Centro Europeo del Consumidor en España

The EU data protection legislation means that your personal data can only be processed in certain situations and under certain conditions:

• If you have given your consent (you should be notified that your details are being collected).
• If the processing of the data is necessary for a contract, a job application or a request for a loan.
• If there is a legal obligation that your data is processed.
• If the processing of your details is of vital interest for you, for example, if a doctor needs to access your private medical history after an accident.
• If the processing is necessary to conduct proceedings in the public interest or for proceedings of the administration, the tax office, the police or other public bodies.

Personal data concerning your racial or ethnic origin, your sexual orientation, political opinions, religious or philosophical beliefs, membership of trade unions or your health cannot be processed except in certain cases. For example, when you have given your explicit consent or when the processing of the data is necessary for reasons of essential public interest in accordance with national or EU legislation.

These regulations apply to both public and private bodies

The person or organism which handles your data is called "the data controller". This person must respect the EU regulations, in particular on handling and storing personal data:

• This data can only be collected for lawful and clearly defined purposes.
• The data requested must not be excessive.
• The data which identifies you personally (for example, your surnames or contact details) must not be stored longer than necessary.
• You must be able to correct, delete or block incorrect data about you.
• Your data must be protected against accidental or illegal destruction, loss or dissemination.

In the event of theft, loss or illegal access to sensitive personal information, known as a "personal data breach", the provider must notify the national data protection authority. The data controller must also notify you directly of, as a result of the personal data breach, your data or your privacy are at risk.

If you think that your data are not being handled in accordance with the regulations or have been processed illegally, you may send a complaint to the data controller (the person or organisation processing your data).

You are entitled to:

• Request that the data is corrected, deleted or blocked.
• Demand that the data controller notifies the people who have already seen the incorrect data, unless this requires a disproportionate effort.

If you do not obtain a reasonable answer from the data controller, you may send a claim to your national data protection authority.

Sign up to a Robinson List, use the forms provided by companies so that they do not continue using your data for advertising, request that your data is not displayed in telephone directories: these are just some of the recommendations for avoiding unwanted advertising.Further information.

European law

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)

Spanish legislation

• Organic Law 15/1999 of 13 December on the personal data protection.