Protection data

Privacy Policy

Questions and answers - Privacy policy Kedeo's impressive applications

Disclaimer: in case of discrepancy or discrepancy between the documentation of the applicable application, the questions and answers below and the Global Data Privacy Policy, the provisions of the latter shall prevail. If you need a Data Processing Agreement (DPA), send your request to barberafer@gmail.com.

How do we access your data?

We access the data you provide, which are strictly necessary for the application to work properly. We carefully evaluate and define the purposes of any personal data processing before launching a project. We will ensure that the personal data we collect is relevant, adequate and not excessive in relation to the purpose of processing and its final use (for example, your email). This means that only the information necessary and relevant to the purpose sought can be collected and processed.

How do we use your data?

We will only use personal data based on a legal basis: If necessary to make a contract with the subject of the data (for example, only your email to retrieve your news); or If necessary to comply with a legal obligation (for example, when we need to fulfill our obligations as an employer); or When we have a legitimate business need or a legitimate business reason to use Personal Data as part of our business activities (for example, when processing to get to know our customers better and send them promotional offers); or Where we have obtained the informed consent of the subject of the data when specifically required by law or applicable policy. This may be especially the case where none of the other legal grounds described above is applicable and to the extent permitted by applicable law.

How do we store your data?

Our application stores your data on our mysql server, and login or images, into Google Firebase. We only store the data that is absolutely necessary for our application to work in its entirety. Removing some of this data will interrupt the functionality of our application. But nevertheless, If you do not want us to store your data, you can send us your request to barberafer@gmail.com and we will permanently delete it from our database.

How do we share your data?

We will never transfer, sell, make copies or share any of your data stored by the application to third party services or companies, unless it is strictly necessary to allow the application to work properly. Consequently, personal data will be disclosed to third parties in a strictly limited "need to know" when there is a clear justification for the transfer of personal data, either because the subject of the data has accepted the transfer or because the disclosure is required to make a contract to which the subject of the data is a party, or for a legitimate purpose that does not infringe fundamental rights of the subject of the data, including the right to privacy (for example, sharing in the context of a merger and acquisition operation).

Global data privacy policy

This Global Data Privacy Policy ("Global Privacy Policy" or this "Policy") represents the minimum standards that in Kedeo, have been established with respect to the privacy of the data, to ensure that we collect, use, retain and disclose Personal Data in a fair, transparent and safe manner. path. This Policy is aligned with (and in some cases exceeds) the main requirements of the applicable laws and regulations. It is also aligned with other specific Kedeo policies related to the collection and use of Personal Data information implemented by each Kedeo entity to cover the specific purposes of processing Personal Data necessary for daily activity (for example, cookies policy, specific local policies, such as employee privacy policies, customer-specific information notices, etc.). This Policy recognizes that certain affiliates of Kedeo are located in countries with different legal and cultural approaches to privacy and data protection. Therefore, this Global Privacy Policy may be supplemented by other policies and procedures in certain geographic regions, as appropriate to comply with applicable laws and comply with cultural norms. In the event of a conflict between this Global Privacy Policy and the applicable local privacy policies and / or applicable local laws as applicable, or the inapplicability of the provisions of this Global Privacy Policy, the applicable local policy and local laws must prevail In section 2 of this Global Privacy Policy some useful definitions are provided to facilitate your inquiry.

Reach

The Policy covers all Personal Data ("Personal Data") in any form, including, among others, electronic data, discs and paper documents and all types of processing, whether manual or automatic, which is in the possession of Kedeo or under control of Kedeo, in all geographical areas where it operates. This will include information about Kedeo members, partners, employees, contractors, consultants, customers, consumers, suppliers, business contacts and third parties. This Policy also applies to Third Parties that provide services for or on behalf of Kedeo and that are expected to adopt standards of conduct consistent with the principles set forth in this Global Privacy Policy.

Definitions

Kedeo will mean the relevant Kedeo entity that processes the Personal Data and the various affiliates of Kedeo that are part of Kedeo. Third refers to a third party or commercial partner that receives from Kedeo or that has access to Personal Data or is entrusted with other data in the name of Kedeo, for example, suppliers, contractors, subcontractors and other service providers. Data subject refers to an identified or identifiable natural person whose Personal Data is being processed by Kedeo. Informed consent will mean any specific and informed indication that has been given freely about the subject's agreement of the data for the processing of their personal data, when necessary. Personal data means any information that identifies a natural person, directly or indirectly, in particular, by reference to an identification number or one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. The data is considered personal data when it allows anyone to link such data to a natural person, even if the person or entity that owns that information can not make that link. Confidential data (or special category of data) will include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union affiliation, and the processing of genetic data, biometric data in order to uniquely identify a natural person, data relating to health or data relating to the sexual life or sexual orientation of a natural person. Personal data related to criminal convictions and crimes are a subset of personal data that, due to their nature, have been classified by law or by an applicable policy that deserves additional protection of privacy and security. Process / Processing shall mean any operation or set of operations carried out with Personal Data, either by automated means, including, among others, collection, registration, organization, storage, access, adaptation, alteration, recovery, consultation, use. , disclosure, dissemination, making available, alignment, combination, blocking, deletion, deletion or destruction ("Process" will be interpreted accordingly).

How do we guarantee the legality, impartiality and transparency of your personal data?

Personal data are processed on the basis of legal grounds with the informed knowledge of the subjects of the data. We will only use personal data based on a legal basis: If necessary to enter into a contract with the subject of the data (for example, our employees, contractors, customers, suppliers); or If necessary to comply with a legal obligation (for example, when we need to fulfill our obligations as an employer); or When we have a legitimate business need or a legitimate business reason to use Personal Data as part of our business activities (for example, when processing to get to know our customers better and send them promotional offers); or Where we have obtained the informed consent of the subject of the data when specifically required by law or applicable policy. This may be especially the case where none of the other legal grounds described above is applicable and to the extent permitted by applicable law. We consider it important to assess privacy risks before collecting, using, retaining or disclosing personal data, as in a new system or as part of a new project. Kedeo will only process personal data in the manner described in its privacy notices or specific privacy policies and in accordance with any informed consent that we may have obtained from the subject of the data. Kedeo will not carry out activities of profiling based on automated decision making, unless it is legally based on a requirement of the applicable law or on the execution of a contract or the consent of the subject of the data and provided that implement adequate guarantees to protect the rights of the subjects of the data. We use cookie technologies on our websites to allow us to evaluate and improve the functionality of our websites. We may also use cookies for advertising or analytical purposes, subject to your consent and depending on your choice using our cookie configuration tool. When legally required, we will ensure that Data Recipients receive relevant information about the processing of their Personal Data, unless it is impossible to provide such information or if disproportionate efforts are required to provide such information. This information will include, in particular, the purposes of the processing of Personal Data, the types of Personal Data collected (if the Personal Data was not obtained directly from the interested party), the categories of recipients, the list of rights that may be exercised by the Data Subjects, the consequences not respond or provide personal data, the conditions of the transfer of personal data outside the European Economic Area ("EEA"), if applicable, and the mechanism used to protect personal data in the event of a transfer, etc. This requirement can be fulfilled by issuing a privacy notice to the owners of the data at the point where the personal data is originally collected from them. The privacy notices will be written in a language that provides the subjects of the data with a clear understanding of how their personal data will be used.

How do we process Personal Data for a specific and legitimate purpose and verify that Personal Data is minimized and accurate?

Personal Data will only be collected and processed for specific, explicit and legitimate purposes (which can be multiple), complying with the principle of minimization of personal data and ensuring the accuracy of the processed personal data. Personal data will not be processed in any way that is incompatible with those purposes. We carefully evaluate and define the purposes of any personal data processing before launching a project (for example, human resource data management, hiring data management, accounting and finance management, allocation of IT tools and any other digital solution or collaboration platform, IT). support management, health and safety management, information security management, customer relationship management, offers, sales and marketing management, supply management, internal and external communication and event management, compliance with anti-laundering obligations of money and bribery or any other legal requirement, data analysis operations, implementation of compliance processes). We will ensure that the personal data we collect is relevant, adequate and not excessive in relation to the purpose of the processing and its eventual use (for example, information, marketing, promotions). This means that only the information necessary and relevant to the purpose sought can be collected and processed. When collecting confidential data or personal data related to convictions and criminal offenses, proportionality is essential. We do not collect confidential data or personal data related to convictions and criminal offenses, unless required by applicable law or when permitted by applicable law with the express prior consent of the interested party. All reasonable steps will be taken to ensure that Personal Data is maintained in an appropriate and up-to-date manner in each step of the Processing of Personal Data (ie, collection, transfer, storage and retrieval). We encourage the subjects of the data to help us keep your personal data updated by exercising your rights, in particular access and rectification.

What security and confidentiality measures are implemented?

Given that employees, contractors, customers, suppliers, consumers and business partners trust Kedeo when they provide us with their Personal Data, Kedeo guarantees the security and confidentiality of the Personal Data they process. We protect the personal data collected, used, retained and disclosed to support our commercial activities by monitoring usage, technical and organizational policies, standards and processes. The industry's technical and organizational standard measures are implemented to prevent accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access, or any other form of illegal or unauthorized processing. When the processing is carried out on behalf of Kedeo, it will select service providers that offer sufficient guarantees to implement the appropriate technical and organizational measures in such a way that the process complies with the requirements of the applicable data protection laws and guarantees the protection of the rights of the subject of the data. Kedeo strives to take reasonable measures based on design privacy and privacy by default, as appropriate, to implement the necessary security measures when processing personal data. Therefore, Kedeo will implement technical and organizational measures, in the early stages of the design of the processing operations, in a way that protects the principles of privacy and data protection from the beginning ('Privacy by design'). By default, Kedeo must ensure that Personal Data is processed with privacy protection (for example, only the necessary data must be processed, the short storage period, limited accessibility) so that, by default, Personal Data will not be processed. are accessible to an indefinite number of people ('Privacy by default'). When the processing of personal data is likely to generate a high risk for the rights and freedoms of the subjects of the data, we will conduct an impact assessment on privacy or an "impact evaluation of personal data" before its implementation. No gap is too small for the action. We will examine all claims related to any breach of this Global Privacy Policy or applicable, potential or actual data protection laws, that we are informed or know of and take all reasonable measures to limit their impact. More information about IT security measures is described in Kedeo Information Security Policy.

How long do we keep your personal information?

Any person or entity that handles Personal Data for Webalacarta will keep it only for as long as necessary for the purpose for which it was collected and processed (and other compatible purposes) that may include: To fulfill or support the commercial activity of Webalacarta; or To comply with a legal or regulatory requirement and comply with the applicable requirements of the limitation statute; To defend against legal or contractual actions (in which case, the Personal Data may be withheld until the end of the corresponding limitation statute or in accordance with any applicable litigation retention policy). Personal data is stored and destroyed in a manner consistent with applicable law and in accordance with the Webalacarta Data Retention Policy.

What are your rights as a data subject?

We are receptive to inquiries or requests made by the Data Subjects in relation to your Personal Data and, when required by law, we provide the Data Subjects the ability to access, correct, restrict and delete your Personal Data as established by the applicable law. We also allow you to oppose the processing of your personal data and exercise your right to portability. Right of access: we will provide access to all Personal Data related to a Data Subject as required by law, for the purposes of the Process, the categories of Personal Data processed, the categories of recipients, the data retention period, the rights to rectify, eliminate or restrict the Personal Data accessed in your case, etc. Right to portability: We can also provide a copy of any personal information we have in our records in a compatible and structured format to allow the exercise of the right to portability of the data to the extent that is relevant according to applicable law. Right of rectification: Data Subjects may request that we correct, amend, delete, any Personal Information that is incomplete, outdated or inaccurate. Right of elimination: interested parties may request the deletion of their personal data (i) if such personal data are no longer necessary for the processing of the data, (ii) the subject of the data has withdrawn his consent in the processing based exclusively in such consent, (iii) the data subject opposed the processing, (iv) the processing of personal data is illegal, (v) the personal data must be deleted to comply with a legal obligation applicable to Kedeo. Kedeo will take reasonable measures to inform the other entities about Kedeo of said deletion. Right of restriction: the data subjects may request the restriction of their personal data (i) in case the accuracy of the personal data is questioned to allow Kedeo to verify said accuracy, (ii) if the subject of the data wishes to restrict personal data instead of after deleting it despite the fact that the processing is illegal, (iii) if the subject of the data wishes Kedeo group to keep the personal data because it needs them for their defense in the context of the legal claims (iv) if the data The subject has opposed the processing, but Kedeo carries out the verification to verify if it has legitimate grounds for such processing, which may invalidate the rights of the subject of the data. Right to withdraw your consent: when the processing of personal data is based on the consent of the subject of the data, the subject of the data may withdraw such consent at any time, without affecting the legality of the processing based on the consent before its withdrawal . Right to object: The subject of the data may also indicate his objection to the processing of his personal data at any time: when it is used for marketing or profile purposes to send targeted advertising, or to object to the exchange of your personal data with third parties or within the Kedeo group, or when the processing is based on the legitimate interest of Kedeo, unless Kedeo demonstrates convincing legitimate reasons for the processing that invalidates the interests, rights and liberties of the subject of the data or for the establishment, exercise or defense of legal claims. Digital legacy The subjects of the data have the right to define directives (general or specific) about the use of their personal data after their death. To exercise these rights, use the contact information provided below in Section 10 of this Global Privacy Policy. Data Subject also has the right to file a complaint with the competent personal data supervisory authority.

When and how do we disclose your personal information to third parties?

Personal data is only disclosed outside of Kedeo when there is a general legal justification to do so. The disclosure is made in a strictly limited "need to know" when there is a clear justification for the transfer of personal data, either because the subject of the data has given consent to the transfer or because the disclosure is required to make a contract in which the Subject of the data is part. , or with a legitimate purpose that does not infringe the fundamental rights of the subject of the data, including the right to privacy (for example, sharing in the context of a merger and acquisition operation). In each case, the Subject of the data will be aware that the disclosure is likely to take place. Recipients will also be asked for guarantees that they will only use the Personal Data for legitimate / authorized purposes and will keep them safe. If a particular disclosure is required to comply with a legal obligation (for example, with a government agency or police force / security service) or in connection with a legal proceeding, personal data may generally be provided provided the disclosure is limited to which it is legally required and, if permitted by law, the Subject of the Data has been informed of the situation (ie, the Subject of the Data was informed of the possibility of such event in an Informed Consent or is notified at the time of the disclosure request).

How are international transfers of EU personal data protected?

Personal data from Kedeo entities operating within the EU will not be transferred outside the EEA to a third country that does not guarantee an adequate level of protection unless adequate safeguards are implemented in accordance with applicable laws. The international transfer of personal data is a very sensitive issue and is taken seriously before transferring any personal information from your country of origin from the EEA to another country outside the EEA, whether that transfer is made for technical purposes (eg , storage, hosting, technical support, maintenance) or the main purposes (for example, the centralization of the management of the customer database). We never make international transfers of Personal Data from an EEA country to another country outside the EEA without ensuring that the appropriate transfer mechanisms exist as required by applicable data protection laws, to ensure adequate protection of the data when transfer (for example, adaptation decision, certification of the privacy shield if the transfer is made to the USA, signature of the model clauses of the EU Commission, as applicable).

How do we handle complaints?

Kedeo is committed to solving the legitimate privacy problems of its staff, customers and other contacts. If a staff member believes that they have done something that violates this Global Privacy Policy, they should contact the Kedeo Privacy Contact at the following address: barberafer@gmail.com and report the matter. The subjects are informed of the data that they can complain about privacy issues by writing an email to the Kedeo privacy contact at the aforementioned address and that they can file a complaint with a supervisory authority. In particular, this will be explicitly specified in the privacy notices communicated and / or accessible to the Data Subjects. If a Data Subject covered by this Global Privacy Policy files a complaint about the processing of your personal data or that of another person, and the complaint is not satisfactorily resolved, Kedeo will cooperate with the appropriate Data Protection Supervisory Authorities and comply with the advice of said authorities to resolve any pending complaint. In the event that Kedeo Privacy Contact or the Data Protection Supervisory Authorities determine that Kedeo or one or more of its personnel does not comply with this Global Privacy Policy or the data protection laws, previous recommendation of the authorities or Kedeo Privacy Contact, Kedeo will take appropriate steps to address any adverse effects and to promote future compliance.

Update of this Global Privacy Policy

As our business and regulatory environment change regularly, this Global Privacy Policy may also change. Therefore, we invite you to consult it regularly.