This is the data protection policy of Caldes de Malavella Town Council. It refers to the data of natural persons with whom it is related in the exercise of its powers and functions. Given the functions of Caldes de Malavella Town Council, some processing is the result of the provision of services to other public administrations that have delegated functions to it. The processing is carried out in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016) and state regulations on this matter.

Who is responsible for processing personal data?

The person responsible for processing personal data is Caldes de Malavella Town Council (from now on, the Town Council), with CIF P1703700C and address at calle Vall-llobera, s/n, Caldes de Malavella (CP 17455), telephone 972470005, e-mail This email address is being protected from spambots. You need JavaScript enabled to view it.,

What criteria do we use to process personal data?

In the treatment of the data we fully assume the principles of the General Regulation of Data Protection.

a) We treat them in a lawful manner (only when we have a legal basis that allows us to do so and with transparency before the interested party.

b) We use them for the specific, explicit and legitimate purposes that we explain when we obtain them. Subsequently, we do not treat them in a way that is incompatible with those purposes.

c) We only process the adequate, pertinent and limited data to what is necessary in each case and for each purpose.

d) We make every effort to keep the data up to date.

e) We keep them for the necessary time, complying with the regulations governing the conservation of public information.

f) We apply appropriate technical or organisational measures to prevent unauthorised or unlawful processing, or accidental loss, destruction or damage.

Who is the Data Protection Delegate.

The Data Protection Delegate (DPD) is the person who supervises compliance with the data protection policy of the Town Council of Caldes de Malavella, ensuring that personal data are treated properly and protect the rights of individuals. Among its functions is to address any doubt, suggestion, complaint or claim of the people whose data are processed. You can contact the Data Protection delegate by writing to the address Calle Vall-llobera, s / n, Caldes de Malavella (CP 17455) or email This email address is being protected from spambots. You need JavaScript enabled to view it..

For what purpose do we treat the data and to whom we communicate them.

The Town Council processes the data in order to exercise its competences and functions. The City Council's services are described on its website and in its electronic headquarters. A full description of the processing and the purposes for which the data is intended is included in the Register of Processing Activities.


The inhabitants of the municipality must appear in the register of inhabitants. We carry out the necessary formalities for the Town Hall to have it updated on the basis of the information provided by the interested parties and the ex officio actions of our services. The data from the census serve to prove residence in the municipality, to know the address for notification purposes, to carry out statistics, to form the electoral census and other purposes established in the Law on Local Regime Bases and other regulations governing the census. The communication of census data is limited to the cases authorised by the regulations that provide, among other cases, communication to other administrations when it is necessary to know the address of a citizen in the context of an administrative procedure.

Administrative procedures and formalities.

On the basis of the applications of the interested persons, we use their data to follow the proper processing of each procedure. The catalogue of procedures and the procedure followed can be consulted on the website. Depending on the procedure, the data may be communicated to other administrations competent in the matter. In some cases they must be published in accordance with the principle of transparency.

Tax management and collection.

The management of taxes and the collection of other revenues under public law entails the processing of a significant volume of personal data, data which are processed continuously and which in some cases come from other administrations. They are processed solely for this purpose. In accordance with the regulations, data may be communicated to other administrations. In some cases they must be published for notification purposes.


In order to provide the services, we process the data provided by the beneficiaries or those that we have obtained from other administrations. Offering these services often involves monitoring and obtaining new data from users. The catalogue of services can be consulted on the transparency portal. As a general criterion, data are not communicated to other people without the explicit consent of the user of the service.


In the organisation of cultural, leisure, educational or sporting activities, we receive data from the people who register, in order to organise the activity. As a general criterion the data are not communicated to other people without the explicit consent of the person who participates in the activity.


We attend the consultations of the people who use the contact forms of our web page. The data are used solely for this purpose and are not communicated to others.

Personnel selection.

We receive curricula vitae and call for personnel selection processes. The data provided by the interested parties allow us to evaluate the merits and analyse the suitability of the profile of the candidates according to the vacant or newly created positions. They are not communicated to other people.

Sending information.

With each person's explicit consent, we use the contact details you have provided to inform us of our initiatives, services or activities. We do this through different channels depending on how each person has authorized it. They are not communicated to others without your consent.

Management of our suppliers' data.

We record and process the data of the suppliers from whom we obtain services or goods. This can be the data of persons acting as freelancers and also data of representatives of legal persons. We collect the data necessary to maintain the business relationship and use them only for this purpose. In compliance with legal obligations (tax regulations) we communicate data to the tax administration.

Video surveillance.

In the access to our facilities it informs, when it is the case, of the existence of video-surveillance cameras by means of the homologated signs. The cameras record images only of the points where it is justified in order to guarantee the security of goods and people. The images are only used for this purpose. In justified cases we communicate the data to law enforcement agencies or competent judicial bodies.

What is the legal legitimacy for the processing of data.

The data processing we carry out has different legal bases, depending on the nature of each processing.

Fulfillment of legal obligations.

Data processing in the context of administrative procedures is carried out in accordance with the rules governing each procedure. It is carried out in compliance with legal obligations.

Fulfill a mission in the public interest.

The processing resulting from the provision of our services is justified in satisfying the public interest. Also the images that we obtain with the video surveillance cameras are treated to preserve the public interest.

Compliance with a contractual or pre-contractual relationship.

We treat our suppliers' data in accordance with public sector procurement regulations to the extent and to the extent necessary for the development of the contractual relationship. In another sense, but also within the framework of contractual or pre-contractual relations, we process data of people who participate in selective processes or who are incorporated into our institution.

On the basis of consent.

When we send information about our initiatives, services or activities, we process the contact details of the recipients with their explicit authorisation or consent.

To whom is the data communicated?

As a general criterion we only communicate data to administrations or public powers and always in compliance with legal obligations. When issuing invoices to customers, data may be communicated to banks. In justified cases we will communicate the data to the competent law enforcement agencies or judicial bodies. There are no data transfers outside the European Union (international transfer).

In other respects, for certain tasks we obtain the services of companies or individuals who bring their experience and expertise. Sometimes these external companies must access personal data of our responsibility. It is not a transfer of data, but a processing order. Services are only contracted from companies that guarantee compliance with data protection regulations. At the time of contracting, their confidentiality obligations are formalised and their actions are monitored.

How long we keep the data.

The conservation time of the data is determined by different factors, mainly the fact that the data are still necessary to meet the purposes for which they were collected in each case. Secondly, they are kept in order to face possible responsibilities for the processing of the data by the Town Hall, and to attend to any request from other public administrations or judicial bodies.

Consequently, the data will be kept for the time necessary to preserve their legal or informative value or to prove compliance with legal obligations, but not for a period longer than necessary in accordance with the purposes of the processing.

In certain cases, such as that of data contained in accounting documentation and invoicing, tax regulations require them to be kept until responsibilities in this area are prescribed.

In the case of data that are processed exclusively on the basis of the consent of the person concerned, they are kept until that person revokes this consent.

Finally, in the case of images obtained by video-surveillance cameras, they are kept for a maximum of one month, although in the case of incidents that justify it, they are kept for the time necessary to facilitate the actions of the security forces or judicial bodies.

The regulations governing the conservation of public documentation, and the opinions of the National Commission for Access, Evaluation and Documentary Selection are a benchmark that determine the criteria we follow in the conservation or elimination of data.

What rights do people have in relation to the data we process.

As provided for in the General Data Protection Regulations, the persons whose data we process have the following rights:

To know if they are processed. First of all, everyone has the right to know whether we are processing their data, regardless of whether there has been a previous relationship.

To be informed at the time of collection. When personal data are obtained from the data subject, at the time of providing them, they must have clear information on the purposes for which they will be used, who will be responsible for the processing and the main aspects arising from this processing.

Access. A very broad right that includes the right to know precisely what personal data are being processed, the purpose for which they are being processed, the communications to other persons that will be made (where applicable) or the right to obtain a copy or to know the conservation period foreseen.

To request its rectification. This is the right to have inaccurate data processed by us corrected.

To ask for its suppression. In certain circumstances there is a right to request the deletion of data when, among other reasons, they are no longer necessary for the purposes for which they were collected and for which they were processed.

In certain circumstances, the right to request limitation of the processing of data is also recognised. In this case they will cease to be processed and will only be kept for the exercise or defence of claims, in accordance with the General Data Protection Regulations.

In portability. In the cases provided for in the regulations, the right to obtain one's own personal data in a structured format for common use legible by machine, and to transmit them to another data controller if the interested party so decides.

To oppose processing. A person may invoke motives related to his particular situation, motives that will result in his data not being processed to the extent or to the extent that it may cause harm, except for legitimate motives or the exercise or defence against claims.

Not to receive information. We immediately deal with requests to no longer receive information about our activities and services, when these submissions were based solely on the consent of the recipient.

How you can exercise or defend your rights.

The rights listed above can be exercised by sending a request to the Town Hall at the postal address or to the other contact details indicated in the heading.

If no satisfactory answer has been obtained in the exercise of the rights it is possible to present a claim before the Catalan Data Protection Authority, by means of the forms or other channels accessible from its website (

In all cases, whether to present complaints, request clarifications or make suggestions, it is possible to contact the Data Protection Delegate by means of an e-mail message to the address This email address is being protected from spambots. You need JavaScript enabled to view it..