DETAILS OF OUR PRIVACY POLICY
INDEX
- Purpose of the Privacy Policy
- Definitions
- Identity of the Data Controller
- Applicable laws and regulations
- Principles applicable to the processing of personal data
- Security measures
- Treatment purposes
- Legitimation of the treatment
- Recipients of your data
- Data processing activities carried out
- Personal data of minors
- Origin and types of data processed
- Rights of interested parties
- Acceptance
- Data Processing Agreement (DPA)
1.-OBJECTIVE’S POLICY
The purpose of this «Privacy and Data Protection Policy» is to make known the conditions that govern the collection and processing of your personal data by Spain Startup and Investor Services S.L to ensure fundamental rights, your honor and freedoms, all of this in compliance with current regulations that regulate the Protection of Personal Data according to the European Union and the Spanish Member State.
In accordance with these regulations, we need to have your authorization and consent for the collection and processing of your personal data, so below, we indicate all the details of your interest regarding how we carry out these processes, for what purposes, what Other entities could have access to your data and what their rights are.
For all the above, once you have reviewed and read our Data Protection Policy, it is essential that you accept it as proof of your agreement and consent.
2.- DEFINITIONS
«Personal data»: All information about an identified or identifiable natural person (“the Website user”); An identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements specific to identity. physical, physiological, genetic, mental, economic, cultural or social of said person.
«Processing»: any operation or set of operations carried out on personal data or sets of personal data, whether by automated procedures or not, such as collection, registration, organisation, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of enabling access, collation or interconnection, limitation, deletion or destruction.
«Limitation of processing»: the marking of stored personal data in order to limit their processing in the future.
«Profiling»: any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects relating to the professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person.
“Pseudonymization”: the processing of personal data in such a way that they can no longer be attributed to a data subject without the use of additional information, provided that such additional information is contained separately and is subject to to technical and organizational measures aimed at ensuring that personal data are not attributed to an identified or identifiable natural person.
«File»: any structured set of personal data, accessible according to specific criteria, whether centralized, decentralized or distributed functionally or geographically.
“Controller” or “controller”: the natural or legal person, public authority, service or other body that, alone or together with others, determines the purposes and means of the treatment; If Union or Member State law determines the purposes and means of the processing, the controller or the specific criteria for its appointment may be established by Union or Member State law.
“Processor” or “processor”: the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller.
-
«Recipient»: the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive data will not be considered recipients
- personal in the framework of a specific investigation in accordance with Union or Member State law; The processing of such data by those public authorities shall be in accordance with the data protection rules applicable to the purposes of the processing.
«Third Party»: natural or legal person, public authority, service or body other than the interested party, the person responsible for the treatment, the person in charge of the treatment and the persons authorized to process the data. personal data under the direct authority of the controller or processor.
«Consent of the interested party»: any expression of free, specific, informed and unequivocal will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data that concerns you.
«Breach of security of personal data»: any breach of security that results in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or processed otherwise, or unauthorized communication or access to said data;
“Genetic data”: personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about the physiology or health of that person, obtained in particular of the analysis of a biological sample from such a person.
«Biometric data»: personal data obtained from specific technical processing, relating to the physical, physiological or behavioral characteristics of a natural person that allow or confirm unique identification of that person, such as facial images or fingerprint data.
“Health-related data”: personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about their state of health.
‘Principal establishment’: a) regarding a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken at another establishment of the controller in the Union and the latter establishment has the power to enforce such decisions, in which case the establishment that has taken such decisions will be considered the main establishment; b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union or, If not, the establishment of the processor in the Union where the main processing activities are carried out in the context of the activities of an establishment of the processor to the extent that the processor is subject to specific obligations under this Regulation .
“Representative”: natural or legal person established in the Union who, having been designated in writing by the controller or processor in accordance with Article 27 of the GDPR, represents to the controller or processor with regard to their respective obligations under this Regulation.
«Company»: a natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations that regularly carry out an economic activity.
“Supervisory authority”: the independent public authority established by a Member State in accordance with the provisions of Article 51 of the GDPR. In the case of Spain it is the Spanish Data Protection Agency.
In the case of Germany you can contact Berliner Beauftragte für Datenschutz und Informationsfreiheit In the case of Austria can contact Österreichische Datenschutzbehörde.
In the case of Belgium you can contact Autorité de protection des données Gegevensbeschermingsautoriteit
In the case of Bulgaria you can contact Commission for Personal Data Protection. In the case of Denmark you can contact Datatilsynet.
In the case of Slovakia you can go to https: /dataprotection.gov.sk/uoou / In the case of Slovenia you can go to https: /www. ip-rs.si/.
In the case of Estonia you can go to https: /www.aki.ee/et
In the case of Spain it is the Spanish Data Protection Agency .
In the case of Finland you can contact Office of the Data Protection Ombudsman,.
In the case of France you can contact Commission Nationale de l’Informatique et des Libertés En the case of Greece can be addressed to Hellenic Data Protection Authority
In the case of Hungary you can contact the Office of the Commissioner for Fundamental Rights of Hungary En Ireland’s case can be addressed to the Data Protection Commission.
In the case of Italy you can contact Garante per la Protezione dei Dati Personali In the case of Latvia you can go to https: /www.dvi.gov.lv/lv
In the case of LIthuania you can contact State Data Protection Inspectorate
In the case of Luxembourg you can contact Commission Nationale pour la Protection des Données In the case of Malta you can contact Information and Data Protection Commissioner
In the case of the Netherlands you can contact https: /autoriteitpersoonsgegevens.nl/en archiwum.giodo. gov.pl//https: In the case of Poland you can go to
In the case of Portugal you can contact Comissão Nacional de Proteção de Dados In the case of United Kingdom you can contact the Information Commissioner´s Office
In the case of Romania you can contact the National AuthorityţionalSupervision of the Processing of Personal Data
In the case os Sweden you can contact the Swedish Authority For Privacy Protection
In the case of the Czech Republic you can go to https: /www.uoou.cz/
In the case of Cyprus you can contact Office of the Commissioner for Personal Data Protection
Data Protection Authorities (other European countries) :
In the case of Andorra you can contact Agència Andorrana de Protecció de Dades In the case of Croatia can contact Croatian Personal Data Protection Agency In the case of Iceland you can contact https: /www.personuvernd.is/
In the case of Liechetenstein you can go to https: /www.llv.li/ azlp.mk/ /https: In the case of Macedonia you can go to
In the case of Monaco you can contact Commission de Contrôle des Informations Nominatives In the case of Norway can contact Datatilsynet
In the case of Switzerland you can go to https: /www.edoeb.admin.ch /edoeb/de/home.html
Other International Data Protection Authorities:
In the case of Canada you can go to https: /www.priv.gc.ca /en/
In the case of Hong Kong you can go to https: /www.pcpd.org. hk/
“Cross-border processing”: a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, if the controller or processor is established in more than one Member State, or b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
“Information society service”: any information society service, that is, any service normally provided in exchange for remuneration, at a distance, by electronically and at the individual request of a service recipient.
3.-IDENTITY OF THE TREATMENT CONTROLLER
Who collects and processes your data?
The Data Controller is that natural or legal person, public or private in nature, or administrative body, who alone or jointly with others determines the purposes and means of processing personal data; in the event that the purposes and means of the processing are determined by the Law of the European Union or the Spanish Member State.
In this case, our identifying data as Data Controller are the following: Spain Startup and Investor Services S.L CIF B86685294
How can you contact us?
Postal address and our offices: Paseo de la Castellana 70, 1º. 28046, Madrid (Madrid), Spain Registered office: Paseo de la Castellana 70, 1º. 28046, Madrid (Madrid), Spain
Email: privacy@southsummit.io – Teléfono: +34 915625784
Who can help you with our Data Protection Policy?
We have a person or entity specialized in data protection, who is in charge of ensuring correct compliance in our entity with current legislation and regulations. This person is called the Data Protection Officer (DPO) and, if you need it, you can contact him as follows:
Despacho Auratech Legal Solutions, SLP
Email: privacy@auratechlegal.es Telephone: 0034 911 134 963
4.- APPLICABLE LAWS AND REGULATIONS
This Privacy and Data Protection Policy is developed based on the following regulations and data protection laws:
Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free circulation of these data. Hereinafter GDPR.
Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
Law 34/2002, of July 11, on Information Society Services and Electronic Commerce. Hereinafter LSSICE.
5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
The personal data collected and processed through this website will be treated in accordance with the following principles:
Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be lawful and fair, being completely clear to the user when they are being collected, used , consulting or processing personal data that concerns you. The information regarding the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language.
Purpose limitation principle: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a manner incompatible with the purposes for which they were collected .
Principle of data minimization: The data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Principle of accuracy: The data will be accurate and, if necessary, updated, taking all reasonable measures to ensure that personal data that are inaccurate are deleted or rectified without delay. regarding the purposes for which they are processed.
Principle of limitation of the conservation period: The data will be maintained in a way that allows the identification of the interested parties for no longer than necessary for the purposes of the processing of personal data.
Principle of integrity and confidentiality: The data will be processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and against its accidental loss or damage, through the application of appropriate technical and organizational measures
Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set out in this section and will be able to demonstrate it.
6.-SAFETY MEASURES
What do we do to guarantee the privacy of your data?
Spain Startup and Investor Services S.L adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, prevent its alteration, loss, treatment or unauthorized access, depending on the state of the technology, the nature of the data stored and the risks to which they are exposed.
Among others, the following measures stand out:
Ensure the ongoing confidentiality, integrity, availability and resilience of treatment systems and services. Restore availability and access to personal data quickly, in the event of a physical or technical incident.
Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the security of the treatment.
Pseudonymize and encrypt personal data, if it is sensitive data.
On the other hand, Spain Startup manages information systems according to the following principles:
Principle regulatory compliance: All information systems will comply with the applicable regulatory and sectoral legal regulations that affect information security, especially those related to protection of personal data, system security, data, communications and electronic services.
Risk management principle: Risks will be minimized to acceptable levels and a balance between security controls and the nature of the information will be sought. Security objectives must be established, reviewed and consistent with information security aspects.
Principle of awareness and training: Training, awareness-raising programs and awareness campaigns will be articulated for all users with access to information, regarding information security.
Principle of proportionality: The implementation of controls that mitigate asset security risks will be carried out seeking a balance between security measures, nature and information and risk.
Principle of responsibility: All members of the Data Controller will be responsible for their conduct regarding the security of the information, complying with the established standards and controls.
Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed on a recurring basis to increase the ability to adapt to the constant evolution of risk and of the technological environment.
7.- PURPOSES OF THE TREATMENT
Why do we want to process your data?
We need your authorization and consent to collect and process your personal data, so below we detail the intended uses and purposes:
Management of registered users competition: E-commerce; Obtain business opportunities from our partners; Join the Startup Competition..
South Summit used images.: Recording and streaming playback of the event’s presentations. ; Show images of event attendees on our website, RRSS. .
South Summit control of attendees and ticket sales: Attend to the requests received by requesting the investor pass from the Request Investor Pass form on our website; Respond to requests received by requesting a press pass from the Request Press Pass form on our website; Access control to South Summit; Sending information about the South Summit organization; Sale of tickets from our website to attend South Summit.
Ecommerce customer management: Electronic commerce.
Newsletter: Be up to date on news related to the South Summit ecosystem (Speakers, participants, investors, etc.); Offer services and news from third-party partners by linking the email with the newsletter to the websites of third-party partners or collaborators.; We may send you communications about the following sectors: Training, Selection, Leisure, Outlets, Financial, Editorial, Education, Automotive, NGO, Telecommunications, Consulting, Energy, Medicine, Textile, Home, Hygiene, Health, Beauty, Personal Care, Furniture, Food , Collecting, Music, Videos, Hobbies, Office Supplies, Computers, Online/offline gaming activities, Technology, Travel, Jewelry, Drugstore and Cleaning, or Insurance. to send you their advertising and commercial information by electronic and/or telephone means. .
Volunteer management: Help in the area of accreditation.; Collaborate with general logistics.; Inform visitors about the operation of the event.; Organize access to La Nave.; Prevention of occupational hazards; Human resources.
Website Inquiries: Response and respond to requests received from the forms on our website such as Become a Ambassador, Suggest a Speaker, Suggest Ideas, y Contactenos.
RRSS Social Networks: Creation and management of information through social networks.
Video surveillance of facilities: Security and access control to buildings; Video surveillance.
Compliance with GDPR obligations: Attend to citizens’ requests in the exercise of the rights established by the General Data Protection Regulation; Data Protection and information privacy.
Cookies, pixel and tracking: Sharing information on social networks. “Fav”, “Like”, “+1” and similar buttons; Obtain statistical data on user navigation, identify problems and analyze their preferences; Streaming video and third-party maps. A feature or add-on provided by a third party establishes a direct connection between the user’s browser and Internet domains owned by the third party, allowing the feature to be downloaded and executed.
Attention to the rights of people: Attend to citizens’ requests in the exercise of the rights established by the General Data Protection Regulation; Compliance with our different legal obligations.
Startup Competition evaluation committee: Sending emails inviting you to participate with the link to sign up and indicating the dates on which each session will take place; Evaluate the participating startup projects to select the 100 that will present their projects in 10 blocks throughout the first two days of the meeting.
Commercial communications: Marketing, advertising and commercial prospecting. Control access to the event: Control access to the event..
Participant Management South Summit: The personal data collected will be processed for the purpose of managing the relationship derived from this contract.; Allow you to participate effectively and actively in the sections and activities of South Summit to which you agree; Process the compensation for the services and activities that the participant will enjoy at South Summit; Reciprocal use of the distinctive signs and brands of which the participant and the company are owners.
Startup Competition evaluation jury: Response and attend to the requests received from the form on our Become a Jury website; Sending emails inviting you to participate with the link to sign up and indicating the dates on which each session will take place; Evaluate the projects of the 100 startups selected in the Selection Committees on the South Summit platform. Partner with us / Get your stand: Inform about rates, types of stands, services and existing activities for participants who collaborate in South Summit.
Book your South Summit trip: Receive information on accommodation and travel offers to SOUTH SUMMIT clients, obtaining a discount on the usual rate.
Speakers South Summit: Response to people who offer themselves as speakers from the become a speaker form on our website; Manage image, voice and NDA processing contracts with speakers; Process the information of the Speakers participating in the South Summit to balance their calendars.
For how long do we keep your data?
We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the expected retention periods are:
Management of registered competition users : For a period of 6 years from the last confirmation of interest. The data will be processed until the owners of the information show their opposition to the processing.
South Summit I use images. The data is kept in the social network itself in accordance with its privacy policies.
South Summit control of attendees and ticket sales : For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as it is necessary or relevant for the purpose for which it was collected or registered, and as long as the consent given is not revoked.
Ecommerce customer management : For a period of 5 years from the last confirmation of interest
Newsletter : As long as its deletion is not requested by the interested party. No minimum or maximum conservation periods have been established; If the interested party shows opposition to the processing of data, they are deleted depending on the interaction channel or request to oppose the processing of the data
Volunteer management : For a period of 5 years from the last confirmation of interest
Website Inquiries : While the commercial or contractual relationship is maintained. We will maintain your personal information as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to deletion, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or some type of judicial, legal or contractual responsibility may arise from its treatment, which must be attended to and for which recovery is necessary.
RRSS Social Networks : As long as its deletion is not requested by the interested party. The personal data provided will be kept as long as it is necessary or relevant for the purpose for which it was collected or registered. We are obliged to block the data when it is deleted. The blocking of data consists of the identification and reservation of the same, adopting technical and organizational measures, to prevent its processing, including its visualization, except for making the data available to judges and courts, the Public Prosecutor’s Office or the Competent Public Administrations, in particular the data protection authorities, to demand possible responsibilities arising from the processing and for three years, the statute of limitations thereof. The blocked data may not be processed for any purpose other than that indicated Video surveillance of the facilities : For a period of 1 month from the last confirmation of interest. The recorded images will be kept for one month from the date of recording
Compliance with GDPR obligations : As long as its deletion is not requested by the interested party. The personal data provided is
They will be kept as long as their deletion is not requested by the interested party or when the data are no longer necessary – including the need to keep them during the applicable statute of limitations – or relevant for the purpose for which they were collected or registered.
Cookies, pixel and tracking You must access our cookie policy to know the retention time of each cookie as well as the information that has been collected.
Attention to the rights of people They will be kept for the time necessary to resolve the claims. The provisions of the archives and documentation regulations will apply
Startup Competition evaluation committee : As long as the commercial relationship is maintained. Once the relationship has ended and is not linked to other issues, it is kept for a minimum period of six years, in accordance with the Commercial Code and tax and fiscal regulations. Companies that are part of the selection committee will have access to the platform for a period of approximately three weeks.
Commercial communications : As long as its deletion is not requested by the interested party
Control access to the event : For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as it is necessary or relevant for the purpose for which it was collected.
South Summit Participant Management : For a period of 6 years from the last confirmation of interest. Once the relationship has ended and is not linked to other issues, it is kept for a minimum period of 6 years, in accordance with the Commercial Code and tax and fiscal regulations.
Startup Competition evaluation jury : As long as the commercial relationship is maintained. Once the relationship has ended and is not linked to other issues, it is kept for a minimum period of 6 years, in accordance with the Commercial Code and tax and fiscal regulations.
Partner with us / Get your stand No retention period has been defined, depending on the type of request and interaction of the applicant with the website and subsequent transformation into a client, potential client
Book your South Summit trip : For a period of 5 years from the last confirmation of interest. We will maintain your personal information as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to deletion, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or some type of judicial, legal or contractual responsibility may arise from its treatment, which must be attended to and for which recovery is necessary.
Speakers South Summit : While the commercial or contractual relationship is maintained. We will maintain your personal information as long as there is a contractual and/or commercial relationship with the speaker, or as long as you do not exercise your right to deletion, cancellation and/or limitation of the processing of your data. In these cases we will comply with the signed contracts for the processing of data such as your image and voice.
8.- LEGITIMATION OF THE TREATMENT
Why do we process your data?
The collection and processing of your data is always legitimized by one or more legal bases, which we detail below:
Management of registered competition users
(Art. 6.1.a RGPD) Consent of the interested party
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract South Summit use images.
(Art. 6.1.a RGPD) Consent of the interested party
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract South Summit control of attendees and ticket sales
(Art. 6.1.a RGPD) Consent of the interested party
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract Ecommerce customer management
Explicit consent of the interested party Newsletter
(Art. 6.1.a RGPD) Consent of the interested party Volunteer management
Explicit consent of the interested party Website consultations
Explicit consent of the interested party RRSS Social Networks
Explicit consent of the interested party
RGPD: 6.1.a) Consent of the interested party. . The legal basis for sending information related to professional practice or professional interest and for the provision of voluntary services is the consent that you give, which you may withdraw at any time.
Video surveillance of the facilities
Legitimate interest of the Data Controller or third parties
RGPD: 6.1.f) Satisfaction of legitimate interests pursued by the data controller.
Compliance with GDPR obligations
Legal obligation for historical, statistical or scientific research purposes
RGPD: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment. Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations. Common Administrative Procedure Law
General Data Protection Regulation. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the free circulation of these data and repealing the Directive 95/46/EC (General Data Protection Regulation
Cookies, píxel y tracking
(Art. 6.1.a RGPD) Consent of the interested party Attention to the rights of people
Legal obligation of the Data Controller
General Law for the Defense of Consumers and Users. Law 3/2014, of March 27, which modifies the R.D. Legislative 1/2007, of November 16, which approves the Consolidated Text of the General Law for the Defense of Consumers and Users and other complementary Laws
LSSICE. Law 34/2002, of July 11, on information society services and electronic commerce. Law 34/2002, of July 11, on information society services and electronic commerce
(Art. 6.1.c RGPD) Compliance with legal obligations of the Data Controller
LOPDGDD. Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights. GDPR. Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, relating to the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which repeals Directive 95/46/EC
Startup Competition evaluation committee
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract (Art. 6.1.a RGPD) Consent of the interested party
Commercial communications Explicit consent of the interested party
Control access to the event
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract South Summit participant management
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract (Art. 6.1.f RGPD) Legitimate interest of the Data Controller or third parties
Startup Competition evaluation jury
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract (Art. 6.1.a RGPD) Consent of the interested party
Partner with us / Get your stand
(Art. 6.1.a RGPD) Consent of the interested party Book your South Summit trip
(Art. 6.1.a RGPD) Consent of the interested party
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract Speakers South Summit
(Art. 6.1.a RGPD) Consent of the interested party
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract
9.- RECIPIENTS OF YOUR DATA
To whom do we transfer your data within the European Union?
Sometimes, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:
Management of registered competition users. Your data will be delivered to the sponsoring companies South Summit uses images.: Companies dedicated to advertising or direct marketing. The data will be transferred to the social networks Facebook and Instagram. Some partners will make recordings during the event where their image may appear.
South Summit control of attendees and ticket sales: Banks, savings banks and rural banks. Partners and collaborating companies with the organization of the event.
Ecommerce customer management: Tax Administration; Banks, savings banks and rural banks
Newsletter. In cases where the subscriber clicking on our newsletter is redirected to the landing page or website of our partners, South Summit will not be responsible for any subsequent data processing that may occur.
Volunteer management: Social Security Organizations
RRSS Social Networks. Entities providing social network services
Video surveillance of facilities: Security forces and bodies. The images may be communicated, in the context of reporting or investigating criminal infractions, to the State Security Forces and Bodies, Judicial Bodies, Public Prosecutor’s Office
Compliance with GDPR obligations: Public administration with jurisdiction in the matter. In the case of notification of security bankruptcies: Spanish Data Protection Agency.
Cookies, pixel and tracking : Companies dedicated to advertising or direct marketing
Attention to the rights of people: Public administration with jurisdiction in the matter. -Autonomous consumer organizations. -Spanish Data Protection Agency.
Startup Competition evaluation committee. TEAM TITO LIMITED. Company Number: 566334. VAT Number: IE3384527RH 64 Dame Street, Dublin, Ireland D02 RT72 The partner companies that act as a committee will access the South Summit platform to be able to evaluate the StartUps with the greatest potential.
Control access to the event. Partners and collaborating companies with the organization of the event.
South Summit Participant Management: Tax Administration; Banks, savings banks and rural banks; Public administration with competence in the matter
Jurado evaluación Startup Competition. TEAM TITO LIMITED. Company Number: 566334. VAT Number: IE3384527RH 64 Dame Street, Dublin, Ireland D02 RT72
Book your South Summit trip. Collaborating travel agencies
South Summit control of attendees and ticket sales IE UNIVERSITY (Partner of the event: Identifying data)
Do we make International Transfers of your data outside the European Union?
In the processes of processing your data carried out by our entity, we need to hire external services that could imply that your data is stored and/or processed by organizations that are established or operate from outside the European Union, which would imply that we carry out transfers. international of your data.
Below, we indicate all the details of these international transfers, (they only appear if they were made): Newsletter
The Rocket Science Group LLC d/b/a Mailchimp – United States Guaranteed level of protection: Adequate Guarantees
Category of guarantees: Guarantees approved by the Control Authority Standard contractual clauses.
10.- DATA PROCESSING ACTIVITIES
The data processing activities carried out through the website are detailed below, specifying each of the following sections:
Activity: Name of the data processing activity
Purposes: Each of the uses and treatments carried out with the data collected Legal basis: The legal basis that legitimizes the processing of data
Data processed: Typology of data processed Origin: Where the data is obtained from
Retention: Period for which data is retained
Recipients: Persons or third parties to whom the data is provided
International transfers: Cross-border shipments of data outside the European Union
-
-
-Main treatment activities
These are those data processing activities whose purposes are necessary and essential for the provision of services.
VIDEO SURVEILLANCE OF THE FACILITIES
Legal bases
Legitimate interest of the Data Controller or third parties (RGPD: 6.1.f) Satisfaction of legitimate interests pursued by the data controller)
Purposes
Security and access control to buildings; Video surveillance; The images will be processed in order to manage video surveillance to guarantee the safety of people, property and facilities.
Data categories and groups
Employees (Identifying data). Visits (Identifying data)
Data provenance
The interested party himself or his legal representative
Recipient category
Security forces and bodies; The images may be communicated, in the context of reporting or investigating criminal infractions, to the State Security Forces and Corps, Judicial Bodies, Public Prosecutor’s Office.
International transfer
They are not planned
Conservation period
For a period of 1 month from the last confirmation of interest. The images
recorded will be kept for one month from the date of recording
COMPLIANCE WITH RGPD OBLIGATIONS
Legal bases
Legal obligation for the purposes of historical, statistical or scientific research (RGPD: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment., Law 39/2015, of October 1, on the Common Administrative Procedure of the Public Administrations, General Data Protection Regulation)
Purposes
Respond to citizens’ requests in the exercise of the rights established by the General Data Protection Regulation; Data Protection and information privacy; Process your data in order to respond to requests in the exercise of the rights established by the General Data Protection Regulation (art 5 RGPD) and, where appropriate, to notify personal data security breaches to the supervisory authority and interested parties (articles 33 and 34 of the GDPR)
Data categories and groups
Customers (Identifying data). Employees (Identifying data; Employment details)
Data provenance
The interested party himself or his legal representative
Recipient category
Public administration with competence in the matter; In the case of notification of security bankruptcies: Spanish Data Protection Agency.
International transfer
They are not planned
Conservation period
As long as its deletion is not requested by the interested party. The personal data provided will be kept as long as its deletion is not requested by the interested party or when the data is no longer necessary – including the need to keep them during the applicable prescription periods – or relevant for the purpose for which they were collected.
o registered
ATTENTION TO THE RIGHTS OF PEOPLE
Legal bases
Legal obligation of the Data Controller (General Law for the Defense of Consumers and Users, LSSICE. Law 34/2002, of July 11, on information society services and electronic commerce.); (Art. 6.1.c RGPD) Compliance with legal obligations of the Data Controller (LOPDGDD, RGPD)
Purposes
Respond to citizens’ requests in the exercise of the rights established by the General Data Protection Regulation; Compliance with our different legal obligations.
Data categories and groups
Natural persons who complain to the organization (Identifying data)
Data provenance
The interested party himself or his legal representative
Recipient category
Public administration with competence in the matter; -Autonomous consumer organizations. -Spanish Data Protection Agency.
International transfer
They are not planned
Conservation period
They will be kept for the time necessary to resolve claims. The provisions of the archives and documentation regulations will apply.
Security measures
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
-
The ability to ensure the ongoing confidentiality, integrity, availability and resilience of treatment systems and services.
-
The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
-
A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the security of processing.
-
Pseudonymization and encryption of personal data.
CONTROL ACCESS TO THE EVENT
Legal bases
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract
Purposes
Control access to the event.
Data categories and groups
Volunteers (Identifying data). Speaker and speakers (Identifying data). South Summit attendees or other events (Identifying data)
Data provenance
The interested party himself or his legal representative; Private entity; From the form become a Speaker of the website; Attendees to the event such as Speakers, Partners, Investors
, Speakers or Startup Members
Recipient category
Partners and collaborating companies with the organization of the event.
International transfer
They are not planned
Conservation period
For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as it is necessary or relevant for the
purpose for which they had been collected.
SOUTH SUMMIT PARTICIPANT MANAGEMENT
Legal bases
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract; (Art. 6.1.f RGPD) Legitimate interest of the Data Controller or third parties
Purposes
The personal data collected will be processed for the purpose of managing the relationship derived from this contract.; Allow you to participate effectively and actively in the sections and activities of South Summit to which you agree; Process the compensation for the services and activities that the participant will enjoy at South Summit; Reciprocal use of the distinctive signs and brands of which the participant and the company are owners; Organization of South Summit as a global physical meeting in Madrid, connecting the different poles of global innovation, and connecting the main actors of national and international innovation with physical networking and through the digital platform. South Summit becomes a 365 connection platform, with meetings throughout the year, both in person and digital, to continue connecting the key players in the innovation ecosystem and promoting the best of both worlds. This omnichannel format will be developed both virtually and in person as the circumstances or the convenience of the format chosen for each section dictate.
Data categories and groups
Customers (Identifying data)
Data provenance
The interested party himself or his legal representative
Recipient category
Tax administration; Banks, savings banks and rural banks; Public administration with jurisdiction in the matter
International transfer
They are not planned
Conservation period
For a period of 6 years from the last confirmation of interest. Once the relationship has ended and is not linked to other issues, it is kept for a minimum period of 6 years, in accordance with the Commercial Code and tax and fiscal regulations.
Security measures
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
-
The ability to ensure the ongoing confidentiality, integrity, availability and resilience of treatment systems and services.
-
The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
-
A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the security of processing.
-
Pseudonymization and encryption of personal data.
-
-
-Optional treatment activities (if the user has marked their acceptance)
-
These are those personal data processing activities whose purposes are not essential for the provision of the service and which are only carried out if the user has marked YES in the consent to carry out these activities.
MANAGEMENT OF REGISTERED COMPETITION USERS |
|
Legal bases |
(Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract |
Purposes |
electronic commerce; Obtain business opportunities from our partners; Join the Startup Competition. |
Data categories and groups |
Registered competition users (Identificative data) |
Data provenance |
The interested party himself or his legal representative |
Recipient category |
Your data will be delivered to the sponsoring companies |
International transfer |
They are not planned |
Conservation period |
For a period of 6 years from the last confirmation of interest. The data will be processed until the owners of the information show their opposition to the treatment. |
SOUTH SUMMIT USE IMAGES. |
|
Legal bases |
(Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract |
Purposes |
Recording and streaming playback of the event presentations. ; Show images of event attendees on our website, RRSS. ; During the event all events will be recorded and played in streaming. Attendees will be able to appear in the Streaming videos, on our social networks and those of the attendees themselves, as well as in the press that comes to cover the event. |
Data categories and groups |
Speaker and speakers (Identifying data). South Summit attendees or other events (Identifying data) |
Data provenance |
The interested party himself or his legal representative; Private entity; From the form become a Speaker of the website; Attendees to the event such as Speakers, Partners, Investors , Speakers or Startup Members |
Recipient category |
Companies dedicated to advertising or direct marketing; The data will be transferred to the social networks Facebook and Instagram. Some partners will make recordings during the event where their image may appear. |
International transfer |
They are not planned |
Conservation period |
The data is kept in the social network itself in accordance with its privacy policies. |
SOUTH SUMMIT CONTROL OF ATTENDEES AND SALE OF TICKETS |
|
Legal bases |
(Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract |
Purposes |
Respond to requests received requesting the investor pass from the Request Investor Pass form on our website; Respond to requests received by requesting a press pass from the Request Press Pass form on our website; Access control to South Summit; Sending information about the South Summit organization; Sale of tickets from our website to attend South Summit |
Data categories and groups |
Speaker and speakers (Identifying data). Attendees South Summit or other events (Identifying data; Economic, financial and insurance; Credit information; Personal characteristics; Employment details) |
Data provenance |
The interested party himself or his legal representative; Private entity; From the form become a Speaker of the website; Attendees to the event such as Speakers, Partners, Investors , Speakers or Startup Members |
Recipient category |
Banks, savings banks and rural banks; Partners and collaborating companies with the organization of the event. IE UNIVERSITY (CIF: G40155384); |
International transfer |
They are not planned |
Conservation period |
For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as they are necessary or relevant for the purpose for which they were collected or registered, and as long as you do not revoke the consent given. |
ECOMMERCE CUSTOMER MANAGEMENT |
|
Legal bases |
Explicit consent of the interested party |
Purposes |
e-commerce |
Data categories and groups |
Ecommerce Clients (Identifying data; Economic, financial and insurance; Transactions of goods and services) |
Data provenance |
The interested party himself or his legal representative |
Recipient category |
Tax administration; Banks, savings banks and rural banks |
International transfer |
They are not planned |
Conservation period |
For a period of 5 years from the last confirmation of interest |
NEWSLETTER |
|
Legal bases |
(Art. 6.1.a RGPD) Consent of the interested party |
Purposes |
Stay up to date on news related to the South Summit ecosystem (Speakers, participants, investors, etc.); Offer services and news from third-party partners by linking the email with the newsletter to the websites of third-party partners or collaborators.; We may send you communications about the following sectors: Training, Selection, Leisure, Outlets, Financial, Editorial, Education, Automotive, NGO, Telecommunications, Consulting, Energy, Medicine, Textile, Home, Hygiene, Health, Beauty, Personal Care, Furniture, Food , Collecting, Music, Videos, Hobbies, Office Supplies, Computers, Online/offline gaming activities, Technology, Travel, Jewelry, Drugstore and Cleaning, or Insurance. to send you their advertising and commercial information by electronic and/or telephone means. ; We may send you communications about the following sectors: Training, Selection, Leisure, Outlets, Financial, Editorial, Education, Automotive, NGO, Telecommunications, Consulting, Energy, Medicine, Textile, Home, Hygiene, Health, Beauty, Personal Care, Furniture, Food , Collecting, Music, Videos, Hobbies, Office Supplies, Computers, Online/offline gaming activities, Technology, Travel, Jewelry, Drugstore and Cleaning, or Insurance. to send you their advertising and commercial information by electronic and/or telephone means. |
Data categories and groups |
Subscribers (Identifying data) |
Data provenance |
The interested party himself or his legal representative; The data is collected when the subscriber enters their email address in the registration form for our newsletter on the website. |
Recipient category |
In cases where the subscriber clicking on our newsletter is redirected to the landing page or website of our partners, South Summit will not be responsible for any subsequent data processing that may occur. |
International transfer |
The Rocket Science Group LLC d/b/a Mailchimp – United States (Platform for mass sending of electronic communications) – Adequate Guarantees |
Conservation period |
As long as its deletion is not requested by the interested party. No minimum or maximum conservation periods have been established; If the interested party shows opposition to the processing of data, they are deleted depending on the interaction channel or request to object to the processing of the data. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
|
VOLUNTEER MANAGEMENT |
|
Legal bases |
Explicit consent of the interested party |
Purposes |
Help in the area of accreditation; Collaborate with general logistics.; Inform visitors about the operation of the event.; Organize access to La Nave.; Prevention of occupational hazards; Human Resources; Provide support to Marketplace clients and startups. Accompany the speakers. Provide support in the coordination of meetings between startups, investors and corporations. |
Data categories and groups |
Volunteers (Identifying data; Personal characteristics) |
Data provenance |
The interested party himself or his legal representative |
Recipient category |
Social Security Organizations |
International transfer |
They are not planned |
Conservation period |
For a period of 5 years from the last confirmation of interest |
WEBSITE CONSULTATIONS |
|
Legal bases |
Explicit consent of the interested party |
Purposes |
Respond and attend to requests received from the forms on our website such as Become an Ambassador, Suggest a Speaker, Suggest Ideas, and Contact Us |
Data categories and groups |
People who access and contact through the website (Identifying data; Employment details; Other categories) |
Data provenance |
The interested party himself or his legal representative; People who contact us from web forms such as Become an Ambassador, Suggest a Speaker, Suggest Ideas, and Contact us |
Recipient category |
They are not planned |
International transfer |
They are not planned |
Conservation period |
As long as the commercial or contractual relationship is maintained. We will maintain your personal information as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to deletion, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or some type of judicial, legal or contractual responsibility may arise from its treatment, which must be attended to and for which recovery is necessary. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
|
RRSS SOCIAL NETWORKS |
|
Legal bases |
Explicit consent of the interested party (RGPD: 6.1.a) Consent of the interested party. ) |
Purposes |
Creation and management of information through social networks |
Data categories and groups |
Followers (Identifying data) |
Data provenance |
The interested party himself or his legal representative |
Recipient category |
Entities providing social network services |
International transfer |
They are not planned |
Conservation period |
As long as its deletion is not requested by the interested party. The personal data provided will be kept as long as it is necessary or relevant for the purpose for which it was collected or registered. We are obliged to block the data when it is deleted. The blocking of data consists of the identification and reservation of the same, adopting technical and organizational measures, to prevent its processing, including its visualization, except for making the data available to judges and courts, the Public Prosecutor’s Office or the Competent Public Administrations, in particular the data protection authorities, to demand possible responsibilities arising from the processing and for three years, the statute of limitations thereof. The data Blocked data may not be processed for any purpose other than that indicated. |
COOKIES, PÍXEL Y TRACKING |
|
Legal bases |
(Art. 6.1.a RGPD) Consent of the interested party |
Purposes |
Share information on social networks. “Fav”, “Like”, “+1” and similar buttons; Obtain statistical data on user navigation, identify problems and analyze their preferences; Streaming video and third-party maps. A feature or add-on provided by a third party establishes a direct connection between the user’s browser and Internet domains owned by the third party, allowing the feature to be downloaded and executed. |
Data categories and groups |
People who access and contact through the website (Commercial information; Other categories) |
Data provenance |
The interested party himself or his legal representative; People who contact us from web forms such as Become an Ambassador, Suggest a Speaker, Suggest Ideas, and Contact us |
Recipient category |
Companies dedicated to advertising or direct marketing |
International transfer |
They are not planned |
Conservation period |
You must access our cookie policy to know the retention time of each cookie as well as the information that has been collected. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
|
STARTUP COMPETITION EVALUATION COMMITTEE |
|
Legal bases |
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract; (Art. 6.1.a RGPD) Consent of the interested party |
Purposes |
Sending emails inviting you to participate with the link to sign up and indicating the dates on which each session will take place; Evaluate the participating startup projects to select the 100 that will present their projects in 10 blocks throughout the first two days of the meeting; Sending emails inviting you to participate with the link to sign up and indicating the dates on which each session will take place |
Data categories and groups |
Evaluation committee (Identifying data; Other categories) |
Data provenance |
The interested party himself or his legal representative; Private entity |
Recipient category |
TEAM TITO LIMITED. Company Number: 566334. VAT Number: IE3384527RH 64 Dame Street, Dublin, Ireland D02 RT72 The partner companies that act as a committee will access the South Summit platform to be able to evaluate the StartUps with the greatest potential. |
International transfer |
They are not planned |
Conservation period |
As long as the business relationship is maintained. Once the relationship has ended and is not linked to other issues, it is kept for a minimum period of six years, in accordance with the Commercial Code and tax and fiscal regulations. Companies that are part of the selection committee will have access to the platform for a period of approximately three weeks. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
|
COMMERCIAL COMMUNICATIONS |
|
Legal bases |
Explicit consent of the interested party |
Purposes |
Marketing, advertising and commercial prospecting |
Data categories and groups |
Customers (Identifying data). Potential (Identifying data) |
Data provenance |
The interested party himself or his legal representative; Forms on our website. |
Recipient category |
They are not planned |
International transfer |
They are not planned |
Conservation period |
As long as its deletion is not requested by the interested party |
STARTUP COMPETITION EVALUATION JURY |
|
Legal bases |
(Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract; (Art. 6.1.a RGPD) Consent of the interested party |
Purposes |
Respond and attend to requests received from the form on our Become a Jury website; Sending emails inviting you to participate with the link to sign up and indicating the dates on which each session will take place; Evaluate the projects of the 100 startups selected in the Selection Committees on the South Summit platform |
Data categories and groups |
Jury (Identifying data; Other categories; Employment details) |
Data provenance |
The interested party himself or his legal representative; Private entity |
Recipient category |
TEAM TITO LIMITED. Company Number: 566334. VAT Number: IE3384527RH 64 Dame Street, Dublin, Ireland D02 RT72 |
International transfer |
They are not planned |
Conservation period |
As long as the business relationship is maintained. Once the relationship has ended and is not linked to other issues, it is kept for a minimum period of 6 years, in accordance with the Commercial Code and tax and fiscal regulations. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
|
PARTNER WITH US / GET YOUR STAND |
|
Legal bases |
(Art. 6.1.a RGPD) Consent of the interested party |
Purposes |
Inform about rates, types of stands, services and existing activities for participants who collaborate at South Summit |
Data categories and groups |
Clients (Identifying data; Employment details; Other categories). Potential (Identifying data; Employment details; Other categories) |
Data provenance |
The interested party himself or his legal representative; Forms on our website. |
Recipient category |
They are not planned |
International transfer |
They are not planned |
Conservation period |
A retention period has not been defined, depending on the type of request and interaction of the applicant with the website and subsequent transformation into a client, potential client. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
|
RESERVE SU VIAJE SOUTH SUMMIT |
|
Legal bases |
(Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract |
Purposes |
Receive information on accommodation and travel offers to SOUTH SUMMIT clients, obtaining a discount on the usual rate |
Data categories and groups |
Ecommerce Clients (Identifying data). People who access and contact through the website (Identifying data). Registered users / South Summit App Users (Identifying data). Potentials (Identifying data). Attendees South Summit or other events (Identifying data; Employment details). Registered competition users (Identifying data) |
Data provenance |
The interested party himself or his legal representative; People who contact us from web forms such as Become an Ambassador, Suggest a Speaker, Suggest Ideas, and Contact us; Forms on our website.; Attendees to the event as Speakers, Partners, Investors, Speakers or Startup Members |
Recipient category |
Collaborating travel agencies |
International transfer |
They are not planned |
Conservation period |
For a period of 5 years from the last confirmation of interest. We will maintain your personal information as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to deletion, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or some type of judicial, legal or contractual responsibility may arise from its treatment, which must be attended to and for which recovery is necessary. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
Pseudonymization and encryption of personal data.
The ability to ensure the ongoing confidentiality, integrity, availability and resilience of treatment systems and services.
The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
A process of regular verification, evaluation and validation of the effectiveness of technical and organizational measures to ensure the security of processing. |
SPEAKERS SOUTH SUMMIT |
|
Legal bases |
(Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b RGPD) Existence of a contractual relationship with the interested party through contract or pre-contract |
Purposes |
Respond to people who offer themselves as speakers from the become a speaker form on our website; Manage image, voice and NDA processing contracts with speakers; Process the information of the Speakers participating in the South Summit to balance their calendars. |
Data categories and groups |
Speaker and speakers (Identifying data; Employment details; Other categories) |
Data provenance |
The interested party himself or his legal representative; Private entity; From the form become a Speaker of the website |
Recipient category |
They are not planned |
International transfer |
They are not planned |
Conservation period |
As long as the commercial or contractual relationship is maintained. We will maintain your personal information as long as there is a contractual and/or commercial relationship with the speaker, or as long as you do not exercise your right to deletion, cancellation and/or limitation of the processing of your data. In these cases we will comply with the contracts signed for the processing of data such as your image and voice. |
Security measures |
The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the RGPD will apply:
|
11.- DATA OF MINORS
Minors under 14 years of age may not use the services available through the Website without the prior authorization of their parents,
guardians or legal representatives , who will be solely responsible for all acts carried out through the Website by the minors in their care, including the completion of the electronic forms with the data personal details of said minors and the marking, where appropriate, of the boxes that accompany them.
In compliance with the provisions of article 8 of the RGPD and article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent for the processing of their personal data lawfully by Spain Startup.
12.-PROVENANCE AND TYPES OF DATA PROCESSED
Where have we obtained your data?
Management of registered competition users
Registered competition users: The interested party himself or his legal representative South Summit uses images.
Speaker and speakers: The interested party himself or his legal representative; Private entity. From the form become a Speaker of the website
South Summit attendees or other events: The interested party themselves or their legal representative. Attendees to the event as Speakers, Partners, Investors, Speakers or Startup Members
South Summit control of attendees and ticket sales
Speaker and speakers: The interested party himself or his legal representative; Private entity. From the form become a Speaker of the website
South Summit attendees or other events: The interested party themselves or their legal representative. Attendees to the event as Speakers, Partners, Investors, Speakers or Startup Members
Ecommerce customer management
Ecommerce Clients: The interested party himself or his legal representative Newsletter
Subscribers: The interested party himself or his legal representative. The data is collected when the subscriber enters their email address in the registration form for our newsletter on the website.
Volunteer management
Volunteers: The interested party himself or his legal representative Website consultations
Persons who access and contact through the website: The interested party himself or his legal representative. People who contact us from web forms such as Become an Ambassador, Suggest a Speaker, Suggest Ideas, and Contactenos
RRSS Social Networks
Followers: The interested party himself or his legal representative Video surveillance of the facilities
Employees: The interested party himself or his legal representative Visits: The interested party himself or his legal representative
Compliance with GDPR obligations
Clients: The interested party himself or his legal representative Employees: The interested party himself or his legal representative
Cookies, píxel y tracking
Persons who access and contact through the website: The interested party himself or his legal representative. People who contact us from web forms such as Become an Ambassador, Suggest a Speaker, Suggest Ideas, and Contactenos
Attention to people’s rights
Natural persons who complain to the organization: The interested party himself or his legal representative Startup Competition evaluation committee
Evaluation Committee: The interested party himself or his legal representative; Private entity Commercial communications
Clients: The interested party himself or his legal representative
Potential: The interested party himself or his legal representative. Forms from our website.
Control access to the event
Volunteers: The interested party himself or his legal representative
Speaker and speakers: The interested party himself or his legal representative; Private entity. From the form become a Speaker of the website
South Summit attendees or other events: The interested party themselves or their legal representative. Attendees to the event as Speakers, Partners, Investors, Speakers or Startup Members
South Summit Participant Management
Clients: The interested party himself or his legal representative Startup Competition evaluation jury
Jury: The interested party himself or his legal representative; Private entity
Partner with us / Get your stand Clientes: El propio interesado o su representante legal
Potential: The interested party himself or his legal representative. Forms from our website.
Reserve su viaje South Summit
Ecommerce Clients: The interested party himself or his legal representative
Persons who access and contact through the website: The interested party himself or his legal representative. People who contact us from web forms such as Become an Ambassador, Suggest a Speaker, Suggest Ideas, and Contactenos
Registered Users / South Summit App Users: The interested party himself or his legal representative Potential: The interested party or his legal representative. Forms from our website.
South Summit attendees or other events: The interested party themselves or their legal representative. Attendees to the event as Speakers, Partners, Investors, Speakers or Startup Members
Registered competition users: The interested party himself or his legal representative
Speakers South Summit
Speaker and speakers: The interested party himself or his legal representative; Private entity. From the form become a Speaker of the website
What types of your data have we collected and process?
Management of registered competition users Registered competition users
Identifying data (Email address; Postal address; Telephone; User name; Company identification number
/CIF; Contact information legal representatives of the company)
South Summit I use images. Speaker and speakers
Identifying data (Image)
South Summit attendees or other events Identification data (Image)
South Summit control of attendees and ticket sales Speaker and speakers
Identifying data (Email address; Image; Name and Surname; Voice)
Attendees South Summit or other events
Identifying data (Name and Surname; Image; Telephone; DNI / NIF / NIE / Passport) Economic, financial and insurance (PayPal)
Credit information (Bank, debit or credit card details.) Personal characteristics (Date of birth ; Gender) Employment details (Company or company where you work)
Ecommerce customer management Ecommerce customers
Identifying data (First and last name; Postal address; NIF / NIE / Passport; Email address; Telephone) Economic, financial and insurance (Bank details)
Transactions of goods and services (Financial transactions)
Newsletter Subscribers
Identifying data (First and last name; Email address; Telephone)
Volunteer Management Volunteers
Identifying data (Email address; Postal address; NIF / NIE / Passport; Social Security / Mutual Insurance No.; Name and Surname; Telephone)
Personal characteristics (Age; Nationality; Sex)
Website Inquiries People who access and contact through the website
Identifying data (First and last name; Email address; Telephone; Country) Employment details ( Jobs; Company or company where you work) Other categories (Message)
RRSS Social Networks Followers
Identifying data (First and last name; Email address)
Video surveillance of facilities Employees
Identifying data (Image)
Visits
Identifying data (Image)
Compliance with GDPR obligations Clients
Identifying data (First and last name; Postal address; NIF / NIE / Passport; Email address; Telephone)
Employees
Identifying data (First and last name; Postal address; NIF / NIE / Passport; Email address; Fingerprint; Telephone) Employment details (Jobs)
Cookies, pixel and tracking People who access and contact through the website
Commercial information (Data obtained through cookies, pixels or similar instruments, if applicable.) Other categories (ID generated by the Pixel or Cookie)
Attention to the rights of people Natural persons who complain to the organization
Identifying data (Email address; Postal address; Handwritten signature; Name and surname; Telephone)
Startup Competition evaluation committee Evaluation committee
Identifying data (Email address; Name and Surname; Telephone)
Other categories (Data about your contacts (relationship, position, company where you work, email))
Commercial communications Customers
Identifying data (First and last name; Email address)
Potentials
Identifying data (First and last name; Postal address; NIF / NIE / Passport; Email address; Telephone)
Control access to the event Volunteers
Identification data (Electronic address; NIF / NIE / Passport; Name and Surname)
Speaker and speakers
Identifying data (Email address; Image; Name and Surname)
Attendees South Summit or other events
Identifying data (Image; Name and Surname; DNI / NIF / NIE / Passport)
South Summit Participant Management Clients
Identifying data (First and last name; Postal address; Email address; Telephone)
Startup Competition evaluation jury Jury
Identifying data (Email address; Name and Surname; Telephone; Country)
Other categories (Your contact details (relationship, position, company where you work, email)) Employment details < a i=3>(Jobs; Company or company where you work)
Partner with us / Get your stand Clientes
Identifying data (Country; First and last name; Email address) Employment details (Company or company where you work)
Other categories (Message)
Potentials
Identifying data (First and last name; Telephone; Country; Email) Employment details ( Company or company where you work)
Other categories (Message)
Reserve su viaje South Summit Clientes Ecommerce
Identifying data (Email address; Postal address; NIF / NIE / Passport; Name and Surname; Telephone) People who access and contact through the web
Identifying data (Email address; Name and Surname; Telephone)
Registered Users / South Summit App Users
Identifying data (Email address; Name and Surname; Telephone)
Potentials
Identifying data (Email address; Postal address; NIF / NIE / Passport; Name and Surname; Telephone)
Attendees South Summit or other events
Identifying data (First and last name; Telephone; DNI / NIF / NIE / Passport) Employment details (Company or company where you work)
Registered competition users
Identifying data (Email address; Postal address; User name)
Speakers South Summit Speaker y ponentes
Identifying data (Email address; First and last name; Country; LinkedIn social media profile) Employment details (Jobs; Company or company where you work)
Other categories (Message)
13- RIGHTS OF INTERESTED PARTIES
What are the rights that protect you?
Current data protection regulations protect you with a series of rights in relation to the use we give to your data. Each and every one of your rights are individual and non-transferable, that is, they can only be exercised by the owner of the data, after verification of his or her identity.
Below, we indicate what rights you have:
Right of access: It is the right of the Website user to obtain confirmation of whether or not the Data Controller is processing their personal data and, if so, obtain information about your specific personal data and the processing that the Data Controller has carried out or carries out, as well as, among other things, the information available on the origin of said data and the recipients of the communications made or provided for therein.
Right of rectification: This is the right that the user of the Website has to have their personal data modified that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.
Right of deletion: It is usually known as the «right to be forgotten», and it is the right that the user of the Website has, provided that current legislation does not establish otherwise, to obtain the deletion of your personal data when it is no longer necessary for the purposes for which it was collected or processed; The User has withdrawn his or her consent to the treatment and this does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data have been processed unlawfully; The personal data have been obtained as a result of a direct offer of information society services to a minor under 14 years of age. In addition to deleting the data, the Controller, taking into account the available technology and the cost of its application, will adopt reasonable measures to inform other possible controllers who are processing the personal data of the interested party’s request to delete any link to those personal data.
Right to limit data: It is the right of the Website User to limit the processing of their personal data. The User of the Website has the right to obtain the limitation of processing when he challenges the accuracy of his personal data; the treatment is illicit; The Data Controller no longer needs the personal data, but the User needs it to make claims; and when the Website User has opposed the treatment.
Right to data portability: In those cases where the processing is carried out by automated means, the User of the Website will have the right to receive their personal data from the Data Controller in a structured, commonly used and machine-readable format, and to transmit them to another data controller. Whenever technically possible, the Data Controller will directly transmit the data to that other Controller.
Right of opposition: It is the right of the User to have their personal data not processed or to have their processing stopped by the Data Controller. .
Right not to be subject to automated decisions and/or profiling: The right of the Website User not to be subject to an individualized decision based solely on the automated processing of your personal data, including profiling, exists unless current legislation establishes otherwise.
Right to revoke consent: It is the right of the Website User to withdraw, at any time, the consent given for the processing of their data.
Right to file a claim on data protection matters before the Control Authority: Spanish Data Protection Agency
The interested party may exercise any of the aforementioned rights by contacting the Data Controller and prior identification of the User using the following contact information:
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
You can also exercise your rights before the Data Protection Officer:
Email: mdelapena@auratechlegal.es – Phone: 0034 911 134 963
How can you exercise your rights in relation to your data?
To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so as follows:
Management of registered users competition
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
South Summit use images.
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
South Summit control of attendees and sale of tickets
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Management clients Ecommerce
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Newsletter
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Volunteer management
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Inquiries Website
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
RRSS Social Networks
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Video surveillance of the facilities
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Compliance with GDPR obligations Responsible: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Cookies, píxel y tracking
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Attention to the rights of people
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Committee evaluation Startup Competition
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Commercial communications
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Control access to the event
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Management of participants South Summit
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Startup Competition evaluation jury
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Partner with us / Get your stand
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Reserve su viaje South Summit
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
Speakers South Summit
Responsable: Spain Startup and Investor Services S.L
Address: Paseo de la Castellana, 70, 1º. 28046, Madrid (Madrid), Spain Phone: +34 915625784
E-mail: privacy@spain-startup.com Página web: http: /www.southsummit.co
How can file a claim?
In addition to the rights that assist you, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may make a claim to the Control Authority, whose contact information is indicated below:
Spanish Data Protection Agency
C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain Email: info@aepd.es- Telephone: 912663517
Web: https: /www.aepd.es
In the case of Germany you can contact Berliner Beauftragte für Datenschutz und Informationsfreiheit In the case of Austria can contact Österreichische Datenschutzbehörde.
In the case of Belgium you can contact Autorité de protection des données Gegevensbeschermingsautoriteit
In the case of Bulgaria you can contact Commission for Personal Data Protection. In the case of Denmark you can contact Datatilsynet.
In the case of Slovakia you can go to https: /dataprotection.gov.sk/uoou / In the case of Slovenia you can go to https: /www. ip-rs.si/.
In the case of Estonia you can go to https: /www.aki.ee/et
In the case of Finland you can contact Office of the Data Protection Ombudsman,.
In the case of France you can contact Commission Nationale de l’Informatique et des Libertés En the case of Greece can be addressed to Hellenic Data Protection Authority
In the case of Hungary you can contact the Office of the Commissioner for Fundamental Rights of Hungary En Ireland’s case can be addressed to the Data Protection Commission.
In the case of Italy you can contact Garante per la Protezione dei Dati Personali In the case of Latvia you can go to https: /www.dvi.gov.lv/lv
In the case of LIthuania you can contact State Data Protection Inspectorate
In the case of Luxembourg you can contact Commission Nationale pour la Protection des Données In the case of Malta you can contact Information and Data Protection Commissioner
In the case of the Netherlands you can contact https: /autoriteitpersoonsgegevens.nl/en archiwum.giodo. gov.pl//https: In the case of Poland you can go to
In the case of Portugal you can contact Comissão Nacional de Proteção de Dados In the case of United Kingdom you can contact the Information Commissioner´s Office
En el caso de Rumanía puede dirigirse a National AuthorityţionalSupervision of the Processing of Personal Data En el caso de Suecia puede dirigirse a Swedish Authority For Privacy Protection
In the case of the Czech Republic you can go to https: /www.uoou.cz/
In the case of Cyprus you can contact Office of the Commissioner for Personal Data Protection
Data Protection Authorities (other European countries) :
In the case of Andorra you can contact Agència Andorrana de Protecció de Dades In the case of Croatia can contact Croatian Personal Data Protection Agency In the case of Iceland you can contact https: /www.personuvernd.is/
In the case of Liechetenstein you can go to https: /www.llv.li/ dzlp.mk/ /https: In the case of Macedonia you can go to
In the case of Monaco you can contact Commission de Contrôle des Informations Nominatives In the case of Norway can contact Datatilsynet
In the case of Switzerland you can go to https: /www.edoeb.admin.ch /edoeb/de/home.html
14.-ACCEPTANCE
Acceptance and making this document available to you indicates that you understand and accept all the clauses of our privacy policy and therefore authorize the collection and processing of your personal data under these terms. This acceptance is made by activating the “Reading and Acceptance” checkbox of our Privacy Policy.
Spain Startup reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Agency for Protection of Data or the rest of the European control authorities mentioned in the previous point. The changes or updates made to this Privacy Policy that affect the purposes, conservation periods, transfers of data to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.