In any case, visitors connection to TARHA shall always be made through either SSL or TLS encryption –recognizable by the presence of the expression https:// (not http://) heading the web address (URL) of TARHA entered in the address bar of the browser– which makes data being transferred in both directions between the computer device being used by the visitor and the computer system where TARHA is hosted very difficult to be read by a third party who intends to clandestinely intercept the contents of such transmission.
Both Subscribers and visitors who start the subscription process, at the time of login TARHA or submitting the information necessary to subscribe, must pass a test consisting of ticking a box and, possibly, solving a challenge involving to copy a text or solving a simple mathematical problem. We use this test to reduce the risk of computer attacks on TARHA based on the creation of fake user accounts, theft of the identity of other Subscribers and other methods.
Also, it is left at the discretion of the File Controller the deletion of any user account created in TARHA and all the personal or functional data linked to them without being obliged to either notify or justify the action before the affected Subscribers.
Without prejudice to the provisions of the previous point for all Subscribers, those Subscribers who enjoy management privileges over all or some of the records that are part of TARHA's functions, and with the sole purpose of supervising and controlling the correction and quality of the management tasks themselves including creating new records or changing one or more of the existing ones, the following data will be automatically stored in the affected records:
Data collected from each Subscriber will be retained as long as his/her user account is alive and linked to that Subscriber. Those data will be automatically deleted as soon as the Subscriber --or the File Controller if that may be the case– makes the cancellation of his/her user account effective.
In order to favor the security of both TARHA and the Subscribers' data those newly created user accounts whose creation would be not confirmed by the respective Subscribers in no less than 24 hours from having signed-up as well as those accounts that have not been used –understood as login using the Subscriber's credentials-- in no less than 365 natural days counted from the date and time of the last login.
Subscribers may exercise before the File Controller the following rights regarding their personal data stored in TARHA, without prejudice to the fact that they may be exercised alternatively before the Spanish Data Protection Agency:
Subscribers may exercise some of these rights from their own user accounts using the resources and tools at their disposal in the TARHA user interface, including the possibility of fully deleting their own user accounts without requesting the intervention of the File Controller.