Privacy Policy

Privacy Policy

This Privacy Policy describes the processing of your personal data by Datoma, through the Internet portal: datoma.cloud (hereinafter, the "Site").

You must be of legal age to use the services offered through this Site. If we detect that you are under 18 years of age, we will proceed to block and/or delete personal data, if any, you have provided us. However, there may be a specific case, where personal data of minors are processed, in which case consent and authorization will be requested from parents or guardians if the child has not yet reached the age of 14 years. If you are a minor and are not sure you understand anything we explain, ask your parents or guardians for help.

Regarding the use of social networks, we recommend that parents or guardians regularly check and supervise their children's Internet activity. Please make sure that your children do not provide us any personal data without asking for your permission and consent.

In any case, the parents or guardians of the minor may contact Datoma to block and/or delete the personal data of the minor, through the means indicated in the "YOUR RIGHTS" section of this Privacy Policy.

WHAT PERSONAL DATA DO WE PROCESS?

  1. Personal information you provide to us. Generally, the personal information you provide to us (through the form on the Site or if you contact our customer service), is: institutional email. In very particular cases, and depending on the purpose and intended use of your data, we may collect data on personal, academic and professional characteristics, employment details, commercial information, social, economic and insurance circumstances, transfers of goods and services.
    In this same sense, the personal data indicated above are mandatory to meet your requests, so that the refusal to provide them will mean the impossibility of being able to meet the same and, where appropriate, to carry out the provision of the services requested.
    In the event that you provide data of third parties, you declare that you have their consent and undertake to transfer the information contained in this clause, exempting Datoma from any liability. In any case, Datoma may carry out periodic verifications to verify this fact, adopting the corresponding due diligence measures in accordance with the applicable regulations.

  2. Personal data collected by us: the Site uses cookies (and/or similar technologies) so that, depending on your cookie settings, Datoma may collect and process personal data.
    Generally, we collect and store limited personal information and anonymous aggregate statistics on all users who visit our websites, either because you actively provide us with such information or because you are simply browsing our websites. The information we collect includes the Internet protocol (IP) address of the device you are using, the browser software you are using, your operating system, the date and time of access, the Internet address of the website through which you accessed our websites and also information about how you use our websites.
    For more information on the use and setting of cookies (and/or similar technologies), please refer to our Cookie Policy.

FOR WHAT PURPOSES?

Datoma will process your personal data for the following purposes:

  1. In case you request to register as a user of our platform, to process and attend your request, as well as to provide you with the best possible service;
  2. Compliance with legal obligations, including, but not limited to, Law 10/2010 on the Prevention of Money Laundering;
  3. Depending on your cookie settings, to perform statistical analysis and profiling based on your browsing habits;

LEGITIMACY

The legal bases for the processing of your personal data for the purposes described above are as follows:

  1. In case you request information or contact our customer service: the execution of the contractual relationship with you, or the adoption of pre-contractual measures if you are not yet a customer;
  2. To comply with the different legal obligations that are applicable;
  3. Where appropriate, your consent to perform statistical analysis and profiling based on your browsing habits.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

In general, Datoma will not communicate your personal data to third parties, except in the following cases:

  1. To competent authorities and agencies, courts, tribunals or any other third parties legitimized in accordance with the applicable regulations;

However, Datoma has contracted the provision of certain services (e.g. virtual infrastructure services, cloud computing, customer relationship management, organization of games and contests, management of loyalty programs, sending emails for marketing purposes, etc.) to suppliers, which may have access to and/or process personal data in their capacity as data processors. Some of these suppliers may process and store personal information on servers located outside your country of residence, you can consult the details of these suppliers at the following link.

Therefore, depending on the user's location, transfers of data to other countries may occur. In such a case, your personal data may be transferred internationally to third parties located outside the European Economic Area ("EEA"), provided that Datoma has the authority to do so and subject to compliance with the appropriate safeguards set out in Articles 44 to 50 of the GDPR. Such third parties will only access the data to carry out their services on behalf and for the account of Datoma, under an obligation of confidentiality and always following your instructions and without at any time being able to use such data for their own purposes and/or unauthorized purposes.

In any case, appropriate safeguards include, but are not limited to:

  • Adequacy decision: a declaration by the European Commission that a non-EU state offers an adequate level of data protection equivalent to that provided by European data protection legislation, making international data transfer to a third party established in that state outside the EU possible;
  • Binding Corporate Rules: they are applicable to corporate groups or the union of companies engaged in a joint economic activity, which enables the flow of personal data on the basis of a self-regulation accepted and assumed by each of the signatory entities;
  • Standard Contractual Clauses: this is a mechanism signed between the exporter of Personal Data from any of the EEA countries and a third country. It is a contractual agreement whose model has been approved and published by the European Commission and aligned with the precepts of the GDPR.
  • Code of conduct or a certification mechanism, together with binding and enforceable commitments made by the recipient regarding the implementation of appropriate safeguards for the protection of the transferred data.
  • In the absence of the above, your personal data may exceptionally be transferred to a third country or international organization, in application of the mechanisms that may be recognized in this respect by data protection legislation.

Datoma, in order of preference, shall make international transfers under the following guarantees:

WarrantyCriteria used by Datoma
Adequacy Decision issued ECMeasure listed as preferred by Datoma. You can find the list of countries subject to an adequacy decision at: ec.europa.eu
Binding Corporate StandardsIn the absence of an Adequacy Decision, it will be the preferred security measure that Datoma will request from the importer of the personal data. You can find the list of entities that have BCR here: edpb.europa.eu
Standard Contractual ClausesAs a secondary assurance mechanism in the absence of the above, we will proceed to subscribe and/or request a copy, as appropriate, from the importer of the personal data of the signed version of the Standard Contractual Clauses aligned with the European Commission models, available here: eur-lex.europa.eu

HOW LONG DO WE KEEP YOUR DATA?

Datoma will keep your personal data to attend and/or carry out the services requested (provided that does not request their deletion or opposition through the means indicated in the section "YOUR RIGHTS") and will keep them for the periods of limitation necessary according to the legislation that, in each case, is applicable to meet future liabilities. Once the legal statute of limitations has expired, your personal data will be destroyed.

However, for each of the processing, in the information that we will provide you in the collection of your personal data, we will inform you of the period of processing of your personal data for such processing. We also inform you that we will take all reasonable steps to ensure that your data is rectified or deleted when it is inaccurate.

YOUR RIGHTS

At any time, you may exercise a number of rights with respect to the processing of your Personal Data. These rights are inherent to each Data Subject and, therefore, are unwaivable and are as follows:

  • Right of access: Right to access personal data that are processed by the Data Controller in accordance with Article 15 GDPR.
  • Right of rectification: Right to request that the Data Controller rectify certain personal data of the Data Subject in accordance with Article 16 GDPR.
  • Right to object: The right to object to those Processing operations that are based on consent or on the existence of a legitimate interest (including, but not limited to, the sending of commercial communications) in accordance with Article 21.2 GDPR. In those cases in which the Processing is based on the existence of a legitimate interest, the Data Subject shall be entitled to request the weighting report carried out by the Data Controller. In addition, in cases where the Processing is intended to send commercial information of its own or of third parties, the Data Subject may opt-out free of charge and voluntarily to an advertising opt-out mechanism (more information can be found here).
  • Right of erasure: The right to request the Data Controller to erase all or part of the Personal Data of the Data Subject in accordance with Article 17 of the GDPR. Remember that while the commercial and/or contractual relationship that we have with you remains in force, there is a series of Personal Data that is necessary for us to process in order to comply with the contract, so while it lasts we cannot delete, block or cancel them, because otherwise it would prevent us from complying with the contract.
  • Right to the limitation to the processing: Right to obtain from the Data Controller the limitation of the Processing of your Personal Data as long as some of the conditions indicated in article 18 GDPR are met.
  • Right to portability of personal data: The right to receive the data you have provided to the Data Controller in a structured, commonly used and machine-readable format and to transmit it to another Data Controller (or to have it transmitted directly to the new Data Controller, where technically feasible), in accordance with Article 20 GDPR.
  • Right to withdraw consent: given for the performance of the Processing identified in the section Processing based on the consent of the Data Subject, without such revocation having retroactive effect, in accordance with Article 7.3 GDPR.
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them. The Controller informs the Data Subject that, notwithstanding the fact that it carries out decisions that are based on automated systems, these decisions (i) either do not produce legal effects or significant effects on the Data Subject; (ii) or are not taken exclusively in an automated manner.

We will respond to your request as soon as possible and, in any case, within the established legal deadline. Also, you may withdraw your consent at any time through the email address: contact@datoma.cloud, without, in any case, the withdrawal of the same condition to ensure proper management of the business relationship.

In the event that we fail to comply with our data protection obligations, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD).

Finally, we remind you that in the event that you provide us with data relating to another natural person, you must, prior to their inclusion, inform them of the points contained in this Policy.

LINKS

This Site may include, display or refer links to other websites for your convenience and information. Such websites may operate independently of us. These linked sites may have their own privacy policies, which we strongly encourage you to read when you visit them. To the extent that any linked websites you visit are not owned or controlled by us, we are not responsible for the content of such websites, their use or their privacy practices.

UPDATE

This Policy may be updated periodically to reflect changes in our processing of personal data. We will post a prominent notice on the Site to notify you of any significant changes to our Policy and will indicate at the bottom of the Policy when it was last updated.


Datoma's Privacy Policy are current as of June 4, 2024.

© 2024 - Datoma - Reproduction in whole or in part is prohibited. All rights reserved.