Protecting personal data

Who we are

The address of our website is: https://xdataser.com.

Xdataser.com complies with Spanish regulations on the protection of personal data, and guarantees full compliance with the obligations laid down in Organic Law 15/1999, of December 13, Protection of Personal Data (LOPD), Royal Decree 1720/2007, of December 21, which approves the Regulations for the development of the LOPD and other regulations in force at all times, and ensures the correct use and processing of the user’s personal data. In addition, it has been updated to the new General Data Protection Regulation (EU GDPR 2016/679) which entered into force on 24 May 2016, which is mandatory to comply as of 25 May 2018, taking all necessary measures to do so. From now on in this document we will name the General Data Protection Regulation as GDPR.

In our privacy policy you will understand how we use any personal data or information you provide to us and what steps we have taken to protect them. That’s why we are 100% committed to ensuring the protection of your privacy. If you fill out any of our forms, to interact with our WEBSITE, and thereby provide us with personal information, you can be assured that we will only use it for the relevant purposes, which are contained in this privacy statement.

The amount and type of information we collect depends on the nature of your interaction with us, but none of that information collected is considered sensitive, as you’ll see below. For example, we ask visitors who want to leave a comment, to provide a username and email address. Visitors may always refuse to provide personally identifiable information, but may not be able to leave a comment or ask for a purchase invoice, for example. This whole introduction is explained in detail and clearly in the following paragraphs.

What obligations we have to store your data

We comply with the principles required of us from the GDPR:

1. Lawfulness, loyalty and transparency in all our actions. We will never give in, sell or do business with your personal information.
2. Personal data is only used for the specific, legitimate and explicit purpose for which it has been collected, as stated on this page.
3. The personal data collected are adequate, relevant and limited to what is necessary.
4. The personal data we hold, at all times, is accurate and up-to-date.
5. Personal data is only kept for the right and necessary time for the purpose they have been collected, as explained on this page.
6. Personal data is processed ensuring your security, for this we have this service signed and subcontracted with the external company 1&1 IONOS SE, specialized in this purpose, which acts as a delegate for the processing of the database. To view the data of this company you only have to follow the link. It is a leading Spanish company in the hosting service, whose servers are safe against brute force attacks, have all accounts protected against malware and offer us our website with the Hyper-Text Transfer Security Protocol (HTTPS). Therefore, we have no qualms about showing our contract with this company to anyone who asks us, if you provide us with evidence that your data is not safe with us. This company is the sole recipient of the personal data we collect together with our advisor/financial manager in the event of making an invoice. If the latter’s data is needed, just ask us by sending us an email to info@xdataser.com
7. The controller of the data we hold is the owner indicated at the end of this page, which will respond and demonstrate when required by the competent authority, the measures taken and that are being carried out for compliance with the GDPR.
8. In case of data security breach, we will notify the relevant supervisory authorities without undue delay and with a maximum period of 72 hours, in addition to producing a full report, complying with all the conditions required of us from the GDPR.
9. We are required to transfer personal data in exceptional cases as a request by law, and we will do so. Also, and only if you give us permission to do so, we may transfer your personal data to interested third parties, but in this case as it is not a legal requirement, we will always ask for your consent.

Responsibility for proactivity

This principle requires us to analyze what data we process, for what purpose we do so and what type of processing operations we carry out. All of this is fully stated in this document.

We are therefore clear that the measures we have implemented are those provided for by the GDPR in this case and we are sure that they are appropriate to comply with it. In addition, at all times, we can demonstrate this at the request of any interested party and to the supervisory authorities.

What personal data we collect and why we collect it

First indicate that the data we hold is not considered, according to the GDPR (in Article 9) or in the LOPD, as data of special categories or as sensitive, since in any of our forms we ask for any data related to your health, racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union affiliation, sex life, sexual orientation, genetic data , biometric data or data relating to the commission of criminal or administrative offences. In addition, in our privacy policy we explicitly warn that no such information is included when filling out any of our forms.

Whenever we need any data from you we will ask you for the express consent, checking a box indicated for this purpose, so that you allow us to keep them. On our WEBSITE we do not need to obtain your data from a source other than you directly, as we do not ask anyone for data except you as a data subject. The sources from which we obtain the personal data we hold in our database are:

1. Guest reviews

When you as visitors leave comments on the web, we collect the data displayed in the feedback form, as well as the visitor’s IP address and browser’s chain of user agents to help detect spam. This data collected has the sole purpose of identifying the user for security, both yours and ours. They will not be given any other use of the indicated one and we will keep them as long as you do not withdraw the consent you have given us when entering them. This data is stored in the Hosting contracted with 1&1 IONOS SE.

An anonymous string created from your email address (also called a hash) can be provided to the Gravatar service to see if you’re using it. The privacy policy of the Gravatar service is available here: https://automattic.com/privacy/. After your comment is approved, your profile picture is visible to the audience in the context of your comment.

2. Media

If you upload images to the web you should avoid uploading images with included location data (GPS EXIF). Visitors to the website can download and extract any location data from the images on the web. But on our WEBSITE, as a rule, no images are uploaded because we will not ask you.

3. Cookies

If you leave a comment on our site you can choose to save your name, email address and website in cookies. This is for your convenience, so you don’t have to refill your details when you leave another comment. These cookies will last for one year.

If you have an account and connect to this site, we will install a temporary cookie to determine if your browser accepts cookies. This cookie does not contain personal data and is deleted when you close your browser.

When you log in, we will also install several cookies to save your login information and screen display options. Login cookies last two days, and screen option cookies last one year. If you select “Remember Me”, your login will last for two weeks. If you leave your account, login cookies will be deleted.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data and simply indicates the ID of the item you just edited. Expires after 1 day.

You can refuse to accept cookies by activating the settings in your browser that allow you to refuse cookies. However, if you select this setting, you may not be able to access certain parts of the Website or you may not be able to take advantage of any of our services. Unless you have adjusted your browser settings to reject cookies, our system will produce cookies when you connect to our site.

If you read our Cookie Policy you will understand in detail how and where they are stored and for that time.

You can also manage which cookies you want us to use when you interact on our WEBSITE in this tab

 Privacy preferences

4. Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). The embedded content of other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, track you additionally from third parties, and monitor your interaction and tracking by clicking on that embedded content, if you have an account and are connected to that website as well.

Third-party links

On our website there may be links to other websites managed by third parties, which are obviously not under our control. If you follow a link and/or provide your personal data or any information to the website of a third party, please note that on our WEBSITE we are not responsible for the data you have provided to that third party. Our privacy policy only applies to xdataser.com, so if you visit a website by clicking on any link we have posted, you must read and understand its own Privacy Policies.

What rights you have over your data

All registered users, who have made comments or have simply browsed this website, have the following rights over their data (which they can exercise at any time), which are explained below each of them, so that they understand each other, in a simple and transparent way:

• Right to be informed. – As a user you have the right to be informed in a concise, transparent and timely manner, as I am doing now. Any request for information by you will be met with diligence and transparency without any opposition.
• Right of Access.– As a user you must know and obtain when you require and for free, all information about your personal data that will be processed by our WEBSITE.
• Right of Opposition.– As a user you have the right to object to our WEBSITE processing your data for a service other than the one we ask for your consent or which we have contracted. For example, we won’t use invoice data to send you advertising. If applicable, first of all, you would be informed and it would only be done in the event of giving your written consent.
• Right to Rectification.– It consists of your right as a user to correct or modify your personal information data that is incorrect, inaccurate or incomplete.
• Right to Deletion (“Right to Be forgotten”)– This is the right you have as a user to remove, from our database, all information you have provided to us or data that you understand to be inappropriate or excessive (this does not include any data that we are required to keep for administrative, legal or security purposes, or what is the same our duty of blocking collected in the LOPD and GDPR).
• Right of Portability.– As a user you have the right to ask us, free of charge, all your data in our possession, which we will deliver to you in a standard and easily readable format, if you ask us, to export or send this file to another company.
• Right to Limit the Processing of your data.– As a user you have the right to limit the processing of your data, by our WEBSITE, in a precautionary way, for example, if you are not sure of the data you gave us and want to verify them. So, in the period of time you require us, we will keep all your information in our database, but we will not make any use of it. Once you have done the relevant checks you can either keep your data in our database, modify them if you ask us, or request the total deletion of them, if that is what you prefer.
• Right not to be the subject of individualized or automated decisions.– As a user you have the right not to use the information we hold about your data to make a decision, which may affect you directly, based solely on them, or if you want for profiling.

You can exercise your rights at the time you decide by simply sending us an email to info@zawik.com with whatever you want us to do; we will respond to your initial registration email so you can correctly identify yourself with your national ID or passport. Once this step is done we will do what you tell us about your personal data immediately.

If it’s not clear to you what all your rights are or you just want to expand the information, you just need to consult the legal document

Citizen’s Guide From the Spanish Data Protection Agency

If you have exercised any of these rights and we have not answered you within the maximum legal period allowed by the GDPR that is 1 month, or the response you receive has been unsatisfactory, you can file a complaint with the Spanish Data Protection Agency, following the link. In addition, in the hypothetical case, to receive a request for complex rights or when we have at the same time many requests, we are entitled to a 3-month extension to answer you, but in less than 1 month we will inform you that we need more time to respond, that is for sure. You can also send us directly to our email info@zawik.com

Where we send your data

Your visitor feedback may be reviewed by an automatic spam detection service.

In compliance with the provisions of Organic Law 15/1999, December 13, Protection of Personal Data (‘LOPD’), and the new General Data Protection Regulation (EU GDPR 2016/679) of 24 May 2016, we inform you that your personal data and information that you provide us when completing this electronic form, will be incorporated into a personal data file owned by the owner indicated below.

In this sense, we inform you that the collection and processing of your data is intended to resolve the queries raised about the content of this website. The fields marked with an asterisk are mandatory, being impossible to carry out the purpose expressed if you do not provide that data.

In order to use the consultation form, it is essential to check the box of acceptance of the use of your data, this implies that you express your consent so that the data provided are incorporated into an automated file owned by the owner indicated below.

Also, please do not incorporate, in any case, data relating to your health, racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union affiliation, sex life, sexual orientation, genetic data, biometric data or data relating to the commission of criminal or administrative offences. If you do so in error, please contact us immediately to remove them from our database.

In any case, you can exercise the rights of Access, Opposition, Rectification, Suppression, Portability, Limitation and not be subject to individualized decisions, provided for by the Law, by sending an email to the person responsible for the file to the info@xdataser.com address, indicating your name and surname, and including as a subject of the mail “GDPR Rights”.

How long we keep your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so that we can recognize and approve successive comments automatically instead of keeping them in a moderation queue.

If as a user you register on our website (if applicable), we also store the personal information you provide in your user profile. As a user, you can view, edit, or delete your personal information at any time (except that you can’t change your username). Web administrators can also view and edit that information.

The data collected to complete an invoice will be kept for 6 years after the close of the annual audit, by legal instructions of our financial advisors. If it is requested to be deleted, we will anonymously delete your data and/or delete your information from publicly accessible sites.