Privacy Policy
Introduction
The Ribadeo Town Council processes personal data collected through this website as the data controller, in accordance with Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, thereby ensuring the fundamental right to data protection for users of the municipal services offered through this communication channel.
Users are advised to read this Privacy Policy carefully. It has been written in a clear and straightforward manner to help users decide freely and voluntarily whether they wish to provide their personal data. This policy may be updated by the Council when new data processing is carried out or in the event of legislative changes.
The Council has appointed a Data Protection Officer (DPO), who can be contacted via email at dpo.ribadeo.gal, through the electronic headquarters at https://ribadeo.sedelectronica.gal/info, or by post at Plaza España, 1, 27700 Ribadeo, Lugo, Spain, to address any queries regarding personal data processing.
Data Controller
The data controller for the personal data processed on this website is: Ribadeo Town Council, NIF: P2705100B, Plaza España, 1, 27700 Ribadeo, Lugo, Spain.
Personal Data Processing
The Town Council collects personal data to provide access to and delivery of certain services via this website. Some data is provided directly by users when filling out a form, while other data is collected indirectly through technologies such as cookies.
Whenever personal data is collected via a form (online or downloadable) or any communication channel on the website, the data subject will be informed in accordance with current data protection regulations.
The main methods used by the Council to collect and process personal data include:
- Forms: Data collected through forms is used to provide access to services. Each form will provide specific details about how the data will be processed.
- Cookies: The Council may use technical cookies (small information files sent to the user’s device) to ensure the correct operation and display of the website. Details are available in the [Cookie Policy].
The data fields marked with an asterisk (*) on the website forms are mandatory. If a user opts to send data via alternative channels, they should only include the necessary information for the relevant purpose.
Users are responsible for any excessive or inappropriate data they voluntarily submit. They are also responsible for the accuracy of the information provided. If any data changes, users must inform the Council to keep records up to date.
The personal data generally processed includes: full name, ID number, signature, address, phone number, and email address. Additional data may be included in the submitted documents. Browsing data may include the internet address from which the link to the website originated.
Personal data will not be shared with third parties, unless legally required. No international data transfers outside the European Union are foreseen.
The Council will store personal data for the duration necessary to fulfill the stated purpose or to manage the procedure requested, including the handling of any claims or appeals. The data may also be added to municipal records in accordance with the town’s document management policy.
Processing Limitations
Users under 14 years of age are not authorized to submit personal data through the means provided on this website (e.g., service request forms or email), without prejudice to applicable regulations. Users submitting data via these means formally declare they are over 14 years old. The Council is not liable for any breach of this requirement.
When services are specifically aimed at children under 14, parental or legal guardian consent will be required, subject to prior identification.
Data Sharing and Transfers
There are no plans to share personal data with third parties or to transfer data to third countries or international organizations, unless required by law or upon request by a public body, court, or tribunal.
Data Retention
The Council retains personal data only for as long as necessary for each specific processing purpose. Users may withdraw their consent at any time. Retention periods may also be determined by legal obligations or the need to handle possible claims.
Security Measures
The Council applies appropriate technical and organizational measures, as required by current data protection laws, to safeguard personal data and protect the fundamental rights of users. These measures aim to prevent loss, misuse, alteration, unauthorized access, or theft of the data provided, taking into account the current state of technology and the nature of the data.
Data Subject Rights
Data subjects have the right to:
- Confirm whether the Council is processing their personal data.
- Access their personal data and request rectification of inaccurate data or request erasure when data is no longer necessary.
- In specific circumstances, request:
- The restriction of processing, in which case data will only be kept to exercise or defend legal claims.
- Objection to processing, in which case the Council will cease processing unless there are compelling legitimate grounds or legal claims.
- Data portability to receive their data or have it transferred to another controller in a structured, commonly used, and machine-readable format.
- The restriction of processing, in which case data will only be kept to exercise or defend legal claims.
- Withdraw consent at any time, where processing is based on consent.
Likewise, when data processing is based on consent, you have the right to withdraw it under the terms established by current data protection regulations. You may exercise your rights by contacting the Ribadeo Town Council at Plaza España, 1, 27700 Ribadeo, Lugo (Spain), indicating “Ref. Data Protection” in the subject line, or via email at dpo.ribadeo.gal. If you believe your rights regarding personal data protection have been violated—particularly if you are not satisfied with the exercise of your rights—you may file a complaint with the competent Data Protection Authority: Agencia Española de Protección de Datos, C/ Jorge Juan, 6 – 28001 Madrid, or via its online platform at sedeagpd.gob.es. Alternatively, and optionally, you may first contact the Town Council’s Data Protection Officer at dpo.ribadeo.gal.
Date of publication: June 1, 2025