Privacy and data protection policy

In compliance with current legislation, WINDSLED.ORG (hereinafter referred to as “the Website”) is committed to implementing the necessary technical and organizational measures to ensure an adequate level of security in proportion to the risks associated with the personal data collected.

Applicable Laws to This Privacy Policy

This Privacy Policy has been drafted in accordance with current Spanish and European regulations concerning the protection of personal data on the internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR).
  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).
  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights.

Identity of the Data Controller

The Data Controller responsible for processing the personal data collected on this Website is:

Contact Email: info@windsled.org

Record of Processing Activities
Processing activity records for https://windsled.org

Principles Applicable to the Processing of Personal Data

The processing of User personal data will be subject to the following principles outlined in Article 5 of the GDPR:

  1. Lawfulness, fairness, and transparency: The User’s consent will always be required, following clear and transparent communication about the purposes for which personal data is collected.
  2. Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.
  3. Data minimization: Only the personal data strictly necessary for the purposes for which it is being processed will be collected.
  4. Accuracy: Personal data must be accurate and kept up to date at all times.
  5. Storage limitation: Personal data will be kept in a form that allows User identification only for as long as necessary for the purposes of processing.
  6. Integrity and confidentiality: Personal data will be processed in a manner that ensures its security and confidentiality.
  7. Accountability: The Data Controller will be responsible for ensuring compliance with the above principles.

Categories of Personal Data

The categories of data processed on https://windsled.org are limited to identification data. Under no circumstances will special categories of personal data, as defined in Article 9 of the GDPR, be processed.

Legal Basis for the Processing of Personal Data

The legal basis for the processing of personal data is consent. The Website is committed to obtaining the User’s explicit and verifiable consent for the processing of their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawing consent will be as simple as granting it. As a general rule, withdrawing consent will not affect the use of the Website.

When the User is required or allowed to provide personal data through forms (e.g., to make inquiries, request information, or for purposes related to the content of the Website), they will be informed if any fields are mandatory due to their necessity for the proper execution of the requested operation.

Retention Periods for Personal Data
Personal data will only be retained for the minimum time necessary to fulfill the purposes for which it was collected. Once these purposes are fulfilled, the data will be deleted, unless legal obligations require otherwise.

At the time personal data is collected, the User will be informed of the retention period or, when this is not possible, the criteria used to determine such a period.

Recipients of Personal Data

The User’s personal data will not be shared with third parties unless required by law or legal obligation.

In any case, at the time personal data is collected, the User will be informed of the recipients or categories of recipients of their personal data.

Personal Data of Minors

In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights, only individuals aged 14 or older may lawfully provide consent for the processing of their personal data on the Website. For minors under 14 years of age, parental or guardian consent will be required, and such processing will only be deemed lawful if authorized by them.

Confidentiality and Security of Personal Data

The Website is committed to implementing the technical and organizational measures necessary, based on the level of risk associated with the collected data, to ensure the security of personal data and to prevent the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

However, as the Website cannot guarantee absolute security against unauthorized access, hacking, or other fraudulent means, the Data Controller commits to notifying the User without undue delay in the event of a personal data breach that is likely to pose a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a personal data breach is understood as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

Personal data will be treated as confidential by the Data Controller, who is committed to ensuring—through legal or contractual obligations—that this confidentiality is respected by employees, partners, and any other individuals granted access to the information.

Rights Related to the Processing of Personal Data
The User may exercise the following rights, as recognized under the GDPR, before the Data Controller:

  1. Right of Access: The User has the right to obtain confirmation of whether the Website is processing their personal data and, if so, to access such data and obtain detailed information about the processing, including, but not limited to, the origin of the data and the recipients of any communications made or planned.
  2. Right to Rectification: The User has the right to have inaccurate personal data corrected or, considering the purposes of the processing, incomplete data completed.
  3. Right to Erasure (“Right to Be Forgotten”): The User has the right, unless otherwise required by applicable law, to request the deletion of their personal data when such data is no longer necessary for the purposes for which it was collected; the User withdraws their consent and there is no other legal basis for processing; the User objects to the processing and there are no overriding legitimate grounds; the data has been unlawfully processed; the data must be deleted to comply with a legal obligation; or the data was obtained as part of a direct offer of information society services to a minor under 14 years of age. The Data Controller must also take reasonable measures, considering available technology and implementation costs, to inform other data controllers processing the personal data of the User’s request to delete any links to, or copies of, such data.
  4. Right to Restriction of Processing: The User has the right to request the restriction of their personal data processing when disputing the accuracy of the data; the processing is unlawful; the Data Controller no longer needs the data for processing purposes, but the User requires it to establish, exercise, or defend legal claims; or the User has objected to processing.
  5. Right to Data Portability: When processing is carried out by automated means, the User has the right to receive their personal data from the Data Controller in a structured, commonly used, and machine-readable format, and to transmit it to another data controller. Where technically feasible, the Data Controller will transmit the data directly to the new data controller upon request.
  6. Right to Object: The User has the right to object to the processing of their personal data by the Website and request that such processing cease.
  7. Right Not to Be Subject to Automated Decision-Making, Including Profiling: The User has the right not to be subject to decisions based solely on automated processing of their personal data, including profiling, except where otherwise permitted by applicable law.

The User may exercise their rights by submitting a written communication to the Data Controller.

Links to Third-Party Websites

The Website may include hyperlinks or links that provide access to third-party websites not operated by the Website. These third-party websites are responsible for their own data protection policies, and they are solely accountable for their own data files and privacy practices.

Complaints to the Supervisory Authority

If the User believes there is a problem or a violation of applicable regulations regarding the processing of their personal data, they have the right to seek judicial protection and file a complaint with a supervisory authority. This can be done in the Member State of the User’s habitual residence, place of work, or location of the alleged infringement. In Spain, the supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD): http://www.agpd.es.

Acceptance and Changes to This Privacy Policy

The User must have read and agreed to the terms outlined in this Privacy Policy regarding the protection of personal data, and they must consent to the processing of their personal data to allow the Data Controller to carry out such processing as described herein. Using the Website implies acceptance of this Privacy Policy.

The Website reserves the right to modify this Privacy Policy at its discretion or due to changes in legislation, jurisprudence, or guidelines issued by the Spanish Data Protection Agency.