In compliance with the applicable data protection legislation, data processing that may be carried out is described below:
1. Identity of the data controller
OIC, a company established under Spanish laws as Open Innovation Community S.L., with tax identification number ES-B88214689, address at Calle de José Abascal 56, Planta 2, 28003 Madrid, Spain; and email address hello@oicteam.com
2. Marketing and commercial mailing
If you receive information by email related to OIC’s activities, we inform you that OIC shall use the data for the following purposes:
- To keep you informed of our activities, as well as any other information related to industrial and technological innovation, or new services that we believe could be of interest to you
- To invite you to events organised by OIC
- To carry out surveys on the quality of the services we offer, as well as implementing loyalty programmes.
We inform you that we can keep you informed of our activities through any means provided by you or any other similar communication system, whilst always offering the possibility of unsubscribing from these mailings.
3. Data acquisition during events and other cases
If you have taken part in any event organised by OIC or have been visited or contacted by professionals from OIC, it is possible that you have given us your personal data, as well as your email address. With this regard, OIC shall use your data to send you the information requested, as well to keep you informed on OIC´s activity for the purposes indicated in the previous section. Your image as an assistant to any of our events organised by OIC, could be used on the Website and social networks of OIC for promotion purposes.
4. Training and courses organised by OIC
If you have requested to take part in any course organised by a company forming part of OIC, we inform you that your data will be used to coordinate your course attendance, as well as to process, if necessary, the corresponding payment.
5. Online purchase of products or services offered through the Sitio Web
If you make an online purchase of any of the products or services offered through our Website (training, assistance to events, consultancies or others), OIC shall use your personal data to deliver the requested service, comply with the requirements of billing, accounting and auditing, perform statistical analysis, as well as keep you informed of the activity of our entity for the purposes indicated in the section “marketing and commercial shipments”.
OIC will not store any data related to credit cards, being these managed securely through the STRIPE payment gateway, which uses technology encrypted with PCI Service Provider Level 1 certification. You can find more information at https://stripe.com.
6. Data regarding clients and suppliers
If you have provided your data as a contact person for a client or supplier company or as an individual entrepreneur, whether as a client or supplier for any company forming part of OIC, we inform you that OIC shall use the data to maintain the contractual relationship, there being the possibility of keeping you informed on OIC’s activities as indicated in this privacy policy.
The data provided by the client or supplier as a result of maintaining the current contractual relationship extends to not only the information of the signatory of the contracts, proposals or quotes, but to all the personal data necessary to fulfil the contractual or pre-contractual relationship. In this regard, the client shall inform the same of these conditions, if considered appropriate, guaranteeing at all times that they have the necessary consents.
7. Data communication
OIC can send personal data in compliance with its legal obligations to official bodies and other entities, the transfer of which is required in order to comply with the legislation in force.
8. Data maintenance and storage
OIC shall store the data provided while it maintains the contractual relationship that led to the processing thereof or for the years necessary to fulfil the legal obligations, attend to the duties that may be derived from the same and while the recipient does not exercise their right to suppress or oppose such processing.
9. Exercise of rights common to all personal data
The owner has the right to access, rectify, erase, oppose, limit the processing, portability and to lodge claims included in their rights by contacting the corresponding control authority. These rights can be exercised by writing to:
Open Innovation Community, S.L.
Paseo de la Castellana 43, 28046 Madrid, España
Correo electrónico: hello@oicteam.com
10. Processing, if necessary, of data by OIC as data processor.
OIC shall be considered the processor of personal data that is the responsibility of the client exclusively in the case where OIC processes personal data that is the responsibility of the client, on behalf of the client and that is necessary for OIC to process, under instruction from the client and in order to fulfil the contractual relationship therewith and provided that these are stored on OIC´s servers, undertaking to:
- Use the personal data object of processing, access or viewing, or those that must be obtained, solely for the purpose of the contracted service.
- Process the data according to the client’s instructions.
- Keep a record of activities.
- Maintain the duty to secrecy with respect to all the information, including personal data, to which it has had access pursuant to the present contracted service.
- Guarantee that the persons authorised to process personal data undertake to respect confidentiality and fulfil the corresponding security measures.
- Guarantee the necessary training in personal data protection of the persons authorised to process personal data.
- Inform the client of the requests for rights to access, rectify, erase, oppose, limit the processing and portability of the data that owners of the data can exercise against OIC.
- Notify the client, without undue delay and through the email address or addresses indicated by the client, the security breaches of which it is aware and that can affect the personal data for which the client is responsible.
- OIC shall not send to, or allow access to the personal data for which the client is responsible, by third parties, except in legally admissible cases or when it needs to subcontract services from third parties in order to fulfil the contractual relationship with the client. In this case, OIC shall sign the corresponding data processor contract with the subprocessor, who will observe the same conditions as those in the present document.
- Once the service provision that lead to the access, processing or viewing by OIC of the personal data for which the client is responsible is concluded and, in any case, when the contractual relationship has ended, for any reason, OIC shall destroy or return the data to the client. However, OIC may keep a copy with the data duly redacted while responsibilities may still be derived from providing the service, for the sole and exclusive purpose of legal defence, internal audit and in order to fulfil their corresponding legal obligations.
- Maintain the necessary technical, operational and organisational security measures to guarantee continuous confidentiality, integrity, availability and resilience of the processing systems and services. OIC shall have sufficient security measures to comply with the provisions of Art. 32 of the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“Regulation”).
- Comply with all the obligations established in the Regulation.
11. Data security
OIC has implemented the security measures required by the regulation on personal Data Protection in their work centres, offices, systems, communication infrastructures, etc. It has also adopted the logical, physical, organisational, contractual measures that prevent third parties from accessing the data without authorisation, and the destruction, modification, reproduction, disclosure, transmission or reuse of the same.
Despite this, whenever personal information is provided online, there is the risk, which is outside of our control, that third parties can intercept this information and use it. Even though we at OIC strive to protect personal information and your privacy, we cannot guarantee the security of the information revealed online and under your responsibility.
12. Monitoring and modification of the privacy policy
The Privacy Policy established by OIC is in force as of its date of publication on the corresponding Website; the user can save and/or copy it. OIC is authorised to modify its Privacy Policy and must notify the user.
13. Regarding the Blog and its services
Users must access and use the blog for the purpose for which it was created and, in particular, abide fully to the laws, morals, public order and the present Terms of Use. Specifically, Users undertake to access and use the blog in accordance with the following premises:
- The User shall not interfere with the correct operation of the blog;
- The User shall comply with any rules applicable to access and use of the Blog, including those affecting data access, processing and transmission;
- The User shall not use the Blog to send unsolicited emails or information or to promote or market, directly or via links, proprietary or third party goods and services whether free or in return for payment.
- The User shall not use the Blog to supplant a third party or impersonate another, and neither shall they use it to harass, abuse or defame or engage in acts of unfair competition.
- The User shall be the only person responsible for the opinions, comments, materials, information and/or data they include, send, transmit, exchange and use through the Blog and guarantees that said inclusion, sending, transmission, exchange or use does not infringe on any confidentiality agreement.
- If you, as a User, are accessing the Blog on behalf and in representation of your employer, you represent and warrant that you are authorised to accept these Terms of Use on behalf and in representation of your employer.