Effective date: September, 2022
We, the company Sentrium S.L., with the registered office at Calle Monterrey 14, Majadahonda, 28220, Madrid (Spain), with tax identification number or N.I.F ES - B87469318, registered in Registro Mercantil de Madrid, Volume 34385, Foil 61, Section 8ª, Page M-618499, Entry 1, in our capacity of data controller regarding the processing of your Personal Data, are committed to protecting and respecting your privacy as user of our website, solutions and services (hereinafter collectively referred to as the “Services”), pursuant to the Spanish Privacy Act (i.e., the Organic Act 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights); the European Regulation no. 2016/679 and other applicable data protection and privacy laws (hereinafter the “Applicable Law”).
For the avoidance of doubt, “You” means the individual accessing or using the Services, or the company, or other legal entity on behalf of which such individual is accessing or using the Services, as applicable.
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Consent” of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
2. Data we process
When You access the Services, we may collect the following Personal Data:
2.1 Information You give us. You may, through the websites and Services or other contact channel (e.g., email, website registration form, website contact form, etc.), voluntarily provide us information containing Your Personal Data. We will process these Personal Data in accordance with the Applicable Law and on the assumption that they refer to You or to third parties who have authorized You to provide them pursuant to an appropriate legal basis which legitimize the processing at stake. In this case, You act as independent data controller, assuming all relevant obligations and responsibilities according to the Applicable Law. In this regard, You shall indemnify and hold us harmless from and against all damages, losses, and expenses of any kind (including reasonable legal fees and costs) arising by any claim made by any third party whose Personal Data have been processed in breach of the Applicable Law as regards to Your obligations as independent data controller.
In particular, the said Personal Data include:
registration data provided by You when You register Your user account for the use of the Services, if it is required, such as: Your username, Your password, Your email address;
billing information provided by You in case You purchase our Services;
contact data provided by You in case You contact us by email or any other available means such as Your name, email address, postal address, username, and telephone number;
content data provided by You through polls, surveys and forms created through the Services.
2.2 Business analysis data. In order to provide You with the Services or in order to improve the performance thereof, we process Your Personal Data and/or associate other data to Your Personal Data, including: (i) generating sales reports; (ii) for general statistical purposes (e.g., case studies, business presentation, etc.).
2.3 General Data. We may also collect a series of general data and information when a data subject or automated system uses the service. This general data and information are stored in the server log files. Data collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the date and time of access to the Internet site, (5) an Internet protocol address (IP address), (6) the Internet service provider of the accessing system, and (7) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) manage and deliver the content of our website and Services correctly, (2) optimize the content of our website, (3) ensure the long-term viability of our information technology systems and website technology, (4) communicate with You, (5) audit and analyze the Services, (6) ensure technical functionality and security of the Services, and (7) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
2.4 Log Files. The log files collected by us may include some of Your Personal Data, including: (i) IP addresses or domain names of the devices used by You to connect to the Services; (ii) the time of the request, the method used to submit the request to the server; (iii) the numeric code indicating the status of the reply given by the server (successful, error, etc.); (iv) other parameters regarding Your operating system and device environment.
3. Purposes and legal basis of the Processing
3.1 Purposes. Personal Data above will be processed by us for the purposes and legal basis specified below:
|Personal Data involved||Purposes||Legal basis|
|Registration Data Billing Information Contact Data||To carry out our obligations arising from any order and/or contract entered into between You and us and to provide You with the services that You requested from us (e.g., create and manage Your account, provide our Services, process the subscription to our newsletter, etc.).||This processing is necessary for the performance of our mutual contractual obligations and/or carried out with Your consent.|
|Registration Data Billing Information Contact Data Log Files||To communicate with You to verify Your account and for informational and operational purposes (e.g., account management, customer service, system maintenance), including by periodically emailing You Services-related announcements.||This processing is necessary for the performance of our mutual contractual obligations and/or based on legitimate interests pursued by us.|
|Content Data Log Files Business Analysis Data||To carry on statistical research / analysis, as well as to report, measure and evaluate the Services’ operation, usability, features and performance. To provide the testing admissions process when a computer-based certification test is administered to You.||This processing is based on legitimate interests pursued by us and/or does not involve Personal Data (as long as data processed are anonymized).|
|Contact Data||To provide You with information and/or services that You requested from us (e.g., process the subscription to our newsletter, marketing communications, etc.).||This processing is based on Your consent.|
|Contact Data||To manage Your job application and provide You with the hiring process status and information.||This processing is based on Your consent.|
|Personal Data involved||Registration Data Billing Information Contact Data|
|Purposes||To carry out our obligations arising from any order and/or contract entered into between You and us and to provide You with the services that You requested from us (e.g., create and manage Your account, provide our Services, process the subscription to our newsletter, etc.).|
|Legal basis||This processing is necessary for the performance of our mutual contractual obligations and/or carried out with Your consent.|
|Personal Data involved||Registration Data Billing Information Contact Data Log Files|
|Purposes||To communicate with You to verify Your account and for informational and operational purposes (e.g., account management, customer service, system maintenance), including by periodically emailing You Services-related announcements.|
|Legal basis||This processing is necessary for the performance of our mutual contractual obligations and/or based on legitimate interests pursued by us.|
|Personal Data involved||Content Data Log Files Business Analysis Data|
|Purposes||To carry on statistical research / analysis, as well as to report, measure and evaluate the Services’ operation, usability, features and performance. To provide the testing admissions process when a computer-based certification test is administered to You.|
|Legal basis||This processing is based on legitimate interests pursued by us and/or does not involve Personal Data (as long as data processed are anonymized).|
|Personal Data involved||Contact Data|
|Purposes||To provide You with information and/or services that You requested from us (e.g., process the subscription to our newsletter, marketing communications, etc.).|
|Legal basis||This processing is based on Your consent.|
|Personal Data involved||Contact Data|
|Purposes||To manage Your job application and provide You with the hiring process status and information.|
|Legal basis||This processing is based on Your consent.|
|Personal Data involved||Registration Data Billing Information Contact Data Log Files|
|Legal basis||This processing is necessary for the performance of our mutual contractual obligations and/or for the establishment, exercise or defense of legal claims.|
3.2 Voluntary nature of the processing. Providing Your Personal Data for the above-mentioned purposes is voluntary and not mandatory. However, not providing any of such data may not allow us to establish and/or continue a contractual relationship with You, or to fulfill Your requests, or to comply with legal obligations to which we are subject to.
4. What is the data retention period and what security measures have been taken for Your personal data safeguard
4.1 Data retention. Personal Data collected by us will be processed for the time strictly necessary to achieve the purposes referred to in above. In particular:
Personal Data needed for the provision of our Services will be processed as long as it is necessary for providing You with the requested Services, until the Personal Data is required for the legitimate purpose of its collection, or until You stop using the Services; if Your Personal Data is no longer necessary for any of such purposes, we will immediately delete such personal data from our systems;
Personal Data needed for the provision of our newsletter service will be processed until You decide to unsubscribe;
Personal Data needed for security and fraud prevention purposes will be kept up to 6 (six) months from the termination of Your account and related Services;
Personal Data needed to be kept under applicable laws (for example, tax laws, accounting laws, etc.) will be kept for the period of time necessary or permitted to comply with such laws.
4.2 Security measures. We warrant to maintain (and continue to maintain) appropriate and sufficient technical and organisational security measures to protect Your Personal Data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, as well as against all other unlawful forms of processing. Please be aware that no security measures are perfect or impenetrable, so we cannot guarantee that unauthorised access, hacking, data loss or a data breach will never occur. Notwithstanding the preceding, we operate with the aim of mitigating the risks associated with processing Your Personal Data.
5. Who are the recipients of Your Personal Data
5.2 Third-party service providers or consultants. We engage certain trusted third parties to perform functions and provide services to us, including hosting and maintenance, error monitoring, debugging, performance monitoring, billing, customer relationship, database storage and management, and direct marketing campaigns. Therefore, we may share Your Personal Data with these third parties, but only to the extent necessary to perform these functions and provide such services.
5.3 Third parties required by laws or authorities. We may disclose Your Personal Data to a third party if: (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request (including to meet national security or law enforcement requirements), or (ii) to protect ourselves, our customers, or the public from harm or illegal activities. If we are required by law to disclose any of Your Personal Data, then we will use reasonable efforts to provide You with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we believe were not issued properly.
6. Where Your personal data may be transferred
We are a global organization based in Spain and Your Personal Data may be further transferred to, and stored at, any of our affiliates, partners or service providers mentioned above, which may be worldwide. In any case, when we transfer or disclose Your Personal Data, only to the extent necessary to provide the Services, we will ensure that the jurisdiction in which the recipient third party is located ensures an adequate level of protection of Your Personal Data or we conclude an agreement with the respective third party that ensures such protection. By submitting Your Personal Data, You agree to such transfers.
7. Your rights
7.1 Right of access. You are always entitled to receive confirmation as to whether or not Your Personal Data is being processed and, where that is the case, access and receive a copy of such Personal Data in an intelligible form. Furthermore, You are also entitled to receive information concerning: the purposes of the processing; the categories of Personal Data concerned; the recipients (or categories thereof) to whom the Personal Data have been or will be disclosed; where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of Your Personal Data or to object to such processing; the right to lodge a complaint with a supervisory authority; the source of the Personal Data; the existence of automated decision-making; where Personal Data is transferred to a third country or to an international organization, the appropriate safeguards relating to the transfer.
7.2 Right to withdraw consent. You are always entitled to withdraw, at any time, Your consent to the processing of Your Personal Data, both on legitimate grounds (even though they are relevant to the purpose of the collection) and if the processing is carried out for direct marketing purpose. The preceding will not affect the lawfulness of Your Personal Data processing based on consent before the withdrawal.
7.3 Right to rectification, erasure and restriction. You are always entitled to obtain from us, without undue delay: the rectification or integration of Your Personal Data that are inaccurate or incomplete; the erasure of Your Personal Data that have been processed unlawfully or whose retention is unnecessary for the Purposes; the restriction of processing, in case You challenge either the accuracy of Your Personal data or the lawfulness of the processing, or in case we no longer need the Personal Data for the Purposes, but they are required by You for the establishment, exercise or defense of a legal claim.
We process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislation or other laws or regulations to which the controller is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislation or another competent legislation expires, the personal data are routinely blocked or erased in accordance with legal requirements.
7.4 Right to data portability. You have the right to receive Your Personal Data in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller without hindrance from us, where technically feasible.
7.5 Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects. Automated decision-making currently does not take place on our Services.
7.6 Right to lodge a complaint before an European supervisory authority. If You would like to launch a complaint about the way in which Your Personal Data is handled, please contact us first. After You contact us, we will send You a confirmation that we have received Your complaint. Afterwards, we will investigate Your complaint and provide You with our response within a reasonable timeframe, but no later than one month. If You are not satisfied with the outcome of Your complaint, You have the right to lodge a complaint with the Spanish Supervisory Authority - Agencia de Protección de Datos, C/Jorge Juan, 6 - 8001 Madrid (ph. +34 91399 6200, fax +34 91455 5699, [email protected], https://www.agpd.es).
7.7 Contacts. Requests to exercise the rights above must be sent by e-mail to [email protected]. Any access request is always completed within one month; however, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to You within one month and keep You informed of the delay and the reasons thereof.
9. Forums and chat rooms
If You participate in a discussion forum, local communities, or chat room on our website, You should be aware that the information You provide there (i.e. Your public profile) will be made broadly available to others, and could be used to contact You, send You unsolicited messages, or for purposes neither us nor You have control over. Also, please recognize that individual forums and chat rooms may have additional rules and conditions. We are not responsible for the personal information or any other information You choose to submit in these forums. To request removal of Your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove Your personal information, in which case we will let You know if we are unable to do so and why.
10. Amendments to this policy