Cabildo de Tenerife


Privacy policy

Basic information on data protection

Responsible body Island Council of Tenerife (hereinafter ECIT) - P3800001D + Who is responsible for your data?
Purpose To attend the requests and consultations made through the website, to manage complaints and claims, to carry out proceedings before this Corporation and to provide the own services that we have conferred as a Council and to observe the behaviour of the users in our website in order to improve our services and the user experience + What data do we process?
Legal basis Consent of the interested party and execution of a pre-contract/contract, fulfilment of a legal obligation and the exercise of public powers conferred on ECIT + What is the legal basis for the processing of your data?
Recipients No data will be transferred to third parties unless there is a legal obligation to do so or in the event that it is necessary to attend to your request + To which recipients will your data be communicated?
Rights You may exercise your rights of access, rectification, deletion and opposition, limitation of processing, portability of data and not to be the subject of automated individualised decisions.+ What rights do you have and how can you exercise them?
Additional information You can consult the additional information on data protection in the following sections of our website: Security and applicable regulations + Is your data secure?

At ECIT we care about the privacy of citizens and users on our website and in all the services we offer, which is why we ensure that you know at all times how and why your data is collected and used and that you are provided with the information so that you have the power to control your personal data and the ability to dispose of and decide on said data.

Our commitment is to attend your request and carry out your proceedings protecting your data because it is personal information.

ECIT undertakes to comply with current legislation on the processing of personal data (General Data Protection Regulation EU 679/2016hereinafter GDPR) and we work every day to respect the 6 key principles on the privacy of our Corporation:

  • Faithfulness and lawfulness: We will handle your data faithfully and lawfully only on the legal grounds established in the GDPR and will not use them for purposes incompatible with those initially envisaged.
  • Minimisation: The data required will be those strictly necessary, adequate, pertinent and not excessive for the purpose for which we collect them.
  • Transparency: We will be transparent about the data we collect and how we use them, so that you can make informed decisions.
  • Control: We will facilitate the control of your proceedings and data through the personal area of our website and you can exercise your rights before ECIT.
  • Limit of the storage period: We will store your data for no longer than necessary for the purposes of processing, and after this period will only be stored longer for archiving purposes in the public interest, historical and statistical purposes.
  • Security: We will protect the data you entrust us with security policies and effective encryption measures that guarantee integrity, availability, authenticity, confidentiality and traceability.

In accordance with our commitment to the principle of transparency, we provide our users and citizens (hereafter, citizens) with the following additional information that meets the requirements of the GDPR:

Who is responsible for processing your data?

The person responsible for processing your data is the Island Council of Tenerife (ECIT):

Identity Island Council of Tenerife (ECIT)
CIF P3800001D
Address Plaza de España s/n – 38003 Santa Cruz de Tenerife
Telephone 901 501 901
Fax 922 239 704
Contact of the Data Protection Delegate

ECIT informs the citizens that the data they provide us through the navigation of our and , the management of the different formalities and proceedings, the completion of forms or through the sending of e-mails, will be processed by ECIT and that the different processing operations are included in the ECIT Processing Activities Register created in compliance with the provisions of the GDPR.

What data do we process?

ECIT processes the following categories of data:

  • Data of the users who fill in the available forms: Personal data requested by ECIT includes:
    • Identification data: name and surname
    • Data relating to the request
  • Data of users who want to receive information from ECIT:
    • Identification data: Name and surname, e-mail address.
  • Data of the users who carry out formalities and proceedings:
  • Identification data: name and surname, postal and electronic address, telephone, DNI.
  • Data provided by the user to carry out the formalities or proceedings
  • Data of the users who browse our website: Data provided by cookies.

For what purpose do we use your data?

ECIT can process the personal data of citizens with one or more of the purposes listed below, being this list merely informative. The specific purpose is specified in the information clauses corresponding to each ECIT procedure or service:

  • Process the different administrative proceedings and to inform the interested parties about their processing;
  • Verify the data and documents that the interested persons declare through the different requests to verify the accuracy of the data;
  • Manage the personal area of the citizen enabling through it, access to the processing status of their files in accordance with current legislation on e-government;
  • Manage queries, information requests and communications in general submitted to the different ECIT bodies;
  • Send periodically informative bulletins of the activities, events and news of ECIT and the companies of the corporation.
  • Provide personalised services to citizens;
  • Manage grants and subsidies;
  • Processing authorisations, licences and permits;
  • Manage registrations in public registers;
  • Make notifications;
  • Process resources and manage any other service provided by ECIT that requires the processing of personal data.

ECIT also collects information from users of the web not provided directly by them, but derived from browsing our portal. When the interested party accepts cookies, we save the IP address and data relating to the user's visit. The data collected through cookies (number of pages used, number of visits, as well as the activity of the visitors to the website, and their frequency of use) will be used for statistical studies in order to provide a better service through our website. The frequency of use of the ECIT website is analysed on the basis of connection data and the most visited sections.

ECIT will at all times try to establish adequate mechanisms to obtain the consent of the citizen for the installation of cookies as required. When a user accesses our website, a pop-up appears informing them of the existence of cookies and that if they continue browsing our website, they consent to the installation of these cookies.You can consult our cookies policy..

How long do we store your data?

Personal data will be stored for as long as they are necessary for the purposes of each processing and, in any case, for the periods provided for by current legislation.

When the processing of citizens' data is based on the express consent, the requirements of current legislation regarding the withdrawal of said consent will be met. The data will be stored as long as the citizen does not revoke the given consent. The revocation will not affect the lawfulness of the processing carried out by ECIT prior to the revocation.

The IP address obtained will have a conservation period of one year, in order to demonstrate the consent of the user. As for the storage period of cookies, you can obtain more information on our website in the section "Cookies Policy".

Who can provide data through our website?

Only those over the age of 16 can provide data through our website. If you are under this age you must have the consent of your parents or legal guardians.

The citizen guarantees that all data provided to ECIT is authentic and up to date and declares that he or she is over 16 years of age, and will be solely responsible for any false or inaccurate statements made. The personal data processed by ECIT may be mandatory or voluntary. Voluntary information is that which you are not obliged to provide. The fields marked with an asterisk (*) or with the word "required" in our forms are mandatory; the refusal to supply them will mean the impossibility of carrying out the proceedings or formalities or attending to your request. In the case that you provide us with data of third parties, you declare that you have their express consent and you undertake to convey to them the information we provide you in this policy, exempting ECIT from any type of responsibility. However, ECIT may carry out verifications to confirm that the third party has been informed by taking the due diligence measures set out in the data protection legislation.

What is the legal basis for the processing of your data?

The lawfulness of the processing of your data by ECIT is generally based on the need to comply with a legal obligation (article 6.1.c GDPR), on the fulfilment of a mission carried out in the public interest or on the exercise of public powers conferred on ECIT (article 6.1.e GDPR) on the basis of regional, national or European Union legislation.

The basic national and regional legislation that justifies the lawfulness of the processing of personal data, and which is complemented by that indicated in each of the proceedings or services, is that detailed below:

  • Law 7/1985, of 2 April, Regulating the Bases of the Local Regime
  • Royal Decree 2568/1986, of 28 November, approving the Regulations on the Organisation, Functioning and Legal System of Local Entities
  • Organic Law 10/1982 of 10 August on the Statute of Autonomy of the Canary Islands.
  • Law 14/1990, of 26 July, on the Legal System of the Public Administrations of the Canary Islands
  • Law 7/2015 of 1 April 2015 on the municipalities of the Canary Islands
  • Law 39/2015 of 1 October on Common Administrative Procedure of Public Administrations
  • Law 40/2015 of 1 October, on the Legal System of the Public Sector
  • Law 9/2017 of 8 November on Public Sector Contracts

In certain circumstances the processing will be legitimised by the express consent of citizens for ECIT to send information or consent to the collection of data through browsing our website (article 6.1.a GDPR). When the processing by ECIT is based on consent, the citizen may revoke the consent at any time.

In other cases, the performance of a pre-contract/contract will legitimise the processing of data by ECIT, e.g. in the case of the processing of data of our suppliers and service providers (Article 6.1.b).

In any case, the determination of the lawfulness for the processing of data is specified in the information clauses corresponding to each proceeding or service.

To which recipients will your data be communicated?

The data processed by ECIT will be communicated, when it is strictly necessary and in accordance with current legislation, to one or more of the recipients indicated below; the list is merely informative. The concrete recipients of the data are specified in the specific clauses of each procedure or service.

  • Banks and competent tax authorities within the framework of an economic relationship.
  • Funding bodies within projects managed with European funds.
  • Other competent public administrations, including courts and tribunals.
  • Official gazettes, websites or bulletin boards, in order to give the legally required publicity to the different proceedings.
  • Trusted third parties with whom ECIT has signed contracts for the processing.

What rights do you have and how can you exercise them?

As a citizen you can exercise the following rights before the ECIT:

  • Access to your personal data: obtain confirmation on whether your data and information are being processed and on the specific processing
  • Rectify them when they are inaccurate or incomplete
  • Request the deletion or cancellation of your data when, among other reasons, they are no longer necessary for the purposes for which they were collected.
  • Oppose the processing of your personal data at any time.
  • Request the limitation of the processing of your data when any of the conditions foreseen in the regulations are met
  • Request the portability of your data: the right to receive the data you have provided in a structured format, of common use and mechanical reading, or to have them transmitted directly to a third party in the cases established in the current regulations
  • Prevent being the subject of automated decisions: the right not to be the subject of a decision based solely on the automated processing of your data, including profiling, which produces legal effects or which significantly affects you in a similar way.
  • Withdraw the consent granted, when the processing is based on consent, without affecting the lawfulness of the processing of your data during the period prior to the effective revocation.

You can exercise your rights in writing indicating the right you wish to exercise and accompanied by a document accrediting your identity and postal or electronic address for notification purposes.

You can make this request:

  • By postal mail addressed to the Citizen Service of the Island Council of Tenerife located at Plaza de España, 1, 38003 - Santa Cruz de Tenerife
  • Online through the ECIT electronic office.
  • In person: by presenting your signed and written request to the Citizen Service of the Island Council of Tenerife located at Plaza de España, 1, 38003 - Santa Cruz de Tenerife
  • By digitally signed e-mail at the following

If you wish to exercise your rights over any of your personal data (including images or voice recordings) that may appear on any informative page of the ECIT portals, which is not a form, you may contact the Data Protection Delegate at

The ECIT must reply to the request for exercise of rights within one month of receipt of the request. This period may be extended by two months if necessary, taking into account the complexity and number of requests. We will inform you of any extension within one month of receipt of the request, indicating the reasons for the delay.

Also, without prejudice to other remedies, you have the right to claim before the competent Control Authority (Spanish Data Protection Agency) when you consider that ECIT has violated the rights that the data protection regulations recognise you in

In the event that any form that collects personal data does not explicitly state these rights or the way to exercise them, you may communicate this to the email address of the Data Protection Delegatedelegadoprotecciondatos@tenerife.esin order to correct it and respond to your request.

Is your data secure?

What are the security measures of the website?

ECIT guarantees the adoption of the appropriate measures to ensure the confidential treatment of your data, taking into account their reserved nature, integrity, availability, authenticity and traceability based on the risk analysis carried out by this Corporation, which is reviewed periodically.

ECIT undertakes to keep such data secret, treating them with the utmost confidentiality, and declares that it has implemented in its information system the security policies corresponding to the type of data handled in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and on the National Security Framework and the applicable regulations.

All data transmission via our platform is carried out using a secure protocol. Our website has an SSL certificate that allows the establishment of an encrypted connection when a user or citizen visits our website and exchanges information with us.

In addition, to protect the rights of citizens in their electronic relationship with ECIT, the Electronic Office uses electronic certificates to identify itself, ensure the confidentiality of communications and to sign the documents it issues.

Links to other websites

If you choose to leave our website through links to other websites not belonging to our entity, ECIT will not be responsible for the conditions of use, privacy policies of those websites or the cookies they may store on the user's computer.

What are the applicable regulations?

Applicable regulations

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

Royal Decree 3/2010, of 8 January, regulating the National Security Framework in the field of e-Government (ENS).

Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales

Current regulations on data protection.

Print this pagePrint

FaLang translation system by Faboba