DATA PROTECTION & CONFIDENTIALITY


In relation to the personal data contained in the information stored by the CLIENT, he claims to be the Data Controller, in relation to the provisions established in the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of their personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter, “GDPR”).

Furthermore, the parties state that delibera, as a consequence of the provision of services made to the CLIENT, could have access to information and personal data which are responsibility of the CLIENT. The access to personal data will not be considered in any case a data transfer, as it is stated in this document that delibera will be considered as Data Processor in any case, so that all data, information and documentation owned by the CLIENT, to which delibera accesses for the execution of these Service Conditions, will be treated in accordance to the provisions of the current regulations on data protection.

In accordance with article 32 (Security of processing) of the GDPR, delibera is committed to adopt the necessary technical and organizational measures depending on the impact of the treatment, in order to ensure the data security and avoid its alteration, loss, treatment or unauthorized disclosure or access, taking into account the state of the art/technology, the nature of the stored data and the risks to which they are exposed, whether they come from human action or from a physical or natural environment.

Delibera undertakes to process the personal data obtained from the CLIENT with the sole and exclusive purpose of providing the services ordered, maintaining the professional secrecy with respect to the data accessed, both during and after its completion, and to demand the same level of commitment to any person who, within delibera, participates in any phase of data processing.

In compliance with the provisions of the GDPR, delibera undertakes to process the data in accordance with the instructions of the CLIENT, not to use the personal data that comes from the treatments owned by the CLIENT with any other purpose than the one agreed upon, and not to communicate or assign them, even for their conservation to other natural or legal persons, except expressly accepted assignments, or that are expressly agreed in the future.

Delibera must contract with third parties the provision of part of the service object of these Conditions. Delibera ensures that the relationship with these outsourced companies will be regulated in analogous contracts to the one regulated in this clause, related to the processing of personal data under the provisions of the GDPR, when they must access to the personal data owned by the CLIENT. Delibera undertakes to sign a contract for the provision of services and confidentiality with each of the subcontracted companies that regulate the services commissioned and that collect the obligations in terms of data protection described in this clause. The CLIENT is duly informed that the hosting of the application has been contracted to ASPgems, S.L, and Amazon Web Services, Inc., which servers are hosted in Europe, entities with which the corresponding contract for access to personal data on behalf of third parties has been signed.

In addition, the CLIENT is informed that in order to send our operational communications about delibera, your data may be subject to international transfers, to The Rocket Science Group LLC, Mailchimp. You can find all the information about these international transfers here. This company is subscribed to the Privacy Shield agreement, and treats the data with the adequate guarantees.

The CLIENT shall have the right, upon prior request to delibera, to know the sub-orders for services that may have been produced. If the CLIENT has any incompatibility with any of the providers that appears in this list, he/she can inform delibera to try to find an alternative solution.

In the case that the CLIENT incorporates personal data of its own customers into the application that, in accordance with the data protection regulations, are its responsibility, the CLIENT guarantees to delibera, that it has subscribed as many contracts of data protection (data processing on behalf of third parties) as necessary, and they have informed their clients that delibera accesses the data equally as a sub-processor of the treatment.

Delibera is obliged to destroy or return, at the CLIENT's instructions, the data held, both on computer and on paper means, owned by the CLIENT, once the contracted services have been provided, keeping only those data or information in their possession, which could be necessary to face possible responsibilities required either administratively or judicially.

In case of being provided by the CLIENT as contact data for the development and execution of these Conditions, personal data of third parties such as, for example, employees of the CLIENT, the CLIENT itself undertakes to inform the holders of such data of this clause, informing them, prior to such communication to delibera, of all the aspects included in it, especially the existence of the data processing, the purposes of the processing, and the possibility of exercising rights at the address included below. In case of not being communicated, the CLIENT undertakes to leave delibera unharmed, for any damage, prejudice, expense or sanction of any jurisdictional order that could bring cause of the lack of communication of this clause to the holders of the data provided by the CLIENT.

The parties undertake to keep the maximum confidentiality and secrecy over the information classified as confidential to which they have access from the other party. Any information that the parties agree under this contract will be considered as confidential information. All information and data that were public domain or that were in the possession of the other party prior to the start of the service provision, and were obtained by lawful means in accordance with applicable law, shall not be considered as confidential. The obligation of confidentiality established in this contract will be indefinite, remaining in force after the termination, for any reason, of the relationship between the parties. The parties will be responsible for their personnel, collaborators, directors and in general, all the persons of their responsibility who have access to the confidential information, respect the confidentiality of the information, even after the relationship between the parties ends, for which they will make as many warnings and subscribe as many documents as necessary with those people.

When the CLIENT is not Spanish, and in application of the Spanish regulations for the protection of personal data, and delibera will process personal data as processor, or, controller, the CLIENT undertakes to transfer to delibera the obligations that may correspond to it by virtue of the application of the specific regulations of the CLIENT's country of origin, in terms of protection of personal data, exonerating delibera from any liability as a consequence of the lack of such information.

Delibera servers are located in Europe. As a consequence of the international nature of delibera, the use of the software could imply the access to information from countries not belonging to the European Union (EU). Therefore, the CLIENT located in a country, not located in EU, expressly authorizes the possible international data transfer that may occur, depending on their place of origin, and in any case is committed to apply their own current regulations on data protection and communicate to delibera the obligations that may correspond as it’s indicated in the previous paragraph, exonerating delibera from all liability.

The inclusion of personal data in the application is the total responsibility of its users, not being able to make delibera responsible of the introduction of special categories of data in the different modules of the application, or in other functionalities, among others, the document storage module, the incident module, etc., without prejudice to the fulfillment of his obligations as the Data Processor, described above.

Delibera has applied security measures based on risk analysis of the data processing carried out under the indicated premises, and any exception to them (such as the use of the tool as a whistleblower channel or another system different from the application itself), will be the responsibility of the user of delibera, without being able to expect responsibility from delibera in any way.


COMPLIANCE WITH THE INFORMATION DUTIES


Identity of the Data Controller

-Identity: Dontknow Internet, S.L.

-Address: Calle Prieto Ureña 4, Madrid.

-Telephone: 91 3452314

-Email: datos@dontknow.net


Purpose of the treatment of your personal data

We treat your personal data in order to carry out, correctly, the commercial and professional relationship established between the parties. The CLIENT acknowledges having been informed by delibera, and expressly accepts that his/her personal data (those required for the proper functioning of the contractual relationship herein) are processed in order to perform the maintenance and proper management of the contracted services, and the work of information, training and commercialization of the services offered by delibera, as well as the sending of information by conventional or electronic means that may be considered of interest within the services provided by delibera. Likewise, it acknowledges having been informed that its refusal to provide the necessary data for providing the service and/or billing may imply the impossibility of providing such service.

The CLIENT is informed of the use of their data to send commercial communications that may be of interest to them, by electronic means, on services and products related to those that have been contracted, and may revoke the purpose described at any time through the electronic email account: datos@dontknow.net.

The personal data provided will be kept while the contractual relationship is maintained and during the periods legally established for accounting and tax purposes. Throughout this period, the data may be made available to the public administration with competence in the matter, on request and for justified reasons.


Legitimation for the processing of your data

The legal basis for the data processing is your express consent, this consent will be given once these service conditions have been accepted in your first access to the application.

In addition, the legal basis for the processing of your data is the approval of a contract between the parties, with the corresponding legal protection according to current regulations in fiscal and accounting matters, conditions that grant, in accordance with the GDPR, the legality of the processing of your data.

The sending of commercial communications to customers, by electronic and telephone means, related to the services and products that you contracted, is legally covered by the LSSI-CE.

The data will be only used for the purposes set out in the previous section, in accordance with the principles of transparency and limitation of purpose.


Communication and International Data Transfers

Your personal data will not be communicated to third parties, unless the law so requires. delibera may communicate your personal data to those public administrations with competence in the matter, and in the case that there is a legal obligation to do so.

There may be third parties who, as a consequence of services rendered to delibera, can access to your personal data, in a secure and confidentially manner.

In this regard, you are informed that in order to send our operational communications, your data may be subject to international transfers, to The Rocket Science Group LLC, Mailchimp. You can find all the information about these international transfers here. The Rocket Science Group LLC, Mailchimp, is based on the United States, and it is subscribed to the Privacy Shield agreement, so the transfer is made with all the legal guarantees.


Rights

Anyone has the right to obtain confirmation on whether or not, in delibera, we are treating personal data concerning them, and in such case, to exercise the corresponding right of access to their personal data, for the purposes of processing, and to the categories of personal data concerned.

Likewise, you will have the right to request the rectification of the inaccurate data or, where appropriate, request its deletion when the data is no longer necessary or pertinent for the purposes for which they were initially collected, the consent has been withdrawn based on the treatment, you object to the treatment, the personal data have been treated unlawfully, or should be deleted for the fulfillment of a legal obligation established in the law of the European Union or of the Member States.

You can also request the limitation of the processing of your data whenever it challenges the accuracy of the personal data, during the period that allows the responsible to verify the accuracy of your request. Additionally, you can exercise this right, when the treatment is unlawful and the interested party opposes the deletion of your personal data, requesting instead the limitation of its use, or in situations in which the person responsible no longer needs personal data for the purposes of the treatment, but still needs them for the formulation, exercise or defense of claims, as well as when you have opposed the treatment, while the responsible verifies if their legitimate reasons prevail over those of the interested party. In these cases, we will only keep the data for the exercise or the defense of claims.

In certain circumstances and for reasons related to your particular situation, you might object to the processing of your data. Delibera, will stop processing the data, except when they are required for legitimate compelling reasons, or the exercise, or defense of possible claims.

You can exercise your right to portability, when appropriate, having the right to receive personal data that concerns you and that has been provided to us, in a structured format, or to request the transmission of it, to another controller given by you.

When the affected persons exercise the rights of access, rectification, deletion and opposition, limitation of the treatment, portability of data, and not to be subject to automated individualized decisions, they must communicate it by email to the address datos@dontknow.net. You may also submit a claim to the Spanish Data Protection Agency, especially when you have not obtained satisfaction in the exercise of your rights, through the electronic headquarters at www.aepd.es.


Origin

The personal data we process in delibera come from the data subjects or from interested third parties in accordance with the above.