Privacy policy

This Privacy Policy has been updated as of 03/30/2023

This privacy policy (“Privacy Policy”) aims to inform you about how we collect, define, and use your Personal Information. Therefore, we inform you that Congresos y Turismo de Sevilla, S.A (“CONTURSA”), hereinafter referred to as THE WEBSITE OWNER, in a clear commitment to regulatory compliance regarding the protection of personal data and transparency, wishes to state that the personal data collected in its various processing activities will be treated with due respect and diligence in accordance with both Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, and with Organic Law 3/2018 of 5 December on Personal Data Protection and guarantee of digital rights.

Personal data is any information about an identified or identifiable natural person, such as: name and surnames, ID number, postal address, email address, images, or data about tastes and hobbies, interests.

Your access and/or use of this Website implies full acceptance of its Terms and Conditions of use. Therefore, it is recommended to carefully read this Privacy Policy each time you use this Website, as well as in any case, to attend to the provisions in the most recent version of said Privacy Policy to be informed of the processing of your personal data by CONTURSA as well as to guarantee your rights in this matter.

Complete Information on Data Protection

1. Who is responsible for processing your data?

Current regulations define the “data controller” as the entity that defines the purposes and means of processing.

Below, we provide you with the necessary information to properly identify our entity as the Controller of your personal data:

  • Data Controller: Congresos y turismo de Sevilla, S.A (CONTURSA)
  • Address: Avda. Alcalde Luis Uruñuela, 1, 41020 Sevilla
  • Tax ID: A90109729
  • Email: info@sevillacityoffice.es
  • Phone: 954 47 87 00
  • Data Protection Officer: dpd@sevillacityoffice.es

2. For what purpose do we process your personal data on fireca.es?

When browsing the website www.fireca.es, you can provide us with data through various means including:

  • Personal data that you provide when using the website’s data forms or when communicating with us through means such as email.

    At CONTURSA, we process the information provided by interested parties in order to properly manage communications, as well as to send communications, including by electronic means, when applicable. The data will be processed for the purpose specified in each form. In case you send us a message, we will process it for the purpose of managing the communications that may be established, based on your request. We may obtain your express consent for the purpose of sending you commercial communications through each data collection form, or through a request in an email message. In these cases, we will always inform you in advance of all aspects required by applicable data protection regulations. Additionally, if once consent has been given, you no longer wish to receive commercial communications, you may revoke your authorization by sending a message to the indicated address.

  • Data that the website automatically collects during your browsing as specified in the Cookie Policy.

    Like most commercial websites, our website uses “cookie” technology (small pieces of data that your browser stores on your device’s hard drive) to collect information about how our website is used. For more information about how we use cookies, please refer to our Cookie Policy.

3. CONTURSA’s Processing Registry

3.1. Accreditations

  • a. Purpose of processing: Management of accreditations for exhibitors, visitors and participants at events held in facilities or spaces managed by the company, when required by the organization.
  • b. Categories of data subjects: Natural persons, including representatives of legal entities to whom the entity provides services.
  • c. Data being processed: Name and surnames, address, signature and telephone. Position in the entity they represent. Data necessary for accreditations.
  • d. Legal basis for processing: the legal basis for processing your data is the processing necessary for the execution of a contract in which the data subject is party or for the application at their request of pre-contractual measures. GDPR: 6.1.b)
  • e. Data transfers: Collaborating Entities and event organizers for management and control of accredited persons.
  • f. International data transfers: No international data transfers are made except in the case of international events to collaborating or organizing entities in missions and/or events that will be duly indicated.
  • g. Data retention period: they will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.2. Security Breaches

  • a. Purpose of processing: Security Breach Management.
  • b. Categories of data subjects: Natural persons and representatives of natural or legal persons whose data are included in the security breach notification, as well as possible natural persons affected by the information provided in the notification.
  • c. Data being processed: Identification and contact data: name and surnames, ID, postal and email address, telephone, signature. Employment data: representation or position data. Other data: those provided in the notification or obtained during breach examination and evaluation actions.
  • d. Legal basis for processing:
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: State Security Forces and Bodies. EU control authorities within the framework of joint actions established in Title VII of the GDPR. Competent authorities.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.3. Whistleblowing Channel

  • a. Purpose of processing: Reports of malpractice, non-compliance or risk of non-compliance with the code of conduct through the whistleblowing channel.
  • b. Categories of data subjects: Natural persons, including representatives of legal entities related to the reports submitted.
  • c. Data being processed: Name and surnames, email address, signature and telephone. Data provided in the report.
  • d. Legal basis for processing:
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
    • Directive 2019/1937 of October 23, 2019 on the protection of persons who report breaches of Union law
    • Law 2/2023, of February 20, regulating the protection of persons who report regulatory infractions and fight against corruption.
  • e. Data transfers: No data communications are planned, unless essential for the investigation of the reported facts to the competent authorities.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for a maximum of 3 months to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.4. Clients

  • a. Purpose of processing: Exhibitors participating in events organized by the company. Companies that organize fairs, congresses, concerts, and similar events in our facilities or other spaces we manage. Requesters, through the website, of information about activities held in the facilities.
  • b. Categories of data subjects: Natural persons, including representatives of legal entities to whom the entity provides services.
  • c. Data being processed: Name and surnames, address, email address, signature and telephone. Position in the entity they represent.
  • d. Legal basis for processing:
    • GDPR: 6.1.b) Processing necessary for the performance of a contract.
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: Collaborating Entities and event organizers.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable. The economic data of this processing activity will be kept under the provisions of Law 58/2003, of December 17, General Tax Law.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.5. Communications and Social Media Management

  • a. Purpose of processing: Management of communications, website and social networks. Contacts with media for the dissemination of news related to the activity.
  • b. Categories of data subjects: Natural persons, including representatives of legal entities, public and private, who are part of the communications appearing in the various publications made through different communication channels.
  • c. Data being processed: Name and surnames, address, email address, signature and telephone. Position in the entity they represent. Image. Voice.
  • d. Legal basis for processing:
    • GDPR: 6.1.a) Consent of the data subject.
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: Not planned.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.6. Compliance Queries

  • a. Purpose of processing: Queries that may arise regarding compliance with the code of conduct.
  • b. Categories of data subjects: Natural persons, including representatives of legal entities.
  • c. Data being processed: Name and surnames, address, email address, signature and telephone. Position in the entity they represent.
  • d. Legal basis for processing:
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: Competent authorities by legal obligation or third parties affected by the information provided.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.7. DPO Queries, Complaints and Suggestions

  • a. Purpose of processing: Queries, complaints or suggestions that may arise regarding data protection as a result of any action taken by the company.
  • b. Categories of data subjects: Natural persons, including representatives of legal entities.
  • c. Data being processed: Name and surnames, address, email address, signature and telephone. Position in the entity they represent.
  • d. Legal basis for processing:
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: Competent authorities by legal obligation or third parties affected by the information provided.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.8. Personnel Management

  • a. Purpose of processing: Management of personnel files.
  • b. Categories of data subjects: Entity personnel. Other collaborating personnel.
  • c. Data being processed: Management of personnel files. Time control, vacations and permits. Management of personnel training. Management of allowances and productivity. Other aspects related to management of labor personnel and collaborators.
  • d. Legal basis for processing:
    • GDPR: 6.1.b) Processing necessary for the performance of a contract.
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
  • e. Data transfers: Social Security organizations, tax office and tax administration. Financial entities, for payroll payment.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.9. Economic and Budgetary Management

  • a. Purpose of processing: Economic, accounting and fiscal management. Processing of procurement files. Management of official and potential suppliers.
  • b. Categories of data subjects: Personnel, internal or external, participating in procurement processes.
  • c. Data being processed: Economic, fiscal and accounting management. Processing of procurement and expenditure files and the formalization, development and execution of the contract.
  • d. Legal basis for processing:
    • GDPR: 6.1.b) Processing necessary for the performance of a contract.
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
  • e. Data transfers: Social Security organizations, tax office and tax administration. Financial entities. Procurement Platform. Publication on the website of contract-related data. Possible data processors on behalf of CONTURSA.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable. The economic data of this processing activity will be kept under the provisions of Law 58/2003, of December 17, General Tax Law.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.10. Tourism Promotion

  • a. Purpose of processing: Tourism promotion of the city of Seville to natural persons and/or legal entities such as hotels, travel agencies or tour operators requesting information.
  • b. Categories of data subjects: Natural persons, including representatives of legal entities, public and private, with whom a relationship is maintained based on the activities entrusted.
  • c. Data being processed: Name and surnames and email address in the case of natural persons. Name, surnames, telephone, address and email for representatives of legal entities. Position in the entity they represent.
  • d. Legal basis for processing:
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: Not planned.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.11. Claims

  • a. Purpose of processing: Claims received through Official Claim Forms, as a result of any circumstance occurring in our facilities. Claims/damages that are processed through our insurance companies.
  • b. Categories of data subjects: Natural and legal persons (citizens and companies). Claimants of property liability affected by injuries to their property and rights, legitimate interest. Natural and legal persons (citizens and companies).
  • c. Data being processed: Identification data: NIF / DNI, Name and surnames, Address, Telephone, Email and fax. Identification of injuries, disabilities, Bank details. Position in the entity they represent.
  • d. Legal basis for processing:
    • GDPR: 6.1.c) Processing necessary for compliance with a legal obligation.
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: In case of lawsuit, communicated to the justice administration.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine possible responsibilities that could arise from said purpose and from the processing of the data. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.12. Smart Office

  • a. Purpose of processing: Management of Smart Tourist Office activities to analyze visitor and/or tourist flows to enable coexistence and neighborhood privacy.
  • b. Categories of data subjects: Residents and/or visitors.
  • c. Data being processed: [Not specified in original]
  • d. Legal basis for processing:
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: Not planned.
  • f. International data transfers: Not planned.
  • g. Data retention period: Maximum 2 seconds.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.13. Personnel Selection

  • a. Purpose of processing: Personnel Selection.
  • b. Categories of data subjects: Candidate persons.
  • c. Data being processed: Name and surnames, address, signature and telephone. CV data.
  • d. Legal basis for processing:
    • GDPR: 6.1.b) Processing necessary for the performance of a contract or pre-contractual measures.
  • e. Data transfers: Not planned.
  • f. International data transfers: Not planned.
  • g. Data retention period: One year.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.14. Ticketing

  • a. Purpose of processing: Online ticket sales for events held in our facilities as well as related products.
  • b. Categories of data subjects: Natural persons who purchase tickets or buy products.
  • c. Data being processed: Name and surnames, address, signature and telephone. Bank details.
  • d. Legal basis for processing:
    • GDPR: 6.1.b) Processing necessary for the performance of a contract or pre-contractual measures.
  • e. Data transfers: Not planned.
  • f. International data transfers: Not planned.
  • g. Data retention period: They will be kept for the time necessary to resolve claims. The provisions of the archives and documentation regulations will be applicable.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

3.15. Video Surveillance

  • a. Purpose of processing: Access control and presence in facilities for security reasons.
  • b. Categories of data subjects: People who access the facilities.
  • c. Data being processed: [Not specified in original]
  • d. Legal basis for processing:
    • GDPR: 6.1.e) Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • e. Data transfers: State Security Forces and Bodies, judicial bodies, Public Prosecutor’s Office.
  • f. International data transfers: Not planned.
  • g. Data retention period: One month.
  • h. Security Measures: Confidentiality, integrity and availability. Encryption.

4. How long will your data be kept?

As a general rule, data will be kept as long as the interested party does not request its deletion or when it is not mandatory to keep them. Subsequently, when they are no longer necessary for the purposes for which they were collected, personal data will be blocked, remaining available exclusively to judges and courts, the Public Prosecutor’s Office or the competent Public Administrations, and in particular to the competent data protection authorities, for the requirement of possible responsibilities derived from the processing and only for the prescription period of these, as well as during the periods established in the archives and documentation regulations. The corresponding periods for each processing can be consulted in the Registry of Processing Activities (section 3).

5. What is the legitimacy for processing your data?

CONTURSA’s legitimacy to process your personal data is compliance with a legal obligation, compliance with a mission carried out in the public interest or in the exercise of official authority or, where appropriate and especially for commercial communications, consent that must be provided through a clear affirmative action.

You can consult the legal basis for each of CONTURSA’s processing activities by accessing the Registry of processing activities (section 3).

6. To which recipients will your data be communicated?

You can consult the legal basis for each of CONTURSA’s processing activities by accessing the Registry of processing activities (section 3).

7. Data transfers to third countries

No data transfers to third countries are planned, unless otherwise indicated in the Registry of processing activities (section 3).

8. What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not CONTURSA is processing personal data concerning them.

Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. They also have the right to data portability.

Under certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only keep it for the exercise or defense of claims.

Under certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In this case, CONTURSA will cease processing the data, except for compelling legitimate grounds, or the exercise or defense of possible claims.

You can materially exercise your rights in the following way: by contacting dpd@sevillacityoffice.es or at the postal address Avda. Alcalde Luis Uruñuela, 1, 41020 Sevilla.

If you have given your consent for a specific purpose, you have the right to withdraw the consent given at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

In case you feel your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you can file a complaint with the Control Authority in matters of Data Protection, which is none other than the Council of Transparency and Data Protection of Andalusia, through their website: https://www.ctpdandalucia.es/.

9. Changes to the Privacy Policy

CONTURSA reserves the right to modify or expand this Privacy Policy at any time. If a change is introduced in the terms of this Policy, the Council will display a notice on its homepage and a link to the new Policy. In no case will the modification of the Privacy Policy affect, by itself, the choice that a User has made regarding how the Council can process their personal data. In any case, the last Privacy Policy accepted by the User will be applicable.

10. Contact the DPO

If you have any questions about our Privacy Policy or about the processing of your personal data, you can contact the email address: dpd@sevillacityoffice.es.

2023 © CONTURSA SA.

Scroll to Top