Last updated 8th June 2022
1. PREAMBLE AND SCOPE
We respect your right to privacy and take the protection of Personal Data extremely seriously, as we would like to provide you with the highest level of protection of your Personal Data. We are committed to protecting the privacy and security of the information we collect and to being transparent about the ways in which we collect and process your information.
This Privacy Policy sets forth our policies and practices for handling the information we collect from or about you. It defines ways of collecting your Personal Data, the purposes for which we collect it, the security measures we use to protect it, the persons with whom we share it and your rights regarding the protection of Personal Data.
This Privacy Policy applies to all Personal Data collected and stored by us from Individuals visiting the Website, Conference and/or Venues, and users of our Services.
This Privacy Policy is based on applicable relevant legislation on the protection of Personal Data, in particular the General Data Protection Regulation of the EU (“GDPR”).
This Privacy Policy sets forth our policies and practices for handling the information we collect from or about you. It defines ways of collecting your Personal Data, the purposes for which we collect it, the security measures we use to protect it, the persons with whom we share it and your rights regarding the protection of Personal Data.
This Privacy Policy applies to all Personal Data collected and stored by us from Individuals visiting the Website, Conference and/or Venues, and users of our Services.
This Privacy Policy is based on applicable relevant legislation on the protection of Personal Data, in particular the General Data Protection Regulation of the EU (“GDPR”).
2. INTRODUCTORY INFORMATION
When we refer to
We are the Data Controller and we shall be responsible for processing and storing your Personal Data in accordance with the Applicable Law.
When we refer to
This Privacy Policy was last updated on 8th June 2022. We reserve the right to change and/or update this Privacy Policy at any time. When we make changes and/or updates to this Privacy Policy, we will revise the “last updated date” above and post the new Privacy Policy on the Website.
‘’we’’, ‘’our’’ or “us”
in this Privacy Policy, we refer to the ModernPunk, Sociedad Limitada, a limited liability company organized under the laws of Spain, with its registered office at C. Morabos 20, bajos 1, 08004, Barcelona, with the registration number B09961533, as the organizer of the ETHBCN Conference.We are the Data Controller and we shall be responsible for processing and storing your Personal Data in accordance with the Applicable Law.
When we refer to
“you” or “your”
we mean those individuals whose Personal Data we collect through the Services, or whose Personal Data we receive from other organizations that we work with.This Privacy Policy was last updated on 8th June 2022. We reserve the right to change and/or update this Privacy Policy at any time. When we make changes and/or updates to this Privacy Policy, we will revise the “last updated date” above and post the new Privacy Policy on the Website.
3. COLLECTING AND PROCESSING OF PERSONAL DATA
We process your Personal Data solely on the basis of clearly stated and legitimate purposes, securely and transparently.
3.1. TYPE OF PERSONAL DATA WE COLLECT
We collect Personal Data you provide directly to us and when you use our Services. All categories of Personal Data which we process are specified in the table in Section 3.3.
3.2. LEGAL BASIS FOR COLLECTING AND PROCESSING OF PERSONAL DATA
We mainly process your Personal Data to perform our obligations under the Terms and Conditions at TICKETS (VISITOR) TERMS AND CONDITIONS(i.e. we process your data on a contractual or pre-contractual basis), whereby in certain cases, we may also rely on an alternative legal basis.
CONSENT
Processing of your Personal Data for which we obtain your Consent for a specific processing purpose is based on Article 6 (1) (a) of the GDPR. The Individual shall have the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
CONTRACTUAL NECESSITY
Processing of Personal Data which is necessary for the performance of a contract to which the Individual is a party is based on Article 6 (1) (b) of the GDPR and processing of Personal Data which is necessary for carrying out pre-contractual measures is based on Article 6 (1) (c) of the GDPR.
VITAL INTERESTS OF THE INDIVIDUAL AND OTHER PERSONS
Processing of Personal Data which is necessary to protect the vital interests of the Individual or of another natural person is based on Article 6 (1) (d) of the GDPR.
COMPLIANCE WITH OUR LEGAL OBLIGATIONS
We may also invoke our legal obligations as a valid ground for sharing your information with judiciary or law enforcement authorities, if we are ever obliged to do so and according to the Applicable Law.
3.3. PROCESSING PURPOSE FOR COLLECTING PERSONAL DATA
We will only process your Personal Data for specified, explicit and legitimate purposes. We undertake not to process your Personal Data in a manner incompatible with the purposes defined in this Privacy Policy.
The purposes for which we can use your Personal Data are defined below. We may use your Personal Data for one or more of the purposes.
3.1. TYPE OF PERSONAL DATA WE COLLECT
We collect Personal Data you provide directly to us and when you use our Services. All categories of Personal Data which we process are specified in the table in Section 3.3.
3.2. LEGAL BASIS FOR COLLECTING AND PROCESSING OF PERSONAL DATA
We mainly process your Personal Data to perform our obligations under the Terms and Conditions at TICKETS (VISITOR) TERMS AND CONDITIONS(i.e. we process your data on a contractual or pre-contractual basis), whereby in certain cases, we may also rely on an alternative legal basis.
CONSENT
Processing of your Personal Data for which we obtain your Consent for a specific processing purpose is based on Article 6 (1) (a) of the GDPR. The Individual shall have the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
CONTRACTUAL NECESSITY
Processing of Personal Data which is necessary for the performance of a contract to which the Individual is a party is based on Article 6 (1) (b) of the GDPR and processing of Personal Data which is necessary for carrying out pre-contractual measures is based on Article 6 (1) (c) of the GDPR.
VITAL INTERESTS OF THE INDIVIDUAL AND OTHER PERSONS
Processing of Personal Data which is necessary to protect the vital interests of the Individual or of another natural person is based on Article 6 (1) (d) of the GDPR.
COMPLIANCE WITH OUR LEGAL OBLIGATIONS
We may also invoke our legal obligations as a valid ground for sharing your information with judiciary or law enforcement authorities, if we are ever obliged to do so and according to the Applicable Law.
3.3. PROCESSING PURPOSE FOR COLLECTING PERSONAL DATA
We will only process your Personal Data for specified, explicit and legitimate purposes. We undertake not to process your Personal Data in a manner incompatible with the purposes defined in this Privacy Policy.
The purposes for which we can use your Personal Data are defined below. We may use your Personal Data for one or more of the purposes.
a. PROCESSING PURPOSES RELATED TO USER ACCOUNT MANAGEMENT
PROCESSING PURPOSE |
CATEGORY OF PERSONAL DATA PROCESSED |
LEGAL BASIS |
|---|---|---|
| REGISTERING AN ACCOUNT | Digital wallet information, e-mail, username, display name, description, member ID | Contractual relationship |
| PREFERENCE SETTINGS | Notification settings, display of content | Contractual relationship (providing a good user experience) |
b. PROCESSING PURPOSES RELATED TO USAGE OF OUR PLATFORM
PROCESSING PURPOSE |
CATEGORY OF PERSONAL DATA PROCESSED |
LEGAL BASIS |
|---|---|---|
| Transfer of funds | NFT ID, ETHWallet data, metadata related to the transfer | Contractual relationship |
| Participating in a POAP drop | NFT ID | Contractual relationship |
| Firebase hosting of the Website | NFT ID, ETHWallet data, metadata related to the transfer | Contractual relationship |
c. PROCESSING PURPOSES RELATED TO COMMUNICATION WITH US
| PROCESSING PURPOSE | CATEGORY OF PERSONAL DATA PROCESSED | LEGAL BASIS |
|---|---|---|
| Communicating with participants in regard with requests (customer support) | Member ID, username, channel of communication (e-mail, discord), message | Contractual relationship (providing a good user experience) |
| Providing updates on the platform (maintenance, etc) | Contractual relationship (providing a good user experience) | |
| Executing user satisfaction surveys | Categories of Personal Data we process differ depending on the theme of the survey and shall be disclosed with each survey. | Contractual relationship (improvement and optimization of our activities) |
| Participating in a POAP drop | Author’s member ID, collection name | Contractual relationship |
d. PROCESSING PURPOSES RELATED TO SECURITY AND ADMINISTRATION
| PROCESSING PURPOSE | CATEGORY OF PERSONAL DATA PROCESSED | LEGAL BASIS |
|---|---|---|
| Prevent, detect frauds and security issues | Data such as IP address, member ID | Contractual relationship (keeping the platform safe) |
| Transmission of Personal Data to third parties Depends on the transfer as defined below | Contractual relationship | |
| Executing statistical analysis. | In order to improve the user experience, we analyze the use of our website. This data is anonymized. | Contractual relationship (providing an optimal and efficient website) |
e. PROCESSING PURPOSES RELATED TO MARKETING ACTIVITIES
| PROCESSING PURPOSE | CATEGORY OF PERSONAL DATA PROCESSED | LEGAL BASIS |
|---|---|---|
| Sending newsletters | Consent | |
| Performing an overview of the performance data on the receipt of emails | Email, date and time of dispatch, delivery status | Consesnt |
If there is a need for further processing of your Personal Data (for a different purpose than for the purpose for which Personal Data were originally obtained), we will inform you in advance and, when necessary, request your Consent. You are entitled to revoke any processing of your Personal Data at any time, which was obtained by us, based on your Consent. You can notify us of the revocation of the Consent as provided in Section 10. 3.4. RETENTION PERIOD The Controller shall process, retain, and store the Personal Data of the Individual for as long as reasonably necessary to achieve the purposes for which Personal Data was collected. In any event, the collected Personal Data will be routinely erased every two years. The purpose of storing Personal Data for two years is to notify Individuals of organization of new similar events organized by ETHBCN.
4. PROTECTING PERSONAL DATA
4.1. DATA PROTECTION AND SECURITY
We use technical and organizational measures, such as ensuring the regular updating and maintenance of the hardware, software and application equipment that we use for the processing of Personal Data, to protect your Personal Data against the risks of unauthorized access and against unintentional loss, destruction or damage, in accordance with the Applicable Law. We undertake all measures according to our technological capabilities (including the cost of implementing certain measures) and the impact assessment on your privacy.
4.2. AGE LIMITATION
We will not knowingly collect or sell any Personal Data about children under 18 years old / as defined by the Applicable Law without parental Consent or as otherwise permitted by the Applicable Law. Unless the Terms and Conditions state otherwise, the Services are intended for users who are of legal age for Personal Data protection purposes according to the Applicable Law. In this regard, we will not consider the laws of other countries.
4.3. PERSONAL DATA BREACH
In the event of a Personal Data breach, we will notify the competent supervisory authority without delay about any such breach. In the event of a breach that may cause a high risk to the rights and freedoms of individuals, we will inform you of such an event without undue delay. In the event that there is a suspicion of a criminal offense regarding the Personal Data breach, we will also report such breach to the police and the competent state prosecutor’s office.
We use technical and organizational measures, such as ensuring the regular updating and maintenance of the hardware, software and application equipment that we use for the processing of Personal Data, to protect your Personal Data against the risks of unauthorized access and against unintentional loss, destruction or damage, in accordance with the Applicable Law. We undertake all measures according to our technological capabilities (including the cost of implementing certain measures) and the impact assessment on your privacy.
4.2. AGE LIMITATION
We will not knowingly collect or sell any Personal Data about children under 18 years old / as defined by the Applicable Law without parental Consent or as otherwise permitted by the Applicable Law. Unless the Terms and Conditions state otherwise, the Services are intended for users who are of legal age for Personal Data protection purposes according to the Applicable Law. In this regard, we will not consider the laws of other countries.
4.3. PERSONAL DATA BREACH
In the event of a Personal Data breach, we will notify the competent supervisory authority without delay about any such breach. In the event of a breach that may cause a high risk to the rights and freedoms of individuals, we will inform you of such an event without undue delay. In the event that there is a suspicion of a criminal offense regarding the Personal Data breach, we will also report such breach to the police and the competent state prosecutor’s office.
5. TRANSMITTING OF PERSONAL DATA
5.1. TRANSMITTING OF PERSONAL DATA TO THIRD PARTIES
Your Personal Data may be, exclusively in order to achieve the purpose for which it was collected, transmitted, or we may allow access to them to certain third parties (defined below in this Section). Such third parties may only process your Personal Data for the purposes for which they were collected.
Accordingly, any third party to whom we transmit Personal Data is bound to comply with the Applicable Law as well as to the provisions of this Privacy Policy. With external processors, however, the protection of Personal Data is further defined by the contract.
We may transmit your Personal Data to third parties (defined below in this Section) for the purposes and pursuant to legal basis highlighted in this Privacy Policy (see Section 3) based outside the EU and EEA, where Personal Data processing occurs.
PERSONAL DATA SHARED AMONG USE AND WITH EXTERNAL PROCESSORS
We share your Personal Data among us for the purposes highlighted in this Privacy Policy. Annex 2 of this Privacy Policy provides more information about where we work together to process your Personal Data.
Where expressly indicated in this Privacy Policy (and to the extent permitted by Applicable Law), we share your Personal Data with our partners. This includes Personal Data collected through the Services (for example, where you subscribe to receive promotional communications) or by other organizations that we work with and who take care of our needs (for example, accounting services, law firms, marketing services). Annex 3 of this Privacy Policy provides more information about external processors, the situations in which we share Personal Data with them and the purposes for which they may use such Personal Data.
PERSONAL DATA SHARED WITH OUR SERVICE PROVIDERS
We rely on a network of professional service providers (i.e. providers who provide hosting services, email communications and push notification services) who are working on our behalf and help us to operate, develop, secure, promote and measure the Services and our advertisements.
Where we delegate part of the processing of your Personal Data to these organizations we transfer your Personal Data to them. A list of our main service providers (including, for each service provider, the country to which Personal Data is transferred and their contact information) is provided in Annex 1 of this Privacy Policy.
In some cases, the organizations we work with may act as Controllers of your Personal Data. For example, third parties that assist us with the serving of advertisements, and those third parties authorized to launch and operate digital services or to use our brands. These third parties are typically governed by their own terms and conditions, terms of service, and privacy policies, which we strongly recommend you read.
5.2. INTERNATIONAL TRANSFER
We may store, process, and transfer your Personal Data in a country other than your place of residence (outside your residence jurisdiction), especially for the purpose of hosting the website (e.g. through the services provided by Firebase Hosting).
The Personal Data we collect will usually be processed in the EU or EEA. We may, however, disclose and transfer your Personal Data to third parties outside the EU and EEA for the purposes and legal basis for processing highlighted in this Privacy Policy (see Section 3). Some of these third parties may be based in countries that do not provide in their laws for a level of protection of your privacy equivalent to that applied within the EU.
To the extent you are a resident of a country other than the United States, you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.
Your Personal Data may be, exclusively in order to achieve the purpose for which it was collected, transmitted, or we may allow access to them to certain third parties (defined below in this Section). Such third parties may only process your Personal Data for the purposes for which they were collected.
Accordingly, any third party to whom we transmit Personal Data is bound to comply with the Applicable Law as well as to the provisions of this Privacy Policy. With external processors, however, the protection of Personal Data is further defined by the contract.
We may transmit your Personal Data to third parties (defined below in this Section) for the purposes and pursuant to legal basis highlighted in this Privacy Policy (see Section 3) based outside the EU and EEA, where Personal Data processing occurs.
PERSONAL DATA SHARED AMONG USE AND WITH EXTERNAL PROCESSORS
We share your Personal Data among us for the purposes highlighted in this Privacy Policy. Annex 2 of this Privacy Policy provides more information about where we work together to process your Personal Data.
Where expressly indicated in this Privacy Policy (and to the extent permitted by Applicable Law), we share your Personal Data with our partners. This includes Personal Data collected through the Services (for example, where you subscribe to receive promotional communications) or by other organizations that we work with and who take care of our needs (for example, accounting services, law firms, marketing services). Annex 3 of this Privacy Policy provides more information about external processors, the situations in which we share Personal Data with them and the purposes for which they may use such Personal Data.
PERSONAL DATA SHARED WITH OUR SERVICE PROVIDERS
We rely on a network of professional service providers (i.e. providers who provide hosting services, email communications and push notification services) who are working on our behalf and help us to operate, develop, secure, promote and measure the Services and our advertisements.
Where we delegate part of the processing of your Personal Data to these organizations we transfer your Personal Data to them. A list of our main service providers (including, for each service provider, the country to which Personal Data is transferred and their contact information) is provided in Annex 1 of this Privacy Policy.
In some cases, the organizations we work with may act as Controllers of your Personal Data. For example, third parties that assist us with the serving of advertisements, and those third parties authorized to launch and operate digital services or to use our brands. These third parties are typically governed by their own terms and conditions, terms of service, and privacy policies, which we strongly recommend you read.
5.2. INTERNATIONAL TRANSFER
We may store, process, and transfer your Personal Data in a country other than your place of residence (outside your residence jurisdiction), especially for the purpose of hosting the website (e.g. through the services provided by Firebase Hosting).
The Personal Data we collect will usually be processed in the EU or EEA. We may, however, disclose and transfer your Personal Data to third parties outside the EU and EEA for the purposes and legal basis for processing highlighted in this Privacy Policy (see Section 3). Some of these third parties may be based in countries that do not provide in their laws for a level of protection of your privacy equivalent to that applied within the EU.
To the extent you are a resident of a country other than the United States, you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.
6. DISCLOSING OF PERSONAL DATA
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
We may disclose your Personal Data to:
If you choose to engage in public activities on the Services, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.
We do not sell your information to third parties. We do permit third parties to collect the information described above through our Service and discloses such information with third parties for business purposes as described in this Privacy Policy. The information practices of these third parties are not covered by this Privacy Policy.
We may disclose your Personal Data to:
1.authorized third party vendors and service providers:
We send the information you provide directly to us, the information we collect automatically, to services that process data for us for business purposes related to providing products or services you’ve requested (such as payment processing, analytics, error logging, customer interactions, and data processing and storage);2.business transfers:
We may transfer any of the information we collect about you if we are acquired by or merged with another company, in connection with a substantial corporate transaction (e.g. asset sale, initial public offering, or in the unlikely event of bankruptcy);3.legal purposes:
We may disclose any of the information we collect to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, safety, and security of us, users, visitors, or the public (including responding to illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or violations of our Terms and Conditions at TICKETS (VISITOR) TERMS AND CONDITIONS;4.consent:
We may share any of the information we collect for any other purposes disclosed to you at the time we collect the information or pursuant to your Consent.If you choose to engage in public activities on the Services, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.
We do not sell your information to third parties. We do permit third parties to collect the information described above through our Service and discloses such information with third parties for business purposes as described in this Privacy Policy. The information practices of these third parties are not covered by this Privacy Policy.
7. ACCESS TO SOCIAL NETWORKS
On the Website we offer you the ability to use the following social networks: Twitter and Telegram. The mentioned social networks operate in accordance with their terms of use and privacy policy, where the usage of personal data for each social network is also defined.
Privacy policies are available at the links provided below:
Twitter: https://twitter.com/en/privacy
Telegram: https://telegram.org/privacy
We do not assume any responsibility for the use of social networks.
Privacy policies are available at the links provided below:
Twitter: https://twitter.com/en/privacy
Telegram: https://telegram.org/privacy
We do not assume any responsibility for the use of social networks.
8. SECURITY AND INTEGRITY
We maintain appropriate and reasonable technical and organizational measures to safeguard Personal Data, which include, but are not limited to:
1. Pseudonymisation and encryption of personal data;
2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
3. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
We maintain reasonable procedures to help ensure that Personal Data is reliable for its intended use and is accurate, complete, and current.
You acknowledge that no Personal Data storage system or transmission of Personal Data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current.
We take steps to ensure that any natural person acting under our authority who has access to personal data does not process them except on our instructions, unless he or she is required to do so by Union or Member State law.
1. Pseudonymisation and encryption of personal data;
2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
3. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
We maintain reasonable procedures to help ensure that Personal Data is reliable for its intended use and is accurate, complete, and current.
You acknowledge that no Personal Data storage system or transmission of Personal Data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current.
We take steps to ensure that any natural person acting under our authority who has access to personal data does not process them except on our instructions, unless he or she is required to do so by Union or Member State law.
9. DATA PROTECTION RIGHTS
Although we own the code, databases, and all rights to our platform and services, Individual retains all rights to his/her data. The Individual has the following rights regarding the Personal Data processing:
RIGHT OF ACCESS
Each Individual shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data listed in article 15 (1) of the GDPR.
The Controller shall provide free information about the Individual’s Personal Data stored at any time and a copy of this information.
Furthermore, the Individual shall have a right to obtain information as to whether Personal Data is transferred to a third country or to an international organization. Where this is the case, the Individual shall have the right to be informed of the appropriate safeguards relating to the transfer.
RIGHT TO RECTIFICATION (CORRECTION)
Each Individual shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the processing, the Individual shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
RIGHT TO BE FORGOTTEN (RIGHT TO ERASURE, DELETION)
Each Individual shall have the right to obtain from the Controller the erasure of Personal Data concerning him or her without undue delay, and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following listed in Article 17 (1) of the GDPR applies, as long as the processing is not necessary.
Where the Controller has made Personal Data public and is obliged pursuant to Article 17 (1) of the GDPR to erase the Personal Data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other Controllers processing the Personal Data that the Individual has requested erasure by such Controllers of any links to, or copy or replication of, those Personal Data, as far as processing is not required. Our staff will arrange the necessary measures in individual cases.
RIGHT OF RESTRICTION OF PROCESSING
Each Individual shall have the right to obtain from the Controller restriction of processing in situations listed in article 18 (1) of the GDPR.
RIGHT TO PRINTOUT OF DATA (DATA PORTABILITY)
Each Individual shall have the right to receive the Personal Data concerning him or her, which was provided to a Controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another Controller without hindrance from the Controller to which the Personal Data have been provided, as long as the processing is based on Consent pursuant to point (a) of Article 6 (1) of the GDPR or point (a) of Article 9 (2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Furthermore, in exercising his/her right to data portability pursuant to Article 20 (1) of the GDPR, the Individual shall have the right to have Personal Data transmitted directly from one Controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
RIGHT TO OBJECT
Each Individual shall have the right to object, on grounds relating to his/her particular situation, at any time, to processing of Personal Data concerning him or her, which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.
If we process Personal Data for direct marketing purposes, the Individual shall have the right to object at any time to processing of Personal Data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing.
In addition to exercising the rights in accordance with Section 10, the Individual is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his/her right to object by automated means using technical specifications.
AUTOMATED DECISION MAKING
(INCLUDING PROFILING) We do not use any form of automated processing of personal data or profiling.
RIGHT OF ACCESS
Each Individual shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data listed in article 15 (1) of the GDPR.
The Controller shall provide free information about the Individual’s Personal Data stored at any time and a copy of this information.
Furthermore, the Individual shall have a right to obtain information as to whether Personal Data is transferred to a third country or to an international organization. Where this is the case, the Individual shall have the right to be informed of the appropriate safeguards relating to the transfer.
RIGHT TO RECTIFICATION (CORRECTION)
Each Individual shall have the right to obtain from the Controller without undue delay the rectification of inaccurate Personal Data concerning him or her. Taking into account the purposes of the processing, the Individual shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
RIGHT TO BE FORGOTTEN (RIGHT TO ERASURE, DELETION)
Each Individual shall have the right to obtain from the Controller the erasure of Personal Data concerning him or her without undue delay, and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following listed in Article 17 (1) of the GDPR applies, as long as the processing is not necessary.
Where the Controller has made Personal Data public and is obliged pursuant to Article 17 (1) of the GDPR to erase the Personal Data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other Controllers processing the Personal Data that the Individual has requested erasure by such Controllers of any links to, or copy or replication of, those Personal Data, as far as processing is not required. Our staff will arrange the necessary measures in individual cases.
RIGHT OF RESTRICTION OF PROCESSING
Each Individual shall have the right to obtain from the Controller restriction of processing in situations listed in article 18 (1) of the GDPR.
RIGHT TO PRINTOUT OF DATA (DATA PORTABILITY)
Each Individual shall have the right to receive the Personal Data concerning him or her, which was provided to a Controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another Controller without hindrance from the Controller to which the Personal Data have been provided, as long as the processing is based on Consent pursuant to point (a) of Article 6 (1) of the GDPR or point (a) of Article 9 (2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
Furthermore, in exercising his/her right to data portability pursuant to Article 20 (1) of the GDPR, the Individual shall have the right to have Personal Data transmitted directly from one Controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
RIGHT TO OBJECT
Each Individual shall have the right to object, on grounds relating to his/her particular situation, at any time, to processing of Personal Data concerning him or her, which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.
If we process Personal Data for direct marketing purposes, the Individual shall have the right to object at any time to processing of Personal Data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing.
In addition to exercising the rights in accordance with Section 10, the Individual is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his/her right to object by automated means using technical specifications.
AUTOMATED DECISION MAKING
(INCLUDING PROFILING) We do not use any form of automated processing of personal data or profiling.
10. HOW TO EXERCISE YOUR RIGHTS
UNSUBSCRIBE FROM OUR MARKETING COMMUNICATIONS
To unsubscribe from our marketing communications, you can adjust your settings in your user account or click on the link displayed at the bottom of our marketing communications. You can also contact us directly at info@ethbarcelona.com.
LODGE A COMPLAINT
You have the right to file a complaint against us with the competent authority for the protection of Personal Data.
In case of exercising any of Data Protection Rights, we may require additional Personal Data (such as name, surname, e-mail address) for identification purposes. We will only need additional information when the information you provide is not sufficient for reliable identification (in this way, we want to prevent your Personal Data from being transmitted to a third party due to unreliable identification).
In case of exercising any of Data Protection Rights, we will not discriminate against you.
CONTACT US
Any questions regarding this Privacy Policy, the use of this Privacy Policy, our privacy practices, or exercising of your rights arising from this Privacy Policy, should be addressed to info@ethbarcelona.com.
You can contact contact in case of any:
requests referring to Data Protection Rights. In such a case, the Individual shall, for verification purposes, use the email associated with an account registered at the Website.
questions related to this Privacy Policy or regarding the exercise of your rights arising from this Privacy Policy. In such a case, the Individual shall, for verification purposes, use the email associated with an account registered at the Website.
The integrity of Personal Data processed, and regular updating is our priority. Please kindly inform us of any change of your Personal Data to the above contacts. We will take care of the correction or supplementing your Personal Data in the shortest possible time.
We reserve the right to decline a request referring to Data Protection Rights irrespective of fulfilled legal conditions if the request made to us is manifestly unfounded or excessive.
To unsubscribe from our marketing communications, you can adjust your settings in your user account or click on the link displayed at the bottom of our marketing communications. You can also contact us directly at info@ethbarcelona.com.
LODGE A COMPLAINT
You have the right to file a complaint against us with the competent authority for the protection of Personal Data.
In case of exercising any of Data Protection Rights, we may require additional Personal Data (such as name, surname, e-mail address) for identification purposes. We will only need additional information when the information you provide is not sufficient for reliable identification (in this way, we want to prevent your Personal Data from being transmitted to a third party due to unreliable identification).
In case of exercising any of Data Protection Rights, we will not discriminate against you.
CONTACT US
Any questions regarding this Privacy Policy, the use of this Privacy Policy, our privacy practices, or exercising of your rights arising from this Privacy Policy, should be addressed to info@ethbarcelona.com.
You can contact contact in case of any:
requests referring to Data Protection Rights. In such a case, the Individual shall, for verification purposes, use the email associated with an account registered at the Website.
questions related to this Privacy Policy or regarding the exercise of your rights arising from this Privacy Policy. In such a case, the Individual shall, for verification purposes, use the email associated with an account registered at the Website.
The integrity of Personal Data processed, and regular updating is our priority. Please kindly inform us of any change of your Personal Data to the above contacts. We will take care of the correction or supplementing your Personal Data in the shortest possible time.
We reserve the right to decline a request referring to Data Protection Rights irrespective of fulfilled legal conditions if the request made to us is manifestly unfounded or excessive.