ORIGEN SOFTWARE SL (hereinafter referred to as 'we' or 'the Company') is the owner of the domain www.makekites.io (the 'Site'). The Company is a Spanish limited liability company with a registered office at Calle Doctor Esquerdo 130, 4th floor, door 41, 28007 Madrid (Spain), provided with Tax Identification Number (CIF) B05296314 and registered in the Commercial Registry of Madrid, page M-739142, folio 183, volume 41726. You can contact us via email at firstname.lastname@example.org.
3.1 Who processes your data? (Data Controller)
We are the data controllers responsible for processing personal data. We are a company established in accordance with Spanish law, and our contact details are as follows:
ORIGEN SOFTWARE SLCalle Doctor Esquerdo 130, 4th floor, door 41, 28007 - Madrid (Spain)ORIGEN SOFTWARE SLEmail: email@example.com
3.2 For what purposes and why do we process your personal data? (‘Processing purposes’, ‘legal bases for processing’, and ‘retention periods’)
We will process your data when we need to fulfill a contract, and we will carry out such processing for the duration of the contractual relationship with you and for five years following its termination. This means that we need to process your data to provide you with the Services and to comply with our obligations under the Terms and Conditions of Service.Whenever we have your consent and until you revoke it, we may process your data for the following purposes:
A. Sending you electronic commercial communications (if you subscribe to a newsletter) or responding to inquiries you make when you contact us.
C. If you choose to sign up through a third-party social network, we may obtain confirmation of your identity and other information as we may specify.
D. Creating profiles based on your behavior and how you use the Site and navigate through it, which pages you have visited, and to create audiences. Please note that we may carry out these profiling activities through cookies. In such cases, accepting the use and installation of cookies involves data processing for this purpose, as described herein.
E. We may enrich your data, obtaining information from third parties as far as you have authorized us. Data enrichment allows us to analyze a deeper set of data, based on which we can provide much more personalized content.
When we have to comply with a legal obligation, such as those arising from tax regulations and anti-money laundering (e.g., Law 58/2003, of December 17, General Tax Law; Law 27/2014, of November 27, Corporate Income Tax Law; Law 10/2010, of April 28, on the prevention of money laundering and the financing of terrorism; or Organic Law 10/1995, of November 23, Penal Code). In such cases, your data will be processed for the periods established in that legislation and will be destroyed once those periods have elapsed.
Finally, we may process your data to protect our legitimate interests, provided that such information is strictly necessary to achieve the following purposes:
a) To review, monitor, investigate, and analyze how to improve our Services and/or the Site, as well as to keep our Services and the Site safe and operational and prevent any abusive activity (e.g., fraud, spam, phishing, etc.). This may involve sending forms to evaluate any issues with the service or learn how to improve the user experience. The interests involved are to ensure a safe and suitable environment, both for other users and for you, and these interests take precedence over your legitimate interests (we must create and maintain such an environment, which must comply with the law, the legitimate interests of third parties, the expectations other users have of us, and protect the safety of other users when using the Services).
b) Without prejudice to electronic and non-electronic commercial communications sent with your consent as mentioned above, we may also send you communications when you are our customer. In this case, we will only send you information related to us and related to products and/or services of ours that are identical or similar to those you have contracted. In these cases, we have a legitimate interest in processing your contact information and keeping you informed about any of our products and services, with this interest taking precedence over your rights due to the non-sensitive nature of the data in question and the fact that the contractual relationship created with our customers leads to the reasonable expectation of receiving this type of communication.
c) After dissociating your personal data so that we cannot link it to you or refer it to any third party, in order to conduct statistical analysis and other types of analysis on the data we obtain (both technical and metadata) and measure trends and user behavior, or understand how our services are used in order to improve and optimize performance.
3.3 To what extent do we need to have access to your personal data?
We must process your personal data to fulfill the legal and contractual obligations mentioned in section 3.2 above. Otherwise, we cannot provide you with the Services and/or guarantee your access to the Site. In the case of data processing that depends on your consent or our legitimate interest, such processing is not legally mandatory.
3.4 Who will have access to your personal information?
3.5 In which territories can we process your information?
3.6 Your rights
You have the right to withdraw your consent at any time. You also have the right to request access to your personal data and to request the rectification or erasure of your data, or to restrict processing or object to processing, as well as to request data portability. Please note that if you request the erasure of your data, your account will be deleted, and all existing data in it will be permanently deleted from our systems. You can file a complaint at any time with the Spanish Data Protection Agency.You can exercise any of the aforementioned rights by opening a support ticket through our Support Service (makekites.io.), or by sending a letter to Calle Doctor Esquerdo 130, 4 41, 28007 - Madrid (Spain).
3.7 Updating your information. Emails and commercial communications
You can update the information we have about you through the settings provided for this purpose in your account, or by sending us a written communication, as described in section 3.6 above. Remember that in order to provide the Services properly, you must keep your information up to date, and you commit to verify the information you provide to us periodically to ensure its accuracy.As indicated in section 3.6 above, you can request at any time that we do not send you emails or commercial communications. To do so, you can change your communication preferences in the settings section of your account, or contact us (see section 3.6 above). However, this will not prevent us from sending you emails or other communications related to the Services, as these are necessary to fulfill the contractual relationship we have with you.
4.1 To provide the Services, we may need to process personal data of third parties on your behalf.
This happens, for example, when a person navigates through a kites, in which case the data is collected, hosted, and processed on your behalf. For clarification, the purpose of the processing is to provide the Services, and the type of data and category of data subjects depends on the information provided as part of the Service.
4.2 Any personal data we may have access to in providing the Services will be processed exclusively in accordance with the instructions set out in the Terms and Conditions of Service, and any other instructions you may provide in writing.
In the event that we have reasonable grounds to believe that any of your documented instructions violate European data protection regulations, we will promptly inform you so that you can confirm such instructions in writing. Please note that if you confirm, you will be responsible for any consequences arising from the instruction that is contrary to the law, and you will defend, indemnify, and hold us harmless from all costs (including legal fees), fines or penalties, or other damages resulting from the implementation of the disputed instruction.
4.3 We will ensure that all employees authorized to process your personal data have assumed confidentiality obligations or are subject to statutory confidentiality obligations.
4.4 We may need to rely on other service providers to provide the Services, both those with whom we currently work and those we may engage in the future.
These companies will only process data to the extent necessary to provide the Services, and we will enter into written agreements with them to ensure that they comply with the obligations specified in this section 4 and implement all necessary security measures to provide adequate data protection. If we want to replace any provider, or if we have to engage other companies, you have the right to object for reasonable grounds and within a maximum period of 15 calendar days to such substitutions or new hires. 'Reasonable grounds' means any justified rejection of a provider based on the provider's inability to comply with the legal requirements of European data protection regulations. In any case, we reserve the right to terminate our contractual relationship early if we cannot hire a provider that is essential or necessary to provide the Services. The Company will enter into written agreements with the providers involved in the provision of the Services, which will include the safeguards and guarantees required by the General Data Protection Regulation (EU Regulation no. 679/2016, the 'GDPR') and, in particular, in relation to the implementation of the security measures required by the GDPR. For those providers located in a territory considered by European authorities to be 'non-equivalent' in terms of data protection to the European Union, you agree to comply with the requirements set out in section 4.10 below.
4.5 If you so request and at your expense, we will assist you through appropriate technical and organizational measures, wherever possible and considering the nature of the processing, to enable you to comply with your obligation to respond to requests for the exercise of the rights of the data subjects as set out in Chapter III of the GDPR, if applicable.
For clarification purposes, we will forward any requests from data subjects to you along with all relevant information for this purpose, so that you can contact and respond to data subjects. In no case will we be responsible for responding to such data subjects.
4.6 We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
If you request this and at your expense, we will reasonably assist you in complying with the security obligations set out in Article 32 of the GDPR, taking into account the nature of the processing and the information available to us.
4.7 If you request this and at your expense, we will assist you in meeting the obligations set out in Articles 33 to 36 of the GDPR, where applicable and subject to the nature of the processing and the information available to us.
With respect to security breaches, we will notify you without undue delay as soon as we confirm that a breach affecting personal data has occurred. We will provide you with sufficient information to enable you to comply with your obligations to notify or inform the competent authorities or data subjects. We will cooperate reasonably with you and take reasonable commercial measures that you have requested to investigate, mitigate, and remedy a security breach. For clarification purposes, you will be responsible for submitting any required reports under applicable law as well as for notifying data subjects, and you will defend, indemnify, and hold us harmless from all costs (including legal fees), fines or penalties, or other damages resulting from your inaction.
4.8 Upon termination of the contract, we will destroy all personal information, unless otherwise required by law.
4.9 We will provide you with all the information necessary to demonstrate compliance with the obligations set out in this section 4, and we will allow and contribute to audits, including inspections that you or any auditor you have designated, who is not our competitor, may carry out.
You may only conduct a maximum of one (1) audit per year, unless there are reasonable grounds to believe that we are in material breach of this section 4. Audits may only be carried out during working hours, and you shall bear all costs, unless we have materially breached this section 4.
4.10 Personal data may be transferred outside the European Economic Area, either for the provision of the Services themselves, because you want to process the data from a particular location, or because you need to provide them to another company.
In these cases, and to the extent that the entity does not belong to a country for which European authorities have declared its level of data protection equivalent to that of the European Union, you undertake to ensure that such data transfer is feasible in accordance with European data protection regulations, without having to sign the Standard Contractual Clauses for this purpose. If this is not possible, and only in this respect, and with respect to the data subprocessors we have engaged, you (as data exporter) and we (as data importer) undertake to enter into the Standard Contractual Clauses for such transfers. By this document, you express your full agreement with the Standard Contractual Clauses and, given that the contractual relationship established in the Terms and Conditions of Service cannot exist without the international transfer of personal data, you state and guarantee that you will not question the signing of the Standard Contractual Clauses in the future, and that signing them is a mere formal act that demonstrates your acceptance of them under this section.
You can send us a request via email at firstname.lastname@example.org.