2. Personal Data Collection
Following the Regulation and Spanish Regulations on Data Protection, LIBELIUM hereby informs its Customers and websites users (collectively, “Users”) that any personal data supplied shall be recorded in an automated file named “CUSTOMERS” for which LIBELIUM is the Controller and also the Processor and located at LIBELIUM´s registered address at c/ Escatrón 16. 50014 Zaragoza, Spain.
The Processors are the following: a) Amazon Web Services Inc., located at EU (Ireland), only for purposes of storing personal data; and b) Openbravo, LIBELIUM´s ERP supplier, located at EU (Spain), for the purpose of managing our data bases. All personal data are sent encrypted to Amazon.
By filling any form in LIBELIUM´s websites, Users consent: (i) to the processing of their personal data by LIBELIUM for the purposes mentioned below; (ii) to receive promotional offers of LIBELIUM´s and its suppliers and partners’ Products and Services; and (iii) to the fact that LIBELIUM may make such data available to its partners or suppliers to the sole purpose of enabling service provision.
3. USER´s rights (Articles 12 to 22):
Any request by Users in connection with their rights mentioned below, shall be answered by LIBELIUM´s Data Protection Officer within a month.
3.1.Transparency and Information (Articles 12-14):
- What type of personal data do we collect?: the forms in our websites only collect name, email address and country or origin. The forms in our marketplaces collect additional information, such as address, telephone and credit card number. Disclosure of these data is compulsory for making any purchase through our marketplaces. LIBELIUM does not collect any sensitive data (Articles 9&10) from Users through the forms in its websites. Please refer to LIBELIUM´s Terms and Conditions of Sale and Use for MySignals Products (https://libelium.com/downloads/MySignals-Terms-and-Conditions.pdf), to learn about collection and processing of Customer´s data on health. LIBELIUM may record any or all telephone conversations with YOU and store them in the above-mentioned “Customers” file. By phoning to LIBELIUM´s customer service telephone numbers, YOU consent to the recording of these conversations.
- What do we do with your personal data? Our processing shall be the following:
- Collection, always with your consent, either by filling our forms, by delivering your business card to our salesforce, or by entering a contractual relationship with LIBELIUM by purchasing our products and/or services. LIBELIUM shall not process any personal data not directly obtained from YOU. Any User feeling that his/her personal data have been disclosed to us without his/her consent, may contact our DPO to ascertain the source from which his/her personal data originate, and to exercise any of the rights mentioned below. LIBELIUM reserves its right to exclude from any service for which prior registration is required, any User having provided false or inaccurate data, notwithstanding any other legal action to which LIBELIUM may be entitled.
- Storage: our supplier is Amazon Web Services Inc., whose servers are located in Ireland. As already mentioned, our data bases are sent encrypted to Amazon.
- Structuring of Users data by market, product, service, etc.
- Recording: LIBELIUM may record phone conversations with Users, to have an evidence of their requests (of info, services, assistance…).
- Pseudonymisation meaning the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately. This is what we do with any data concerning health and obtained through MySignals products and services, which are obtained only to provide MySignals Customers access to their historical.
- Profiling: LIBELIUM shall not make any profiling by using personal data.
- Disclosure by transmission to some of LIBELIUM´s service providers or partners (Recipients), who help us provide the services you enjoy by using our websites or purchasing our products and services.
- Cross-border transfer: Cross-border transfer of data may exist, as LIBELIUM´s service providers and partners may be either in the European Union or in third countries, always within a Privacy Shield Framework
- Consultation and use by Libelium, for the purposes explained above.
- Restriction, erasure or destruction, as per your request, or when the term of data processing, as explained below, comes to an end.
- For how long do we store your personal data? personal data will be stored for the period strictly needed to serve the purposes described above and in connection with each kind of processing, for instance: (i) for the term of the contractual relationship entered with LIBELIUM and six years following its termination, according to Spanish Accountancy Regulations; (ii) as long as YOU do not exercise your right to erasure; (iii) for six years after your last statement of interest.
- How can YOU exercise your rights? Please contact LIBELIUM´s Data Protection Officer (DPO), by email (firstname.lastname@example.org) or at the following address: LIBELIUM COMUNICACIONES DISTRIBUIDAS, S.L. Attn. Data Protection Officer, C/ Escatrón 16. 50014 Zaragoza (Spain). Users may request from the DPO at any time access to and rectification or erasure of personal data or restriction of processing concerning their data, as well as data portability; Users may, at any time, withdraw consent without affecting the lawfulness of processing based on consent before its withdrawal; Users may at any time lodge a complaint with the Spanish Agency on Data Protection (www.agpd.es) or with any other Supervisory Authority;
3.2. Right of Access (Article 15)
Users shall have the right to obtain from our DPO confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to their personal data. Our DPO shall provide a copy of the personal data undergoing processing. For any further copies requested by User, the DPO may charge a reasonable fee based on administrative costs. Where User makes the request by electronic means, the information shall be provided in a commonly used electronic form.
3.3. Right to Rectification and Erasure (‘right to be forgotten’, Articles 16-17)
Users shall have the right to obtain from the DPO without undue delay the rectification of inaccurate personal data concerning him or her, and to have incomplete personal data completed, including by means of providing a supplementary statement.
Users shall also have the right to obtain from the DPOr the erasure of personal data concerning him or her without undue delay, in the circumstances set forth in Section 17 of the Regulation.
3.4. Right to restriction of processing (Articles 18-19)
Users shall have the right to obtain from the DPO restriction of processing in the circumstances set forth in section 18 of the Regulation.
3.5. Right to data portability (Article 20)
Subject to the restrictions in Section 20 of the Regulation, Users shall have the right to receive their personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(a) the processing is based on consent previously granted; and
(b) the processing is carried out by automated means.
In exercising his or her right to data portability Users shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
3.6. Right to object and automated individual decision-making (Articles 21-22)
Users shall have the right to object at any time to processing of personal data for direct marketing purposes, for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the Regulation.
Moreover and subject to the limitation in Section 22 of the Regulation, Users had have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
4. Website navigation and Cookies
By navigating on LIBELIUM´s websites you accept our using “Cookies”, unique identifiers that we transfer to your device to enable our systems to recognize your device and to:
- Identify you when you sign-in to our sites, allowing us to provide you with product recommendations and display personalized content;
- Deliver content, including advertisements, relevant to your interests on our sites;
- Keep track of items stored in your shopping basket;
- Conduct research and diagnostics to improve LIBELIUM's content, products and services;
- Prevent fraudulent activity;
- Improve security.
YOU may visit LIBELIUM´s websites without disclosing your identity or any personal data, unless YOU voluntarily choose to disclose such information by filling the forms in our websites. LIBELIUM´s servers may only collect domain names and IP addresses but not email addresses of their visitors. This kind of information is used to elaborate reports on visit statistics, the time spent in our websites, websites accessed, the general origin of visitors (through “Favorites”, search engines, links from other websites, etc.) to the sole purposes of getting information on how our websites are used and improving their contents and services.
LIBELIUM´s websites may provide links to other sites but LIBELIUM assumes no liability on the privacy policies adopted by the linked sites, directly or indirectly. Links to other sites are provided as a suggestion only and do not imply LIBELIUM´s warranty or liability concerning their quality, accuracy or contents of the information provided therein.
LIBELIUM does not warrant the veracity or accuracy of the information disclosed by its suppliers, partners, developers or third parties whose products or services are offered through LIBELIUM´s websites, their origin, ownership or the use or practical implementation made by Users.