PRIVACY POLICY
With this privacy policy, the Government of Andorra, and especially the Ministry in charge of tourism (hereinafter, “the government”) informs you of the personal data it collects through the services it offers and which are reflected through this website (hereinafter, “this website”), how it treats them and the rights it has, in relation to your data personal data and with our treatments, you are given the personal data protection regulations that apply to us.
1. Law 29/2021, of October 28, entitled Protection of Personal Data of the Principality of Andorra (henceforth, “the LQPD”)
2. Decree 391/2022, of 28-9-2022, approving the Regulations for the application of the LQPD
3. Decree 45/2023, of 25-1-2023, approving the Regulation amending the Regulation for the application of the LQPD
4. Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, relating to the protection of natural persons with respect to the processing of personal data and the free movement of such data (hereinafter, " theRGPD”
This policy applies to people who relate to the Government through this website, to users of the services that the Government offers for the purposes described in section 4 of this policy (the services) and to all persons whose personal data (for example, images) may appear on our website or in the context of the services.
The only person responsible for the processing of your personal data in accordance with what is indicated in this policy is:
The Government of Andorra, with NRT D-059888-N and with postal address for the purposes of this policy at c/ Prat de la Creu, 62-64, AD500 Andorra la Vella (Principat d’Andorra).
The Government of Andorra has a data protection officer, who you can contact using the address email dpd@govern.ad.
The Government is not responsible for the activities you carry out on other websites, even if you access them through links on our website. That is why we strongly recommend that you carefully read the information provided by the managers of these other websites before giving them your personal data (especially the privacy and cookie policies of each website you visit), and that you contact these managers if you have any concerns or questions.
In general, you are the one who, directly, provides us with your personal data - for example, through the forms on this website -. The only exceptions to this rule are:
· Personal data provided to us by third parties who register on your behalf (as a beneficiary).
· The last four digits of your payment card, which, together with the purchase amount and the transaction number, is returned to us by our payment service provider in case you wish to consult or revoke the transaction.
· Photographs or videos of events we organize or participate in, and in which you may appear.
· The presentations, photographs, videos, texts or other means of communication that the author may present to publish on our website or our social networks, in accordance with the corresponding terms and conditions, and therefore, with his consent.
· The images or other personal data that correspond to any news in which we consider that the public interest, our obligation of transparency and the right to information prevail over the possible interests of the people whose image or other personal data are publish on our website or on our social networks.
· Images that correspond to any content on the website over which we have the corresponding rights.
· The personal data that may appear about you in emails and instant messaging we receive, or through forms on our website.
· The data that our security staff, who control access to the rooms, records about their presence (day and time of entry and day and time of departure).
· The cookies of this website, about which you will find more information below.
We collect the information you voluntarily provide us through the registration forms on this website for the purpose of assessing the application, and only if we accept it, for:
· Manage your registration,
· Inform you about meetings, content, initiatives and other benefits or opportunities related to the Event, and
· Provide assistance if you request it from us.
The legal basis of this treatment is your consent regarding your request, and if we accept it, the agreement that we will have from that moment on based on the terms and conditions of your registration, in our legitimate interest in keeping you informed about the event or future editions of it, and in your express consent for us to process the health data you supply to us for the sole purpose of providing you with the assistance you yourself have at well apply to us.
We use the following data to authorize or deny your access to the restricted areas of the event, to analyze and monitor the occupancy and logistics of the different areas, to plan the events, and to ensure your health and safety (including , where applicable, the prevention of the spread of diseases and contact tracing of people affected, for example, by Covid-19):
• Your participant credential (which is nothing more than the QR we will have sent you upon accepting your registration to participate in person);
• The result of the antigen test of the day you enter the rooms;
• The dates and times when your access to the rooms has been previously authorized, and your and your exit from them. These data we will use to rule out duplicate credentials; and
• The photograph that we may ask you and which, if applicable, we initially validate against your ID or passport, and will be validated again when accessing a restricted access room for security reasons (to ensure that the person accessing it is the real owner of all this data).
The legal basis for this treatment is our agreement to attend the event in person.
If you participate in this event in person, both the professionals who act on behalf of the Government of Andorra and those of the independent press can register their image and voice in the context of the event. These professionals will be duly identified, and in no case will they be forced to appear in a recording.
The Government of Andorra has a public interest in the media coverage of the event for the purpose of using the recordings in promotional materials, including this website and the social networks of the Government of Andorra, as well as the websites and social networks of the collaborators and sponsors of this event.
If we do not know you, we may use your personal data to confirm your identity and, if necessary, the entity you work for and your role in that entity. We do this where we are subject to legal obligations that require us to authenticate your identity before we continue to process your personal data, or where it is in our legitimate interest to ensure that your request is genuine and not made for fraudulent reasons or be spam content (spam).
We collect the optional data that you voluntarily provide us in the forms (which are not marked with "*") to offer you a more personalized service in relation to the purpose to which the form is specifically dedicated, and to extract statistics that we they help improve our care and our services.
The basis that authorizes us to process this personal data for this purpose is the consent you express when you provide it to us. As always, you can retract and withdraw consent at any time, with the sole effect that we will no longer use this personal data and, therefore, the services associated with the form will be less personalized from that point on.
The Government collects the data you provide directly, or those provided by third parties yours name (identification, contact, economic and, often, employment data), during the signing of agreements or contracts in which the Government and you (or the entity you represent) are parties, with the purpose of formalizing them, manage them, execute them and keep you informed about everything that may interest you (or the entity you represent) in relation to the matters to which the scope of each agreement or contract refers.
The processing of your data for the purpose of keeping you informed in relation to the matters referred to in the scope of our agreement or contract is justified in our public interest (if the contract is linked to our public function ) or our legitimate interest (if not).
The processing of your data for other purposes is legitimate, in these cases, to be necessary to execute the terms and conditions of the corresponding agreement or contract, or to establish pre-contractual conditions when you so request.
We use the data you provide us in the forms on this website with the aim of extracting aggregate statistics (in which it is not possible to identify any specific person) with the aim of improving the services we offer you.
The basis that legitimizes us to process your data for this purpose is our legitimate interest in improving our economic results and, simultaneously, the services we offer you.
We collect the personal data that you voluntarily and freely provide us in your e-mails or instant messaging messages, by telephone, through web forms, or through requests to exercise rights, to attend to your requests. requests, inquiries or claims in relation to our services or the rights you have over your personal data.
The legal basis for these treatments is our legal obligation to attend to your requests to exercise rights, and, for other purposes, our legitimate interest in attending to you. The provision of your personal data is therefore voluntary, although if you do not provide them we will not be able to process your request, query or claim. You can object to our legitimate interest whenever you wish, although this opposition will also make it impossible to continue processing the request, inquiry or claim.
We can process the data you provide us through surveys to request an assessment of the care received.
The basis that legitimizes these treatments is our legitimate interest in improving the quality of our services.
We collect your email address when you register for the event to inform you by email about news that we may consider of interest to you and that are related to the world of tourism in Andorra, including the organization of future events.
The legal basis of this treatment is our legitimate interest in keeping you informed about tourism in Andorra, to which you can object at any time by exercising your right as indicated later in this policy or through the 'link that there is for this purpose at the foot of all our emails.
We retain data that may be necessary to manage your potential claims, or ours, on the basis of our legitimate interest in defending ourselves to safeguard our rights.
We use your data booking and your ID or passport and even, eventually, a document proving your protection status against COVID-19 (the latter, only if we are legally required to do so), to authorize or not the access to restricted areas of our events, facilities or services, analyze and monitor the occupancy and logistics of the different areas and ensure your health and safety (including preventing the spread of disease and contact tracing of people affected by COVID-19).
The legal basis for this treatment is the ticket sales contract or the service contractlof whichal sou party, our legitimate interest in avoiding unnecessary crowding and, in the event that we request documents proving your protective status against COVID-19, our legal obligation.
If you have lost a mobile phone or any other item containing personal data and it is found or delivered to us, we will hold that personal data until the rightful owner of the lost item successfully claims it at our customer service point or , after a reasonable period of time, we will hand it over to the Police Department to manage its custody and eventual return.
The basis that legitimizes us to treat the personal data of mobile phones, wallets, backpacks and other objects that may contain personal data in this way is our legitimate interest in preventing their theft and returning them to you.
We collect and process exclusively the data you provide us through the corresponding participation form, associated with the regulatory bases of the competition, raffle or promotional lottery in question, together with the data you send us during participation. The main purpose of this treatment is to manage your participation in this contest, draw or promotional lottery, and the secondary purposes are those specified in the corresponding terms and conditions of participation.
The basis that legitimizes this treatment is the execution of the participation agreement that you sign when you send us the corresponding correctly completed form. The supply of personal data for these purposes is voluntary, although, if you do not provide them to us, you will not be able to participate in the corresponding contest, raffle or promotional lottery.
If you participate in our activities or attend our events or award ceremonies in person, the independent press and our own professionals may record your image and, at pre-arranged times, your voice, in the context of the event or the awarding of the award.
The legal basis for this processing of your image is your express consent whenever it is possible for us to request it from you, or where it is not possible for us (for example, when time has passed since the recording and we do not have your contact details), the public interest in promoting events and activities that we organize or sponsor, or that we consider to have a link with the country brand.
You are not required to appear in a recording. If you wish, you have the right to withdraw your consent or to object to our public interest at any time. In order to assess your opposition to the public interest, and if necessary to immediately remove the images in which you are identified, we will ask you to tell us where you saw them.
If you have entered into a contract or an image rights assignment consent with us, we may collect photographs or videos of our facilities, products or services in which you are identified, and may be seen, for later use them in promotional campaigns or publish them in media such as the national or international press, our websites or other media such as public radio or television. If you have signed an image rights assignment consent, we inform you that you can revoke it at any time so that we remove your image, without the revocation affecting the dissemination of the image that took place before we processed it request.
Additionally, we may graphically record the atmosphere of our facilities to promote them or to promote your products and services and, eventually, your image may appear in such graphic material. Unlike what is indicated in the previous paragraph, in this case the legal basis for the processing of your images is our legitimate interest, which you can oppose at any time if you consider that it is contrary to your own interests. In order to assess your objection to our legitimate interest, and if so to immediately remove the images that identify you, we will ask you to tell us where you saw them.
We use cookies (cookies) functional for collect, store, query and process personal information (linked to you through unique identifiers or IP addresses), from your device's browser, in order to ensure the proper functioning of our website.
As they are cookies necessary for the correct functioning of the website, or personalization cookies, their use does not require you to give us express consent, and the basis that legitimizes us to use them is our legitimate interest in being able to offer - our website services to you in accordance with your preferences.
You can find more information about these cookies in our cookie policy.
We use analytical or statistical cookies to identify the most and least visited pages, analyze which contents are of most interest to our visitors, and measure the success of our information campaigns, all with the aim of improving the services we offer you at through the web. All these purposes provide aggregated results, in which it is not possible to identify the interests of any particular person.
The LQPD does not impose specific requirements on this type of cookie, and the European Data Protection Committee has reviewed that, in general, if not sent to third parties, the data collected for statistical purposes does not pose an appreciable risk to the people interested.
However, the law governing electronic procurement and operators that develop their economic activity in a digital space requires that, when the website is dedicated, among other things, to developing an economic activity in the digital space, or if the data collected by the statistical cookies is shared with third parties, the data controller can only use the data from the statistical cookies or transfer them to third parties with your consent. If this is the case for our website, we will ask for your consent before we use your data, and your failure to give it or withdraw it from us will have no effect other than hindering our purpose of improving the web by analyzing aggregate statistics of our visitors' browsing.
You can find more information about these cookies in our cookie policy.
Additionally, as an obligation that Google LLC, a company of which Google Ireland Ltd is a subsidiary, imposes on entities that, like us, use Google tools Analytics or Google reCAPTXA, we inform you that these two services are operated by Google Inc., domiciled at 1600 Amphitheater Parkway, Mountain View, CA 94043, in the USA, and that Google Inc. is a beneficiary of these services.
The information generated by the cookie about your use of this website and your advertising preferences is generally transmitted to a Google server in the USA and stored there. If you wish to obtain more information, you can consult the page that describes how Google uses information from our website and/or the Google privacy policy regarding the aforementioned services.
We inform you that we have activated the IP anonymization function in the Google service to add additional safeguards to the standard contractual clauses that protect this international transfer of data to the USA. With this, Google will shorten your IP address before transmitting it to the USA (identity obfuscation process). Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. Google guarantees that the IP address transmitted by your browser to Google Analytics will not be processed together with any other data held by Google.
Podeu consultar les categories de dades personals que processen aquests serveis a privacy.google.com/businesses/adsservices.
The Government undertakes security measures appropriate to the level of risk to protect personal information against loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of the personal information. However, if we determine that your data has been misappropriated, exposed through a security breach, or improperly acquired by a third party and exposes you to a high risk, we will immediately notify you of that security breach. , misappropriation or misappropriation, and about the steps we have taken and the steps we recommend you take so that you are not affected by the breach.
The basis that legitimizes this treatment is the legal obligation set out in article 37 of the LQPD (35 of the RGPD), and our legitimate interest in preventing this security breach from harming you.
For other purposes scientific, historical, statistical or other that are not incompatible with the previous ones
We may use your personal data for other scientific, historical, statistical or other purposes that are not incompatible with those indicated above, for reasons of public interest, on the condition that it is permitted by a regulation with the rank of law and by the regulations in force in matters of personal data protection, and of course, acting in accordance with these regulations and the rest of the applicable regulations.
We do not share your personal data with anyone, unless:
· Be the one to ask us.
· We have a legal obligation to do so.
· As necessary to enforce the terms and conditions of our products and services, including investigating potential violations.
· As necessary to detect, prevent or otherwise address fraud, security or technical problems.
· Let us be co-responsible for the collection of data, so that, always with your consent, other entities process them on their own behalf. This is the case of Google Ireland Ltd, with registered office at 4 Gordon House Street, Barrow, Dublin, Ireland, to whom we have entrusted the processing of cookie data necessary to use its Analytics and reCAPTXA services. Google Ireland Ltd acts as an independent controller for all processing carried out on its behalf in accordance with its privacy policy. We transfer data to Google Ireland Ltd on the basis of the data protection agreement that this company located in the EU includes in the addendum to the standard contract for countries suitable for the RGPD, as is the case of Andorra, in which we add the additional safeguard of activating the anonymization of the IPs collected by the cookies. In our cookie policy you will see which analytical and advertising cookies we offer you and how you can configure them.
· The sponsors, the authorized media, or the organizers of future editions of this event, request the recordings of the event for the purposes of promotion of this or its future editions.
· A company outsourced by us needs to process them on our behalf (for example, the company that provides us with data protection officer services, and that has to deal with your requests to exercise rights), always under the terms and conditions of the corresponding data processor contract.
· We need to protect or defend the rights or property of the Government.
It is not planned to make any international transfer of personal data, and, if we eventually need to make them, we inform you that they would comply with the provisions of the regulations in force that affect us at any time , and preferably, selecting providers who guarantee that they only transfer your data when the recipient countries offer a level of protection equivalent to Andorran law, in accordance with article 43 of the LQPD.
The Government keeps personal data exclusively for the duration of the treatments that require them (recommended by the National Commission for Access and Evaluation of Documentation, CNAAD) and then for as long as it takes to prescribe the legal responsibilities that affect us at any given time, arising from the treatment in question (including the obligation to be able to demonstrate that we have complied with your request for destruction of personal data).
We will destroy any unnecessary or disproportionate personal data that may appear in emails and instant messages we receive, or via forms on our website as soon as we receive it.
We will destroy (and rectify) any personal data that we find to be inaccurate as soon as we verify its inaccuracy.
If you send us a copy of an identity document, we will destroy this copy as soon as we have verified that it fulfills the function for which you sent it to us.
Where we do not have a legitimate purpose for processing some of your personal data, we will delete or anonymize it, and if this is not possible (for example, because it is in backups), we will store it securely and block it to isolate - them from any further processing until it is possible to remove them.
You have the right to obtain confirmation as to whether or not we have any of your personal data.
We remind you that, when we share personal data with other controllers, you must exercise your rights directly against those controllers by following the instructions provided in their own privacy policies. Specifically, in relation to the data that our cookies share with Google, we inform you that you can install in Chrome, Internet Explorer, Safari, Firefox or Opera browsers the plugin to not send Google Analytics or Google Ads data to Google Inc.
Below we explain what other rights you have and how you can exercise them.
You can request us to enforce the following rights:
· Access to your personal data.
· Rectification of some of your personal data, specifying the reason.
· Deletion of some or all of your personal data.
· Limitation of the processing of your data, specifying the reason for the limitation.
· Objection to the processing of your personal data.
· Portability of your data when the basis for legitimizing the collection has been consent or a contract.
· Right not to be subject to automated individual decisions. Link França
The consent given, both for the treatment and for the transfer of the data of the interested parties, can be revoked at any time and must be communicated to us, just like any other right, as indicated in the following section. This revocation will in no case be retroactive.
You can exercise your rights:
1. By sending a written request to the Government, addressed to our postal address, indicated in the section 2 of this policy, indicating a means of contact with you to be able to respond to your request, or ask you for more information if necessary. We would appreciate it if you wrote in the envelope "Exercise of personal data protection rights".
2. By sending an email or the form associated with the right you wish to exercise to the e-mail address dpd@govern.ad, preferably indicating in the subject "Exercise of personal data protection rights". You will find these forms later, in this same section of the privacy policy.
In both cases, if it is not possible for us to verify that you are who you say you are, we will ask you to send us proof of your identity, to ensure that we only respond to the interested party or their representative legal
If the person sending the mail does so in the capacity of representative of the person concerned, the accreditation of the representative must be done through documents or legal instruments that correctly identify the person concerned and the representative and specify the order or procedure for the which representation is delegated.
Finally, and especially if you consider that you have not obtained full satisfaction from the attention to the exercise of your rights, we inform you that you can submit a claim to the national control authority of your country, or go to this effect to the Andorran Data Protection Agency (APDA).
In order to facilitate the exercise of your rights, we recommend that you use the application forms that correspond to the following, and do not fill in the data that you consider not necessary to authenticate your identity or that of your representative:
· Form for exercising the right of access
· Form for exercising the right of rectification
· Form for exercising the right of opposition
· Form for exercising the right of deletion
· Form for exercising the right to limit treatment
· Form for exercising the right to portability
. Form for exercising the right not to be subject to automated individual decisions
By providing us with your details, you warrant that they are accurate and complete. Likewise, you confirm to us that you are responsible for the veracity of the personal data that you have communicated to us and that you will keep it conveniently updated so that it corresponds to your actual situation, and that you are responsible for any false or inaccurate personal data that you may provide to us , or that subsequently become inaccurate, as well as damages, direct or indirect, that may derive from their inaccuracy.
You cannot provide us with other people's data unless it is justified in relation to the services you request from us. In any case, if you provide us with the personal data of third parties, you assume the responsibility to inform said third parties before providing us with their personal data. This information that you must provide to the third parties whose data you supply to us must include all the provisions provided for in this privacy policy, and you are the one who is responsible for the lawfulness of this personal data and for transmitting to its holders the rights they have in relation to their personal data.
In cases where you have to provide us with data of a person under 16 years of age or of a person whose rights are limited, in doing so you are obliged to have the authorization of the holders of their parental authority or tutelage. Without this authorization, it is forbidden for you to provide us with any personal data of these people.
We are fully committed to protecting your privacy and your personal data. We have drawn up the register of all personal data processing activities that we carry out, we have analyzed the risk that each of these activities may pose to you, and we have implemented the appropriate legal, technical and organizational safeguards to avoid, as possible, the alteration of your personal data, its misuse, loss, theft, unauthorized access or unauthorized processing. We keep our policies up to date to ensure that we provide you with all the information we have about the processing of your personal data, and to ensure that our staff receive appropriate guidance on how to handle it. We have signed data protection clauses and data processor contracts with all our service providers, taking into account the need that each of them has to process personal data.
We restrict access to personal data to employees who really need to know it to carry out any of the treatments mentioned in this policy, and we have trained and made them aware of the importance of confidentiality and maintaining the integrity and availability of information, as well as well as the disciplinary measures that any eventual infringement in this matter would imply.
However, if the Government determines that your data has been misused (even by a Government employee), exposed through a security breach, or improperly acquired by a third party, the Government will notify you immediately. of this security breach, misappropriation or acquisition.
We will update this policy when necessary to reflect any changes to the regulations or our treatments. If the changes are substantial, we will notify you before they become effective by sending you a notification or by posting a prominent notice on this website, and you will have the option to exercise your rights as we informed you in a previous section. In any case, we recommend that you periodically review this privacy policy to learn how we protect your personal data.
If you have any questions about this policy, please feel free to let us know by emailing us at dpd@govern.ad.