Privacy Policy
1. Information for users on the protection of personal data
Controller: YOiD Identidad Digital, S.L., with registered office at calle Sollube 22, 48993 Getxo (Vizcaya), Spain, hereinafter the CONTROLLER, is the controller of users' personal data and informs them that such data will be processed in accordance with the personal data protection regulations in force: Regulation (EU) 2016/679, of 27 April 2016 (GDPR), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Spanish Organic Law 3/2018, of 5 December (LOPDGDD), on the protection of personal data and the guarantee of digital rights.
Data Protection Officer contact details: info@yoid.es.
Purposes and legal basis for processing: maintaining a business relationship with the user. The processing operations envisaged are:
- Managing, developing and maintaining the contract or the operations arising from it. The legal basis is the performance of the contract or transaction.
- Sending commercial advertising communications by email, SMS, MMS, social networks or any other electronic or physical means, present or future. Carried out by the CONTROLLER, regarding its own products and services or those of partners or suppliers with whom it has a promotional agreement; in such cases, third parties will never have access to the personal data. The legal basis is legitimate interest and, where applicable, consent.
- Conducting statistical studies. The legal basis is legitimate interest.
- Processing orders, requests or any type of enquiry made by the user through the available contact channels. The legal basis is the request or enquiry itself.
- Sending the website's newsletter. The legal basis is the user's request, the Controller's legitimate interest and, where applicable, consent.
- Building a commercial profile of the user and carrying out commercial actions tailored to it. The legal basis is consent.
- Managing job applications. The legal basis is the performance of the application itself and, where applicable, consent.
- Verifying or supplementing the data, based on that provided by the user, on manifestly public data (e.g. open social media profiles), or on sources covered by a legal authorization (public registries or credit information systems), based on legitimate interest and the principle of data accuracy.
Origin of the data: the data is provided by the user themselves or derived from the relationship with them. If the user provides data belonging to third parties, they are obliged to inform, and where applicable obtain the consent of, those third parties.
Categories of data: identifying and contact data, traffic or location data, financial and economic data, commercial data, academic and professional data, and electronic communications data.
Retention criteria: data will be retained for the duration of the contractual or commercial relationship or for as long as necessary for the purpose for which it was collected. For job applications, 1 year unless updated. It will subsequently be kept blocked for the statute-of-limitations period of any actions that may arise, and thereafter deleted using appropriate security measures to ensure its anonymization or total destruction.
Recipients: data will not be disclosed to third parties, except where legally required, with specific consent, or where necessary for the performance of the request or the contracted service.
User rights:
- Right to withdraw consent at any time.
- Right of access, rectification, portability and erasure of their data, and to restrict or object to its processing, as well as to object to automated individual decisions, under Article 22 of the GDPR.
- Right to lodge a complaint with the supervisory authority (Spanish Data Protection Agency, c/ Jorge Juan, 6, 28001 Madrid, www.aepd.es) if they consider that the processing does not comply with the regulation.
To exercise your rights, please contact info@yoid.es.
2. Mandatory or optional nature of the information provided
Users, by ticking the relevant boxes and entering data in the contact or download forms, freely and unequivocally accept that their data is necessary to handle their request, with the inclusion of data in the remaining fields being voluntary. The user guarantees that the data provided is truthful and undertakes to notify any changes.
The CONTROLLER guarantees that personal data will not be transferred to third parties except with prior, express, informed and unequivocal consent. The data requested through the website is necessary to provide a service or to enter into a contract; if not all of it is provided, the service may not be able to be rendered.
3. Security measures
In accordance with the data protection regulations in force, the CONTROLLER shall adopt the security measures necessary to prevent the loss, manipulation, disclosure or alteration of the data. Where certain analyses require it, personal data will be irreversibly and fully anonymized. Likewise, in order to maximize technical security measures, pseudonymization processes may be carried out.