PRIVACY POLICY DIGITTUDE
COPYRIGHT

The copyright of all contents of this website belongs to digittude.com.

DISCLAIMER

All texts and links have been carefully checked and are continuously updated. We make every effort to provide correct and complete information on this website, but we do not assume any warranty or liability of any kind for the information provided by this website, with respect to being correct, complete or up-to-date. We reserve the right to update and/or modify the information on this website at any time without notice. All links to external providers have been checked for accuracy at the time of inclusion, but we are not responsible for the content and availability of websites that can be accessed through hyperlinks.

For illegal, incorrect, incomplete contents and especially for damages caused by the contents of linked pages, only the provider of the page to which the link refers is liable. It does not matter whether the damage is of a direct, indirect or financial nature or whether there is any other damage that may result from loss of data, loss of use or other reasons of any kind.

DATA PROTECTION

We cannot guarantee the security of data transmission on the Internet. In particular, there is a risk of access by third parties when data is transmitted by e-mail.

We hereby expressly object to the use of the contact data published in the footer by third parties for advertising purposes. The operator expressly reserves the right to take legal action in the event that unsolicited advertising or information material is sent.

Should individual provisions or formulations of this disclaimer be or become invalid, the content and validity of the remaining provisions shall remain unaffected.

DIGITTUDE PRIVACY POLICY

Last updated on: 03/08/22

This Privacy Policy contains information about the collection, use, sharing and other processing of personal data by Digittude Technology Solutions S.L. and its affiliates (“Group” or “we” or “us”). This Privacy Policy also explains the choices you have in relation to these processing activities and your rights in this regard.

This Privacy Policy applies to the extent that the processing activities are not subject to other privacy policies, are apparent from the circumstances or are governed by applicable law.

For the purposes of this Privacy Policy, the terms “personal information” or “personal data” means any information relating to an identified or identifiable individual, such as your name, postal address, email address, professional contact details or data collected from your interactions with us through our websites, at events or on other occasions.

SCOPE

This Privacy Policy applies whenever you use our websites, mobile applications, online tools, social media, agreements, terms and conditions or other means that link to this Privacy Policy, to your interactions with us in face-to-face meetings or at Group events and in connection with other offline sales, services, marketing and other business activities with the Group.

WHO IS THE CONTROLLER OF PERSONAL DATA

Each website, each social media presence, any other application of the Group and each service and processing activities described in this Privacy Policy have a data controller belonging to the Group, who is the person in charge of processing your personal information mentioned in this Privacy Policy, in accordance with the EU General Data Protection Regulation (“GDPR”) or other applicable data protection laws. Unless otherwise stated on the website (in accordance with the legal notice, terms of use, etc.), Digittude Technology Solutions S.L., Paseo de la Castellana 93, Madrid is the data controller of the website www.digittude.com and other extensions .net, .info, .mx, .es.

In the event that a Group company communicates by other means (e.g. email, letter, telephone, in person) and the communication does not fall within an activity for which the Group has designated a specific data controller within the scope of this Data Privacy Policy or otherwise, that Group company will be the data controller.

Digittude Technology Solutions S.L. is the representative of the Group. Therefore, for any queries, complaints or issues relating to data protection in our Group (all companies and subsidiaries), please contact us by email at the following email address: privacidad@digittude.com.

PROCESSING OF YOUR PERSONAL DATA WHEN YOU USE OUR WEBSITES, ONLINE APPLICATIONS AND PLATFORMS

Categories of personal data processed, purposes of processing and legal basis:

When you visit our Group’s websites, apps or online tools (each “web content”), the following personal data about you may be collected and processed by the relevant Group company:

  • Personal data that you actively and voluntarily provide to us via web content and that we use to the extent necessary for the provision of a service or the performance of the contract and subject to Article 5 of the GDPR (e.g. when contacting us with your enquiries, applying for a job, downloading certain documents, responding to a job offer, opening a question in our forum, etc.), including name, email address, telephone number, information provided as part of a support request, comments or forum posts, etc.
  • Information automatically transmitted to us by your browser or device in the server log files when you visit and retrieve content provided for statistical and system-related purposes, including your IP address, time data (date and time of access), device type, browser type and computer operating system, referring site, sites accessed during your visit, name of files accessed, volume of data transferred and notification of successful retrieval. The stored IP address is only analysed in the event of an attack on our computer systems. It is not possible to trace a person through the stored user data. The recorded information is stored for a period of 30 days and then deleted by the system.

We process your personal data for the following purposes:

  • To provide you with our services and features, and to administer your use of our web content;
  • To verify your identity (e.g. if you subscribe to a newsletter);
  • To answer and fulfil your specific enquiries;
  • As reasonably necessary to enforce applicable terms of use, to establish or protect a legal claim or defence, or to prevent fraud or other unlawful activity, including attacks on our computer systems.

The legal bases for processing your personal data are:

To comply with our obligations in relation to any contract we enter into with you (Article 6(1)(b) of the GDPR);

  • To comply with our legal obligations (Article 6(1)(c) of the GDPR);
  • Pursue our legitimate interests (Article 6(1)(f) of the GDPR), for example, to efficiently, effectively and securely run and administer our services and your use of our web content.
  • To obtain your consent to the use of your personal data, which you may withdraw at any time in accordance with applicable laws (Article 6(1)(a) of the GDPR).
PROCESSING OF PERSONAL DATA RELATING TO YOUR BUSINESS RELATIONSHIP WITH OUR GROUP

Categories of personal data processed, purposes of processing and legal basis:

In the context of potential or existing business relationships with entities of the Group, we reserve the right to process the following categories of personal data of current or future contacts of our customers, partners, suppliers and other business partners (each, “business partner”):

  • Contact details, such as full name, work address, work landline, work mobile, work fax number and work email address.
  • Payment details, such as those necessary to manage payments and prevent fraud, such as credit or debit card numbers, security codes and other related billing information;
  • Other information that is required to be processed as part of a project or contractual relationship with a Group entity or that is voluntarily provided by the business partner, such as personal data related to orders placed, payments, applications and project milestones
  • Personal data obtained from public domain sources, integrity databases and credit bureaux
  • If required by law to verify the legality of the business partner: date of birth, ID cards, identity cards and significant information on litigation and other legal proceedings against business partners.
  • Analysis of the veracity of job applications, such as checking the CV submitted by a candidate.

We process your personal data for the following purposes:

  • To communicate with our business partners in relation to the Group’s or business partners’ services, products and projects, for example, by responding to enquiries or requests or providing you with technical information about purchased products;
  • To plan, manage and conduct the contractual relationship with our business partners, for example, by transacting and ordering products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, and providing maintenance and support services;
  • To administer and conduct customer surveys, market research, marketing campaigns, sweepstakes, contests and other promotional activities or events;
  • To maintain and enhance the security of our websites, services and products by preventing and detecting security threats, fraud and other criminal or malicious conduct;
  • To comply with our legal obligations (such as bookkeeping), to ensure that the business partner complies with the law (to prevent white collar crime or money laundering) and with Group policies and industry standards;
  • To resolve disputes, enforce our contracts and bring, exercise or respond to legal claims.

The legal bases for processing your personal data are:

  • To comply with our obligations in relation to any contract we enter into with you (Article 6(1)(b) GDPR);
  • To comply with our legal obligations (Article 6(1)(c) of the GDPR);
  • Pursue our legitimate interests (Article 6(1)(f) of the GDPR), for example, to efficiently, effectively and securely conduct our business relationship with you.
  • To obtain your consent to the use of your personal data, which you may withdraw at any time in accordance with applicable laws (Article 6(1)(a) of the GDPR).
TRANSFER AND DISCLOSURE OF PERSONAL DATA (ART. 13(1)(E) OF THE GDR)

In accordance with applicable data protection laws, Group entities and our affiliates may transfer your and our business partners’ personal data to the following Group entities and third parties who process personal data in connection with your use of our web content, our services and products or our business relationship with you and our business partners, in accordance with the purposes of data processing described in this Privacy Policy on behalf of the Group or for their own purposes:

  • other Group entities;
  • service providers and other processors (both within the Group and external third parties) who provide IT or other services to us and who will process this data only for the purposes of such services (e.g. host, IT maintenance or support services);
  • customers, partners, suppliers and other business partners;
  • media agencies and the public, including visitors to the Group’s websites and social media sites;
  • industry and other organisations, associations and other committees;
  • entities acquiring or interested in acquiring business units, companies and other entities of the Group;
  • Courts, arbitration bodies, law enforcement agencies, regulators, lawyers and others involved in actual or potential legal proceedings, where necessary to comply with the law or to assert, exercise or defend their legal rights or claims.

Sometimes the recipients to whom we transfer or disclose personal data about you or our business partners are located in other countries whose laws do not provide the same level of data protection as those of your home country. If we disclose personal data to countries that do not guarantee adequate protection, we will ensure that the disclosed data is adequately protected by applying appropriate contractual safeguards (e.g., based on EU standard clauses), binding corporate rules, under the EU-US and Swiss-US Privacy Shield for transfers to third parties resident in the US, or we will transfer the data based on consent, the conclusion or performance of a contract or for the purpose of asserting, exercising or enforcing legal claims under applicable data protection laws.

Please also note that personal data that you post on some of our web content (e.g. in forums) may be accessible to other users registered to that content.

DATA RETENTION
  • In accordance with the principles of data minimisation (Article 5(1)(c) of the GDPR) and data economy (Article 5(1)(e) of the GDPR), the Group will not retain personal data for longer than is necessary for the purposes of the processing. Notwithstanding the above, we reserve the right to process personal data for a longer period of time for the purposes of complying with the following rules and obligations:
  • We will retain personal data for as long as (i) we are obliged to do so (whether by contract, law or otherwise) or for as long as (ii) we have an essential interest (for example, for evidentiary purposes in the event of claims, documentation of compliance with certain legal or other requirements or an interest in non-personalised analysis). We reserve the right to deviate from this standard with respect to anonymisation or pseudo-anonymisation of personal data in accordance with applicable law.
  • The standard for contract-related personal data (such as business and communication records) is to retain it for the duration of the contractual relationship and for up to ten years after the end of the relationship unless (i) it is required by law to be retained longer or shorter on a case-by-case basis, (ii) it is necessary to retain it for evidentiary purposes or for another valid reason under applicable law, or (iii) it is required to be deleted early (for example, because it is no longer needed or because a Group entity is obliged to delete the data).
  • The standard for operational documents containing data (such as protocols or registers) is to retain personal data for a period of between 3 and 12 months.
  • In general, Group entities and our subsidiaries retain personal data for as long as necessary to achieve the purposes for which they have been collected, normally for the duration of the employment relationship and, at the end of the employment relationship, for ten years thereafter or such other period as required or permitted by applicable law. In the case of operational documents containing personal data (such as protocols or records), the Group retains them for 3 to 12 months. For business records, the Group normally retains them for as long as there is a legitimate interest in them, usually not exceeding 10 years. Such legitimate interests may be, for example, evidentiary purposes in case of establishment, exercise or defence of legal claims, documentation of compliance with certain legal or other requirements (if statutory retention periods no longer apply). Other retention periods may apply, namely with respect to anonymised or pseudo-anonymised data for as long as entities within the Group and our subsidiaries have a legitimate interest in retaining such data.
  • Personal data will be destroyed without delay by Group entities and our subsidiaries when it is no longer necessary to retain it. If printed on paper, personal data will be shredded or incinerated. If in electronic format, personal data will be destroyed by irreversible technical means.
CANCELLATION OF CONSENT

If you have given the Group your consent to process certain personal data, you have the right to withdraw your consent at any time without retroactive effect, i.e. the withdrawal of consent will not affect the lawfulness of the processing prior to the withdrawal of such consent.

NEWSLETTER SIGN-UP

You can subscribe to our newsletter to receive updates on our products and services. If you subscribe to our newsletter, the information you provide (first name, surname and e-mail address are mandatory) will be used exclusively for this purpose (Article 6(1)(a) of the GDPR). This is the only data we process. To ensure that you are the true owner of the e-mail address you have provided us with, we use a double confirmation method. For this purpose, we record:

your consent to receive newsletters;

  • your confirmation by e-mail;
  • your receipt of the e-mail reply

You can revoke your consent to us processing your personal data and using it to send you the newsletter at any time. You can also click on the “Unsubscribe” link in the newsletter or write to us at our e-mail address marketing@digittude.com.

APPLY FOR A JOB ONLINE

We offer job applicants the possibility to apply online for a job in our Career section. To apply for a vacancy, please fill in our job application form and accept our Recruitment Privacy Statement, which contains detailed information on how we will treat your personal data if you apply for a job. You can also send your application by email to jobs@digittude.com. In both cases we will process the information you submit (mandatory information: first name, surname, email address, application documents) during the recruitment process as set out in our data privacy statement. If you give us permission to do so, we will store your personal data for a total of 24 months and will call you as soon as job opportunities arise. At the end of that period or if you withdraw your consent, your data will be deleted or destroyed in accordance with applicable laws. When you submit your application, we will ask you if you give us permission to retain your data for the 24 months, which will allow us to consider you for other vacancies.

COOKIES

We use so-called cookies on our websites. Cookies are small text files that your browser saves on your computer. Cookies help us to make our website more efficient, secure and intuitive. Accordingly, the legal basis for the processing would be our legitimate interests (Article 6(1)(f) of the GDPR). If you do not wish to allow cookies, you can set your browser to prevent cookies from being saved on your device. The following links explain how to do this. Alternatively, you can go to the “Help” tab of your browser, where you will find more information.

SECURITY

We take appropriate technical and organisational security measures to protect the data managed on our systems from accidental or intentional manipulation, loss or access by unauthorised persons. Security measures are subject to continuous improvement as new technological developments emerge. We take appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised use, disclosure or access, in particular where the processing involves the transmission of data over a network and against all other unlawful forms of processing and misuse.

In the event that personal data is compromised due to a personal data security breach, we will send notifications as required by applicable laws.

UNDER 18

Our websites, services and products are not intended for children and we do not knowingly collect personal data from children under the age of 16. If it comes to our attention or we learn by other means that we have improperly collected data from children under the age of 16, we will take all reasonable steps to delete it.

LINKS TO OTHER WEBSITES AND THIRD PARTY PRIVACY POLICIES

We may provide links to other websites and applications (e.g. social networking websites). Please note that our browsing and interaction with any other website is subject to the terms of use and privacy policy and notices of such third party websites. This Privacy Policy applies only to the Group’s website and services as set out in this Privacy Policy, and not to other websites or applications operated by third parties that we do not control or to the privacy practices of such websites or applications for which we are not responsible. We strongly encourage you to carefully read the terms of use and privacy policy and notices of other websites before providing personal data through them. We are not responsible or liable for the privacy practices, information or content of such third party websites.

DATA SUBJECTS’ RIGHTS (ART. 13(2)(B) OF THE GDPR)

Any data subject may request information from us as to whether we are processing data relating to him or her. You also have the right to request the correction, destruction or restriction of personal data concerning you, as well as the right to object to the processing of your personal data. If the data processing is based on your consent, the data subject may withdraw this consent at any time. Furthermore, in countries of the European Economic Area (EEA), the data subject may, in certain cases, have the right to obtain the data collected during the use of online services in a structured, commonly used, machine-readable format that allows for future uses and transmissions. We reserve the right to restrict the rights of the data subject in accordance with applicable law (e.g., not to disclose integral information or to delete data).

In the event that a Group entity makes an automated decision regarding a certain individual that may have legal effect on the data subject or similarly seriously affect the data subject, the data subject has the right, in accordance with applicable law, to contact a Group controller and request a review of the decision, or to request the controller’s prior assessment. In this case, the data subject may no longer be able to use certain automated services. The data subject will be informed of this fact at a later date or separately in advance. In order to exercise your data protection rights as a data subject, or to obtain further information about our processing of your personal data, make suggestions, or submit complaints, please contact us by e-mail or postal message at the following addresses: privacidad@digittude.com.

CHANGES TO THIS PRIVACY POLICY

As we are constantly developing our websites, services and products, and employing new technologies, complying with legal requirements or responding to changing business needs, we reserve the right to modify this Data Privacy Statement at any time and without prior notice or announcement. In the event that there is an important change that we wish to highlight, we will inform you in an appropriate manner (e.g. through a pop-up notice or a change statement on our website). We therefore recommend that you carefully read this Privacy Policy from time to time. The latest version published on this website will always apply. Where the Privacy Statement is part of an agreement with our business partners, we may inform them of updates or corrections by e-mail or in any other appropriate manner, in accordance with applicable law. Corrections will be deemed accepted unless objections have been raised within 30 days of notification. In case of objection, the relevant Group entity shall be free to terminate the contract exceptionally and with immediate effect.