Data controller

Purpose of data processing

Legitimacy of processing

Assignment or transfer

Users’ rights

Security measures

Responsibilities of the data processor

DATA CONTROLLER

RIAM Intelearning Lab SL, with tax ID code B26332791, registered address in Logroño, Spain at Calle Piqueras nº 31, 4º (La Rioja), legal owner of the website www.gnoss.com, hereinafter GNOSS, hereby informs you that:

a) it ensures the protection of personal data voluntarily provided by the user when they communicate with GNOSS:

• via e-mail,
• through the completion of forms for data collection (online y offline),
• through the formalisation of a contractual relationship or
• by using any other service present on the website that entails the disclosure of data or access to data

b) processes the data it collects in compliance with Regulation (EU) 2016/679 of 27 April 2016 on data protection, hereinafter GDPR,  and Ley Orgánica 3/2018, of 5 December of  Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD) and in accordance with the provisions of this policy, which it makes public upon the principles of proactive responsibility and information transparency, and the intent to thereby demonstrate the clear consent of the data subject.

PURPOSE OF DATA PROCESSING

The personal data collected and processed by GNOSS through this website, trade fairs, contracts, conferences, newsletters, lotteries, or by any other means are suitable, pertinent and limited to those necessary in relation to the purposes for which they are processed.

• For data obtained via website forms or other means of voluntary data disclosure not otherwise specified (presentation of business cards, e-mail, etc.), the purposes of processing are the response to specific requests, sale of products, dispatch of catalogues, consultations, subscription to and delivery of newsletters, business contact, conference registration, the communication of documentation and information concerning services, and, under all circumstances, advertising and/or business communications.They will also be used for historical maintenance and to carry out research and development in this field
• When data are obtained though the formalisation of contracts, the purpose of processing is to establish and maintain a contractual relationship in compliance with the nature and characteristics of the contracted service, as well as for the maintenance of records and the performance of research tasks and development within the field.

Under all circumstances, personal data will be stored such that the data subjects may be identified for only the period of time necessary for the purposes of processing. These storage periods shall only be extended when purposes include statistical, historical or scientific research. 

LEGITIMACY OF PROCESSING

The legal basis or legitimacy for data processing on the part of GNOSS depends on the various processing activities, personal data subject type, and purposes for processing, such that the basis for legitimacy is as follows:

• Express consent or acceptance by data subjects who voluntarily disclose the personal data requested and who contact GNOSS in order to request information and consultations, subscribe to information and newsletters, as well as for training, among other reasons.
• Contracts for customers who access GNOSS services and solutions,  and provide their consent through the formalisation of a contract.
• Overriding legitimate interests of GNOSS or third parties to whom data are communicated in the event that data is collected in ways not otherwise indicated in the section regarding the purpose for processing (example: reception of business cards, consultations via e-mail).

The data subject shall be held liable for the veracity of the data provided under any circumstances. GNOSS reserves the right to exclude all false or illegitimate data without prejudice to those measures applicable by law.

GNOSS informs you that, excepting legally constituted representation, no data subject will be able to use another person’s identity to disclose that personal data. For this reason, it should always be noted that personal data communicated should always correspond to one’s own identity and their status as suitable, pertinent, up-to-date, precise and true. To that effect, the data subject is the only party responsible for any direct or indirect damage to third parties or to GNOSS for the use of another person’s personal data or their own if false, incorrect, non-current, inappropriate or irrelevant. Likewise, the party disclosing personal data belonging to a third party shall be held liable to the third party concerning the obligation established in the GDPR in the event that said personal data were not collected from the data subject and/or the consequences of not having informed the third party.

ASSIGNAMENT OR TRANSFER

Assignment: GNOSS only assigns personal data to providers or to private or public institutions in fulfilment of its legal or contractual obligations regarding service. In these cases, the data subject consents to said assignment and exercises its rights to information concerning themselves.

International transfers: GNOSS informs you that, within the framework of its activities, it utilises the service of providers outside the European Economic Area to whom it communicates data (as data processor) by means of international data transfer. Our providers and their privacy policies are listed below:

• Google, Inc:  https://www.google.es/intl/es/policies/privacy/ 
• Mail chimp: https://mailchimp.com/legal/privacy/
• Microsoft: https://privacy.microsoft.com/es-es/privacystatement

In addition, you are hereby informed that said providers participate in the EU-US Privacy Shield; please consult the guide on the EU-US Privacy Shield provided by the AEPD (Spanish Agency for Data Protection).

USERS’ RIGHTS

The user may exercise their recognised rights concerning their personal data, including withdrawal of consent to the aforementioned uses, at any time by means of written communication specifying the request or right to be exercised directed to GNOSS at its registered address, or electronically to the e-mail address privacidad@gnoss.com. In either case, a photocopy of proof of identification must be enclosed or attached. The recognised rights that may be exercised are the following:

• Access.  Request information concerning the data we process, the purpose of processing and its legitimacy.
• Rectification. Request the modification of data if they are incorrect.
• Erasure. Request the deletion of data in the legally established circumstances.
• Opposition. Stop processing data, except for justified reasons.
• Restriction to processing. Data will only be stored by GNOSS for the exercise or defence of legal claims.
• Data portability: In the event that you would like your data to be processed by another supplier, GNOSS will facilitate the portability of your data to the new data controller.

For more information on the exercise of these rights, please consult la guía del ciudadano (Spanish) published by the AEPD.

If you believe the processing of your personal data breaches regulatory standards, you may file a claim:

• with GNOSS data controllers or
• with the Agencia Española de Protección de Datos (AEPD) at their postal address: C/ Jorge Juan, 6, 28001, Madrid (Spain).

SECURITY MEASURES

The personal information provided by or collected from the users for which GNOSS acts as data controller is structured into automated and non-automated files. GNOSS maintains a processing activity register in compliance with the current legislation.

In addition to data processing, GNOSS has established adequate organisational and technical measures that guarantee the confidentiality, integrity, availability and resilience of data processed that are necessary in order to guarantee their suitable security, including protection against unauthorised or illicit processing, loss, destruction, or accidental damage, and whose aims are:

1. The pseudonymisation and encryption of personal data.
2. The capacity to guarantee the permanent resilience, availability, integrity and confidentiality of processing services and systems.
3. The capacity to quickly restore availability and access to personal data in the event of a physical or technical incident.
4. The process of regular verification, assessment and evaluation of the efficacy of the technical and organisational measures for the guarantee of processing security.

RESPONSIBILITIES OF THE DATA PROCESSOR

Where GNOSS must access and/or process personal data that is the responsibility of and owned by their clients, acting as data processor in compliance with the provisions of the current legislation, they undertake to painstakingly regulate the content of data processor contracts, including aspects such as:

• The object, duration, nature and purpose of processing.
• To designate a data protection delegate if applicable.
• To maintain an activity register that includes types of personal data and data subject categories belonging to the data controller.
• The data processor’s obligation to process personal data only as per the data controller’s documented instructions.
• Conditions under which the data controller may give their general or specific prior authorisation for sub-contracting.
• The notification of data security breaches.
• Data will be destroyed or returned upon the completion of the contractual service provided as per the agreement by the parties. Notwithstanding, they may be used by GNOSS for the purposes of scientific research and statistics prior to being made anonymous.

POLICY CHANGES

GNOSS is in continuous change and so are its text and policies; therefore, we will publish the changes made during the development of the project. We will publish them in a place of the site easily accesible where you can get at any time what information we manage and use.

You should frequently review these documents. If we make any important modification of this policy we will announce it here, or by electronic mail to your contact account or posting on the GNOSS home page.