TO WHOM IS THIS POLICY DIRECTED AND TO WHOM IS APPLIED?
This policy applies to all users of the Website, whether or not they are DALALBA customers of (hereinafter, interchangeably, “the user” or “users”) that are considered as natural persons. And, because of personal data, we mean all information about an identified or identifiable natural person.
This Website is for users over 16 years of age, and its use is prohibited for children under this age and the registration, purchase of products or services that could be offered to those under 18 years of age.
According to the provisions of the General Data Protection Regulation (EU) “GDPR”, the user must receive timely and specific information from the person responsible for the treatment and the uses and purposes thereof.
For this, the following information is indicated:
WHO IS RESPONSIBLE FOR THE TREATMENT OF YOUR DATA?
Identity: Julia Vidal Álvarez
Address: Rúa de Santiago nº 5, 36.202 Vigo, (Pontevedra) – Spain
Contact phone: +34 645 909 423
Email contact, Data Protection Officer: email@example.com
FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
What information can we get about you?
Depending on the products or services for which you show interest we will need to process different data, which will generally be the following:
Contact and Identification Data, name, surname, address, telephone number, email.
Commercials and Preferences, information that you provide about your preferences, for example the type of products or services in which you are interested.
Connection data, geolocation in case you interact with us for example from your mobile.
Use of the website and communications, we collect information for statistical purposes on how you use our website, these data are obtained through the information collected through cookies that you can locate in the information about Cookies that is detailed on our website.
Please remember that, when we ask you to provide us with your personal data to give you access to some functionality or service of the web, some fields are mandatory, we need them to be able to provide you with the service. Therefore, keep in mind that if you decide not to provide us with this information, you may not be able to complete your registration, nor will you be able to enjoy these services or make the purchase.
If you are a minor, please do not try to register as a user of our website.
DALALBA, treats your data with the following purposes:
- Enable you to navigate through our Website, allowing you access to the information and content provided in it.
- Attend and manage your queries and requests.
- Send you all the necessary information in relation to the characteristics of the product or service that you have requested.
- If you accept it, or there is sufficient legal basis for it, send you information and publicity about offers, products, services, promotions, gifts and campaigns around our products and services.
- Proper customer service.
- Perform quality control on our products and services by conducting possible opinion polls.
- Adopt as many protection measures as may be applicable in accordance with current regulations, including the possible anonymization of your personal data by applying the appropriate techniques available for this purpose. Therefore, in this area, anonymization and pseudonymisation treatments may also be carried out for the best protection of your personal data.
- Apply the relevant security, technical and / or organizational measures on your personal data with a focus on the existing risk at all times.
- Where appropriate, respond to complaints filed through the External Ethics and Complaint Channel provided by DALALBA.
- In general, comply with the regulations applicable to DALALBA according to its own activity sector, including actions aimed at detecting fraud and preventing crimes or illicit actions.
What happens if you provide us with third party data?
If you provide us with Personal Data of third parties, guarantee to have informed them about the purposes and the way in which we need to process your personal data.
How do we collect your data?
- When you contact DALALBA directly, for example through the Website or through the different telephone service lines, in order to request information about our products or services.
- When you register for a DALALBA course.
- When you participate in our marketing campaigns, through the web or physically in events, product presentations, participating in a promotion or raffles.
- When with your express authorization, third parties communicate your personal data to us.
What are my personal data used for?
Depending on how you interact with our website, we will process your personal data for the following purposes:
Customer Service, to respond your requests for information, suggestions, requests or claims made through the communication channels.
Marketing, we collect and process your contact details and information about your preferences and purchases to keep you informed, about our products, offers and services, even electronically.
If you subscribe to our Newsletter or if you request information through the contact form, we will process your personal data to manage your subscription or request, which includes sending personalized information about our products or services, similar to those that were initially subject to consultation, even electronically.
We may also use the data collected for promotional purposes, gifts and loyalty campaigns, including electronically.
Usability analysis, for the improvement of our services, treating your navigation data for analytical and statistical purposes, that is, to understand the way in which users interact with our website and thus, be able to introduce improvements in it.
Quality Analysis, to improve our products and services we conduct quality surveys aimed at knowing the degree of satisfaction of our customers and detect those areas where we can improve.
Compliance with legal and regulatory obligations, to meet our legal obligations (without limitation or exclusion) both by judicial bodies, regulatory and supervisory bodies and state security forces and bodies, with which we are required to comply with the laws of the countries in which the activity takes place.
To manage your registration in a course, if you decide to register for a course, we need to process your data to identify you as a user of the course and give you access as a registered student.
WHAT IS THE LEGITIMATION TO TREAT YOUR DATA?
The legal basis that allows us to process your personal data for the purposes described above are legitimized in accordance with the following legal bases:
Customer Service, to meet your requests or queries, the treatment is necessary for the management of contractual measures (GDPR 6.1, b). In addition, to manage your request or inquiry and answer it, the treatment is based on a legitimate interest (GDPR 6.1, f).
When your query is related to the management of incidents or claims related to a purchase, the treatment is necessary for the management and maintenance of the sales contract. (GDPR 6.1, b).
When your query is related to the exercise of rights, for which you will find detailed information below, the treatment is necessary for the fulfilment of legal obligations (GDPR 6.1, c).
Marketing, to send you information, in relation to products or services similar to those that were initially the subject of consultation or sale, the processing of your data is based on a legitimate interest (GDPR 6.1, f).
Usability analysis, to analyze the usability of the web, the processing of your data is based on a legitimate interest (GDPR 6.1, f).
Quality Analysis, to analyze and evaluate the pleasure and attention to our customers, the processing of their data is based on a legitimate interest (GDPR 6.1, f).
Compliance with legal and regulatory obligations, the treatment is necessary for compliance with legal obligations (GDPR 6.1, c).
Manage your registration as a student in the course, the processing of your data is necessary for the execution of the terms that regulate the enrolment in the course (GDPR 6.1, b).
In addition, we will process your data protected in the legitimate interest, for example, for security reasons, fraud prevention, to improve our services and products through market research, or to transmit them to other entities of the business group for administrative purposes and internal organizational.
HOW LONG DO WE KEEP YOUR DATA?
Your personal data will be kept for the time necessary to fulfil the purpose for which they were collected, unless a longer retention period is legally permitted or required.
Our data retention periods are based on business needs, we will then keep them duly stored and protected during the time in which responsibilities arising from the processing may arise, in compliance with the regulations in force at any time. Once they prescribe the possible actions in each case, we will proceed to the deletion of the personal data.
Customer Service, we will process your data for as long as necessary to meet your request.
Compliance with legal and regulatory obligations, in some cases, we must keep your data for the periods required by the specific regulations that may apply, (without limitation or exclusion) such as tax, commercial, money laundering …
Marketing, we will keep the data until you exercise your right to revoke your consent for the processing of your data for advertising and / or promotional purposes or, where appropriate, you oppose the processing for direct marketing purposes in accordance with the provisions in Article 21.2 of the GDPR.
Registration in the course, we will process your data for as long as you maintain the status of a registered student, that is, until the end of the course. Subsequently, they will be retained for the next ten years, in order to attend possible queries or subsequent claims.
WHAT RECIPIENTS DO WE GIVE YOUR DATA?
- Fraud detection and prevention entities.
- Technological service providers (storage, security and maintenance):
Web platform: NewZenler.com more information at https://newzenler.com the data in order to perform its support services to com.
- Suppliers and collaborators of services related to marketing and advertising:
Courier services and sending newsletters: The electronic newsletters or newsletter are managed by Mailchimp. When using the services of this platform for conducting email marketing campaigns, subscription management and sending newsletters, you should know that Mailchimp has its servers hosted outside the EU, in the US, and is subject to the EU agreement US Privacy Shield, whose information is available here, approved by the European Protection Committee. Mail Chimp 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308”
Google Analytics Analysis Service: It is an analytical web service provided by Google, Inc., a Delaware company whose main office is at 1600 Amphitheater Parkway, Mountain View (California), CA 94043, United States (“Google”). Google Analytics uses “cookies”, which are text files located on your computer, to help dalalba.com analyse how users use the website. The information generated by the cookie about your use of dalalba.com (including your IP address) will be directly transmitted and archived by Google on servers in the United States.
These companies that provide us with other types of services, only have access to the personal information they need to carry out such services and are required to keep the personal information they can access confidential and cannot use it in any other way than that We have requested them.
For compliance with legal and regulatory obligations, your data will be communicated to (not limiting or exclusive):
- Public administrations.
- Judges, courts and security forces, for the attention of the possible responsibilities born of the treatment, in their respective powers at their request.
For service efficiency, some service provider may be located in territories outside the European Economic Area that do not provide a level of data protection comparable to that of the European Union, such as the United States. In such cases, we inform you that we transfer your data with adequate guarantees and always keeping the security of your data, being said service providers certified in Privacy Shield.
If you wish to consult the certification of the United States suppliers, you can consult them in the following link: https://www.privacyshield.gov/welcome
To register for the course you have selected: Registration for the courses is currently managed by Udemy, Inc., for this it is necessary to create a user account. When creating the user account, personal data is collected and stored, if you want more information about the data processing you can consult it at the following link: https://www.udemy.com/terms/privacy/
ARE INTERNATIONAL TRANSFERS MADE WITH YOUR DATA?
We inform you that your data will not be communicated to entities outside the European Economic Area without your express consent, except in cases where a mandatory rule allows such communication, in such cases we will inform you whenever possible of the purposes of said communication.
WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US YOUR DATA?
We promise to respect the confidentiality of your personal data and to guarantee the exercise of your rights. You can exercise them at no cost by writing an email to the email address, firstname.lastname@example.org, simply indicating the reason for your request and the right you request to exercise, indicating in the subject of the email “Request for the exercise of rights”.
You can also send the request to the postal address, Rúa de Santiago nº 5, 36.202 Vigo, (Pontevedra) – Spain, indicating the reference “Application for the exercise of rights” and in the same way, the reason for your request and the right you request to exercise.
In order to identify you correctly and ensure the security of your data (for example, avoid phishing), we request that you send us a copy of a document proving your identity; DNI, NIE or passport.
In particular, regardless of the purpose or legal basis under which we process your data, you have the right to:
- You have the right to access your personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes that were collected.
- In certain circumstances, you may request the limitation of the processing of your data, in which case we will only keep them for the exercise or defence of claims.
- In certain circumstances and for reasons related to your particular situation, you may object to the processing of your data. We will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.
- Right to the portability of your personal data.
- Right to file a claim with the Control Authority (Spanish Agency for Data Protection), if you consider that the treatment does not comply with the GDPR or for the eventual breach of the data protection regulations, whose information is contained in this link: http://www.agpd.es.
The exercise by you of these rights is subject to certain exceptions for reasons of general interest, such as the prevention or detection of crimes or for our own interests, such as maintaining the confidentiality of legal advice. If you exercise any of these rights, we will verify that you are really empowered to do so, and we will respond within a month (according to the GDPR), and this period may be extended by another two months if necessary, taking into account the complexity and number of applications.
WHAT SECURITY DO WE GIVE YOUR PERSONAL DATA?
DALALBA is committed to fulfil its obligation of secrecy, duty to keep them and adopt the necessary technical and organizational measures that guarantee the security of personal data and prevent its alteration, loss, treatment or unauthorized access
Although it is not possible to guarantee absolute intrusion protection in data transmissions through the internet or from a web, we, as well as our subcontractors and business partners, make every effort to maintain physical, electronic and procedural protection measures with which guarantee the protection of your data in accordance with the legal requirements applicable in this matter.
Among the measures we use include the following:
- Limit access to your data only to those who need to know them in attention to the tasks they perform.
- As a general rule, transfer the collected data in encrypted format.
- Store the most sensitive data (such as credit card) only in encrypted format.
- Install perimeter protection systems for computer infrastructures (“firewalls”) to prevent unauthorized access, for example “hackers”.
- Regularly monitor access to computer systems to detect and stop any misuse of personal data.
- Commercial transactions are performed in a secure server environment under SSL protocol.
In those cases, in which we have provided (or you have chosen) a password that allows you to access certain parts of our websites or any other portal, application or service under our control, you are responsible for keeping it secret and for complying with all the other security procedures that we notify you.
We recommend some of the precautions we advise you should take to ensure the security of your personal data:
- Do not provide your username or password to anyone.
- Do not write it down in easily accessible places: computer, calendar.
- Always use our SSL security system.
- Always disconnect the browser session after having accessed a security zone or having entered the user or password.