Personal Data Protection Policy

Last update: June 11, 2018

In compliance with General Data Protection Regulation (EU) 2016/679) of the European Parliament and of the Council of the 27th of April 2016 (hereinafter GDPR), Inte, implantación de nuevas técnicas empresariales S.L. (hereinafter Inte or Wetopi) hereby presents this Policy regarding the processing and protection of personal data.

Details of the data controller:

Inte, implantación de nuevas técnicas empresariales S.L.

Tax ID: B-61386777

Registered Office: C/Granollers 51 – 08173 de Sant Cugat del Valles , Barcelona

E-mail: info@wetopi.com

Contact details of the Data Protection Officer: dpo@wetopi.com

Scope of application

This Policy shall be applicable to:

  • Those persons who visit the Wetopi website – wetopi.com
  • Those who voluntarily communicate with Wetopi via email or chat and those who fill in any forms for the gathering of data, as published on the Wetopi website.
  • Those who request information about the products and services of Wetopi and those who participate in any of the company’s commercial actions.
  • Those who form a contractual relationship with Wetopi via the contracting of its products and services.
  • Those who use any of the other services on said website which involve sending data to Wetopi or Wetopi’s accessing of data for the provision of its services.
  • Any other parties who, directly or indirectly, may have given their express consent for their data to be processed by Wetopi for any of the purposes featured in this Policy.

The use of Wetopi products and services requires the express acceptance of this policy.

Wetopi hereby states that, excepting the existence of a legally constituted representation, no users and/or clients can use the identity of another person or send said person’s personal data. Therefore the data they provide to Wetopi must be the personal details corresponding to their own identity, as well as appropriate, pertinent, current, exact and truthful. In that regard, the user and/or client shall be the sole responsible party in the event that any direct or indirect damages are caused to third parties or to Wetopi due to the use of the data of another person or of their own data when it is false, erroneous, not current, inappropriate or not pertinent. Likewise, any user and/or client who sends the personal data of a third party shall be responsible for obtaining the corresponding authorisation from the party involved and for the consequences if they do not.

Similarly, the user and/or client who sends personal data to Wetopi thereby declares that they are of legal age according to that established in Spanish legislation and that they shall abstain from sending data to Wetopi if they are not. Any data provided about a minor shall require the prior consent and authorisation from their parents, tutors or legal guardians, who shall be considered responsible for the data provided by the minors in their charge.

This Policy shall be subsidiarily applicable as regards the other personal data protection conditions that may be established especially and communicated, among other ways, via registration forms, contracts and/or the terms of particular services. This Policy is therefore complementary to those mentioned in matters not expressly provided for therein.

Purposes of the gathering and processing of personal data

In its capacity as data controller, Wetopi hereby informs users of the existence of various processes and files which gather and store the personal data provided to the company.

The purposes of said personal data gathering and processing are as follows:

  • The “cookies” which Wetopi uses for the browsing of its websites (wetopi.com and
    app.wetopi.com) are stored on the user’s terminal (computer or mobile device) and they gather information when said websites are visited. The purpose of this is to improve the websites’ usability, to learn about users’ browsing habits or needs so as to be able adapt to them, and to obtain information for statistical purposes. In the case of existing Wetopi clients, the information gathered with the cookies will also be used for identification purposes when accessing the different tools that Wetopi makes available to them for the management of services.In any case, users can configure their browser in such a way that some or all cookies are disabled or blocked. Not accepting these cookies does not imply a hindrance in the ability to access information on Wetopi websites, although the use of some services may be limited. If you wish to retract consent once cookies have already been accepted, those that are stored on the user’s machine must be deleted via the different browser options.

All the information about the cookies used by Wetopi has been published in its Cookies Policy, which is available for consultation at
https://wetopi.com/cookies-policy/.

  • In the event that an email is sent to Wetopi or if personal data is sent via any other means, such as a contact form, the purpose of the gathering and processing of said data by Wetopi is to address queries and information requests made regarding the Wetopi’s products and services.
  • If an email is sent to Wetopi regarding its job offers, said data shall be processed so that the user can participate in the staff selection procedures.
  • In the case of the forms that interested parties fill in order to participate in any of Wetopi’s commercial actions, the purpose will be to enable said participation, as well as the sending of commercial and publicity messages about the company’s services. This is unless the interested party manifests their opposition to this at the time when their data is gathered. Notwithstanding the foregoing, the interested party can modify their decision at any time, as many times as they wish, via the means provided for said purpose by Wetopi.
  • In the contracting of the services offered by Wetopi, Wetopi will only gather the personal data that is necessary to establish the contractual relationship and to enable the provision of the services and the remuneration thereof by the client. In this case, the data will be gathered and processed for the following purposes:
    • The main purpose will consist of the maintenance of the contractual relationship that is established with the client, in accordance with the nature and characteristics of the contracted services. Wetopi will contact the client via the email address, telephone number or any other means indicated by said party.
    • For the sending of documentation and information related to the contracted services, as well as for the sending of commercial and publicity messages about said services and similar products from Wetopi. This shall be done via post, email, telephone, SMS or any other means indicated by the client, unless the latter expressly manifests their opposition to this at the time of the contracting. Independently of whether the client has chosen to receive or not receive commercial information from Wetopi, said client can modify their decision at any time, as many times as they want, through the specific section available for this purpose in their Client Area.
    • For the maintenance of historic registers of the commercial relationships for the legally established times.
    • In cases in which Wetopi must access and/or process the personal data for which the client may have the status of data controller or data processor, Wetopi will process said data in its capacity as the data controller for processing in accordance with Article 28 of the GDPR and in accordance with that indicated in the section titled “Wetopi as data processor”included in this Policy.
    • In accordance with that established in Law 25/2007 of the 18th of October on the conservation of data relating to electronic communications and public communications networks, the user is hereby notified that Wetopi shall proceed to retain and conserve certain traffic data generated during the course of communications, and when appropriate, communicate it to the legitimate authorities, provided that the legal circumstances set forth in the above Law apply.
    • For all other purposes that are expressly established in the Specific Conditions that are applicable to the corresponding product or service contracted by the client, when the latter expressly accepts said purposes.

Storage period of the personal data

Wetopi shall store the personal data for the period of time that is strictly necessary for compliance with the previously detailed purposes. Wetopi may keep the above data duly blocked during the period in which any responsibilities may be derived from the company’s relationship to the Client.

In the case of data that is kept due to Law 25/2007 of the 18th of October on the conservation of data related to electronic communications and public communications networks, the data storage period shall be that detailed in said law.

Recipients of personal data

The recipients of the personal data collected by Wetopi will be the following:

  • Wetopi’s own employees in compliance with their duties.
  • The suppliers of Wetopi who are involved in the provision of services, in the event that this is necessary for said provision.
  • Legal or administrative bodies, as well as State Security Forces and Bodies, in the event that Wetopi is required by current legislation to provide said parties with information related to its clients and services.
  • Any other parties who, due to the nature of the service, must access the data provided for said service, as detailed in the Specific Conditions that apply to the corresponding product or service contracted by the client, when this is expressly accepted by the latter.

Users’ rights and the exercise thereof

Users can, at any time, exercise the following rights recognised under the GDPR:

  • The right of access.
    Users have the right to obtain, from Wetopi, information about whether the company is processing personal data which concerns them, to access said data and to obtain information about the type of processing that is occurring.
  • The right to obtain a copy of their personal data.
  • The right to rectification.
    Users have the right to require Wetopi to rectify their personal data in the event that it is inexact or incomplete.
  • The right to erasure.
    Users have the right to have their data deleted when it is no longer necessary for the purpose for which it was provided or when the other legally established circumstances occur.
  • The right to restrinction of processing.
    Users have the right to request a limitation on the processing of their personal data, in such a way that it is not subject to the same processing operations that would correspond in each case, under the suppositions established in Art. 18 of the GDPR.
  • The right to data portability.
    Users have the right to receive the personal data that concerns them in a structured format, as long as said data concerns that user exclusively and was provided by the same user.

Users can exercise the aforementioned rights in the following ways:

  • If they are Wetopi clients, users can check and modify their personal data at any time via the “My data” section in the “Control Panel” tool, which is accessed by signing in on the
    Wetopi.es website.They can also send a message via the “Help” section of said tool, indicating the right they wish to exercise.
  • Whether or not they are Wetopi clients, users can exercise their rights by sending a message via email to info@wetopi.com

In cases of manifestly unfounded or excessively repetitive requests, Wetopi reserves the right to charge a fee for the subsequent administrative costs or the right to refuse to act in response to said requests, in accordance with that established in Art. 12.5 of the GDPR.

Supervisor authority

Users and/or clients can contact the corresponding local supervisor authority if they believe that the processing of their personal data was not carried out in accordance with current legislation.

The data protection supervisor authority in Spain is the Spanish Data Protection Agency, whose contact details are available on their website: https://www.aepd.es/agencia/contacto.html.

International data transfers

In terms of those Wetopi products and services which require the realisation of international transfers to enable the provision thereof, said circumstance shall be featured in the Specific Conditions which apply to the corresponding product or service contracted by the client and it shall be expressly accepted by the latter prior to the realisation of the international transfer.

Wetopi as data processor

In accordance with Article 28 of the GDPR and its amendments, Wetopi shall process the personal data for which the client is the data controller or data processor, when this is necessary for the proper provision of the contracted services. In this case, Wetopi shall act as data processor, in accordance with the terms indicated below:

  • Wetopi shall only process the data in accordance with the instructions of the clientdata controller or data processor, not using it for any other purpose than that stated in this Data Protection Policy and/or in the contractual conditions that may be applicable.
  • After having completed the provision of the services which lead to the processing of the personal data, said personal data shall be destroyed, in addition to any other supports or documents which contain any personal data or any other type of information generated for and/or in the provision of the services featured in the corresponding Conditions. Notwithstanding the foregoing, Wetopi may keep the above data duly blocked during the period in which any responsibilities regarding its relationship to the Client may be derived.
  • In the event that Wetopi uses the data for another purpose or communicates or uses it in breach of this Data Protection Policy and/or of the corresponding Service Conditions, it shall also be considered as data controller.
  • Wetopi shall be responsible, under article 28 of the GDPR, for maintaining due professional secrecy regarding the personal data it needs to access and/or process for the purpose of complying with the applicable Terms of Service in each case, both during and after their termination. It also agrees to use this information solely for the purpose specified in each case, and to demand the same level of commitment from any person within their organisation who participates in any phase of the processing of the personal data which is the responsibility of the client.
  • In accordance with the provisions of GDPR, the following rules will apply regarding the form and modes of access to data for the provision of services:
    • In the event that Wetopi must access the data processing resources located in the premises of the client, the latter shall be responsible for establishing and implementing the security policy and measures and for communicating them to Wetopi, who agrees to respect them and demand they are complied with by persons in its organisation participating in the provision of the services.
    • When Wetopi remotely accesses the data processing resources which are the responsibility of the client, the latter shall be responsible for establishing and implementing the security policies and measures in their remote processing systems, and Wetopi shall be responsible for establishing and implementing the security policy and measures in its own local systems.
    • When the service is provided by Wetopi on its own premises, the company shall record the circumstances relating to the data processing in its Record of Processing Activities under the terms required by the GDPR, including the security measures corresponding to said processing.
  •  Wetopi’s access and/or processing of data, notwithstanding the legal provisions or specific current regulations which may be applicable to each case or those which Wetopi adopts under its own initiative, shall be subject to the required security measures needed to:
    • Guarantee the permanent confidentiality, integrity, availability and endurance of the processing systems and services.
    • Quickly restore availability and access to the personal data in the event of a physical or technical incident.
    • Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures that are implemented to guarantee the security of the processing.
    • Pseudonymise and encrypt the personal data, as applicable.
  • The client authorises Wetopi, in its capacity as data processor, to outsource (on behalf of the client) the services for the storage and custody of data backup copies and security copies to third parties in the cases deemed necessary to enable the provision of the contracted services, in any event respecting the obligations imposed under the GDPR and its implementation regulations. The client can, at any time, contact Wetopi to find out the identity of the entities outsourced for the provision of the indicated services and said entities shall act in accordance with the terms established in this document and after Wetopi has formalised a data processing contract in accordance with Art. 28.4 of the GDPR.
  • The client authorises Wetopi to carry out the actions indicated below, as long as they are necessary for the execution of the service provision. Said authorisation is limited to the action(s) that each provision of services requires and shall have a maximum duration that is linked to the validity of the applicable contractual Terms:
    • The processing of personal data on mobile devices shall only be carried out by users or profiles of users assigned for the provision of services.
    • The processing of personal data on premises other than those of the client or Wetopi shall only be carried out by users or profiles of users assigned for the provision of services.
    • The receiving and sending of supports and documents containing personal data, including that included in and/or attached to emails, outside the premises under the control of the client responsible for the processing.
    • The execution of the data recovery procedures that Wetopi may be obliged to carry out.
  • Wetopi shall not be held responsible for any breaches of obligations derived from the GDPR or the corresponding regulations in matters of data protection when this is done by the user and/or client responsible for the processing in the part corresponding to their activities and related to the execution of the contract or commercial relations with Wetopi. Each party shall face the responsibility derived from their own breach of contractual obligations and the regulation itself.
Personal Data Protection Policy