Last updated: 29/05/2025

This policy explains transparently how we handle the personal data collected through our website.
Protecting your privacy and the security of your information are fundamental priorities for us.

1. Data Controller

The entity responsible for the processing of your personal data is:
Transparency International Spain
Fundación Ortega y Gasset-Marañón C/ Fortuny, 53 – 28010 Madrid
Email: comunicacion@transparencia.org.es
We are an international organization committed to fighting corruption and promoting transparency.
All data processing we carry out complies with the GDPR (EU Regulation 2016/679) and other
applicable data protection regulations.

2. Types of Personal Data Collected

We collect only the data strictly necessary to fulfill the purposes described below. This includes:

a) Data you provide directly:

Name, surname, and email address (e.g., when subscribing to newsletters, sending inquiries,
or making donations).
Additional information in participation forms, surveys, or event registrations.
Data included in CVs if you apply spontaneously or take part in recruitment processes.

b) Data collected automatically:

IP address and approximate geolocation.
Browser, operating system, and device type.
Pages visited, session duration, and other browsing data (via cookies or similar
technologies).
This data is collected for statistical, security, and user experience improvement purposes.

3. Purposes of Data Processing

We process your personal data for the following purposes:

a) Communication and user engagement:

To respond to your messages and requests.
To send newsletters or campaign updates, if you have given your consent.
To provide information about our activities, publications, and events.
b) Participation and collaboration:

To manage donations, memberships, or collaboration requests.
To organize events, seminars, and surveys in which you participate.

c) Technical improvements and statistical analysis:

To analyze website usage in order to improve navigation, content, and features.
To prevent misuse of the site or detect security incidents.
Your data will never be used for commercial profiling or subject to automated decision-making with
legal effects.

4. Legal Basis for Processing

In accordance with Article 6 of the GDPR, we process your data based on:

Your consent (e.g., when you check a box to receive communications or participate in
events).
Our legitimate interest as an organization to improve our services and ensure website
security.
Legal obligations, such as accounting or tax management of received donations.
Pre-contractual or contractual relationships, if you collaborate with us as a partner,
volunteer, or supplier.
You may withdraw your consent at any time, without affecting the lawfulness of processing based
on consent before its withdrawal.

5. Data Recipients

Your personal data:

Is not shared with third parties for commercial purposes.
May be processed by technical service providers (e.g., for web hosting, newsletters,
analytics), under data processing agreements compliant with Article 28 of the GDPR.
May be shared only when required by law, court order, or to fulfill our legal obligations,
always respecting your rights.
All data processors are located within the EU or ensure an adequate level of protection through
standard contractual clauses or other legal safeguards.

6. International Data Transfers

We only transfer data outside the European Economic Area (EEA) when:

You have explicitly consented.
It is necessary to fulfill a contract with you.
It is made to providers with appropriate safeguards under the GDPR (e.g., certified under
the EU-U.S. Data Privacy Framework or using standard contractual clauses approved by the
European Commission).
We ensure all transfers comply with applicable standards of security, confidentiality, and legality.

7. Data Retention Period

Your data is retained only for as long as necessary to fulfill the purpose for which it was collected
and, where applicable, for the legally required duration. In general:

Contact data: retained until you withdraw your consent or request deletion.
Donations and transaction data: kept for 5–10 years in accordance with accounting and
tax regulations.
Cookies: as specified in our [Cookie Policy].
After these periods, data will be securely deleted or anonymized for statistical purposes.

8. Your Rights

You may exercise the following rights at any time:

Access: Know what personal data we process about you.
Rectification: Correct inaccurate or incomplete data.
Erasure (right to be forgotten): Delete your data when it is no longer necessary.
Restriction: Temporarily suspend processing under certain conditions.
Objection: Object to data processing for personal reasons.
Portability: Receive your data in a structured format or request its transfer to another
controller.
To exercise your rights, please email: comunicacion@transparencia.org.es, clearly stating your
request and attaching a valid ID if necessary.

If you believe your rights have not been respected, you may file a complaint with the relevant
supervisory authority: the Spanish Data Protection Agency (www.aepd.es).

9. Use of Cookie

Our website uses first- and third-party cookies to:

Enable essential technical functions.
Analyze usage to improve performance.
Remember your language or session preferences.
Cookies are not used for advertising profiling. You can manage your preferences through your
browser or consult our [Cookie Policy] for more details.

10. Changes to this Policy

We reserve the right to update this policy when required by law or changes in our practices. Any
updates will be published on this page and, where appropriate, we will notify you through suitable
channels.

We recommend reviewing this policy periodically to stay informed about how we protect your data.