Basic information on data protection
Excelentísimo Cabildo Insular de Tenerife (hereinafter, ECIT) - P3800001D
Tenerife On is a service provided by the Tenerife Island Council (Cabildo Insular de Tenerife, “ECIT”) to provide accurate, official and instant information on everything related to the public use facilities it manages in the natural environment of the island of Tenerife. ECIT may monitor user behaviour on our website in order to improve our services and the user experience En la página 3 de documento se desarrolla, darle enlace
Consent of the data subject and performance of a pre-contract/contract, compliance with a legal obligation and the exercise of official authority conferred on ECIT En la página 3 del documento se desarrolla, darle enlace
No data will be passed on to third parties unless there is a legal requirement to do so or in the event that it is necessary in order to deal with your request, for managing your request En la página 4 del documento se desarrolla, darle enlace
You may exercise the right of access, the right to rectification, erasure, restriction of processing, data portability, the right to object and the right not to be subject to automated individual decision-making En la página 6 del documento se desarrolla, darle enlace
You may consult additional information on data protection in the following sections of our website: Security and Applicable regulations En la página 7 del documento se desarrolla, darle enlace
At ECIT we care about the privacy of citizens and users on our websites and in all the services we offer, which is why we ensure that at all times you know how and why your data are collected and used and that you are provided with the information so that you have the power to control your personal data and the ability to manage and make decisions on them.
Our commitment is to respond to your request, provide you with information, deliver services and process your request while protecting your data because it is personal information.
ECIT undertakes to comply with current legislation on the processing of personal data (Regulation (EU) 2016/679, General Data Protection Regulation, hereinafter GDPR) and we work every day to respect the 6 core privacy principles of our Corporation:
- Fairness and lawfulness: We will process your data fairly and lawfully only on the legal grounds set out in the GDPR and will not use them for purposes incompatible with those initially envisaged.
- Minimisation: The data required will be those that are strictly necessary, adequate, relevant, and not excessive for the purpose for which we collect them.
- Transparency: We will be transparent about the data we collect and how we use them, so that you can make informed decisions.
- Control: We will provide you with control over your administrative procedures and data through the personal area of our website and you may exercise your rights before ECIT.
- Storage limitation: We will keep your data for no longer than is necessary for the purposes for which the data are processed (ver si el ser usuarioentradentro de estetiemponecesario o hay que poner algo con ese), and after this time it will only be kept longer for archiving purposes in the public interest, historical and statistical purposes.
- Security: We will protect the data you entrust to us through security policies and effective encryption measures that guarantee integrity, availability, authenticity, confidentiality and traceability.
In accordance with our commitment to the principle of transparency, we provide our users and citizens (hereinafter, citizens) with the following additional information to meet the requirements of the GDPR:
The data controller is the Tenerife Island Council (Excelentísimo Cabildo Insular de Tenerife, ECIT):
Excelentísimo Cabildo Insular de Tenerife (ECIT)
Plaza de España s/n – 38003 Santa Cruz de Tenerife
901 501 901/922 239 500
922 239 704
Data Protection Officer
ECIT informs citizens that the data they provide through their browsing our website tenerifeon.es, registration of users on the Tenerife On website and mobile app, the various formalities and procedures, the filling in of forms or the sending of e-mails, will be processed by ECIT and that the different processing operations are set out in the Register of Processing Activities of ECIT, created in compliance with the provisions of the GDPR.
Data subject to processing
ECIT processes the following categories of data:
- Data of users who register with the Tenerife On website and mobile app:
- Identification data: name and surname, username, password, email and telephone number.
- User interests form for the inspiration section: interests and activities of users related to the natural environment in Tenerife.
- Data of users who browse our website: Data provided by cookies.
ECIT will provide the following information when personal data are obtained from the data subject and/or from a third party:
- Identity and contact details of the data controller and, where applicable, of the ECIT representative.
- Contact details of the data protection officer
- The purposes of the processing
- The legitimate interests pursued by the controller or by a third party
- The recipients or categories of recipients of the personal data and the fact that the controller intends to transfer personal data to a third country or international organisation.
In addition to:
- The period for which the personal data will be stored and the source from which the personal data originate.
- The existence of the right to request access to and rectification or erasure or restriction of processing, or to object to processing as well as the right to data portability
- The existence of the right to withdraw consent at any time
- The right to lodge a complaint with a supervisory authority and the existence of automated decision-making
Purpose of data use.
ECIT may process the personal data of citizens for one or more of the purposes listed below (this list is merely informative). The specific purpose is given in the information clauses relating to each ECIT procedure or service:
- Identify users of the Tenerife On website and mobile app in order to be able to store their activities and records, and the information they download.
- Personalise notifications and alerts for all Tenerife On users.
- Manage queries, requests for information and general communications submitted to the different ECIT bodies;
- Periodically send information bulletins on the activities, events and news of ECIT and its companies.
- Provide personalised services to citizens;
- Process authorisations, licences and permits;
- Issue notifications;
- Handle procedures and manage any other service provided by ECIT on the Tenerife On website that requires the processing of personal data.
At ECIT we also collect information from users of the website, not provided directly by them, but collected as they browse the website. When the data subject accepts cookies, we store the IP address and data relating to the user’s visit. The data collected through cookies (number of pages viewed, number of visits, the activity of visitors to the website and their frequency of use) will be used for statistical studies with the aim of providing a better service through our website. The frequency of use of Tenerife On (ECIT) is analysed on the basis of connection data and the most visited sections.
ECIT will at all times endeavour to establish appropriate mechanisms to obtain the citizen’s consent for the installation of cookies as required. When a user accesses our website, a pop-up window appears informing them of the existence of cookies and that by continuing to browse our website they are giving their consent for them to be installed. Further information can be found in our Cookies Policy.
Storage of data.
Personal data will be stored for as long as they are necessary for the purposes of each processing and, in any case, for the periods provided for by current legislation.
When the processing of citizens’ data is based on express consent, the provisions of current legislation regarding the withdrawal of such consent shall be met. They will be stored as long as the citizen does not withdraw the consent given. Withdrawal of consent will not affect the lawfulness of the processing carried out by ECIT prior to the withdrawal.
The IP address obtained will be stored for a period of one year, in order to demonstrate the user’s consent.For more information on the storage period for cookies, please see the “Cookies Policy” section of our website.
Providing data to Tenerife On.
Only persons over the age of 16 may provide data through our website. If you are under this age, you must have the consent of your parents or legal guardians.
The citizen guarantees that all data provided to Tenerife On by ECIT are authentic and up to date and declares that he/she is over 16 years of age, and will be solely responsible for any false or inaccurate statements. The personal data processed by ECIT may be mandatory or voluntary. Voluntary information is information that you are not required to provide. The fields marked with an asterisk (*) or with the word (required) in our forms must be filled in. Refusal to provide this information will make it impossible to register, process or manage your application or to deal with your request. In the event that you provide us with data of third parties, you declare that you have their express consent and you undertake to provide them with the information we provide you with in this policy, holding ECIT harmless from any type of liability. However, ECIT may carry out checks to verify that the third party has been informed, adopting the due diligence measures set out in the data protection regulations.
Legal basis for data processing
The legal basis for the processing of your data by ECIT is generally the need to comply with a legal obligation (Article 6(1)(c) GDPR), and the performance of a task carried out in the public interest or in the exercise of official authority vested in ECIT (Article 6(1)(e) GDPR) under regional, national or European Union legislation.
The basic national and regional legislation that provides legal grounds for the processing of personal data, and which is complemented by legislation as specified in each procedure or service, is listed below:
- Law 7/1985, of 2 April 1985, Regulating Local Government
- Royal Decree 2568/1986, of 28 November, approving the Regulation on the Organisation, Functioning and Legal System of Local Entities
- Organic Law 10/1982, of 10 August 1982, on the Statute of Autonomy of the Canary Islands
- Law 14/1990, of 26 July 1990, on the Legal System of the Public Administrations of the Canary Islands
- Law 7/2015, of 1 April, on the Municipalities of the Canary Islands
- Law 39/2015, of 1st October, on the Common Administrative Procedure of the Public Administrations
- Law 40/2015, of 1 October, on the Legal System of the Public Sector
- Law 9/2017, of 8 November, on Public Sector Contracts
In certain circumstances, processing shall be lawful on the basis of the citizen’s express consent to receive information from ECIT or consent to the collection of data when browsing our website (Article 6(1)(a) GDPR). When the processing by ECIT is based on consent, the citizen may withdraw such consent at any time.
In other cases, the performance of a pre-contract/contract shall give legal grounds for the processing of data by ECIT, e.g. for the processing of data from our suppliers and service providers (Article 6(1)(b)).
In any case, the legal basis for data processing is set out in the information clauses relating to each procedure or service.
Disclosure of data.
The data processed by ECIT will be disclosed, when strictly necessary and in accordance with the provisions of the legislation in force, to one or more of the recipients indicated below (the list is merely informative). The specific recipients of the data are specified in the relevant clauses of each procedure or service.
- Banking institutions and competent tax authorities within the framework of a financial relationship.
- Funding bodies within projects managed with European funds.
- Other competent public administrations, including courts and tribunals.
- Official journals, websites or notice boards, in order to give the legally required publicity to the different procedures.
- Trusted third parties with whom ECIT has signed data processing contracts.
As a citizen you may exercise the following rights before ECIT:
- Access to your personal data: obtain confirmation as to whether your data and information are being processed and about the specific processing
- Rectification of inaccurate or incomplete data
- Request the erasure or cancellation of your data when, among other reasons, they are no longer necessary for the purposes for which they were collected
- Object at any time to the processing of your personal data
- Request restriction of the processing of your data when any of the conditions provided for in the regulations are met
- Request the portability of your data: the right to receive the data you have provided in a structured, commonly used and machine-readable format, or to have them transmitted directly to a third party in the cases established in the regulations in force.
- Not to be subject to automated decision-making: the right not to be subject to a decision based solely on automated processing of your data, including profiling, which produces legal effects or which similarly significantly affects you.
- Withdraw the consent given, where the processing is based on consent, without affecting the lawfulness of the processing of your data during the period before the withdrawal takes effect.
You may exercise your rights in writing, indicating the right you wish to exercise and accompanied by documentary proof of your identity and a postal or e-mail address for notification purposes.
This request can be made:
- By post addressed to the Citizen Services Centre at the Tenerife Island Council – Servicio al Ciudadano del Cabildo Insular de Tenerife, Plaza de España, 1, 38003 - Santa Cruz de Tenerife
- Online through the ECIT website
- In person: by submitting your written and signed application to the Citizen Services Centre: Servicio al Ciudadano del Cabildo Insular de Tenerife, Plaza de España, 1, 38003 - Santa Cruz de Tenerife
- By digitally signed e-mail to the following address:
If you wish to exercise your rights over any of your personal data (including images or voice recordings) that may appear on any information page of the ECIT websites, other than a form, please contact the Data Protection Officer at
ECIT must reply to the request to exercise your rights within one month of receiving the request. This period may be extended by two months if necessary, depending on the complexity and number of requests. We will inform you of any extension within one month of receipt of the request, stating the reasons for the delay.
In addition, and without prejudice to other remedies, you have the right to lodge a complaint with the competent supervisory authority (Spanish Data Protection Agency) if you consider that ECIT has infringed your rights under data protection regulations at www.aepd.es.
In the event that any form that collects personal data does not explain these rights or how to exercise them, you may notify the Data Protection Officer via e-mailat
Security of data processing.
ECIT undertakes to adopt the appropriate measures to ensure confidentiality in the processing of your data, taking into account their proprietary nature, integrity, availability, authenticity and traceability, based on the risk analysis carried out by the Corporation, and which is reviewed periodically.
ECIT undertakes to keep such data secret, processing them with the utmost confidentiality, and declares that it has implemented in its information system the security policies applicable to the type of data handled in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the National Security Framework and any other applicable regulations.
All data transmission through our platform is performed using a secure protocol. Our website has an SSL certificate that ensures that when a user or citizen visits our website and exchanges information with us, an encrypted connection is established.
In addition, to protect the rights of citizens in their electronic relationship with ECIT, the SedeElectrónica (Digital HQ) uses digital certificates for identification purposes, to ensure the confidentiality of communications and to sign the documents that are issued.
Links to other websites
If you choose to leave our website through links to other websites that do not belong to our entity, ECIT will not be held responsible for the conditions of use, privacy policies of these websites or the cookies that they may store in the user’s computer.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Royal Decree 3/2010 of 8 January 2010 regulating the National Security Framework in the field of e-Government (ENS).
Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights
Current legislation on data protection.