Privacy Policy
Projects with External Collaborator of Meridional Events S.L.
1. Introduction
At Meridional Events S.L., we process personal data with the utmost regard for the legislation in force and for the principles of confidentiality, data minimisation and security.
This Privacy Policy applies specifically to projects, events and services in which an independent external collaborator intervenes, who may act as the operational point of contact in the management of the project.
In such cases, the client always contracts with Meridional Events S.L.; the external collaborator acts within the framework defined by the Company; and the processing of personal data is carried out solely for the proper execution of the project.
2. Applicable legislation
The processing of personal data is governed by Regulation (EU) 2016/679 (GDPR), Ley Orgánica 3/2018 (LOPDGDD), and all other applicable legislation.
3. Data Controller
Meridional Events S.L.
NIF: B75679035
Address: Calle Pelayo 6, Málaga, Spain
Email: privacy@meridionalevents.com
Website: www.meridionalevents.com
4. How we process data
Depending on the context of the project, Meridional Events S.L. shall normally act as Controller where it organises, coordinates and executes the event.
In certain cases, where the client provides participant data for the provision of the service, Meridional shall process such data within the framework of the mandate received and in the role which legally corresponds according to the nature of the specific processing.
In all cases, the data are used exclusively for the execution of the project.
5. Role of the external collaborator
In the projects covered by this policy, the external collaborator accesses data solely in order to manage the project, acts within Meridional’s organisational framework, may not use the data for its own purposes, may not create independent databases, may not reuse contacts or information outside the project, must comply with the applicable security and confidentiality measures, and must erase or cease using the data once its involvement has ended.
The collaborator’s access is carried out through corporate accounts or project operational channels, and the collaborator may intervene in communications with clients and suppliers where necessary for the execution of the event.
6. What data we process
Depending on the project, we may process the following categories of data:
- Identification and contact data: first name and surname, email, telephone number, company and position.
- Event logistics data: travel, accommodation, schedules, rooming lists, transfers and planning.
- Data required for accommodation, documentary registration and nominative access: first name and surname, sex, nationality, date of birth, type and number of identification document (DNI, NIE, TIE or passport, as applicable), habitual place of residence (full address, locality and country) where required, email address and telephone number where required or necessary for service management, together with arrival, departure, booking, contract or payment details where required by the applicable legislation or by the provider subject to the registration obligation.
- Administrative data: billing, tax details, and payment or refund information.
- Health data, only where necessary: allergies, intolerances, reduced mobility and special requirements.
Such data are requested only where they are indispensable for the proper provision of the service.
7. Where the data come from
The data may come from the data subject itself, from the client company, from project forms, from communications by email, WhatsApp or other operational channels, from lists or documents provided by the client, and from the external collaborator within the project.
8. What we use the data for
The data are processed in order to organise and execute the event, manage accommodation, activities and logistics, coordinate participants and suppliers, manage billing and legal obligations, resolve incidents, and guarantee the safety of the event.
We do not use the data for commercial purposes or marketing in this specific context.
9. Communication of data
The data may be communicated, where necessary, to hotels and accommodation providers, museums, monuments or nominative access points, logistics providers, restaurants in the event of dietary requirements, and authorities where there is a legal obligation to do so.
We always apply the principle of minimum necessary access.
10. Processing of health data
Health data are processed under enhanced protection, are collected only where necessary, are limited to what is strictly indispensable, and are communicated solely where necessary for the provision of the service.
As a general rule, they shall be shared on a non-nominative basis whenever possible, and shall only be associated with a specific person where strictly indispensable in order to guarantee that person’s safety or the proper execution of the service.
They are never used for purposes other than the event.
11. International transfers
Where technological tools are used which entail processing outside the European Economic Area, appropriate safeguards shall be applied in accordance with the GDPR, such as standard contractual clauses or other legally valid mechanisms.
12. Data retention
The data shall be retained only for so long as is necessary for each purpose and, thereafter, for the periods required by the applicable legislation or necessary for the bringing, exercise or defence of claims.
- Project and participant operational data: for the time necessary for the preparation, execution, close-out of the project and handling of subsequent incidents and, as a general criterion, for a maximum period of 12 months from the end of the event, unless they must be retained for longer due to a legal obligation or pending claim.
- Data communicated for accommodation, documentary registration and nominative access: for the time strictly necessary for service management and for such periods as may be required pursuant to the applicable legislation and to the documentary registration obligations of the relevant provider or responsible party.
- Health data and special requirements: until they cease to be necessary and, as a general rule, within a maximum period of 90 days from the end of the event, unless there is a legal obligation or an open incident.
- Tax, accounting and contractual data: for the applicable statutory periods.
- Project communications (emails, messages and operational records): during the management of the project and, as a general criterion, for up to 24 months from the last relevant interaction, unless they must be retained for longer for the defence against claims.
- External collaborator access credentials and project-related permissions: only for so long as necessary for the operational needs of the project or of the collaboration, and they must be revoked or restricted when no longer necessary.
13. Rights of data subjects
The data subject may exercise the rights of access, rectification, erasure, objection, restriction and portability by sending a request to privacy@meridionalevents.com.
The data subject may also lodge a complaint with the Agencia Española de Protección de Datos.
14. Security
We apply appropriate technical and organisational measures, including access control, project-based organisation, use of corporate channels, and restriction of access to sensitive data.
The external collaborator is under an obligation to comply with such measures.
15. Security incidents
Any incident affecting personal data must be notified to Meridional without delay for evaluation and management in accordance with the applicable legislation.
16. Minors
The services are directed at companies.
We do not intentionally process data relating to minors. In exceptional cases, such processing shall be limited to what is strictly necessary.
17. Images and videos
As a general rule, images shall not be captured or used for promotional purposes in these projects.
Capturing may only take place where expressly requested by the client or where it forms part of the contracted service.
Under no circumstances may the collaborator use images for its own purposes.
18. Updates
This policy may be updated in order to adapt to legal or operational changes.
19. Contact
Meridional Events S.L.
Calle Pelayo 6, Málaga, Spain
Email: privacy@meridionalevents.com
Website: www.meridionalevents.com
Contents
- 1 Privacy Policy
- 1.1 Projects with External Collaborator of Meridional Events S.L.
- 1.2 1. Introduction
- 1.3 2. Applicable legislation
- 1.4 3. Data Controller
- 1.5 4. How we process data
- 1.6 5. Role of the external collaborator
- 1.7 6. What data we process
- 1.8 7. Where the data come from
- 1.9 8. What we use the data for
- 1.10 9. Communication of data
- 1.11 10. Processing of health data
- 1.12 11. International transfers
- 1.13 12. Data retention
- 1.14 13. Rights of data subjects
- 1.15 14. Security
- 1.16 15. Security incidents
- 1.17 16. Minors
- 1.18 17. Images and videos
- 1.19 18. Updates
- 1.20 19. Contact