1. Data Controller
|Company name||THE GREATEST FAMILY, S.L. (“Scoretize” or “us”)|
|Address||Carrer de Bolívia 340, Local 42, 08019 Barcelona|
|Telephone||+34 605 351 325|
2. Source and categories of data
2.1. We will process the data you provide to us through the “Contact us” and “Get a demo” forms, as well as through other means related to the use of the Website, or services offered therein, such as, for example, submitting a job application. This data generally includes your name, city and e-mail and, when submitting a job application, information from your curriculum vitae.
2.2.In addition to such data, we may process other personal data that you provide to us, or is generated in the course of our communications, or the contracting of our services or products.
2.3. Finally, please note that, by providing us with your data, you guarantee the truthfulness and/or accuracy of this data. Consequently, you will be liable for any false or inaccurate statements you make, as well as for any damages caused to Scoretize or third parties as a result.
3. Purpose and legitimacy of the processing
|To provide you with services
To provide you with the services you request from us and/or to respond to your requests for information.
|Art. 6.1.(b) GDPR
The need to offer and provide you with the services or information you request from us.
We will also process your data to fulfil our legal obligations (tax, accounting, money laundering, etc.), as well as to fulfil your rights.
|Art. 6.1.(c) General Data Protection Regulation (“GDPR”)
The need to fulfil our obligations and enable the exercise of your rights.
To send you electronic marketing communications and newsletters. Please note that you may object at any time by sending an e-mail to email@example.com, or by following the instructions contained in each communication.
|Art. 21 LSSICE or Art. 6.1.(a) GDPR
If you are a customer, we will rely on Art. 21 Spanish Act on Information Society Services and Electronic Commerce (“LSSICE”) to send you information electronically about our services/products and news. If you are not a customer, we will only send you this information if you give us your consent unless other legal basis may apply in B2B relationships.
|Customer satisfaction surveys
To send you customer satisfaction surveys about our products and services.
|Art. 6.1.(f) GDPR
Legitimate interest to conduct surveys on our business activity in order to improve our services.
To perform data analysis of User browsing on our Website (User identities will remain anonymous).
|Art. 6.1.(a) GDPR
|Behavioural advertising and social networks
|Art. 6.1.(a) GDPR
|Art. 6.1. (b) GDPR and Art. 6.1.(f) GDPR
The need to manage your application as part of the pre-recruitment process. If you are not subsequently recruited, we will keep your data for a reasonable period of time in case another offer arises which fits your profile, on the basis of legitimate interest.
4. Data storage
4.1. We will retain your data for the duration of our relationship. However, if we observe a prolonged period of inactivity, we will also delete your data insofar as the processing is no longer adequate, relevant and necessary for the purposes intended by the processing. This rule applies unless you request that we delete your data.
4.2.Where the processing of your data is no longer adequate, relevant and limited to what is necessary for the purposes for which it is processed, we will store your data securely and only for the purpose of complying with any legal obligations which may arise, as required by law.
4.3. Finally, we inform you that we will take all reasonable steps to ensure that your data is rectified or deleted where it is inaccurate.
5. Automated decisions
5.1 We will not make individual decisions based solely on automated processing, which have legal implications for you, or significantly affect you in a similar manner.
6.1. As a general rule, we will not disclose your data to third parties. However, in certain cases we may need to disclose your data to:
- Providers: We will provide access to your personal data to those providers who need such access to provide their services to us, such as data managers, computer specialists or cloud and hosting providers, CRM providers, partners, HR providers, telecommunication providers and legal advisors. These third parties will act as our (sub)processors and will have in place appropriate safeguards to protect your personal information including a corresponding contract for the processing of your personal information pursuant to 28 GDPR.
- Other: We will share your personal data with third parties if we are required to do so by law, by an administrative or judicial authority, or in the public interest or for public order, such as, for example, to comply with anti-money laundering and counter-terrorism regulations, tax or social security obligations.
6.2. Finally, please note that we may also share your information if we believe it is reasonably necessary to enforce the Website Policies or to protect our operations or Users. In addition, in the event of a business restructuring, merger, split, or sale, we may transfer all of your personal information to the third party arising from such a transaction.
7. International transfers
7.1. We do not carry out international transfers of data. However, as is now commonplace, many IT providers have their servers outside of the European Economic Area (EEA). Therefore, some of our current providers (such as, for example, Google, HubSpot and others that we may contract in the future) are located, or provide services from, outside the EEA. In this case, and only where strictly necessary to operate the Website and/or provide you with the services you request from us, we will make international transfers in connection with the provision of the requested services to such suppliers.
7.2. In any event, please note that we will enter into the necessary documentation with all such providers to ensure that they provide adequate safeguards equivalent to those in the EU for such international transfers.
8.1. What are my rights?
As provided for in the General Data Protection Regulation (GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, it is noted that you have the following rights:
- Access: You have the right to access your data to find out what personal data we are processing that concerns you.
- Rectification or erasure: In certain circumstances, you have the right to rectify inaccurate personal data concerning you, which is processed by us, or to ask us to erase it.
- Restriction: In certain circumstances, you have the right to ask us to restrict the processing of your data, in which case it should be noted that we will only retain it for the purpose of exercising, or defending claims.
- Portability: In certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly-used and machine-readable format and to transmit it to another data controller.
- Opt-out: In certain circumstances and on grounds pertaining to your particular situation, you have the right to object to the processing of your data, in which case we would stop processing it, other than for compelling legitimate reasons, or for the exercise or defence of possible legal claims. You may object to receiving marketing communications at any time.
8.2. How can I exercise my rights?
You may exercise your rights at any time by contacting the Controller (Scoretize) as indicated in Section 1, indicating “Privacy” in the subject line. In order to verify your identity, we may ask you to send us certain additional information or documentation, such as, for example, a copy of your ID card or a similar piece of identification.
The exercise of these rights is free of charge. However, please note that a fee may be charged when requests are unfounded, excessive or repetitive.
8.3. Do I have the right to withdraw my consent?
Yes, you may withdraw your consent to the processing of your data at any time, for one, several, or all of the above purposes, which are based on your consent to their processing. Please note that, if applicable, this may alter or even lead to the termination of the provision of services.
8.4. Do I have the right to lodge a complaint?
Yes, you may lodge a complaint with the competent supervisory authority at any time, in accordance with your place of residence. In the case of Spain, this is the Spanish Data Protection Agency (AEPD). You may enquire about the different supervisory authorities by contacting us at firstname.lastname@example.org.
In any case, before initiating any complaint, please contact us by e-mail (email@example.com) in order to try to resolve any discrepancy or dispute amicably.
8.5. How soon will you reply?
We will respond to your requests as soon as possible and, in any case, within one month. If this is not the case, we apologise and ask you to contact us again so that we can attend to you and address any possible technical errors that may have prevented us from responding to you within the deadline.