Privacy policy

In accordance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as the “General Data Protection Regulation”), the European Parliament and of the Council have adopted the “General Data Protection Regulation” (hereinafter referred to as the “GDPR“) and the Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, the “LOPDGDD”) and the purpose of this Privacy Policy is to inform all Users who are subject to it of the possible processing of their personal data.

This Privacy Policy is intended to help you understand what data NESAI SMART TECHNOLOGY, S.L. (“Nesai“) collects and what they do with it. In this regard, this Privacy Policy explains, among other things:

what information they collect and for what purposes;
what uses they make of such information;
las opciones que ofrecen en relación con la información recopilada.
For the purposes of this Policy, “User” shall mean any category of data subjects included in this document.

1. IDENTIFICATION OF DATA CONTROLLERS:

Nesai takes the privacy of Users very seriously and is committed to making every effort to respect it.
The identification data of the entities affiliated to Nesai, as data controllers, are as follows:

Holder 1: NESAI SMART TECHNOLOGY, S.L.
Address: Avenida Diagonal, nº359, pl. Principal, 08037, Barcelona.
Contact: [email protected]

2. PERSONAL DATA WE PROCESS

Nesai collects personal data in the following ways:

Personal data provided by the User: when you fill in any of the forms available to you on the website www.nesai.health and all of its subdomains, (hereinafter the “Website”), or any physical form or through the different Nesai Social Media profiles.

Through Cookies and Similar Technologies: When you visit the Website, Nesai affiliated entities use various technologies to collect and store information and this may include the use of cookies or similar technologies to identify your browser or device. They also use these technologies to collect and store information when the User interacts with services offered by Nesai. Analytical cookies help Nesai to analyse website traffic. You can obtain more information about how Nesai treats personal data obtained through cookies in our Cookies Policy.

Such personal data can be broadly grouped into the following categories:

Identification data: name, surname, age, DNI or NIF number, physical and e-mail address, telephone number.
Connection data identification data: IP, logs.

Likewise, we process personal data of different categories of interested parties which, considered as Users as a whole, by way of example and without limitation, are the following:

Website and Social Media Users: personal data of Users who contact Nesai through our Website, or who access any of our Social Media profiles as a follower, subscriber or as an independent user.
Customers, members, participants, suppliers or partners: personal data of natural persons who, acting as customers, members, service providers of any kind or collaborators, contact Nesai through our Website or any other form provided by the Website in order to enter into strategic alliances or carry out business opportunities.

3. PROCESSING OF PERSONAL DATA BY NESAI

Tal y como se ha comentado anteriormente, Nesai trata datos personales obtenidos a través de diversos canales. Nesai also processes these personal data according to the different categories of data subjects and for different purposes:

3.1 Purposes for which Website Users are processed

Personal data collected through the Nesai Website will be processed for the following purposes:

To manage the forms provided to Nesai from the Website or other physical forms provided to the User, as well as any other management related to the relationship maintained.
Retention period: until the end of the contractual relationship and after the end of the period necessary to comply with legal obligations.
Legal basis: performance of contractual and/or pre-contractual conditions.
To deal with requests for information and/or queries made by the User, management of complaints or incidents.
Conservation period: until the User’s request for information and/or consultation has been resolved and, once resolved, for the period necessary to comply with applicable legal obligations, if any.
Legal basis: execution of the contractual and/or pre-contractual conditions and the legitimate interest implicit in your request and/or query, so that Nesai can deal with it.

3.2 Purposes of processing commercial communications.

1. To keep the interested party informed, including by electronic means (e-mail) and/or other equivalent means of communication (telephone/sms/mobile messaging applications) and/or traditional means (postal mail), about the products, services and news of the Controllers, related to those products and services similar to those contracted by the User.
Retention period: until such time as the data subject objects to the receipt of such communications. In this regard, the User, at the time of contracting the products and/or services, will have at his/her disposal a mechanism for opposition to this type of sending.
Legal basis: the legitimate interest of the Controllers in accordance with article 21.2 of Law 34/2002, of 11 July, on information society services and electronic commerce (LSSI), as there is a prior contractual relationship, through which the Controllers lawfully obtained the contact details of the interested parties in order to use them to send communications referring to products or services similar to those that were initially contracted by the latter.

2. To keep the interested party informed, including by electronic means (e-mail) and/or other equivalent means of communication (telephone/sms/mobile messaging applications) and/or traditional means (postal mail), about the products, services, news of the Controllers, publications, invitations, newsletters, activities and events of the entities, provided that the User has expressly consented to such processing.
Retention period: until such time as the data subject withdraws his or her consent to receive such communications.
Legal basis: the data subject’s explicit consent given for the receipt of such communications.

3.3 Purposes of processing Social Network Users

1. Manage the User’s interactions with Nesai through the different Social Network profiles (Instagram, Facebook or Twitter, among others). The data processed for this purpose will be those entered by Users in their profile on the corresponding social network, therefore, regulated by the Privacy Policy of said social network, for which Nesai is not responsible.
Retention period: the data processed for this purpose will be kept for the duration of the Nesai profile on the contact social network.
Legal basis: necessary contractual and/or pre-contractual performance, the implicit consent of the data subject when interacting with and/or following Nesai’s profile on the social network in which he/she interacts and the legitimate interest of Nesai.

4. TARGET

In accordance with the processing purposes indicated in the previous point, the personal contact data of the data subjects will be communicated to Nesai’s collaborating companies, subject to their explicit consent for such purposes, and failing this, on the basis of the legitimate interest of Nesai’s collaborating companies for internal administrative purposes in accordance with Recital 48 of the GDPR.

Likewise, we inform you that your personal data may be accessed by third parties acting on behalf of Nesai’s affiliated entities, provided that such access and processing of data is essential for the provision of a specific service to Nesai. Under this scenario, the entities affiliated to Nesai will in any case enter into the corresponding data processor contract with said third parties, which will process said data exclusively for the purposes determined by the company affiliated to Nesai in each case.

Finally, your data may be communicated to public bodies and authorities (administrative or judicial) in those cases where a legal regulation so provides.

5. INTERNATIONAL TRANSFERS

For some services, personal data of some categories of data subjects may be processed, accessed or stored in a country other than the one in which Nesai is located, which may not offer the same level of protection for personal data.

If Nesai affiliated entities transfer personal data to external companies in other jurisdictions, it will ensure the protection of personal data by: 1) the application of the level of protection required in accordance with the RGPD and the LOPDGDD, (2) in accordance with the standard contractual clauses approved by the European Commission or (3) in accordance with the exceptions for specific situations set out in Article 49 of the GDPR, such as obtaining the data subject’s explicit consent after being informed of the potential risks of such transfers due to the absence of a decision on adequacy and appropriate safeguards.

You may request additional information in relation to international transfers of personal data as detailed below in section 7 (Rights).

6. SECURITY AND ACCESS

In accordance with the GDPR and the LOPDGDD, Nesai implements technical, administrative and organisational security measures to protect the data we collect against accidental or unlawful destruction and against loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

In general, in order to access and browse the contents of the Website it is not necessary for the User to register beforehand. However, the visibility of certain Social Networking content may be conditional upon prior registration by the User. In this case, the data entered by the User must be accurate and up to date and must comply with the corresponding privacy policy of the Social Network.

7. RIGHTS

Users may exercise the following rights in relation to their personal data with the entities affiliated to Nesai: access; rectification; erasure; restriction of processing; data portability and opposition.

Similarly, in the processing of User data whose legitimacy is based on the consent given by the data subject, the latter has the right to withdraw such consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

In order to exercise these rights, the interested party may send their request in writing, accompanied by documentation and/or information accrediting their identity and expressly indicating which of the aforementioned rights they are exercising, by e-mail to the address [email protected].

We will consider all requests and provide our response within the time period established by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances because it includes personal data that we need to continue to process for our legitimate interests or to comply with a legal obligation.

In any case, the User has the right to file a complaint with the Spanish Data Protection Agency (www.aepd.com) if he/she deems it appropriate.

8. CHANGES OR MODIFICATIONS TO OUR PRIVACY POLICY

This Privacy Policy may be updated periodically to reflect changes in the processing of personal data.