1. What are personal data?
2. Who is the controller?
3. Purpose of the processing
4. Lawfulness of processing
5. Recipients
6. Rights
7. Data Categories
8. Provenance

We want you to be aware, by means of this notice,  of the criteria we follow for using the data that either you have provided us or we have collected via third parties.

Our data protection policy is built and notified as provided for in applicable law, and very specifically according to EU Regulation 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data and the free movement of this data repealing Directive 95/46/EC (hereinafter referred to as the GPDR)

This policy may vary over time due to potential changes in the legislation.  In the event of any changes, we will keep you informed on this website. DataCentric has taken the technical and organizational measures needed to safeguard the confidentiality and security of personal data and to prevent their alteration, loss, unauthorized processing or access as stipulated in applicable legislation and, in any event, in compliance with the appropriate level of security of the data processed.

DataCentric manages the data of natural persons as regards their professional functions or positions, and of individuals in the personal or household activity. Allowances have been made for both these categories when establishing this privacy policy.

What are personal data?

Personal data is any information or data that can identify a person directly (for instance a persons first or last names) or indirectly (for instance, a national identification number) without disproportional effort. Personal data may be considered information about a natural person, such as email addresses / personal postal addresses / mobile telephone numbers, user names and so forth.

Who is the CONTROLLER?

Identity: DATACENTRIC, P.D.M., S.A. (hereinafter referred to as DataCentric).
Postal Address: Calle Nuria 57. 2 planta, 28034 Madrid.
Phone: 913822002
E-mail: privacidad@datacentric.es
Data protection officer: Contact the DPO via e-mail: dpd@datacentric.es. You can also contact the officer using the information provided above.

Purpose of the processing

For what purposes do you process my personal data?

At DataCentric we process the information provided to us by data subjects for the following purposes:

1. PURPOSES OF A CONTRACTUAL NATURE: To facilitate the management of agreed services, to keep the business relationship and any other type of subsequently contracted service.
2. PURPOSES BASED ON DATACENTRIC’S LEGITIMATE INTERESTS: For marketing purposes, to offer products and services of our own or of third party companies related to the to the technology, telecommunications, financial, insurance, leisure, general consumption, automobile, education, energy, or water industries or NGOs to offer products or services complying with processing sectors codes of conduct.
3. To be used anonymously without any characteristic that could lead to identification in order to do our own statistic analysis and studies or for third parties.

How long will you keep my data?

The personal data provided will be kept

1. for as long as the mercantile relationship so requires,
2. for the time set forth in the contract,
3. as long as the party interested does not request they be eliminated.

The data shall be blocked as soon as the first of the three events takes place. As of that time, it shall be made available exclusively to Judges and Courts, the Public Prosecution and the competent Public Administration, particularly the data protection authorities, in order to attend to potential data processing liabilities until liability for data protection expires. Once this period of time has elapsed, the data shall be eliminated.

Is profiling done?

Profiles may be built based on the data provided or received from third parties. gathered In no event shall any automated decisions be taken based on that profile.

Lawfulness of processing

When is data processing lawful?

The legal basis for processing data lies in:

1. Your contractual relationship with us and the execution of the contract you have with us.
2. When express consent is provided, the legal basis is that express consent.
3. According to the concept of legitimate interest set forth in whereas clause 47, and article 6.1.f) of the GPDR, once the rights and freedoms of the data subject and the company have carefully assessed on the following:
   1. DataCentric’s business is marketing.
   2. DataCentric’s business involves nothing other than, by means of data processing, improve access to safe data and promote reliability of data used for marketing.
   3. The interests and/or fundamental rights and freedoms of the data subject are the general interests requiring data protection. Furthermore, no data on children or special categories of data are included.
   4. The risks that are posed to the interests and/or fundamental rights and freedoms of data subjects by the data processing is minor or non-existent due to the technical and organizational measures implemented by the Company.
   5. The obligation of Datacentric’s clients using Datacentric’s data to incorporate this information in advertising communications they send to their users.
   6. This information is published on the company’s website, and
   7. An adequate, simple management process has been created to informs, process and tramit data subjects exercise of rights under the GPDR.

Recipients

Who are the recipients of my data?

The data shall be disclosed to DataCentric’s clients in the aforementioned industries in order for them to send information on their products and services, and to data processors. Regarding any transfer of personal data outside EEA countries, the Company shall implement the appropriate specific measures to safeguard adequate protection of your personal data.

Rights

What are my rights?

1. Any individual is entitled to obtain information regarding whether or not DataCentric is processing his personal data.
2. Data subjects are entitled to access their personal data as well as request rectification of inaccurate data or, when applicable, request their erasure when, among other grounds, the data are not longer necessary for the purpose they were gathered.
3. Under certain circumstances set forth in article 18 of the GDPR, data subjects may request the restriction of their data processing. In this case, Datacentric shall only keep the data for the purpose of filing or defending itself from claims.
4. Those interested may object the processing of their data for marketing purposes, including the building of profiles. DataCentric shall cease to process data, with the exception of compelling legitimate grounds reasons or to exercise or defend itself from any claims that may arise.
5. By virtue of the right to data portability, data subjects are entitled to obtain personal data they are concerned with in a commonly used format that can be mechanically read and conveyed to another controller.

How can I exercise my rights?

1. By writing to DataCentric, PDM, S.A. at calle Nuria 57, 2ª planta, 28034 Madrid.
2. By sending an e-mail addressed to the management at privacidad@datacentric.es.
3. By sending an e-mail addressed to the Data Protection Officer at dpd@datacentric.es

What channels are there to file complaints? Should you understand that DataCentric has not properly resolved your request, you may request supervision of the Spanish Data Protection Agency (Agencia Española de Protección de Datos) whose information may be consulted at www.aepd.es

Data Categories

What categories of data do you process?

1. Identification data.
2. Data on your professional function or business.
3. Economic and/or financial information.

Special categories of data shall not be processed (articles 9 and 10 of the GDPR). Personal data are treated confidentially in accordance with the privacy and security policies established by the Compay. The personal data received or collected is that necessary to fulfill the previously indicated purposes.

Sources

How did you obtain my data?

The personal data we process comes from

1. The information you provide us when you sign a contact with DataCentric or establish any type of relationship with us directly or indirectly.
2. Sources of Open Data or publically accessible data. Sources that shall be considered open or publically accessible data are, for example, official gazettes or diaries, bulletin boards with official notices and notifications implemented or used by the public administration and that are publically accessible, physical or digital editions published by periodical media or published by journalism companies, including exclusively electronic media, that are updated daily or on an ad-hoc basis, both physical and digital editions of guides for subscribers to electronic communication services published in accordance with the specific applicable legislation, physical or electronic publications, including all types of websites or results from internet search engines with regard to physical persons whose data were included by these persons themselves, either at their own request or with their consent, in order to publicize their business or professional services, publically accessed public registries created or managed by the public administration or public civil servants, and specifically documents obtained from these registries based on the principle of public access, electoral census data from Chambers of Commerce or professionals belonging to professional associations where membership is required in order to practice the profession in question, public information from the General Directorate of Cadastre (Dirección General del Catastro), and, in general data obtained from public bodies and official sources through procedures involving the reuse of information from the local, regional or national public sector.