Information on Data Protection

Data Controller

Identification: iDISC INFORMATION TECHNOLOGIES, S.L. (“iDISC”).

Mailing Address: Passeig del Progrés, 96

08640 Olesa de Montserrat

Barcelona - Spain

Tel: 937787300

Email: privacy@idisc.com

Purpose

How do we use personal data?

Within the scope of its business activities, iDISC collects and processes personal data from (1) people interested in its products or services, (2) customers, and (3) human resources (including staff and freelancers). iDISC processes these data fairly and lawfully and, in any case, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council ("GDPR").

This privacy policy sets out the terms and conditions under which we process personal data at iDISC, including any data collected via our website www.idisc.com, our web portal IDCP, or when carrying out our business activities.

iDISC is a company that primarily offers B2B services, which means that any contact and customer data iDISC has primarily belongs to other companies. In these cases, the data are limited to being strictly professional in nature and, consequently, any reference to the personal data pertaining to customers or contacts must be understood as falling under this limitation.

iDISC collects the following personal data for the purposes indicated below:

1. Contact via the contact form on our Website: the personal data collected via this form will be used exclusively for notifying users about requested services or handling a request. If we receive explicit consent to do so, the contact data may be used for promotional purposes whereby the user is offered iDISC products or services.
2. Customers: whenever a client purchases one of our services, his or her personal data will be used exclusively for the administrative management associated with the acquired product.
3. Contact via our social media profiles: any data provided to us or shared with us through any social network on which iDISC has an active account will be processed in accordance with the Privacy Policy of the respective social network.
4. Candidates: whenever a person has an interview in our offices or online or submits a resume, the candidate's data will be used to determine his or her suitability for covering potential job vacancies at iDISC. In the event that the candidate is hired by our company, his or her personal data will be used exclusively for managing the employment relationship with iDISC.
5. Employees: the personal data of anyone who carries out job duties at iDISC will be processed exclusively for upholding the contract and labor regulations.
6. Freelancers: whenever a person works for iDISC as a freelancer, his or her personal data will be used exclusively for managing projects and any related administrative formalities. Occasionally, iDISC may obtain freelancer data via online professional advertising platforms.

With regard to contacts and customers, iDISC may process their data in order to promote its products and services in accordance with its legitimate interest and as long as the data have been obtained under the contractual relationship with the data holder. In all other cases, iDISC will not process the data without the prior explicit consent of the data holders.

How long do we keep the data?

Whenever there is a contractual relationship between the data holder and iDISC, the personal data will be processed for the duration of the aforementioned relationship and, once concluded, for the period of time necessary for resolving any legal actions arising from compliance or non-compliance with the same. This applies to data belonging to customers, freelancers, or employees.

In the event that the data are processed pursuant to the data holder's consent (use of contact data for promotional purposes) or pursuant to the legitimate interest of iDISC, the data will be processed until consent has been withdrawn or until iDISC no longer has a legitimate interest in processing the data.

In such cases where contacts have not consented to the processing of their data for promotional purposes, these data will be automatically eliminated from our systems 5 years after the request for information, provided that the contacts have shown no further interest in the products and services offered by iDISC.

Data belonging to employees and freelancers will be processed for the duration of the contractual relationship and, once concluded, for the period of time necessary for resolving any potential instances of non-compliance in this context. In the event that a person has an interview for a job opening, his or her personal data will be archived for a period of one year; at this time, if the person has not been selected, his or her personal data will be deleted from our system.

Legal Basis

Data belonging to customers, freelancers, and employees will be processed by iDISC in order to fulfill the contractual relationship. Any refusal to submit these personal data may prevent iDISC from formalizing the contract.

With regard to external contacts outside our portfolio of customers and providers, we will only process data for promotional purposes if the data holder has given us his or her consent to do so. The data holder will always have the option of withdrawing his or her consent for the processing of data for these purposes.

Whenever we process a customer's data for promotional purposes, we will process the data based on the legitimate interest of iDISC.

Recipients

Transfer of data to third parties

Personal data will not be transferred to third parties without the prior explicit consent of the data holder, unless legal obligations require iDISC to do so.

Data Categories

Processed Data Categories

• Identification data (first and last name)
• Contact data (email, phone number, zip code)
• Financial data
• Academic data
• Professional data

The customers' identification and contact data refer exclusively to professional data and do not include any data processing outside this scope.

Under no circumstances will we process especially sensitive data, such as data related to health, philosophical ideology, or beliefs.

Rights

You have the right to:

• Withdraw your consent for the instances of data processing where said consent is necessary.
• Access your personal data.
• Rectify your personal data.
• Erase your personal data.
• Request to move your data from one controller to another.
• Restrict the processing of your data. In this case, we will only retain your data for exercising or defending against legal claims.
• Request the restriction of the processing of your data. In this case, we only retain your data for exercising or defending against legal claims.
• File a claim or a request for the enforcement of your rights before the Spanish Data Protection Agency or before an autonomous data protection agency, if one exists.
• Be notified of any security issue that could affect your rights.