees and obligations regarding privacy and data protection will apply. In the case of users who have initiated a certification process but have not yet completed it, the period for ex officio deletion shall be 5 years of inactivity in the service.
The registered users may exercise their rights on the aforementioned personal data in accordance with the current legislation (*). Specifically, the rights of access, rectification, deletion, limitation/opposition to the processing and portability of personal data. These can be exercised from the web platform of the CEPRAL service of CPETIG, directly in some cases and in using the support form in the assistance section of the service in the rest of the cases. They can also be exercised by writing directly to CPETIG, which has a Data Protection Officer (DPO), either with an email to firstname.lastname@example.org or with a letter to the offices located in Edificio ETS de Enxeñería – Rúa Lope de Gómez de Marzoa s/n - 15789 Santiago de Compostela, A Coruña.
(*) EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, and previously, Organic Law 15/1999 of 13 December 1999 on the Protection of Personal Data.