This Policy may be supplemented by any specific provisions that may be established to regulate the processing of specific personal data.
Adaffy’s processing of Personal Data
In compliance with EU Regulation 2016/679 on Data Protection (“GDPR”), ADAFFY will process Personal Data that is collected through contact forms, contracting of services or any other means related to the Website. As such, ADAFFY will be referred to as the Data Controller. User’s personal data that is collected will be treated with absolute confidentiality and in compliance with the duty of secrecy.
Likewise, ADAFFY informs its Users that the collected personal data will be stored in a Record of Processing Activities that is solely owned by ADAFFY. ADAFFY has implemented appropriate technical and organizational measures to ensure the security of your personal data and to prevent said data from its destruction, loss, unlawful access or unlawful alteration. In determining these measures, ADAFFY has taken into account the scope, context, and purpose of the treatment; the current state of the art and the risks involved to develop said measures.
Purposes for which ADAFFY processes Personal Data
In compliance with the principles of privacy by design, privacy by default and data minimization, ADAFFY will only collect the personal data that is necessary for achieving the below indicated purposes. As a matter of fact, the personal data that is collected through the Website is relevant, adequate and not excessive in accordance with said purposes. ADAFFY does not use illegal, unfair or fraudulent procedures to obtain personal data.
The main purpose for which ADAFFY collects personal data is to provide information about services or registration of Users who access ADAFFY’s Website to either consult: (i) additional generic information related to ADAFFY or; (ii) specific information related to the User’s own activity. Likewise, if the User expressly consent, ADAFFY may process his or her data to send informative communications that are related to ADAFFY’s activity, offers, events, and future services. These communications may be send by email.
ADAFFY will request the User’s prior consent every time his or her data is used for a different purpose than that for which it was provided or requested.
Rights that Users may exercise before ADAFFY or the relevant Supervisory Authority
Any User who wishes to exercise his or her rights of access, rectification, erasure, restriction of the processing, to data portability or of objection must notify ADAFFY upon written request send to the email address: hello@Adaffy.com or to ADAFFY’s headquarters, located at Magalar Building. Juan Esplandiú 15 Street. 28007 Madrid (Spain). In accordance with GDPR provisions, the contents of the rights that Users are entitled to are the following:
- Right of access: The user can request ADAFFY to disclose which data relating to him or she is subject to processing by ADAFFY as well as the source from which the data was collected and the purpose for which the data is being processed.
- Right to rectification: The User can request ADAFFY to modify any personal data that is not updated.
- Right to erasure: The User can request ADAFFY to delete his or her personal data unless there are justified and valid reasons that allow ADAFFY to maintain the data. The Right of Erasure implies a period whereby the personal data will remain blocked in order to comply with any legal obligations that may arise before its definitive deletion.
- Right of objection: The User can object before ADAFFY its use of personal data for certain purposes.
- Right to restrict the processing: The User can request ADAFFY to highlight its personal data as being restricted to the specific purposes that the User accepted.
- Right to data portability: The User can request ADAFFY to provide him or her with the information that ADAFFY holds in an interoperable computer-friendly format.
- Right to file a complaint before the relevant Supervisory Authority: In the event of disagreement with the way ADAFFY collects and processes personal data or have addressed requests for the exercise of User rights, the Users may file a complaint before the Supervisory Authority (Agencia Española de Protección de Datos).
ADAFFY shall comply with any User right requests within a maximum period of 30 days since the rights were exercised. ADAFFY informs that this period could be extended to maximum 90 days upon valid justification.
Third party recipients that may have access to User personal data
ADAFFY undertakes not to transfer or communicate User personal data to any third party unless prior and explicit authorization by the User.
Nevertheless, it is possible that ADAFFY allows access to User personal data to third parties that provide a relevant service to the User. These third parties will acquire the status of Data Processors. As such, they may only process User personal data in accordance with ADAFFY’s instructions. Under no circumstances will Data Processors use User personal data for other purpose than those that are detailed in Section 2 of this Policy.