In accordance with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter, the "GDPR") and Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights (hereinafter, the "LOPDGDD") and other applicable regulations, this Privacy Policy aims to inform all Users subject to it about the possible processing of their personal data.
This Privacy Policy is intended to help you understand what data NESAI SMART TECHNOLOGY, S.L. (hereinafter, "Nesai") collects and what they do with it. In this line, this Privacy Policy explains, among other issues:
- what information they collect and for what purposes;
- what uses they make of said information;
- the options they offer in relation to the collected information.
For the purposes of this Policy, "User" shall mean any category of data subjects included in this document.
1. IDENTIFICATION OF DATA CONTROLLERS:
Nesai takes the privacy of Users very seriously and undertakes to make the maximum efforts within its reach to respect it.
The identification data of the entities affiliated with Nesai, acting as data controllers, are:
Owner 1: NESAI SMART TECHNOLOGY, S.L.
Address: Avenida Diagonal, nº359, pl. Principal, 08037, Barcelona.
Contact: info@nesai.health
2. PERSONAL DATA WE PROCESS
Nesai collects personal data in the following ways:
- Personal data that the User provides us: when filling out any of the forms available on the website www.nesai.health and all its subdomains (hereinafter, the "Website"), or any physical form or form provided through Nesai's different Social Media profiles.
- Through Cookies and similar technologies: when visiting the Website, entities affiliated with Nesai use various technologies to collect and store information, and this may include the use of cookies or similar technologies to identify your browser or device. They also use these technologies to collect and store information when the User interacts with services offered by Nesai. Analytical cookies help Nesai analyze website traffic. You can obtain more information about Nesai's processing of personal data obtained through cookies in our Cookie Policy.
Such personal data can generally be grouped into the following categories:
- Identifying data: name, surnames, age, DNI or NIF number, physical and email address, telephone.
- Connection identifying data: IP, logs.
Likewise, we process personal data from different categories of data subjects who, considered as Users as a whole, by way of example and not limitation, are the following:
- Website and Social Media Users: personal data of Users who contact Nesai through our Website, or who access any of our profiles on Social Media as a follower, subscriber, or independent user.
- Clients, members, participants, suppliers, or collaborators: personal data of individuals who, acting as clients, members, service providers of any kind, or collaborators, contact Nesai through our Website or any other form provided by it to make strategic alliances or carry out business opportunities.
3. PROCESSING OF PERSONAL DATA BY NESAI
As mentioned earlier, Nesai processes personal data obtained through various channels. Likewise, regarding such personal data, Nesai carries out processing based on the different categories of data subjects and according to different purposes:
3.1 Processing purposes for Website Users
Personal data obtained through the Nesai Website will be processed for the following purposes:
Manage forms provided to Nesai from the Website or other physical forms provided to the User, as well as any other management related to the maintained relationship.
- Retention period: until the end of the contractual relationship and, once finalized, the time necessary for compliance with legal obligations.
- Legal basis: execution of contractual and/or pre-contractual conditions.
Attend to information requests and/or queries made by the User, management of claims or incidents.
- Retention period: until the User's information request and/or query has been resolved and, once resolved, the necessary period for compliance with applicable legal obligations, if any.
- Legal basis: execution of contractual and/or pre-contractual conditions and the legitimate interest implicit in your request and/or query, for Nesai to be able to attend to it.
3.2 Processing purposes for commercial communications.
1. Keep the data subject informed, including by electronic means (e-mail), and/or other equivalent means of communication (telephone/sms/mobile messaging applications) and/or traditional means (postal mail), about the products, services, and news of the Controllers, related to those products and services similar to those contracted by the User.
- Retention period: until the data subject objects to receiving such communications. In this sense, the User, at the time of contracting the products and/or services, will have available a mechanism to object to this type of communication.
- Legal basis: the legitimate interest of the Controllers in accordance with article 21.2 of Law 34/2002, of July 11, on services of the information society and electronic commerce (LSSI), as there is a prior contractual relationship, through which the Controllers lawfully obtained the contact details of the data subjects to use them for sending communications regarding products or services similar to those initially contracted by them.
2. Keep the data subject informed, including by electronic means (e-mail), and/or other equivalent means of communication (telephone/sms/mobile messaging applications) and/or traditional means (postal mail), about the products, services, news of the Controllers, publications, invitations, newsletter, activities, and events of the entities, provided that said User has given express consent to such processing.
- Retention period: until the data subject withdraws their consent to receive such communications.
- Legal basis: the explicit consent of the data subject given for receiving such communications.
3.3 Processing purposes for Social Media Users
1. Manage User interactions with Nesai through different Social Media profiles (Instagram, Facebook, or Twitter, among others). The data processed for this purpose will be those entered by Users in their profile on the corresponding social network, therefore, regulated by the Privacy Policy of said social network, for which Nesai is not responsible.
- Retention period: the data processed for this purpose will be kept for the duration of Nesai's profile on the contact social network.
- Legal basis: necessary contractual and/or pre-contractual execution, the implicit consent of the data subject when interacting with and/or following Nesai's profile on the interacting social network, and Nesai's legitimate interest.
4. RECIPIENTS
In accordance with the processing purposes indicated in the previous point, the contact personal data of the data subjects will be communicated to Nesai's collaborating companies provided that their explicit consent is obtained for such purposes, and failing that, based on the legitimate interest of Nesai's collaborating companies for internal administrative purposes in accordance with Recital 48 of the GDPR.
Likewise, inform you that your personal data may be accessed by third parties acting on behalf of entities affiliated with Nesai, provided that such access and data processing is essential for the provision of a specific service to Nesai. Under this scenario, the entities affiliated with Nesai will, in any case, subscribe the corresponding data processing agreement with said third parties, who will process said data exclusively for the purposes determined by the Nesai-affiliated company in each case.
Finally, your data may be communicated to public bodies and authorities (administrative or judicial) in those cases where a legal standard so establishes.
5. INTERNATIONAL TRANSFERS
For some services, the personal data of some categories of data subjects may be processed, accessed, or stored in a country other than the one where Nesai is located, which may not offer the same level of protection for personal data.
If entities affiliated with Nesai transfer personal data to external companies in other jurisdictions, they will ensure the protection of personal data by: 1) applying the level of protection required under the GDPR and LOPDGDD, 2) in accordance with the standard contractual clauses approved by the European Commission, or 3) in accordance with the exceptions for specific situations established in Article 49 of the GDPR, such as obtaining the explicit consent of the data subject after being informed of the possible risks of such transfers due to the lack of an adequacy decision and appropriate safeguards.
You can request additional information regarding international transfers of personal data as detailed below in section 7 (Rights).
6. SECURITY AND ACCESS
In accordance with the GDPR and LOPDGDD, Nesai applies technical, administrative, and organizational security measures to protect the data we collect against accidental or unlawful destruction and loss, alteration, unauthorized disclosure or access, especially when the processing involves the transmission of data over a network, and against all other unlawful forms of processing.
Generally, accessing and browsing the Website content does not require prior User registration. However, the visibility of certain Social Media content may be conditional on prior User registration. In such case, the data entered by the User must be accurate and current, and the corresponding Social Network Privacy Policy must be adhered to.
7. RIGHTS
Users can exercise the following rights related to their personal data before entities affiliated with Nesai: access; rectification; deletion; limitation of processing; data portability, and opposition.
Likewise, in the processing of User data whose legitimacy is based on the consent given by the data subject, the latter has the right to withdraw said consent at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.
To exercise such rights, the data subject can send their request, by writing accompanied by documentation and/or information proving their identity and expressly indicating which of the aforementioned rights they are exercising, by email to the address info@nesai.health.
We will consider all requests and provide our response within the timeframe established by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances as it includes personal data that we need to continue processing for our legitimate interests or to comply with a legal obligation.
In any case, the User has the right to file a complaint with the Spanish Data Protection Agency (www.aepd.com) if deemed appropriate.
8. CHANGES OR MODIFICATIONS TO OUR PRIVACY POLICY
This Privacy Policy may be updated periodically to reflect changes in personal data processing.