POLICY ON PRIVACY AND COOKIES
Version 1. Dated 25th May, 2018
By means of this Policy (henceforth, the “Policy on Privacy and Cookies”), the policy on privacy and cookies of the Web Platform http://edosoft.es/ (henceforth, “the Platform”), under the ownership of EDOSOFT FACTORY S.L (EDOSOFT FACTORY, henceforth), the Spanish trading company registered on the Las Palmas Trade Register in volume 1768, page 88, section 0, sheet number GC-35320, entry 1. With tax and registered domicile in Las Palmas de Gran Canaria, Calle Antonio María Manrique 3, piso 2, oficina 4 y 6, Postal Code : 35011, Spain and with tax ID number (CIF) B35867479 and contact email address for this privacy and cookies policy at firstname.lastname@example.org
1. USE, PURPOSE AND APPLICABLE LEGAL PROVISIONS
The Platform is a mechanism for interaction, communication and support that EDOSOFT FACTORY provides for Internet users in order to offer them sufficient, legal and suitable information with regard to their activities,products and services in relation to their legitimate financial and business activities; these activities are subject to the applicable Spanish legal provisions and, with regard to:
- For the provision of services of the information society, essentially, as in Spanish Law 34/002, dated 11th July, on services of the information society and electronic commerce.
- To the processing of personal data, as in current Spanish and European legal provisions on personal data protection for individuals. Specifically, (EU) Directive 2016/679 of the European Parliament and of the Council, dated 27th April 2016 (henceforth, the “GDPR”), will be directly applicable as indicated herein.
In any case, the user agrees to make suitable and legal use of the Platform, as well as of the contents, products and services set out on that platform, in accordance with the applicable legal provisions at any given moment.
Likewise, the user of the Platform agrees specifically to the following:
- To guarantee the authenticity, veracity, current status and accuracy of all the data they send to EDOSOFT FACTORY, with the user being the only person responsible if this were not to be the case.
- To use the platform exclusively for the ends and functionalities provided for that purpose by EDOSOFT FACTORY, presenting such functionalities exactly as they are presented by EDOSOFT FACTORY; the use of the Platform by the user for any other purpose or means is forbidden.
- To make legal and legitimate use of the Platform, avoiding any use of the Platform and/or of the contents or information provided via the Platform which is unauthorised, fraudulent, illegal or illegitimate, avoiding transgression of this policy and the applicable legal provisions, and avoiding damaging the rights and legitimate interests of EDOSOFT FACTORY, or of any other third party which might be affected as a consequence of such an action.
- Not to cause damage to the systems or elements associated with the Platform, of its suppliers or of third parties, or to attempt to break the safety or authentication measures of those systems or elements, not to undertake any action which might cause a disproportionate or unnecessary saturation in the infrastructure or the communications environment relating to the Platform, attacking it in any way. EDOSOFT FACTORY may adopt any or all preventative or corrective measures necessary to protect its interests for the correct functioning of the Web Platform and the specific functionalities provided in each case.
- Not to introduce or spread IT viruses or malware capable of causing damage via the Platform.
- Not to try to access, use and/or manipulate EDOSOFT FACTORY data, or data for which EDOSOFT FACTORY is responsible, data from third party supplies or other users.
- In particular, and merely by way of indication, but not exhaustively, the user agrees not to transmit, spread or make available to third parties any information, data, contents, or messages which could cause infringement of the rights of EDOSOFT FACTORY or of third parties.
- To access without authorisation or interact with a false identity, impersonating or not the identity of third parties, or using a profile or carrying out any other action which may generate confusion or mislead with regard to the correct identification of the user in question.
This policy on privacy and cookies is addressed to Platform users in regard to the processing of their personal data.
In any case, it is to be emphasised that this Platform is addressed to users over the age of 18, and use by minors is forbidden.
The information and personal data provided by users wishing to browse or register on the Platform must be:
- Sufficient, albeit brief, limited and proportionate to the legitimate purposes of the processing informed of by EDOSOFT FACTORY, with the utmost respect for the principles of purpose limitation and of personal data minimisation (articles 5.1 sections b) and c) of the GDPR).
- Accurate, up to date and true, in order to be able to check properly the identity, capacity and, where necessary, representation of the user in question, as well to be able to fit, in each case, the data processing to be carried out to the specific needs and the real situation of the users. All this shall comply with the principle of data quality and accuracy of the personal data (5.1 section d) of the GDPR).
Users will be fully responsible for the correct use of their user accounts and of the passwords associated with these accounts. If the registered user considers that the security of their account and associated passwords may have been compromised, they shall contact EDOSOFT FACTORY immediately by means of the contact data available at the beginning of this Policy and report the situation or the incident which corresponds so that EDOSOFT FACTORY can take appropriate measures which may be suitable as soon as the communication is made by the user. All responsibility for the damages associated with the improper use and personal management of the accounts and passwords will remain with the users who are the owners of these accounts, and EDOSOFT FACTORY is completely exempt as a consequence of what is stated above.
3. RIGHT TO INFORMATION
In compliance with current legal provisions protecting personal data, and in particular pursuance of articles 12 to 14 of the GDPR, users are informed of the following:
That the entity in charge of the processing is EDOSOFT FACTORY S.L, registered and tax address in Las Palmas de Gran Canaria, Calle Antonio María Manrique 3, piso 2, oficina 4 y 6, postal code: 35011, Spain and with tax ID number B35867479 and website http://edosoft.es/ and with contact email address: email@example.com
That the personal data that the users provide through the Platform will be processed for the purposes stipulated specifically in this policy on privacy and cookies and, in the event, in the various data forms available on the Platform. In this sense, the collection of data via the Platform is in response to the following processing purposes:
- To enable users to browse the Platform, thereby allowing access to the information and contents available on the Platform.
- To respond to the specific requests and petitions that the users may make in this regard.
- To adopt whatever measures of protection may be applicable in accordance with current legal provisions, including the possible anonymisation of their personal data, with the application, to this end, of the suitable techniques available. As a consequence, in this context, processing may also be undertaken to anonymise and pseudonymise, to provide better protection of personal data.
- To apply appropriate security, technical and/or organisational measures to the users’ personal data as may be proper with regard to the risks detected about their rights at any moment by EDOSOFT FACTORY including ciphering of personal data and other measures which may involve certain processing of the data of the users of the Platform.
In the event you do not agree with these purposes for processing, we recommend you leave our Platform immediately. Otherwise, for instance, by accepting this policy, or simply by continuing to browse on this Platform, having learned about the information contained in this policy, it is understood that the user consents unequivocally to the purposes of processing they have been informed about previously. To this end, the client should also be aware of what is foreseen in section 4 of this policy, in relation to consent and the rights of users in this sphere.
That the legitimate basis of processing is, principally, the consent of the user, so that, once the user has been informed of this policy, if the user accepts this, or simply continues to browse on the Platform, it is to be understood that the user gives their unequivocal consent to the processing of their personal data for the purposes indicated. Which means that, if a user does not agree with policy or the purposes of processing about which they have been informed, as has already been indicated, the user is requested not to continue to browse and to leave the Platform immediately. In the event of a specific request or contracting by the users of certain contents, products or services through the Platform, the principal basis of processing will be relative to the necessary application of pre-contractual measures at the request of the interested party, when this is the case, or relative to the execution of a contract in the event the user finally contracts the corresponding content, product or service.
That, in general, the personal data of the users collected through the Platform will not be given to third parties without previously informing the user about which specific data is going to be passed on, the identity of the recipients or reeivers of their data, of their activity, and of the specific purposes of processing to which said recipients may devote their data.
Outside these cases, users’ personal data will not be given to any other third party, except with the consent of the user or, in the event where there is any other basis for legitimisation of the processing according to what is foreseen in article 6 of the GDPR such as, for instance, the due consent of a legal obligation on the part of EDOSOFT FACTORY (legality of the processing).
That, in general terms, international transfers of your personal data are not expected; the measures needed in this regard would be adopted in accordance with the GDPR if transfer were to take place.
That, in light of article 30 of the Spanish Code for Commerce, in the event of a user being a client of EDOSOFT FACTORY, after the termination of the relationship between the two parties, said client’s personal data may be kept by EDOSOFT FACTORY during a period of six years. When the user is not a client, the user data will be kept for only the time which is strictly necessary to allow correct browsing, access and enjoyment of the contents, products and services available through Platform that the client needs or visits; all of this, in accordance with that which is set out in this policy on privacy and cookies and the applicable legal provisions in each case.
That the user may exercise their rights to access, rectification, cancellation, limitability of processing, portability of data and opposition to this, by sending written communication via this email firstname.lastname@example.org with Ref. “Exercise of Rights”. The request must be accompanied by a copy of their national ID document or equivalent identifying document (passport, N.I.E.…) In the event a user does not consider they have been given proper attention, they may present a claim to the competent supervisory authorities, in this case, the Spanish Data Protection Agency.
4. CONSENT OF THE INTERESTED PARTY
By accepting this policy, the user grants their unequivocal, free and informed consent to the processing of their personal data for the processing purposes described in section 3 of this policy on privacy and cookies. In the specific case of the cookies, users should be aware in particular of what is set out in section 7 of this same policy.
The user will have the capacity to choose the processing and purpose of their data, according to their specific interests and needs in each case, so that, when processing is based on consent from the user, the user will have the right to withdraw it at any moment, although this withdrawal will not affect in any way the legitimacy of the prior processing performed by EDOSOFT FACTORY.
In any case, EDOSOFT FACTORY may refuse the use of the Platform and of the services, contents and functionalities associated with this Platform in the event the user does not accept this policy, or does not consent to the processing of their personal information in accordance with the provisions on that Platform.
Acceptance of this policy is irrespective of the possible acceptance of the particular legal terms and conditions which may govern the specific contracting by the users of the services and products made available by the Platform.
EDOSOFT FACTORY has adopted and applies the security levels required by law to the personal data for which it is responsible, according to the corresponding security risk detected, and endeavours to install and/or apply additional technical or organisational means and measures of protection to reinforce the general security of personal data processing, systems, communications environment and corporate organisation, as well as to guarantee due protection against non-authorised or illegal processing, and against their loss, destruction or incidental damage (principle of integrity and confidentiality). Nevertheless, users must be aware that internet security measures are not by any means impregnable; they reflect the state of technology at any given moment and the cost of its application.
For this reason, particular attention should be paid to the criteria for application and the security measures, and other security obligations established in the GDPR, in particular to what is set out in Article 32 GDPR
6. DUTY OF SECRECY AND CONFIDENTIALITY
EDOSOFT FACTORY undertakes to comply with the duty of secrecy and confidentiality regarding the information and personal data provided by users of the Platform, and which is under its control and responsibility, complying with the legislation which is applicable at that time and with the risk level detected at any given time.
7. COOKIES POLICY
7.1. Applicable legal provisions:
Pursuant to article 22 of Spanish Law Act 34/2002, dated 11 July on information society services and e-commerce, addressing the rights of the recipients of commercial communications sent by electronic means, service providers may only use data storage and recovery devices at the recipients’ terminal equipment when the recipients have given their consent and have been duly informed.
For this purpose, these recipients and end users must be given full, clear information on their use and, in particular, the purposes of processing the data, as set out in the legal provisions protecting personal data. Therefore, whenever this is technically possible and effective, the recipient’s consent to processing of their data may be given through the use of adequate parameters in the browser or other applications.
The above will not preclude any possible technical access or storage for the sole purpose of sending a communication via an electronic communications network or, to the extent that this is strictly necessary, for the provision of an information society service expressly requested by the recipient.
7.2. User consent and cookies: general rule and exception.
Only those cookies that exclusively permit communication between the user’s equipment and the network and strictly those used to provide a service requested by the user are excluded from that consent. For example, “technical cookies” (e.g. those required for browsing on the Platform or application), “personalisation cookies” (e.g. those that enable the web page to recognise the user’s language, etc.) and “security cookies” (e.g. those that detect repeated wrong attempts to connect to a website) would be excluded.
7.3. Are cookies used on the Platform? What are they?
7.4. Which cookies do we use on the Platform?
Cookies can be first or third party. First party cookies are those sent to or downloaded onto the user’s terminal equipment from the Platform (editor) and managed by the latter, while third party cookies are those sent to or downloaded onto the user’s terminal equipment from other domains or equipment not handled by the Platform (editor), but by another entity processing the data obtained through the cookies.
Likewise, the above-mentioned cookies can be session or persistent cookies. The former are a type of cookies designed to collect and store data while the user accesses the Platform for the main purpose of storing information the keeping of which is only of interest in order to provide the service requested by the user on a single occasion. However, the latter remain stored on the user’s terminal and may be accessed and processed over a time defined by the entity responsible for the cookie.
Cookies can also be technical, permitting the user to browse the Platform and use the different options or services provided through it, such as controlling the traffic and communication of data, identifying the session, accessing restricted access parts, recalling the elements of a contractual request, using security elements during browsing, storing content for the showing of videos or audio, or sharing content through the social networks.
They may also be personalisation cookies, referring to those which allow the user access to the service with some pre-defined characteristics according to certain criteria associated with their own terminal, such as the type of browser through which they access the service, the regional set-up from which the service is accessed, etc.
Likewise they may have a statistical or informative purpose for the editor in connection with the particular use that the users make of the Platform and of the contents or services available through that Platform.
Below is an informative summary table of the specific cookies that EDOSOFT FACTORY currently uses on the platform:
|cookieconsent_status||Edosoft Factory||1 year||Consent|
7.5. Who uses the cookies?
The information gathered through the cookies used on the Platform may be used both by the owner or by a third party providing a service to that owner.
7.6. Management and set-up of cookies.
From the information offered in this policy, we include information on how to manage the cookies used on the Platform through the different options offered by the most common browsers.
8. PERIOD OF VALIDITY AND MODIFICATION OF THE POLICY ON PRIVACY AND COOKIES
This policy has been in force since May 25th 2018. EDOSOFT FACTORY reserves the right to modify this policy, in order to adapt it to future changes in law, doctrine or case law that may be applicable, or for technical,operational, commercial, corporate or business reasons, giving prior, reasonable notice to users of the changes whenever possible. In any case, users are recommended to read this Policy carefully every time they access this Platform, since any modification will be published on this Platform. Likewise, EDOSOFT FACTORY may inform users personally and with prior notice of the changes planned for this policy, before they come into force, whenever this is technically or reasonably possible, and in particular when these changes are relevant to the registered users or clients of EDOSOFT FACTORY.
9. LEGAL CONTACT
The protection of users’ rights is important for EDOSOFT FACTORY, so that, in the event of any question or suggestion that a user may wish to bring to us about this policy, please do not hesitate to get in touch with us at this electronic mail address: email@example.com
10. APPLICABLE LAW AND JURISDICTION
In general terms, any controversy or conflict will be submitted preferentially by the parties to the knowledge of said parties in order to reach an amicable solution and mutual agreement using, for these purposes, where EDOSOFT FACTORY is concerned, the channel for legal contact (or the data protection delegate, in the event this activity is delegated) described in section 9 of this policy. In the event this were not possible, in compliance with the criteria contained in GDPR for the determination of the competence of the leading or principal authority with regard to knowledge of any conflict, controversy or claim concerning this policy on privacy and cookies, unless, in executive action, you are informed that this authority will be the Spanish Data Protection Agency, (AEPD) and compliance must be sought, in any case, to that which is set out in article 56 of the GDPR. With regard to the right to effective legal protection, users should be aware of what is set out in article 79.2 of the GDPR, and corresponding action should be taken before the Judges and Court of Las Palmas de Gran Canaria (Canary Islands - Spain). In any case, the applicable legal provisions will be the Spanish provisions.