Drimnano SL.
Registration No. CIF B66792078
Legal address: C/Bolivia, 229, Barcelona, Spain,
08020
Telephone number: +34 602 282 828
Email: [email protected]
Contacts
of Data Protection Officer:
Legal address: C/Bolivia, 229, Barcelona,
Spain, 08020
Telephone number: +34 602 282 828
Email: [email protected]
Amendments to this Policy will be posted to
this URL and will be effective when posted. If we’ll make any material changes to
this Policy we will notify the data subjects by email (sent to the e-mail
address specified in the account) or by means of a notice on the website prior
to the change becoming effective. Any data subject can choose to discontinue
use of our products and services if the data subject does not accept the terms
of this Policy, or any modified version of this Policy.
We do not knowingly collect any personal
information from children under the age of 18. Our products and services are
not offered to individuals under the age of 18.
Refusal to provide
the data may result in unavailability of provision of our products and services
or poor user experience.
Each data subject has
the right to lodge a complaint to supervisory authority in case of personal
data breach, misuse or any violation of applicable law related to personal data
processing.
Contact details of
our customers for the following purposes:
- to enter a contract
with a customer;
- to perform a
contract with customers;
- to comply with
legal obligations on providing the data to government bodies;
- to provide
technical support as part our contract performance;
- to conduct
marketing communications on our offerings as our legitimate interest.
Any marketing
communication is subject to the right to objection. The rights to objection may
also apply to other kinds of processing activities.
Technical specifications
of customer’s device for the following purposes:
- to enter a contract
with a customer;
- to perform a
contract with customers;
- to comply with
legal obligations on providing the data to government bodies;
- to provide
technical support as part our contract performance;
- to conduct
marketing communications on our offerings as our legitimate interest;
- to support availability
of our products and services;
- to improve customer
experience.
Device identification
and location data for the following purposes:
- to perform a
contract with customers;
- to comply with
legal obligations on providing the data to government bodies;
- to provide
technical support as part our contract performance;
- to support
availability of our products and services.
Information on credit
cards and other payment details for the following purposes:
- to perform a
contract with customers;
- to provide
technical support and fraud detection as part of our contract performance.
Cookie data for the
following purposes:
- to conduct
marketing communications on our offerings as our legitimate interest;
- to deliver
targeting ads by our advertisers on the basis of data subject’s consent;
- to support
availability of our products and services;
- to improve customer
experience.
Data on the
customers’ communications with our products and services for the following
purposes:
- to perform a
contract with customers;
- to comply with
legal obligations on providing the data to government bodies.
Passports for the
following purposes:
- to enter a contract
with a customer;
- to comply with
legal obligations on providing the data to government bodies.
We maintain profiles
of our customers as it’s required to provide our customers with history of use
of our products and services. The profile includes current balance and billing
history. No automated decision making is conducted on the basis of profile except
for the cases when our products and services may be provided in different
manner on the basis of the customer’s balance. Insufficient balance may result
in suspension of availability of our products and services.
We
may share personal information with the following recipients:
-our employees;
-
hosting providers;
-
technical support providers;
-
partners which act as our contractors for provision of our products and
services;
-
government bodies.
We
may transfer the data outside of EU and EEA provided that the transfer is
subject to model contract clauses on international transfers of personal data.Providing information to our data processors is
subject to signing a data processing agreement that sets out the subject-matter
and duration of the processing, the nature and purpose of the processing, the
type of personal data and categories of data subjects and the obligations and
rights of the controller.
The data will be
stored during the period when our products and services are provided to the
customer and as long as we have a legal obligation to store the data in order
to supply it to government bodies.
We do not process the following information in any manner:- racial or ethnic origin, political opinions, religious or
philosophical beliefs, trade union membership, genetic data, biometric and
health data or data concerning a person’s sex life or sexual orientation.
Each data subject has the following rights
which may be exercised by contacting us. All the rights below have specific
exceptions in certain cases. The requests will be processed within 30 days.
Right to access allows any data subject to
request the following information from us:
- if its data is processed;
- which data is processed;
- which are the recipients or categories of
recipients of personal data;
- data storage period;
- existence and nature of the rights to
rectification/erasure/restriction/objection,
- existence of the right to lodge a complaint
to supervisory authorities;
- sources of data;
- existence of profiling and automated decision
making including their logic and consequences;
- existence of safeguards of international data
transfers.
Right to rectification is the right to correct
incorrect data and the right to complete the incomplete data.
Right to erasure (“to be forgotten”) means that
the data subject may request erasure of his or her data in the following cases:
- the data is no longer needed for the purposes
of processing;
- consent for processing is withdrawn and no
other grounds of processing apply where such processing is based on consent;
- data subject objects to processing;
- processing is unlawful;- the data is related to a child and was processed
in the context of offering a service directly to a child.
Right to restriction means that processing
shall be restricted if:
- the data subject claims that the data is
inaccurate and controller needs to verify if it’s really inaccurate;
- processing is unlawful but the data subject
wants processing to be restricted rather than the data to be erased;
- processing is no longer required for its
purposes but the data subject requires it for specific purposes;
- processing is under objection but the
controller needs to verify if objection is not overridden by legitimate
interest of the controller.
Right to notification means that the data controller
shall communicate the request of the data subject in exercise of his or her
rights to each recipient unless it proves that it will take disproportionate
effort.
Right to data portability means that data
subject may request the data controller to provide collected data in structured
and readable form.
Right to object means that the data subject based
on its personal circumstances may override legitimate interests of the
controller which constitute the basis for processing.
The data subject has the right not to be
subject to profiling which significantly affects his or her interests.
We take the following measures on protection of
personal data to prevent the data breaches, misuse and the violation of rights
of data subjects:
- Providing this Policy for review to any
person or entity which is about to process the personal data.
- Keeping our officers and contractors
responsible for proper data processing conducted by such officers and
contractors.
- Providing advice to any officer, data subject
or partner on the subject of compliance with this Policy.
- Making sure no access to personal data is
provided to unauthorized parties.
- Using only reliable and tested software for
processing or personal data.
- Assuming technical and organizational risks
of data processing before such processing takes place.
- Ensuring that all actions in respect of the
data are exercised by protected accounts to access the data and all data
storages are available only to a limited number or persons on a password basis.
- Ensuring that we are able to suspend data
processing or withdraw any piece of data from processing if we believe that
such processing may violate applicable law.
- In case of change in any business process we
will determine whether such change is data-related and check if such change
falls in line with this Policy.
- Providing that
each location and device where personal data may be stored is a safe
environment.
-Utilizing firewall to minimize the risk of unauthorized access to the hosting
infrastructure.
- Where necessary using third-party
vendors to perform security assessments to identify issues with its data
security that could result in security vulnerabilities.
- Providing encryption of most sensitive personal data.
- Ensuring ongoing confidentiality, integrity, availability
and resilience of processing systems and services.
- Providing the ability to restore the availability and
access to personal data in a timely manner in the event of a physical or
technical incident.
- Processing regular testing, assessing and evaluating the
effectiveness of technical and organizational measures for ensuring the
security of the data processing.
