隐私政策

PRIVACY POLICY

Welcome to the Privacy Policy of the website (hereinafter, the ‘Website’) of REIAL CLUB DEPORTIU ESPANYOL DE BARCELONA, S.A.D. (hereinafter, ‘RCDE’ or the ‘Club’, indistinctly). If you wish to know the information relating to the processing of your data, please consult the following sections:

1. Who is the data controller?

Identity REIAL CLUB DEPORTIU ESPANYOL DE BARCELONA, S.A.D.
C.I.F.: A-08.357.139
Postal code: Avenida del Baix Llobregat, 100. Cornellà de Llobregat (08940).

2. What information do you provide us with?

2.1 Direct: If you have registered, via your e-mail address, on the Web, the data you provide us with are as follows:

  • Personal identification data and personal characteristics: name, surname, telephone number, email address, date of birth, post code, third party account identifiers (Google ID or Apple ID) and complementary information for the application to join the job bank or other corporate requests for the Club.

The data provided through the forms that are marked as obligatory must be provided in order to be able to develop the basic functionalities of the Website. If they are not provided, the application will not be able to develop its basic functionalities with respect to its user.

We may also collect data through the use of cookies on the Website (and/or similar technologies) so that, depending on your settings, RCDE may collect and process personal data. The information we collect includes:

  • Limited personal information and anonymous aggregate statistics of all those users who visit our websites, the Internet Protocol (IP) address of the device you are using, the browser software you use, your operating system, the date and time of access, the Internet address of the website through which you accessed our websites and also information about how you use our websites, battery of the device used, storage space available, language of the device, etc.

For more information on the use and configuration of cookies (and/or similar technologies), please consult our Cookies Policy.

3. For what purposes and on what grounds do we process your data?

Your personal data will be processed for the following purposes:

Why? On what legal basis?
1. Your data will be processed in order to offer you the service consisting of the purchase and sale of products and the contracting of services offered through the Website. By way of example but not limitation, such processing includes managing the contracted services, processing your orders, delivering them to the indicated shipping location, managing your possible returns and informing you about the status/problems of your order/shipment. The processing is necessary for the performance of a contractual relationship to which you are a party or, where applicable, for your request for pre-contractual measures to be taken (Article 6(1)(b) GDPR).
2. In the event that you are interested in creating a Club membership account, we will process your data in order to correctly manage your application for membership of the members' area, as well as access to the content and powers made available to you as a member of the Club. This will mean that your membership account will be managed as part of the Club's digital services (single sign-on).

The processing is necessary for the performance of a contractual relationship to which you are a party or, where applicable, for your request for pre-contractual measures to be taken (Article 6(1)(b) GDPR).
3. In the event that you are interested in creating a member account, we will process your data in order to correctly handle your application for registration as well as access to the content and powers made available to you as a member. This will mean that your member account will be managed as part of the Club's digital services (single sign-on). The processing is necessary for the performance of a contractual relationship to which you are a party or, where applicable, for your request for pre-contractual measures to be taken (Article 6(1)(b) GDPR).
4. Manage and attend to your complaints, requests, suggestions and attention to possible incidents, sending, where appropriate, non-commercial information related to the contract. The processing is necessary for the performance of a contractual relationship to which you are a party or, where applicable, for your request for pre-contractual measures to be taken (Article 6(1)(b) GDPR).
5. Provided that you have consented to this treatment, we will proceed to send, by any electronic means (email, SMS, push notifications), commercial communications about RCDE products and services, including, but not limited to, discounts, news, upcoming releases, invitations to events or contests, surveys, as well as products and services of partners collaborating with RCDE, related to unique promotions for its users, all without involving profiling, nor the communication of my data to third parties. The processing will be carried out exclusively if your consent to carry it out is available (article 6.1.a) GDPR).
6. To preserve the security of people, property and Club facilities through the use of video surveillance systems. The processing will be carried out on the basis of the fulfilment of a mission carried out in the prevalence of a public interest (article 6.1.e) GDPR), in accordance with Law 5/2014, of 4 April, on Private Security.
7. In certain cases, your personal data will be communicated to third parties in order to comply with certain legal obligations or possible judicial decisions, specifically: to competent authorities and bodies, courts, tribunals or any other third parties legitimised in accordance with the applicable regulations. The basis for the processing is the fulfilment of our legal obligations (article 6.1.c) GDPR).
8. To the extent permitted by law, and provided that you have not objected, we will use your data to send you commercial and/or promotional communications by email or SMS about products and services similar to those you have previously contracted during the last year with the Club, without this involving the communication of your data to third parties or profiling.

The processing is carried out for the satisfaction of our legitimate interests (article 6.1.f) RGPD). We always take into account that our interests do not prevail over your fundamental interests, rights and freedoms.

When we contact you by e-mail, SMS or equivalent electronic means, we rely on the exception provided for in article 21.2 of Law 34/2002 (LSSI).
9. Provided that you have consented, your personal data will be processed to study products or services that may be adjusted to your profile and commercial situation, in order to make you commercial offers adjusted to your needs and preferences, without this implying the sending of commercial communications or the communication of your personal data to third parties. In particular, the transactional data obtained through the Club's different digital channels will be analysed, from which historical and temporal patterns of behaviour are identified, with a level of detail aimed at better understanding my interests and consumption habits. Processing will only be carried out if we have your consent to do so (Article 6(1)(a) GDPR).
10. Depending on your cookie settings, we will process your information for collective and anonymous statistical analysis in order to know how our website works, with the aim of improving the development and personalisation of our services. The processing will only be carried out if we have your consent to carry out the processing (article 6.1.a) GDPR).
11. Your information will be processed to ensure the security of our website, preventing and detecting possible security incidents and fraud. The processing is carried out for the satisfaction of our legitimate interest, which is to ensure and improve the security of our products and services (article 6.1.f) GDPR). Provided that our interest does not override your interests, fundamental rights and freedoms.

4. Profiling

Subject to your consent, your personal data and information may be subject to profiling, as indicated in section "3.- For what purpose and on what grounds do we process your data?"

In this sense, your personal data and information are analysed in order to draw up a profile of your interests and preferences in order to personalise the commercial and/or promotional communications that you have consented to receive.

This profile is made by combining the information you have provided when registering as a user, in addition, if you have provided express consent for each of the purposes described in section "3.- For what purpose and legitimacy we process your data", this profile will be made by combining the above information with information obtained from the ‘cookies’ whose installation you have consented to (for more information, see the Cookies Policy). Transactional data collected through the Club's various digital channels is also taken into account, from which historical and temporal patterns of behaviour are analysed.

The elaboration of these profiles will not have any significant legal consequences for the user. They will only influence the type of commercial and/or proportional communications sent. We remind you that you may withdraw your consent to such processing at any time.

5. How long will we keep your data?

RCDE will process your personal data for the period necessary to fulfil the purposes set out in this Privacy Policy, as well as to retain your personal information in compliance with the provisions of relevant laws and regulations.

The criteria we use for this is determined by; (a) the purpose of the data collected and the fulfilment of that purpose (e.g. for as long as our relationship continues); (b) the reasons for which the data is collected (e.g. in the case of consent, you may withdraw your consent at any time); and (c) storage periods required by contractual and regulatory requirements.

In general, the Club will process your personal data for the duration of the business and/or contractual relationship. However, for each of the purposes, in the information that we will provide you with when collecting personal data, we will inform you in a timely and specific manner of the period that is applicable in each case, including those defined by legal requirements, such as those relating to video surveillance activities or internal complaints.

Please note that, in some cases, we may keep your data beyond the aforementioned period, for the period necessary for the formulation, exercise or defence of claims, requirements, responsibilities and legal, contractual or deontological obligations, always being duly blocked. Once the legal limitation periods have elapsed, your personal data will be destroyed.

6. Who may be the recipients of the communication of data?

Your personal data will not be disclosed to third parties without your express consent. However, depending on the purposes for which the personal information is collected, the following recipients may have access to such information, without distinction:

  • Competent bodies and/or Authorities, Courts and Tribunals, as well as the relevant security forces and corps, in cases where there is a requirement and/or legal obligation.
  • Competent bodies and/or authorities and, the relevant security forces and corps, in cases where there is a legal requirement and/or obligation.
  • Third-party service providers who process information in their capacity as data processors. Third-party service providers may have access to the data subject's personal data in order to provide services to the Club, related to the purposes for which the data subject is being informed (including, but not limited to, companies operating in the following sectors: technology, legal advice, marketing, multidisciplinary professional services, IT services, etc.). These suppliers will only access the personal data to carry out their services on behalf of and for the Club, under an obligation of confidentiality and always following its instructions and without at any time being able to use said data for their own purposes and/or unauthorised purposes.

Some of these providers may process and store personal information on servers located outside your country of residence, details of these providers involving international data transfer can be found at: dpd@rcdespanyol.com.

Therefore, depending on the user's location, data transfers to other countries may occur. In such a case, your personal data may be transferred internationally to third parties located outside the European Economic Area (‘EEA’), provided that the RCDE has the authority to do so and subject to compliance with the appropriate safeguards set out in Articles 44 to 50 of the GDPR. Such third parties will only access the data to perform their services on behalf of and for the account of the RCDE, under an obligation of confidentiality and always following its instructions and without at any time using such data for their own purposes and/or unauthorised purposes.

In any case, appropriate safeguards include, inter alia:

i. Adequacy decision. A declaration by the European Commission that a non-EU State offers an adequate level of data protection equivalent to that provided by European data protection law, so that international data transfer to a third party established in that State outside the EU is possible;

ii. Binding Corporate Rules. (also known as ‘Binding Corporate Rules’). They are applicable to business groups or the union of companies engaged in a joint economic activity, which enables the flow of personal data on the basis of self-regulation accepted and assumed by each of the signatory entities;

iii. Standard Contractual Clauses (also called ‘Standard Contractual Clauses’). This is a mechanism signed between the exporter of Personal Data from any of the EEA countries and a third country. It is a contractual agreement whose model has been approved and published by the European Commission and is aligned with the precepts of the GDPR.

iv. Code of Conduct or a certification mechanism, together with binding and enforceable commitments made by the recipient regarding the implementation of appropriate safeguards for the protection of the transferred data.

In the absence of the above, your personal data may exceptionally be transferred to a third country or international organisation, in application of the mechanisms that may be recognised in this respect by data protection legislation.

The RCDE, in order of preference, will carry out international transfers under the following safeguards:

 

Guarantee Criteria used by the RCDE
Adequacy Decision issued EC Measure included as preferred by the RCDE. You can find the list of countries subject to an adequacy decision at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
Binding Corporate Rules

In the absence of an Adequacy Decision, the RCDE will request the importer of the personal data as the preferred security measure. You can find a list of the entities that have BCRs here: https://edpb.europa.eu/our-work-tools/accountability-tools/bcr_en?page=1

Standard Contractual Clauses As a secondary guarantee mechanism in the absence of the above, we will subscribe and/or request a copy, as appropriate, from the importer of the personal data of the signed version of the Standard Contractual Clauses aligned with the European Commission models, available here: https://eur-lex.europa.eu/legal-content/ES/ALL/?uri=CELEX%3A32021D0914.

7. What are the data protection rights of users?

Remember that you have the following rights:

  • Right to request access to personal data: you can ask us whether we are processing your data, and if so, access it.
  • Right to request rectification if the data is inaccurate, or to complete the data that we have incomplete.
  • The right to request the deletion of your data. The right to request the Data Controller to delete all or part of the Data Subject's Personal Data. Remember that while the commercial and/or contractual relationship that we have with you continues to be in force, there is a series of Personal Data that we need to process in order to comply with the contract, so while the contract is in force we cannot delete, block or cancel them, because it would prevent us from fulfilling the contract.
  • Right to request the limitation of processing: in this case we will only keep them for the exercise or defence of claims.
  • Right to object to processing: The right to object to those Processing operations that are based on consent or on the existence of a legitimate interest (including, but not limited to, the sending of commercial communications). In those cases in which the Processing is based on the existence of a legitimate interest, the Data Subject shall have the right to request the weighting report carried out by the Data Controller. In addition, in cases where the purpose of the Processing is to send commercial information of our own or of third parties, the Data Subject may freely and voluntarily opt-out of an advertising opt-out mechanism (more information can be found here https://www.listarobinson.es/). If you exercise this right, we will cease to process your personal data, with the exception of data that must continue to be processed for legitimate reasons or for the exercise or defence of possible claims.
  • Right to data portability: if you wish your data to be processed by another data controller, we will facilitate the transfer of your data to the new controller, provided that this is technically feasible for us in a structured, commonly used and machine-readable format.
  • The right not to be subject to a decision based solely on automated processing of his or her personal data, which produces legal effects or significantly affects him or her. The Data Controller informs the Data Subject that, notwithstanding the fact that it carries out decisions based on automated systems, these decisions (i) either do not produce legal effects or significant effects on the Data Subject; (ii) or are not adopted exclusively in an automated manner.

We remind you that the consents you have given us are always voluntary and you may freely revoke them at any time, without such revocation having retroactive effects. Likewise, if you consider it appropriate, you may file a complaint with the Spanish Data Protection Agency (www.aepd.es). 

To exercise your rights you can contact us by sending an email to dpd@rcdespanyol.com or in writing to the postal address listed in section 1 of this Privacy Policy.

8. Changes to and completeness of our Privacy Policy

We will only use your personal information in accordance with the Privacy Policy in effect at the time we collect your personal information. RCDE reserves the right to modify this Privacy Policy at any time by posting such modifications on our Website.

In the event that any clause of this Privacy Policy is annulled or deemed null and void, the rest of the terms and conditions shall not be affected, and shall remain in full force and effect, in accordance with the applicable regulations in force at any given time.

9. Additional Information

Policy on children's use. Our services are intended only for persons 14 years of age or older. In this sense, we do not deliberately collect information from children under 14 years of age, except those provided by their parents or legal guardians. If we detect that the user is under 14 years of age, we may block and/or delete any personal data that he/she may have provided us with. However, there may be an occasional case, especially in the course of a promotional action, where personal data of minors are processed, in which case consent and authorisation will be requested from the parents or guardians if the minor has not yet reached the age of 14. If you are a minor and are not sure you understand anything we explain, please ask your parents or guardians for help.

Specially Protected Data. RCDE does not collect or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data intended to uniquely identify a natural person, data concerning health or data concerning sexual life or sexual orientations.

User account through social networks with Social Login.In certain cases, when you decide to create your RCDE member account, you may do so without having to complete all the fields of the registration form through the so-called “Social Login”, simply by clicking on the corresponding logo, which implies that you will allow the social network to provide your personal data linked to your profile (your name, surname and email address) to the Club in order to create your member account. In other words, during the registration process, you will be redirected to a federated authentication service that checks the credentials and, if they are correct, returns the information to the requested service, in this case, your member account space. More information about how the different federated identity systems work can be found in the following links:

  • Google

  • Apple

This personal data will be processed together with the data generated from the use of your member account for the purposes informed by RCDE in the registration of the online services. In any case, the aforementioned systems allow you to select your privacy preferences to prevent certain exchanges of personal data. We recommend that, for more information, you consult the privacy policy of each social network through the links above.

Links to third party websites. On the Website there may be links to third party websites that we believe are potentially useful and informative to you. However, please be aware that we do not endorse or recommend the content or services of such websites, nor are we responsible for the privacy policies of such websites. We encourage you to be aware of and read the privacy policies of every site you visit. Please note that this Privacy Policy applies only to data collected and/or processed by RCDE through the Website.

Date of last update: June 2025