Privacy policy

The Data Controller of your personal data is the Consejería de Medioambiente Vivienda y Ordenación del Territorio, Junta de Castilla y León located at C/ Rigoberto Cortejoso, 14, 7ª planta. C.P.: 47014 Valladolid, Spain., phone: 983419000, e-mail: consejero.medioambientevot@jcyl.es

The Controller has appointed a person responsible for overseeing the processing of personal data, with whom you can contact in all matters regarding the processing of personal data and the exercise of rights related to data processing, by sending correspondence to the address indicated above, or via email to sfc2025@comacyl.es.

We attach great importance to the privacy of our clients, contractors, and employees. A key aspect of this is protecting the rights and freedoms of individuals in relation to the processing of their personal data.

We ensure that the processing of your data is in compliance with the provisions of the General Data Protection Regulation 2016/679/EU (referred to as “GDPR”), the personal data protection act, and specific regulations (included in, among others, labor law, or the accounting act).

The Consejería de Medioambiente Vivienda y Ordenación del Territorio, Junta de Castilla y León is the data controller within the meaning of Art. 4 point 7 of GDPR, we also use the services of processing entities referred to in Art. 4 point 8 of GDPR – they process personal data on behalf of the controller.

We have implemented appropriate technical and organizational measures to ensure a level of security corresponding to the potential risk of infringement of the rights or freedoms of individuals with varying likelihood and severity of the threat.

 

We process your data for the purpose of:

– Considering complaints, requests, and petitions addressed to the GDSP: (in accordance with Art. 6 para. 1 lit. c of GDPR in conjunction with the Act of 14 June 1960 Code of Administrative Procedure);

– Coordinating and supervising the activities of the directors of the Regional Directorates of State Forests and managers of other national organizational units of State Forests (in accordance with Art.6 para. 1 lit. c of GDPR in conjunction with § 33 of the Act of 28 September 1991 on forests and § 8 of the Statute of the State Forests National Forest Holding of 18 May 1994);

– Securing any claims of the GDSP, if such claims arise, based on the legally justified interest of the GDSP consisting of defending against third-party claims or pursuing its own claims (in accordance with Art. 6 para. 1 lit. f of GDPR);

– Concluding and fulfilling the contract, providing data is voluntary, but necessary to conclude and perform the contract;

– Fulfilling tax obligations incumbent on the personal data controller.

As an employer, we process the data of employees and persons who cooperate with us on a basis other than employment.

We do not share personal data except in cases where we are required to do so by law and only to the extent specified by these regulations.

We exercise due diligence to protect the interests of the persons whose data we process, and in particular, we ensure that these data are:

– Processed lawfully, fairly, and in a transparent manner for the data subject;

– Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

– Adequate, relevant, and limited to what is necessary for the purposes for which they are processed;

– Accurate and, where necessary, kept up to date; we take steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

– Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

– Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

We process data in connection with the fulfillment of a legal obligation incumbent on the Consejería de Medioambiente Vivienda y Ordenación del Territorio, Junta de Castilla y León as the data controller.

We also process data based on consent, which can be withdrawn at any time. Another case is when processing is necessary for the performance of a contract.

Processing may also be necessary for the purposes of our legitimate interests, an example of which is the pursuit of claims by the GDSP.

We apply appropriate technical and organizational safeguards to ensure the protection of personal data. Entities cooperating with us are also obliged to manage personal data in accordance with our security and privacy requirements.

You have the right to access the content of your data, modify it (correct, update), object to the processing of data (in accordance with Art. 15-21 of GDPR);

Data will not be transferred outside the EEA.

The GDSP declares that it does not use profiling mechanisms in processing data;

In cases where you believe that the processing of data by the GDSP violates the provisions of GDPR, you have the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office.

Information is provided in writing or otherwise, including, where appropriate, electronically. Information may be provided orally, provided that your identity is confirmed by other means. We strive to provide information without undue delay – as a rule, within a month from receiving the request. If necessary, we may extend this period due to the complex nature of the request or the number of requests. However, in any case, within a month from receiving the request, we will inform you of the actions taken and (where appropriate) the extension of the period, stating the reason for such a delay.

Personal data are stored in a form that allows the identification of the data subject for no longer than is necessary for the purposes for which the data are processed. The period for processing personal data results from archival law regulations.

“Cookies” are small files saved on your computer, which store settings and other information used on visited pages. Cookies may contain website settings or be used to track user interactions with the website and may contain information necessary for the proper functioning of the service. We use cookies, among other things, to adapt the content of our site to your preferences and optimize the use of websites, maintain a session (after logging in), thanks to which the user does not have to re-enter the login and password on each subpage, and support and enforce actions that maintain security.

Web browsers usually allow the storage of “cookies” on your device by default.

You have the option to configure your web browser to completely or partially disable the storage of “cookies” on your device. Disabling the storage of “cookies” may cause some functions of the service to not work correctly.

When using the service, some data about you may be automatically collected and processed by third-party tools we use. For statistical purposes, the GDSP uses the Google Analytics tool, which operates based on its own “cookies”. We recommend familiarizing yourself with the Google Analytics Privacy Policy. Additionally, plugins, buttons, or other tools that enable sharing content on social media platforms such as Facebook, Twitter, Flickr, Instagram, Google Maps, OpenStreetMap, and YouTube videos are used.

We exercise due diligence to protect your data in connection with the use of the service. However, we are not responsible for the privacy policies of external entities whose services we use or services to which links are provided. Therefore, we encourage you to familiarize yourself with the principles applicable to these entities.

The GDSP, aware of the responsibility for protecting the personal data entrusted to us by you, treats security issues with the utmost care, makes every effort to protect the service along with the data processed on it, including against unauthorized access by third parties. To this end, we use physical security measures, security systems protecting access to servers and the service, and cryptographic solutions. Personal data are made available only to those employees and entities that are necessary for the performance of tasks and are processed only for the purposes described in this Policy.

“Cookies” are small files saved on your computer, which store settings and other information used on visited pages. Cookies may contain website settings or be used to track user interactions with the website and may contain information necessary for the proper functioning of the service. We use cookies, among other things, to adapt the content of our site to your preferences and optimize the use of websites, maintain a session (after logging in), thanks to which the user does not have to re-enter the login and password on each subpage, and support and enforce actions that maintain security.

Web browsers usually allow the storage of “cookies” on your device by default.

You have the option to configure your web browser to completely or partially disable the storage of “cookies” on your device. Disabling the storage of “cookies” may cause some functions of the service to not work correctly.

When using the service, some data about you may be automatically collected and processed by third-party tools we use. For statistical purposes, the GDSP uses the Google Analytics tool, which operates based on its own “cookies”. We recommend familiarizing yourself with the Google Analytics Privacy Policy. Additionally, plugins, buttons, or other tools that enable sharing content on social media platforms such as Facebook, Twitter, Flickr, Instagram, Google Maps, OpenStreetMap, and YouTube videos are used.

We exercise due diligence to protect your data in connection with the use of the service. However, we are not responsible for the privacy policies of external entities whose services we use or services to which links are provided. Therefore, we encourage you to familiarize yourself with the principles applicable to these entities.

The GDSP, aware of the responsibility for protecting the personal data entrusted to us by you, treats security issues with the utmost care, makes every effort to protect the service along with the data processed on it, including against unauthorized access by third parties. To this end, we use physical security measures, security systems protecting access to servers and the service, and cryptographic solutions. Personal data are made available only to those employees and entities that are necessary for the performance of tasks and are processed only for the purposes described in this Policy.

Information on the processing of personal data by

The Consejería de Medioambiente Vivienda y Ordenación del Territorio, Junta de Castilla y León

In accordance with Art. 13 paras. 1 and 2 and Art. 14 paras. 1 and 2 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as “GDPR” – The General Directorate of State Forests informs that:

1. Identity of the controller: The controller of your personal data is Consejería de Medioambiente Vivienda y Ordenación del Territorio, Junta de Castilla y León located at C/ Rigoberto Cortejoso, 14, 7ª planta. C.P.: 47014 Valladolid, Spain.
2. Contact details of the controller: You can contact the controller:

– in writing at the controller’s registered office address

– by phone: 983-419-000

– by email at: consejero.medioambientevot@jcyl.es

3. Contact details of the data protection officer: The controller has appointed a person responsible for overseeing the processing of personal data, with whom you can contact in all matters regarding the processing of personal data and the exercise of rights related to data processing, by sending correspondence to the address indicated above, or via email at sfc2025@comacyl.es
4. Purpose of processing and legal basis: Your personal data are processed for the purpose of:

1). enabling contact with the Administrator and making contact with recipients via traditional and electronic mail;

2). exchanging traditional and electronic correspondence, including receiving letters, notifications, inquiries, and requests in electronic form

3). considering received correspondence;

4). handling incoming and outgoing correspondence in the Electronic Document Management (EDM) system;

5). documenting arrangements made with clients, contractors, co-workers, or other persons;

6). coordinating and supervising the activities of the directors of the Regional Directorates of State Forests and managers of other national organizational units of State Forests;

7). protection against claims and pursuing possible claims.

8). handling complaints, requests – based on the provisions of the Act of 14 June 1960 Code of Administrative Procedure (consolidated text Journal of Laws 2022.1301 as amended) and the regulation of the Council of Ministers of 8 January 2002 on the organization and acceptance and consideration of complaints and requests (Journal of Laws 2002.46);

9). handling petitions – based on the Act of 11 July 2014 on petitions (consolidated text Journal of Laws 2018.870).

10). Depending on whether the Administrator already has other data of the person with whom electronic or traditional correspondence is conducted and in what matter it is conducted, the Administrator may also process a range of other personal data to the extent necessary to handle this matter. Then, the Administrator processes personal data also for other, individually determined purposes, known to the person with whom correspondence is conducted, and separately informs them of these purposes.

The legal basis for processing data contained in electronic and traditional correspondence is:

1). fulfillment of a legal obligation incumbent on the Administrator (Art. 6 para. 1 lit. c of GDPR) or

2). performance by the Administrator of tasks carried out in the public interest or in the exercise of official authority vested in the Administrator (Art. 6 para. 1 lit. e of GDPR) or

3). realization or pursuit of concluding a contract with the Administrator (Art. 6 para. 1 lit b of GDPR);

4). realization of the legitimate interest of the data Administrator and senders of electronic messages and traditional mail (Art. 6 para. 1 lit. f of GDPR) – consisting in enabling electronic and traditional contact with the Administrator or

5). realization of the legitimate interest of the Administrator consisting in pursuing claims or defense against claims, in accordance with generally applicable laws, in particular the Civil Code (Art. 6 para. 1 lit. f and Art. 9 para. 2 lit. f of GDPR) or

6). processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which is proportional to the aim pursued, respects the essence of the right to data protection and provides for suitable and specific measures to safeguard the fundamental rights and interests of the data subject (Art. 9 para 2 lit. g of GDPR) or

7). voluntarily expressed consent through an explicit confirmatory act (Art. 6 para. 1 lit. a of GDPR) – if the sender of correspondence requests information regarding the Administrator’s products, the response given to the sender will contain the information requested by the sender, and sending a query will mean consent to sending the sender commercial information by the Administrator to the email address provided by the sender to the extent necessary to provide a response (Art. 10 of the Act on Providing Services by Electronic Means) or to the address provided by the sender for correspondence (in the case of traditional mail); expressed consent can be withdrawn at any time without stating a reason, but commercial information sent after sending a request for it and before withdrawing consent will be sent in accordance with the law; withdrawal of consent may prevent providing a full response to the question asked.

5. Source of data: Data are obtained from the data subject or third parties or from other sources (e.g., the addressee’s data obtained from the WWW page).
6. Categories of data: Address data, contact data, and data contained in the content of email and traditional correspondence, including sensitive data.
7. Recipients of data: Your personal data may be made available and transferred to public administration bodies, services, courts, and prosecutors or organizational units of the State Forests National Forest Holding based on and within the limits of applicable legal provisions. Your personal data may be made available to entities that process your data on behalf of the Administrator under a personal data processing entrustment agreement (processing entities);
8. Transfer of personal data to a third country or international organization: The Administrator, processing personal data for the purposes indicated in point 4, may in justified cases use the services and technologies offered by Meta Platforms Inc., such as WhatsApp.

The Administrator indicates that Meta Platforms Inc. is based outside the European Union, and therefore, in light of the GDPR provisions, is treated as an entity operating in a third country;

The Administrator indicates that personal data shared within the services and technologies offered by Meta Platforms Inc. (WhatsApp), used by the Administrator, will be co-administered by Meta Platforms Inc.

More information about the principles of processing personal data by Meta Platforms, Inc. can be found at: https://www.whatsapp.com/legal/privacy-policy-eea/?lang=en

9. Automated decisions and profiling: Not applicable
10. Period of data storage: Your personal data will be stored for the period necessary to achieve the purposes mentioned in point 4 above – and after that time for the period and to the extent required by generally applicable laws.
11. Rights of data subjects: In connection with the processing of your personal data, you have the following rights:

– the right to access data;

– the right to obtain a copy of the data

– the right to request rectification of data;

– the right to delete data;

– the right to restrict processing;

– the right to data portability

– the right to object to data processing

12. The right to withdraw consent: You have the right to withdraw consent at any time. Withdrawal of consent does not affect the legality of the processing, which was carried out on the basis of consent before its withdrawal.
13. The right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority dealing with personal data protection in the Member State of your habitual residence, place of work, or place of the alleged infringement.

Office of the President of the Personal Data Protection Office : / Jorge Juan, 6. 28001 – Madrid

Teléfono general: 900 293 183 ; email: prensa@aepd.es

14. Information on the voluntariness or obligation to provide data: Providing your personal data is mandatory, in situations where the premise for processing personal data is a legal provision. The consequence of not providing personal data will be the inability to take actions mentioned in point 4.