Protecting personal data
Who we are
The address of our website is: https://xdataser.com.
Xdataser.com complies with Spanish regulations on the protection of personal data, and guarantees full compliance with the obligations laid down in Organic Law 15/1999, of December 13, Protection of Personal Data (LOPD), Royal Decree 1720/2007, of December 21, which approves the Regulations for the development of the LOPD and other regulations in force at all times, and ensures the correct use and processing of the user’s personal data. In addition, it has been updated to the new General Data Protection Regulation (EU GDPR 2016/679) which entered into force on 24 May 2016, which is mandatory to comply as of 25 May 2018, taking all necessary measures to do so. From now on in this document we will name the General Data Protection Regulation as GDPR.
The amount and type of information we collect depends on the nature of your interaction with us, but none of that information collected is considered sensitive, as you’ll see below. For example, we ask visitors who want to leave a comment, to provide a username and email address. Visitors may always refuse to provide personally identifiable information, but may not be able to leave a comment or ask for a purchase invoice, for example. This whole introduction is explained in detail and clearly in the following paragraphs.
What obligations we have to store your data
We comply with the principles required of us from the GDPR:
- Lawfulness, loyalty and transparency in all our actions. We will never give in, sell or do business with your personal information.
- Personal data is only used for the specific, legitimate and explicit purpose for which it has been collected, as stated on this page.
- The personal data collected are adequate, relevant and limited to what is necessary.
- The personal data we hold, at all times, is accurate and up-to-date.
- Personal data is only kept for the right and necessary time for the purpose they have been collected, as explained on this page.
- Personal data is processed ensuring your security, for this we have this service signed and subcontracted with the external company 1&1 IONOS SE, specialized in this purpose, which acts as a delegate for the processing of the database. To view the data of this company you only have to follow the link. It is a leading Spanish company in the hosting service, whose servers are safe against brute force attacks, have all accounts protected against malware and offer us our website with the Hyper-Text Transfer Security Protocol (HTTPS). Therefore, we have no qualms about showing our contract with this company to anyone who asks us, if you provide us with evidence that your data is not safe with us. This company is the sole recipient of the personal data we collect together with our advisor/financial manager in the event of making an invoice. If the latter’s data is needed, just ask us by sending us an email to firstname.lastname@example.org
- The controller of the data we hold is the owner indicated at the end of this page, which will respond and demonstrate when required by the competent authority, the measures taken and that are being carried out for compliance with the GDPR.
- In case of data security breach, we will notify the relevant supervisory authorities without undue delay and with a maximum period of 72 hours, in addition to producing a full report, complying with all the conditions required of us from the GDPR.
- We are required to transfer personal data in exceptional cases as a request by law, and we will do so. Also, and only if you give us permission to do so, we may transfer your personal data to interested third parties, but in this case as it is not a legal requirement, we will always ask for your consent.
Responsibility for proactivity
This principle requires us to analyze what data we process, for what purpose we do so and what type of processing operations we carry out. All of this is fully stated in this document.
We are therefore clear that the measures we have implemented are those provided for by the GDPR in this case and we are sure that they are appropriate to comply with it. In addition, at all times, we can demonstrate this at the request of any interested party and to the supervisory authorities.
What personal data we collect and why we collect it
Whenever we need any data from you we will ask you for the express consent, checking a box indicated for this purpose, so that you allow us to keep them. On our WEBSITE we do not need to obtain your data from a source other than you directly, as we do not ask anyone for data except you as a data subject. The sources from which we obtain the personal data we hold in our database are:
1. Guest reviews
When you as visitors leave comments on the web, we collect the data displayed in the feedback form, as well as the visitor’s IP address and browser’s chain of user agents to help detect spam. This data collected has the sole purpose of identifying the user for security, both yours and ours. They will not be given any other use of the indicated one and we will keep them as long as you do not withdraw the consent you have given us when entering them. This data is stored in the Hosting contracted with 1&1 IONOS SE.
If you upload images to the web you should avoid uploading images with included location data (GPS EXIF). Visitors to the website can download and extract any location data from the images on the web. But on our WEBSITE, as a rule, no images are uploaded because we will not ask you.
If you leave a comment on our site you can choose to save your name, email address and website in cookies. This is for your convenience, so you don’t have to refill your details when you leave another comment. These cookies will last for one year.
If you have an account and connect to this site, we will install a temporary cookie to determine if your browser accepts cookies. This cookie does not contain personal data and is deleted when you close your browser.
When you log in, we will also install several cookies to save your login information and screen display options. Login cookies last two days, and screen option cookies last one year. If you select “Remember Me”, your login will last for two weeks. If you leave your account, login cookies will be deleted.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data and simply indicates the ID of the item you just edited. Expires after 1 day.
You can also manage which cookies you want us to use when you interact on our WEBSITE in this tab
4. Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). The embedded content of other websites behaves in exactly the same way as if the visitor had visited the other website.
What rights you have over your data
All registered users, who have made comments or have simply browsed this website, have the following rights over their data (which they can exercise at any time), which are explained below each of them, so that they understand each other, in a simple and transparent way:
- Right to be informed. – As a user you have the right to be informed in a concise, transparent and timely manner, as I am doing now. Any request for information by you will be met with diligence and transparency without any opposition.
- Right of Access.– As a user you must know and obtain when you require and for free, all information about your personal data that will be processed by our WEBSITE.
- Right of Opposition.– As a user you have the right to object to our WEBSITE processing your data for a service other than the one we ask for your consent or which we have contracted. For example, we won’t use invoice data to send you advertising. If applicable, first of all, you would be informed and it would only be done in the event of giving your written consent.
- Right to Rectification.– It consists of your right as a user to correct or modify your personal information data that is incorrect, inaccurate or incomplete.
- Right to Deletion (“Right to Be forgotten”)– This is the right you have as a user to remove, from our database, all information you have provided to us or data that you understand to be inappropriate or excessive (this does not include any data that we are required to keep for administrative, legal or security purposes, or what is the same our duty of blocking collected in the LOPD and GDPR).
- Right of Portability.– As a user you have the right to ask us, free of charge, all your data in our possession, which we will deliver to you in a standard and easily readable format, if you ask us, to export or send this file to another company.
- Right to Limit the Processing of your data.– As a user you have the right to limit the processing of your data, by our WEBSITE, in a precautionary way, for example, if you are not sure of the data you gave us and want to verify them. So, in the period of time you require us, we will keep all your information in our database, but we will not make any use of it. Once you have done the relevant checks you can either keep your data in our database, modify them if you ask us, or request the total deletion of them, if that is what you prefer.
- Right not to be the subject of individualized or automated decisions.– As a user you have the right not to use the information we hold about your data to make a decision, which may affect you directly, based solely on them, or if you want for profiling.
You can exercise your rights at the time you decide by simply sending us an email to email@example.com with whatever you want us to do; we will respond to your initial registration email so you can correctly identify yourself with your national ID or passport. Once this step is done we will do what you tell us about your personal data immediately.
If it’s not clear to you what all your rights are or you just want to expand the information, you just need to consult the legal document
Citizen’s Guide From the Spanish Data Protection Agency
If you have exercised any of these rights and we have not answered you within the maximum legal period allowed by the GDPR that is 1 month, or the response you receive has been unsatisfactory, you can file a complaint with the Spanish Data Protection Agency, following the link. In addition, in the hypothetical case, to receive a request for complex rights or when we have at the same time many requests, we are entitled to a 3-month extension to answer you, but in less than 1 month we will inform you that we need more time to respond, that is for sure. You can also send us directly to our email firstname.lastname@example.org
Where we send your data
Your visitor feedback may be reviewed by an automatic spam detection service.
In compliance with the provisions of Organic Law 15/1999, December 13, Protection of Personal Data (‘LOPD’), and the new General Data Protection Regulation (EU GDPR 2016/679) of 24 May 2016, we inform you that your personal data and information that you provide us when completing this electronic form, will be incorporated into a personal data file owned by the owner indicated below.
In this sense, we inform you that the collection and processing of your data is intended to resolve the queries raised about the content of this website. The fields marked with an asterisk are mandatory, being impossible to carry out the purpose expressed if you do not provide that data.
In order to use the consultation form, it is essential to check the box of acceptance of the use of your data, this implies that you express your consent so that the data provided are incorporated into an automated file owned by the owner indicated below.
Also, please do not incorporate, in any case, data relating to your health, racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union affiliation, sex life, sexual orientation, genetic data, biometric data or data relating to the commission of criminal or administrative offences. If you do so in error, please contact us immediately to remove them from our database.
In any case, you can exercise the rights of Access, Opposition, Rectification, Suppression, Portability, Limitation and not be subject to individualized decisions, provided for by the Law, by sending an email to the person responsible for the file to the email@example.com address, indicating your name and surname, and including as a subject of the mail “GDPR Rights”.
How long we keep your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so that we can recognize and approve successive comments automatically instead of keeping them in a moderation queue.
If as a user you register on our website (if applicable), we also store the personal information you provide in your user profile. As a user, you can view, edit, or delete your personal information at any time (except that you can’t change your username). Web administrators can also view and edit that information.
The data collected to complete an invoice will be kept for 6 years after the close of the annual audit, by legal instructions of our financial advisors. If it is requested to be deleted, we will anonymously delete your data and/or delete your information from publicly accessible sites.