Privacy Policy

From reading this Privacy Policy users can find out about how the Port Authority of Santander gathers, processes, and protects the personal data it obtains by means of this website. Users should read this Privacy Policy carefully; it has been drawn up in a clear and simple manner with the aim of making it easy to understand. They can thus freely and voluntarily decide whether they wish to provide their personal data to the Port Authority of Santander by using the various means provided for the purpose.

FURTHER INFORMATION

 1.- Entity responsible for processing personal data

Personal data are understood to mean any numeric, alphabetic, graphic, acoustic, or any other type of information concerning natural persons whether identified or identifiable.

The personal data provided to this website will be processed by the Port Authority of Santander in accordance with that established in (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL of 27th April 2016 on the protection of natural persons concerning the processing of personal data and the free circulation of these data and which revokes Directive 95/46/EC (General data protection regulation) and also in ORGANIC LAW 3/2018 OF 5th DECEMBER ON THE PROTECTION OF PERSONAL DATA AND THE GUARANTEEING OF DIGITAL RIGHTS and other development regulations. This privacy policy provides information on the functionalities of the processing in relation to this website. The Port Authority will only be responsible for and guarantee the confidentiality and security of the personal data it receives from the user by means of the Portal; it will not be responsible for the processing and subsequent use of personal data which may be carried out by third parties providing information society services which operate outside the Portal.

 2.- Purpose of the processing of personal data

In general terms the purpose of the processing of personal data on this website reflects the need for processing administrative files or answering requests from users. Moreover, some of the personal data are gathered for the operation of the functionalities of this website.

The means used for the gathering and subsequent processing of personal data will be for example:

- Forms: By means of either digital or electronic forms.

- Emails: The email addresses established on this website will be considered as a possible means of gathering personal data.

- Cookies: The Port Authority of Santander may use session or essential cookies (small information files which the server sends to the computer of the person accessing the website) in order to carry out certain functions which are essential for the correct operation and visualisation of this website and also to find out the user traffic of our website. For further information please consult our Cookies Policy.

- Social networks: Social networks of the Port Authority which can be accessed through the links provided on the website.

The data requested on the forms will be those which are obligatory in order to comply with the purposes anticipated. In any case users will assume any possible responsibilities deriving from excessive or unsuitable data which they voluntarily decide to provide to the Port Authority by using the established means of gathering data. Any data provided by means of this website will be processed in accordance with that set down in (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL of 27th April 2016 on the protection of natural persons concerning the processing of personal data and the free circulation of these data and which revokes Directive 95/46/EC (General data protection regulation) and also in ORGANIC LAW 3/2018 OF 5th DECEMBER ON THE PROTECTION OF PERSONAL DATA AND THE GUARANTEEING OF DIGITAL RIGHTS and other development regulations.

If users are minors or unfit, the Port Authority stresses the need for having obtained the consent of their parents, guardians, or legal representatives in order to communicate their personal data. The Port Authority therefore asks these users not to provide personal data in the form of those data authorised on this website if they do not have the consent of their parents, guardians, or legal representatives as otherwise the Port Authority will not be responsible for the actions of said minors or unfit persons.

Users will be responsible for the veracity and accuracy of the personal data provided. If any changes should occur to the personal data of the user, these should be notified to the PAS so as to keep them updated.

3.- Time limit for the storage of data

The data will be processed for as long as is necessary in order to fulfil the purpose of the processing and for the time limit which is obligatory in accordance with the regulations applicable to this Port Authority.

 4.- Legitimisation for the processing of personal data

Personal data will be processed based on compliance with the objectives and principles of general interest regulated by Law 39/2015 of 1st October on the Common Administrative Procedure and also in accordance with that included in the Revised Text of the Law on State Ports and the Merchant Navy approved by Royal Legislative Degree 2/2011 of 5th September.

5.- Recipients

If appropriate the data will be notified to other Public Administrations which share the management of the various administrative files and also if necessary to other parties interested in the procedures. Other notifications may derive from legal obligations such as those sent to judges and courts of law.

 6.- User rights

User rights in relation to the processing of personal data are regulated in Articles 15 to 22 of (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL of 27th April 2016. The following constitute user rights:

- Anyone has the right to obtain from the body responsible for the processing confirmation as to whether personal data concerning them are being processed or not and in any case the right of access to their personal data and the following information: 

a) the purposes of the processing; 

b) the categories of personal data involved; 

c) the recipients or categories of recipients to whom or which personal data have been communicated or will be communicated, in particular third parties recipients or international organisations;

d) if possible the anticipated time limit for the storage of the personal data, or if this is not possible the criteria used to determine said time limit; 

e) the existence of the right to request from the body responsible the rectification or deletion of personal data or the limitation of the processing of personal data concerning the interested party, or to oppose said processing;

f) the right to make a complaint to a control authority; 

g) when the personal data have not been obtained from the interested party, any information available on their origin; 

h) the existence of automated decisions including the drawing up of profiles.

- Interested parties will have the right to obtain without undue delay from the body responsible for the processing the rectification of incorrect personal data concerning them. Taking into account the purposes of the processing, interested parties will have the right to request the completion of any incomplete personal data, even by means of an additional declaration. (For example they may request the correction of the address, a change of name, etc.). On exercising this right, affected parties must indicate in their request to which data they refer and the rectification which must be made. They must include when necessary documentation to prove the inaccuracy or incomplete nature of the data subject to processing.

- Interested parties will have the right to obtain without undue delay from the body responsible for the processing the deletion of the personal data concerning them; it will be obliged to delete without undue delay the personal data in accordance with (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL OF 27th APRIL 2016 ON THE PROTECTION OF NATURAL PERSONS CONCERNING THE PROCESSING OF PERSONAL DATA AND THE FREE CIRCULATION OF THESE DATA AND WHICH REVOKES DIRECTIVE 95/46/CE (GENERAL DATA PROTECTION REGULATION), and also ORGANIC LAW 3/2018 OF 5th DECEMBER ON THE PROTECTION OF PERSONAL DATA AND THE GUARANTEEING OF DIGITAL RIGHTS.

- Interested parties will have the right to obtain from the body responsible for the processing the limitation of the processing of the data in accordance with (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL OF 27th APRIL 2016 ON THE PROTECTION OF NATURAL PERSONS CONCERNING THE PROCESSING OF PERSONAL DATA AND THE FREE CIRCULATION OF THESE DATA AND WHICH REVOKES DIRECTIVE 95/46/CE (GENERAL DATA PROTECTION REGULATION), and also ORGANIC LAW 3/2018 OF 5th DECEMBER ON THE PROTECTION OF PERSONAL DATA AND THE GUARANTEEING OF DIGITAL RIGHTS.

- Interested parties will have the right to receive the personal data concerning them which have been provided to a body responsible for the processing in a structured format of common use featuring mechanical reading and to send them to another body responsible for the processing without this being prevented by the body responsible to which they have been provided, when: 

a) the processing is based on consent 

b) the processing is carried out by automated means

- Interested parties will have the right to oppose at any time for reasons concerning their private circumstances the processing of personal data concerning them in accordance with (EU) REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND COUNCIL OF 27th APRIL 2016 ON THE PROTECTION OF NATURAL PERSONS CONCERNING THE PROCESSING OF PERSONAL DATA AND THE FREE CIRCULATION OF THESE DATA AND WHICH REVOKES DIRECTIVE 95/46/CE (GENERAL DATA PROTECTION REGULATION), and also ORGANIC LAW 3/2018 OF 5th DECEMBER ON THE PROTECTION OF PERSONAL DATA AND THE GUARANTEEING OF DIGITAL RIGHTS. The body responsible for the processing will cease processing the personal data unless it justifies pressing legitimate reasons for this processing which prevail over the interests, the rights, and the liberties of the interested party or for the making, exercising, or defending of claims.

- If they have granted their consent for a specific purpose involving the processing of their data, the interested parties will have the right to withdraw their consent at any time without this affecting the lawfulness of the processing based on consent prior to its withdrawal.

The exercising of the rights contained in the previous paragraphs may be carried out by means of the electronic headquarters of the entity which is available via the following link Electronic Headquarters of the Port Authority of Santander - Enter which can be accessed by means of identification by an electronic certificate or by means of the presentation of a document at the General Registry of the Port Authority of Santander or any other place mentioned in Article 16.4 of Law 39/2015 of 1st October on the Common Administrative Procedure.

Moreover, interested parties may contact the body responsible for the processing by the email address [email protected] so as to receive information on how to exercise the aforementioned rights.

If they feel that their rights concerning the protection of their personal data have been violated, in particular when they are not satisfied regarding the exercising of their rights, they may make a claim to the Spanish Data Protection Agency.

In any case the Port Authority disclaims any kind of responsibility for any malicious use which may be made by a third party when you connect to our website. Likewise it accepts no responsibility for any damage which may occur owing to the incorrect use of this website or of its hyperlinks.

7.- Processing of the data deriving from the recording of images

The Port Authority of Santander has installed video cameras to ensure the security of its installations.

You can consult further and more detailed information on this particular on our website: Processing of Personal Data in the Use of Video Cameras for Security