Privacy Policy examples

5.1 CONSUL DEMOCRACY Privacy Policy Model [/privacy]

The visit to the institutional portals of the City Council is carried out anonymously. When you need to access any of the web services that have a specific management or procedure, you must provide the personal data essential for the provision of the requested service.

Personal data and its treatment. Bases of legitimation.

Personal data is any information from an identified or identifiable living natural person. The different information that, when collected, can lead to the identification of a certain person, also constitutes personal data.

These data can be numeric, alphabetical, graphic, photographic or acoustic, such as a name, an identification number (ID card, passport, health card number, etc.), voice, postal address and others. location data (including geolocation), a photograph, the electronic signature, an IP address, or one or more elements specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of a person (race, sex, fingerprint, medical history, banking information, etc.).

In any case, the data collected will be essential to provide the requested service and will be treated with the corresponding security measures.

The City Council can only process your data if it is legitimated to do so, depending on the activity it carries out, according to legitimation bases that are regulated by regulations.

The legitimacy of the treatment may be based on compliance with a legal obligation, the fulfilment of a mission carried out in the public interest, the consent of the interested parties, the protection of vital interests or the execution of a contract.

Whatever the basis of legitimacy, the provision of your data is mandatory and essential to meet your requests or be able to provide you with the services and procedures that you request.

What information should the City Council provide you with?

You have the right to receive free, clear, concise and transparent information from the City Council on at least the following aspects:

  • The processing activity in which your personal data is included.

  • The identity and contact details of the person responsible for the processing of your data and the Data Protection Officer (DPO).

  • The purposes for which it is treating them and the legal norm on which it is based to be able to do so.

  • The recipients to whom your data will be communicated if necessary, which may be both to entities or organizations to which there is a legal obligation to communicate data, as well as to third parties for the fulfilment of purposes directly related to legitimate functions.

  • If international data transfers are to be made.

  • How long will your data be kept?

  • What rights do you have and how can you exercise them?

  • Right to withdraw the consent given in the case in which the treatment is based on your explicit consent.

  • Information on the right to file a claim with a control authority. In our case, we submit to the national control authority, which is the Spanish Data Protection Agency (AEPD).

  • Information on whether automated decisions are being made or profiles are being created with your data. In general, the Madrid City Council does not carry out these actions.

This information must be provided to you:

  • At the time you are providing your data (for example, when you fill out an application form), or

  • When the data is obtained from a third party (by transfer, by public access, etc.), within a maximum period of one month and, in any case, the first time they contact you, or at the time they must be communicated for the first time to another addressee.

Record of processing activities. Your data will be incorporated into the corresponding treatment activities of the Madrid City Council and will be processed for the specific purpose of each treatment. The record of processing activities of the GENERAL DIRECTORATE OF CITIZEN PARTICIPATION with its corresponding managers is published in the Personal Data Protection section of the Electronic Office.

What are your rights?

Once your personal data is being processed by the City Council, you can exercise the rights of access, rectification, deletion, opposition, limitation of treatment and portability, as well as to oppose automated individual decision-making, including profiling. , in the manner provided for in the current legislation on the matter, before the body responsible for the file. The aforementioned rights can be exercised in person or, also online through the Electronic Headquarters of the City Council of Likewise, you have the right to file a claim with the Spanish Data Protection Agency.

How to claim?

You can file a claim directly with the Spanish Agency for Data Protection (AEPD) in the following cases:

  • When you have submitted a request to exercise your rights and it has not been attended to by the controller or you have not received any notification or communication within a month.

  • When it has been attended to, but you are not satisfied with its resolution.

  • When you consider that the person responsible for the treatment has committed an infringement of the regulations on the protection of personal data in relation to any of the treatment activities of the Madrid City Council.

Before using this option, you can address a prior claim to the Data Protection Officer. The maximum period for the Data Protection Delegate to answer the claim and notify you of the decision adopted is two months from the date it is received. The Data Protection Officer (DPD)

The Data Protection Delegate (DPD) is in charge of ensuring your rights in terms of data protection. It is a figure created by regulations, mandatory in all Public Administrations. Among the functions of the DPD, it is worth advising those responsible and in charge of the treatment in everything related to the protection of personal data, including the exercise of the rights of the interested parties, the supervision of compliance with the regulations on data protection and the awareness and training of Madrid City Council public employees in this area. You can also consult him about any information you need or doubts you have in relation to the protection of personal data that is being processed by the Madrid City Council. Likewise, they intervene in the claims that you make in this matter. The contact details of the DPD are:


Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which Directive 95/46/CE (General Data Protection Regulation, GDPR) is repealed

Organic Law 3/2018, of December 5, Protection of Personal Data and Guarantee of digital rights (LOPDGDD).

Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offences and execution of criminal sanctions.

Last updated