Visit our city and discover the advantages that Burgos offers to those who attend its congresses

Data Protection


This Privacy Policy has been developed taking into account the provisions of the Organic Law on Protection of Personal Data in force, as well as Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter the GDPR.

The purpose of this Privacy Policy is to inform the owners of the personal data, with respect to which information is being collected, the specific aspects related to the treatment of their data, among other things, the purposes of the treatments, the contact information to exercise the rights that assist you, the terms of conservation of the information and the security measures among other things.

Responsible for the Treatment

In terms of data protection of FECBURGOS - Federation of Businessmen of Commerce of Burgos, it must be considered Responsible for the Treatment, in relation to the files/treatments identified in this policy, specifically in the Data Treatment section.

The following are the identifying data of the owner of this website:

Responsible for the Treatment: FECBURGOS - Federation of Commercial Entrepreneurs of Burgos
Postal address: Av. de Castilla y León, nº22. 09006. Burgos.
Email address:

Data Protection Officer

To exercise your rights of access, rectification or deletion, limitation of your treatment, portability and/or opposition, you may contact the person in charge of the treatment: FECBURGOS - Federation of Commercial Entrepreneurs of Burgos

Postal address: Avda. Castilla y León 22. C.C. Camino de la Plata 09006 Burgos.

Data processing

The personal data requested, where appropriate, will consist only of those strictly essential to identify and meet the request made by the owner thereof, hereinafter the interested party. Said information will be treated fairly, lawfully and transparently in relation to the interested party. On the other hand, personal data will be collected for certain explicit and legitimate purposes, and will not be further processed in a way that is incompatible with said purposes.

The data collected from each interested party will be adequate, pertinent and not excessive in relation to the corresponding purposes for each case, and will be updated whenever necessary.
The owner of the data will be informed, prior to the collection of your data, of the general ends regulated in this policy so that you can give your express, precise and unequivocal consent for the processing of your data, in accordance with the following aspects.

Purposes of processing

The explicit purposes for which each of the treatments are carried out are included in the informative clauses incorporated in each of the data collection channels (web forms, paper forms, locutions or posters and informative notes)

However, the personal data of the interested party will be processed with the sole purpose of providing them with an effective response and attending to the requests made by the user, specified together with the option, service, form or data collection system that the user holder use.


As a general rule, prior to the processing of personal data, FECBURGOS - Federation of Commercial Entrepreneurs of Burgos obtains the express and unequivocal consent of the owner thereof, by incorporating informed consent clauses in the different data collection systems. information.

However, in the event that the consent of the interested party is not required, the legitimizing basis of the treatment in which FECBURGOS - Federation of Commercial Entrepreneurs of Burgos is protected is the existence of a specific law or regulation that authorizes or requires the treatment of the data of the interested party.


As a general rule, FECBURGOS - Federación de Empresarios de Comercio de Burgos does not proceed to the transfer or communication of data to third parties, except those legally required, however, if necessary, such transfers or communications of Data is reported to the interested party through the informed consent clauses contained in the different ways of collecting personal data.


As a general rule, personal data is always collected directly from the interested party, however, in certain exceptions, the data may be collected through third parties, entities or services other than the interested party. In this sense, this point will be transferred to the interested party through the informed consent clauses contained in the different ways of collecting information and within a reasonable time, once the data is obtained, and at the latest within one month.

Retention periods

The information collected from the interested party will be kept as long as it is necessary to fulfill the purpose for which the personal data was collected, so that, once the purpose is fulfilled, the data will be canceled. Said cancellation will lead to the blocking of the data, keeping it only at the disposal of the Public Administrations, Judges and Courts, to attend to the possible responsibilities arising from the treatment, during the limitation period of these, once the aforementioned period has elapsed, the information will be destroyed.

For information purposes, the legal terms for the conservation of information in relation to different matters are listed below:

Documentation of a labor nature or related to social security 4 years Article 21 of Royal Legislative Decree 5/2000, of August 4, which approves the consolidated text of the Law on Offenses and Sanctions in the Social Order
Accounting and tax documentation for commercial purposes 6 years Art. 30 Commercial Code
Accounting and tax documentation for tax purposes 4 years Articles 66 to 70 General Tax Law
Access control to buildings 1 month Instruction 1/1996 of the AEPD
Video surveillance 1 month Instruction 1/2006 of the AEPD Organic Law 4/1997

Browsing data

In relation to the browsing data that can be processed through the website, in the event that data subject to the regulations is collected, it is recommended to consult the Cookies Policy published on our website.

Rights of the interested parties

The regulations on data protection grant a series of rights to the interested parties or owners of the data, users of the website or users of the profiles of the social networks of FECBURGOS - Federation of Businessmen of Commerce of Burgos

These rights that assist the interested parties are the following:

  • Right of access: right to obtain information about whether your own data is being processed, the purpose of the treatment being carried out, the categories of data in question, the recipients or categories of recipients, the conservation period and the origin of said data.
  • Right of rectification: right to obtain the rectification of inaccurate or incomplete personal data.
  • Right of deletion: right to obtain the deletion of the data in the following cases:
    • When the data is no longer necessary for the purpose for which it was collected
    • When the owner withdraws consent
    • When the interested party opposes the treatment
    • When they must be deleted in compliance with a legal obligation
    • When the data has been obtained by virtue of an information society service based on the provisions of art. 8 sec. 1 of the European Regulation on Data Protection.
  • Right of opposition: right to oppose a certain treatment based on the consent of the interested party.
  • Right of limitation: right to obtain the limitation of data processing when any of the following cases occurs:
    • When the interested party contests the accuracy of the personal data, during a period that allows the company to verify the accuracy of the personal data.
    • When the treatment is illegal and the interested party opposes the deletion of the data.
    • When the company no longer needs the data for the purposes for which they were collected, but the interested party needs them for the formulation, exercise or defense of claims.
    • When the interested party has opposed the treatment while it is verified whether the legitimate reasons of the company prevail over those of the interested party.
  • Right to portability: right to obtain data in a structured, commonly used and machine-readable format, and to transmit it to another data controller when:
    • The processing is based on consent
    • The treatment is carried out by automated means
  • Right to file a claim with the competent control authority

Those interested may exercise the indicated rights, by contacting FECBURGOS - Federation of Businessmen of Commerce of Burgos, by writing, sent to the following address: dpd@fecburgos. com indicating in the subject line the right you wish to exercise. They must provide a supporting document in order to exercise their rights.

In this sense, FECBURGOS - Federation of Businessmen of Commerce of Burgos will respond to your request as soon as possible and taking into account the deadlines established in the regulations on data protection.


The security measures adopted by FECBURGOS - Federation of Commercial Entrepreneurs of Burgos are those required, in accordance with the provisions of article 32 of the GDPR. In this sense, FECBURGOS - Federation of Commercial Entrepreneurs of Burgos, taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks of probability and seriousness variables for the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to guarantee the level of security appropriate to the existing risk.

In any case, FECBURGOS - Federation of Commercial Entrepreneurs of Burgos has implemented sufficient mechanisms to:

  • Guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
  • Restore availability and access to personal data quickly, in the event of a physical or technical incident.
  • Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
  • Pseudonymize and encrypt personal data, if applicable.