2. What data do we process?
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. At first instance, you are not required to provide any “Personal Information” when using the Site.
However, when you register, sign-up for a free trial or make a purchase through our Site, we collect your “Personal Information”, such as name, last name, company name, country, position, email address, phone number (optional), as well as, billing address, payment information, digital signature when making a purchase.
In compliance with the measures required by the GDPR, every time you send us personal data you must give us your explicit and voluntary consent on the processing of your data.
3. When do we collect your data?
You are not required to provide personal information when using the Site, however, all this information will be required in order to use certain features. If you want to use our Services, you will need to sign up and create an account.
Please, read Section 2 to understand “What data do we process?”, and Section 5 to comprehend “Purpose of data processing, legal basis of data processing and storage period”. Data collection takes place in the following cases:
- Through the contact form of the Site: the User will find the option to fill in a contact form to request more information, a Demo or a Free Trial. We require you to fill in all the blanks so we can write to you and solve any queries you may have.
- Through our chatbot: the User may need to provide more information so we can resolve any further questions through the chatbot.
- Newsletter: the User may provide their email address in order to be informed about the news of our blog and receive the newsletters if they wish to do so.
- Registering as a client: by filling out the registration form as a Client, the User will have access to the platform. HETIKUS will require the User to provide their name and surname, phone number (optional), company, position and email address, so they can be identified as a User of the platform and to manage any procedure that must be done within the platform by the owner of the account. In addition, HETIKUS will require payment information and billing address.
- Through our corporate email: if you request information or write to us to any of our corporate emails (from the domain hetikus.com), we automatically collect your name, last name, and contact email address. This is required so we can clarify your doubts about our services.
- Careers: the User interested in applying to a vacant position, will be redirected to LinkedIn and will be asked to attach their curriculum vitae. As established by the GDPR, we will collect your personal information and we will store your CV for one year.
4. Who processes personal information?
All the Personal Information that the User provides is processed by us, an entity incorporated in accordance with the Spanish legislation and with the contact details mentioned below:
HETIKUS EMEA SUBSIDIARY, S.L.
Calle San Lorenzo 11 2ª Planta interior
Madrid, 28004, Spain
5. How is your data being processed?
HETIKUS informs its users that the Personal Data they provide will be processed by the company in accordance with the provisions mentioned in the Article 32 of the GDPR. Please, read Section 2 to understand the data we process.
In order to provide our services, HETIKUS may need to use some service providers we rely on. These companies provide us services with intelligence search, intelligence analysis, advertising, navigation, customer success and analytic means. In addition, we ensure that all employees authorised to process personal data have signed a confidentiality clause, or work under a statutory obligation of confidentiality.
By hiring our services you give your consent for us to share your personal information with third parties we already work with. If we hire new providers, and the user does not give consent to share their personal data, will have 15 days to expressly refuse their consent under reasonable circumstances. Take into account that any subprocessors will only process the data to the extent necessary to provide the Services. HETIKUS is compromised with the Data Protection, and we sign an agreement with third parties in which it is stated that they will implement all the necessary security measures (required by the “GDPR”) to ensure the protection of our User’s data.
In case of suspicion of breaching on protection of the data, HETIKUS would communicate this to the users without undue delay upon we confirm a data breach, and try to solve the issue. We ensure you that we will take all the security measures in order to protect your data. We will reasonably cooperate with the User in order to solve the remediation of such data breach. The User shall be responsible for both filling any reports required under applicable law, and you shall defend, indemnify and hold us harmless of any and all costs, fines, sanctions or any damages that lack of action on your side may cause.
Even though we take all the possible measures, as it is an online platform we are not able to guarantee the total protection of the collected data. Therefore, you must take additional security measures in order to avoid a breach on the confidentiality of your information.
We are committed to comply with out policies and the Spanish legislation, therefore, will make available to the User when requested. You accept that you may only conduct up to one audit per year, except if you have reasonable grounds to believe that we are not performing our obligations properly.
If you have not taken additional security measures, HETIKUS will not be responsible of any breach on the process of personal data, neither third partie’s responsibilities, force majeure and fortuitous cases.
6. Purpose of data processing, legal basis of data processing and storage period
We will process your data when we perform a contract and/or when you accept our Terms and Conditions, and your data information will be stored as long as the contractual relationship is in force. In addition, your data information will be kept for the next five years after the end of the relationship. Subject to obtaining your consent, and as long as you do withdraw it, the purpose of data processing is the following:
- Attend and resolve the queries: when the User contacts us, we may use your data in order to solve the queries you may have.
- Gather and record data associated with the use of a digital signature: documents can be signed digitally through our platform, if you wish to do so. We collect your digital signature in order to facilitate these services.
- Inform the User about new Applications: we will send you information about the development of other Applications, the addition of new features and improvements in the already existing.
- Offer similar services with those that have been purchased: in order to improve your experience with our Services, we may send you information about other services we are offering that may adapt to your needs.
- Advertising and/or commercial purpose: to send you electronic commercial communications informing you about additional discounts and promotions.
- Legal obligations: in order to comply with our legal duties, we may need to review, monitor or investigate the activities you perform using our services. This is subject to the interests at stake to ensure a correct and safe environment for Users and our company. The main purpose is to create and maintain an environment in accordance with the law, the legitimate interests and to protect User’s security.
Your data will only be used for these purposes, and all this information is stored on secure services in the Cloud in Belgium and Ireland, complying with the European Union and national legislation. For more information, visit the following page: http://aws.amazon.com/en/compliance/eu-data-protection/. We also use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/.
For the provisions of the Services, data may be transferred outside the European Economic Area, or to a country whose level of protection is not equal to the one provided by European data protection regulations.
In case the User wants to transfer data outside the European Economic Area to an entity nor part of the Privacy Shield or to a country whose level of protection is not equal to the one provided in the European Union, you shall ensure that the said transfer is possible in accordance with the European data protection regulations or other requirements established by law, with respect to any subprocessors hired by us, you (as data exporter) and us hereby agree to enter into the Standard Contractual Clauses in respect of any transfers of data.
Due to these reasons, and because of the nature of the platform, the Site is not intended for individuals under the age of sixteen (16).
Our company would like to send you information about apps and services that we think that may be of your interest.
If you have agreed to receive marketing material you may also opt out at a later date. You have the right to refrain HETIKUS from contacting you for marketing purposes, as established in Section 6.
If you no longer wish to be contacted for marketing purposes, please, contact us (Section 11).
8. User’s data protection rights
HETIKUS would like to make sure you are fully aware of your data protection rights. Every user is entitled to:
- Right to access: you have the right to request for copies of your personal data and your rights. We may charge an administrative fee, with prior notice. Unfounded, excessive or repeated requests may not be answered.
- Right of information: you have the right to understand how we use your information and your rights. Please, contact us if you have any doubt (Section 11).
- Right of rectification: you have the right to request our company to correct the inaccurate information, and to complete the information you believe is incomplete.
- Right to be forgotten: under certain legal/legitimate circumstances, you have the right to have your personal data deleted.
- Right of opposition to direct marketing: you can unsubscribe to our marketing communications at any time. In order to do so, please, write to us to our corporate email (firstname.lastname@example.org).
- Right to withdraw consent: you have the right to withdraw your consent to the processing of your personal data. This will not affect the legality due to your prior consent. Please, read “What data do we collect from you?”. In order to withdraw the consent, please, contact us at email@example.com.
- Right to submit a complaint to a supervisory authority: in order to comply with the legislation, the users have the right to submit a complaint to the Spanish Data Protection Agency against HETIKUS’ privacy and data protection practices.
- Right to oppose processing data information, based on legitimate interest: you have the right to oppose processing data information under certain circumstances. Please, consult Section 2 “What data do we collect from you?” and Section 5 “Purpose, legal basis and storage period”. Contact us to exercise this right.
- Right to data portability: you have the right to transfer the data that we have collected to another organization. For further information, using the details provided under “Contact”.
- Right of limiting processing: you have the right to ask our company to limit your data processing. If you wish to do so, contact us so we can store your data but you withdraw your consent to us processing them. This right will only be allowed under the circumstances established in the GDPR:
- Processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
- Legitimate grounds of the controller prevail over legitimate interests.
- The competent authorities no longer need the personnel data for processing, but they are required in case of exercise or defence legal claims.
For further information, visit: www.allaboutcookies.org
11. Contact us
In order to comprehend more about what other companies do we share your data with, security document or data breaches, cyber attacks and security report, contact us at firstname.lastname@example.org.
If you have any doubt about how HETIKUS manages your personal data, please contact us via email to email@example.com.