Data Protection Policy

Date of last update: 16th of June 2022

The data controller of the personal data processed through this website is Open Digital Services, S.L., (hereinafter, “Open Digital Services” or “ODS”), with Tax Identification Code (CIF) B-87745733 and registered office at Plaza de Santa Bárbara nº 2, 28004, Madrid.

If personal data are requested on a microsite of this website for a specific purpose and/or service, the data subject shall also be informed about all elements required by the applicable data protection regulations when the data are collected.

Basic information on data protection

Data controller

Open Digital Services, S.L.

Purposes and legitimacy

· Managing specific services requested by the data subject or compliance with legal obligations.

· Managing selection processes, based on data subjects’ agreement formalisation.

Recipients

Data shall not be disclosed to third-party recipients.

Rights

Data subjects may exercise their rights of access and to data portability, rectification, erasure, objection, processing restrictions and to withdraw consent, as well as not to be subject to a decision based solely on automated processing, as regards their data at any time.

Data subjects may, in any event, also lodge a complaint with the Spanish Data Protection Agency via www.agpd.es.

Further information on your rights can be found below. 

Further information

Further details on the basic information on data protection outlined in this table can be found below.

Further information on data protection

Open Digital Services is fully compliant with regulations governing the protection of personal data and, in particular, with Regulation (EU) 2016/679 of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the “GDPR”), in such a way that any personal information supplied by the party concerned (hereinafter, the “data subject”) when contacting Open Digital Services to make enquiries for which he/she provides us with his/her data through any microsite of https://www.opendigitalservices.com (hereinafter, the “Website”) shall be processed in compliance with the legally enforceable safeguards and obligations.

In accordance with the regulations in force, Open Digital Services has implemented technical and organisational measures to guarantee an adequate level of security and to prevent the data provided by the data subject from being lost, misused, altered, accessed by unauthorised parties or stolen. Similarly, Open Digital Services guarantees that it complies with the duty of secrecy and confidentiality with regard to the personal data provided by the data subject via this Website.

In any case, the data subject shall be required to provide personal data in order to make the enquiry.

1.- How to contact the data controller?

As we have mentioned, the Data Controller is Open Digital Services and below we provide you with some contact details to contact us:

  • Name: Open Digital Services, S.L., with the Tax Identification Code (CIF): B-87745733.
  • Data controller's contact details privacy@opendigitalservices.com
  • Postal address: Plaza de Santa Barbara, nº 2, 28004, (Madrid).

2-. Who is the data protection officer and how can he/she be contacted?

The data protection officer is entrusted with monitoring and enforcing compliance with the GDPR so as to ensure that the personal data provided by the data subject through the Website is protected.

To contact the data protection officer, data subjects may write to the following email address: privacy@opendigitalservices.com

3.- With what purpose and legitimate interests do we process personal data?

  • To address queries sent by users through privacy@opendigitalservices.com, in order to fulfil our legal obligations related, inter alia, to the exercising of data protection rights.
  • To participate in the selection processes that will be opened based on the needs of Open Digital Services, S.L. This processing is made legitimate by the agreement formalised by the data subject as a candidate when submitting a CV to participate in the selection process.
  • Compliance with legal obligations.

4.- What personal data will be processed by Open Digital Services?

The email address and identification data provided to us for the submission of an enquiry related, e.g., to the exercising of a data subject’s rights under data protection law, through privacy@opendigitalservices.com

Data provided to us by data subjects in order to participate in ODS selection processes, which correspond to the following categories: identification, contact, employment, academic and professional, and other data relative to the personal characteristics that may be required for registration.

5.- How long will we store the data?

The personal data provided will be stored for the period necessary to manage the enquiry submitted to Open Digital Services, until such enquiry is resolved, or to manage the data subject’s selection process, and subsequently they will be blocked and stored for as long as necessary to formulate, exercise and defend any claims that may arise in relation to the enquiry, during applicable statutes of limitation or applicable retention periods. Thereafter, the data will be deleted.

6.- Will the data be disclosed to third parties?

Regarding the disclosure of data, data subjects are expressly informed that their personal data will not be disclosed to third parties or be transferred to third-party countries or international organisations.

Notwithstanding the foregoing, Open Digital Services collaborates with third-party service providers who may have access to your personal data, but who will process them in our name and on our behalf, following our instructions at all times, and always in order to provide us with the services that we may have engaged from them in each case.

In any case, Open Digital Services follows strict criteria for the selection of third-party service providers in order to comply with our data protection obligations, and we undertake to enter into the corresponding data processing agreement with them, imposing, inter alia, the following obligations: to implement appropriate technical and organisational measures, to process personal data for the agreed purposes and in accordance with our documented instructions only, and to delete or return the data to us upon completion of the services, the processing of personal data for the purposes agreed and only in accordance with our documented instructions and the deletion or return of the data to Open Digital Services upon completion of the provision of the services. We have implemented mechanisms of control that guarantee that third-party service providers and sub-contractors that access personal data by virtue of service provisions, comply with the data protection regulations in force.

Specifically, Open Digital Services engages services from third-party providers who carry out their activity in, among others, the following sectors: logistic services, legal advisory services, private valuation/appraisal services, supplier approval, multidisciplinary professional services companies, hosting companies, maintenance-related companies, technology service providers, IT service providers, physical security companies, instant messaging service providers, infrastructure management and maintenance companies, call center services companies and audit and control companies.

When your data are processed outside the European Economic Area, our aim is to ensure that the level of protection guaranteed by the GDPR is not undermined. To this end, we shall adopt the appropriate guarantees provided for in the GDPR.

7.- What are your rights when you provide us with your data?

We inform you that you have and can exercise the following rights:

  • Right of access: you have the right to obtain confirmation about whether or not we are processing personal data that concerns you and, if so, access such data.
  • Right to data portability: you have the right to receive the personal data you have provided to us in a commonly used and readable, structured format and to transfer these to another controller.
  • Right to rectification: you have the right to request data rectification when inaccuracies are detected.
  • Right to erasure: you may request the erasure of data when, among other reasons, it is no longer necessary for the purposes for which you provided such data.
  • Right to object: in certain circumstances, you may object to certain processing of your personal data. In such a case, Open Digital Services will immediately cease such data processing, in accordance with the applicable regulations.
  • Right to restriction of processing: in certain circumstances established by current data protection regulations, you may request a restriction on the processing of your data.
  • Right to withdraw your consent: you can withdraw any consent you have given at any time. Withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to its withdrawal.
  • Right not to be subject to a decision based solely on automated processing: if you have authorised profiling and it is carried out entirely by an automated procedure, you may request the personal involvement of one of our analysts, express your point of view and challenge decisions based on such profiles.

You may exercise the abovementioned rights through the following channels:

privacy@opendigitalservices.com

  • Post: “Open Digital Services, S.L.”,Plaza de Santa Bárbara, 2, 28004, Madrid.

Finally, you may file a claim with Open Digital Services and/or the Spanish Data Protection Agency (as the Supervisory Authority responsible for data protection), especially when you are not satisfied with the exercising of your rights, by writing to the aforementioned address, if writing to Open Digital Services, or to C/ Jorge Juan, 6. 28001 – Madrid, if writing to the Spanish Data Protection Agency; or through the Website at www.aepd.es.

8.- Use of cookies

When you visit the Open Digital Services Website, we will inform you about the cookies we use and you will be able to configure technical, analytics, personalisation, product development and enhancement cookies you use when browsing Open Digital Services. You may refer to our Cookie Policy for more information.

9. How we process your data

We ensure that the processing of personal data is limited to the specific, explicit and legitimate purposes for those that were collected at source, and that will not be further processed in a manner incompatible with said purposes.

Upon data collection, we inform data subjects in a simple and clear manner so that they can easily understand:

  • The purpose of the processing of their personal data.
  • The legal basis of the data processing.
  • The recipients or categories of recipients of their personal data.
  • The identity and contact details of the controller and, where applicable, his/her representative.
  • If applicable, the intention of the controller for transferring personal data to a third country or international organisation.
  • Where appropriate, the existence of automated decisions, including profiling.
  • The period during which the personal data will be kept.
  • The possibility of exercising the rights over their personal data and how to proceed.
  • The right to file a claim with the local supervisory authority.
  • When personal data are obtained through third parties, the source from which the personal data come, including publicly accessible sources, as well as the categories of data obtained from such sources.
  • The contact details of the data protection officer or person in charge of data protection.

10. How we handle and safeguard your data

We ensure we process only personal data that are appropriate, relevant and limited to what is necessary in relation to the specific purposes for which they are collected.

Furthermore, as mentioned in section 8, we apply all reasonable measures to erase or rectify all data that may be non-relevant, inaccurate or incomplete, with respect to said purposes.

Our standards ensure and guarantee that the data will be processed with the appropriate level of security, including protection against an unauthorised or illicit processing activity and against its loss, destruction or accidental damage, through the application of appropriate technical or organisational measures, such as pseudonymisation or encryption of personal data. Likewise, we apply appropriate measures to guarantee the permanent confidentiality, integrity, availability and resilience of the processing activity systems and services.

Our staff has been specifically trained on data protection matters and periodically updated as part of our mandatory training programmes.

The data controller of the personal data processed through this website is Open Digital Services, S.L., (hereinafter, “Open Digital Services” or “ODS”), with Tax Identification Code (CIF) B-87745733 and registered office at Plaza de Santa Bárbara nº 2, 28004, Madrid.

If personal data are requested on a microsite of this website for a specific purpose and/or service, the data subject shall also be informed about all elements required by the applicable data protection regulations when the data are collected.

Basic information on data protection

Data controller

Open Digital Services, S.L.

Purposes and legitimacy

· Managing specific services requested by the data subject or compliance with legal obligations.

· Managing selection processes, based on data subjects’ agreement formalisation.

Recipients

Data shall not be disclosed to third-party recipients.

Rights

Data subjects may exercise their rights of access and to data portability, rectification, erasure, objection, processing restrictions and to withdraw consent, as well as not to be subject to a decision based solely on automated processing, as regards their data at any time.

Data subjects may, in any event, also lodge a complaint with the Spanish Data Protection Agency via www.agpd.es.

Further information on your rights can be found below. 

Further information

Further details on the basic information on data protection outlined in this table can be found below.

Further information on data protection

Open Digital Services is fully compliant with regulations governing the protection of personal data and, in particular, with Regulation (EU) 2016/679 of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, the “GDPR”), in such a way that any personal information supplied by the party concerned (hereinafter, the “data subject”) when contacting Open Digital Services to make enquiries for which he/she provides us with his/her data through any microsite of https://www.opendigitalservices.com (hereinafter, the “Website”) shall be processed in compliance with the legally enforceable safeguards and obligations.

In accordance with the regulations in force, Open Digital Services has implemented technical and organisational measures to guarantee an adequate level of security and to prevent the data provided by the data subject from being lost, misused, altered, accessed by unauthorised parties or stolen. Similarly, Open Digital Services guarantees that it complies with the duty of secrecy and confidentiality with regard to the personal data provided by the data subject via this Website.

In any case, the data subject shall be required to provide personal data in order to make the enquiry.

1.- How to contact the data controller?

As we have mentioned, the Data Controller is Open Digital Services and below we provide you with some contact details to contact us:

  • Name: Open Digital Services, S.L., with the Tax Identification Code (CIF): B-87745733.
  • Data controller's contact details privacy@opendigitalservices.com
  • Postal address: Plaza de Santa Barbara, nº 2, 28004, (Madrid).

2-. Who is the data protection officer and how can he/she be contacted?

The data protection officer is entrusted with monitoring and enforcing compliance with the GDPR so as to ensure that the personal data provided by the data subject through the Website is protected.

To contact the data protection officer, data subjects may write to the following email address: privacy@opendigitalservices.com

3.- With what purpose and legitimate interests do we process personal data?

  • To address queries sent by users through privacy@opendigitalservices.com, in order to fulfil our legal obligations related, inter alia, to the exercising of data protection rights.
  • To participate in the selection processes that will be opened based on the needs of Open Digital Services, S.L. This processing is made legitimate by the agreement formalised by the data subject as a candidate when submitting a CV to participate in the selection process.
  • Compliance with legal obligations.

4.- What personal data will be processed by Open Digital Services?

The email address and identification data provided to us for the submission of an enquiry related, e.g., to the exercising of a data subject’s rights under data protection law, through privacy@opendigitalservices.com

Data provided to us by data subjects in order to participate in ODS selection processes, which correspond to the following categories: identification, contact, employment, academic and professional, and other data relative to the personal characteristics that may be required for registration.

5.- How long will we store the data?

The personal data provided will be stored for the period necessary to manage the enquiry submitted to Open Digital Services, until such enquiry is resolved, or to manage the data subject’s selection process, and subsequently they will be blocked and stored for as long as necessary to formulate, exercise and defend any claims that may arise in relation to the enquiry, during applicable statutes of limitation or applicable retention periods. Thereafter, the data will be deleted.

6.- Will the data be disclosed to third parties?

Regarding the disclosure of data, data subjects are expressly informed that their personal data will not be disclosed to third parties or be transferred to third-party countries or international organisations.

Notwithstanding the foregoing, Open Digital Services collaborates with third-party service providers who may have access to your personal data, but who will process them in our name and on our behalf, following our instructions at all times, and always in order to provide us with the services that we may have engaged from them in each case.

In any case, Open Digital Services follows strict criteria for the selection of third-party service providers in order to comply with our data protection obligations, and we undertake to enter into the corresponding data processing agreement with them, imposing, inter alia, the following obligations: to implement appropriate technical and organisational measures, to process personal data for the agreed purposes and in accordance with our documented instructions only, and to delete or return the data to us upon completion of the services, the processing of personal data for the purposes agreed and only in accordance with our documented instructions and the deletion or return of the data to Open Digital Services upon completion of the provision of the services. We have implemented mechanisms of control that guarantee that third-party service providers and sub-contractors that access personal data by virtue of service provisions, comply with the data protection regulations in force.

Specifically, Open Digital Services engages services from third-party providers who carry out their activity in, among others, the following sectors: logistic services, legal advisory services, private valuation/appraisal services, supplier approval, multidisciplinary professional services companies, hosting companies, maintenance-related companies, technology service providers, IT service providers, physical security companies, instant messaging service providers, infrastructure management and maintenance companies, call center services companies and audit and control companies.

When your data are processed outside the European Economic Area, our aim is to ensure that the level of protection guaranteed by the GDPR is not undermined. To this end, we shall adopt the appropriate guarantees provided for in the GDPR.

7.- What are your rights when you provide us with your data?

We inform you that you have and can exercise the following rights:

  • Right of access: you have the right to obtain confirmation about whether or not we are processing personal data that concerns you and, if so, access such data.
  • Right to data portability: you have the right to receive the personal data you have provided to us in a commonly used and readable, structured format and to transfer these to another controller.
  • Right to rectification: you have the right to request data rectification when inaccuracies are detected.
  • Right to erasure: you may request the erasure of data when, among other reasons, it is no longer necessary for the purposes for which you provided such data.
  • Right to object: in certain circumstances, you may object to certain processing of your personal data. In such a case, Open Digital Services will immediately cease such data processing, in accordance with the applicable regulations.
  • Right to restriction of processing: in certain circumstances established by current data protection regulations, you may request a restriction on the processing of your data.
  • Right to withdraw your consent: you can withdraw any consent you have given at any time. Withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to its withdrawal.
  • Right not to be subject to a decision based solely on automated processing: if you have authorised profiling and it is carried out entirely by an automated procedure, you may request the personal involvement of one of our analysts, express your point of view and challenge decisions based on such profiles.

You may exercise the abovementioned rights through the following channels:

privacy@opendigitalservices.com

  • Post: “Open Digital Services, S.L.”,Plaza de Santa Bárbara, 2, 28004, Madrid.

Finally, you may file a claim with Open Digital Services and/or the Spanish Data Protection Agency (as the Supervisory Authority responsible for data protection), especially when you are not satisfied with the exercising of your rights, by writing to the aforementioned address, if writing to Open Digital Services, or to C/ Jorge Juan, 6. 28001 – Madrid, if writing to the Spanish Data Protection Agency; or through the Website at www.aepd.es.

8.- Use of cookies

When you visit the Open Digital Services Website, we will inform you about the cookies we use and you will be able to configure technical, analytics, personalisation, product development and enhancement cookies you use when browsing Open Digital Services. You may refer to our Cookie Policy for more information.

9. How we process your data

We ensure that the processing of personal data is limited to the specific, explicit and legitimate purposes for those that were collected at source, and that will not be further processed in a manner incompatible with said purposes.

Upon data collection, we inform data subjects in a simple and clear manner so that they can easily understand:

  • The purpose of the processing of their personal data.
  • The legal basis of the data processing.
  • The recipients or categories of recipients of their personal data.
  • The identity and contact details of the controller and, where applicable, his/her representative.
  • If applicable, the intention of the controller for transferring personal data to a third country or international organisation.
  • Where appropriate, the existence of automated decisions, including profiling.
  • The period during which the personal data will be kept.
  • The possibility of exercising the rights over their personal data and how to proceed.
  • The right to file a claim with the local supervisory authority.
  • When personal data are obtained through third parties, the source from which the personal data come, including publicly accessible sources, as well as the categories of data obtained from such sources.
  • The contact details of the data protection officer or person in charge of data protection.

10. How we handle and safeguard your data

We ensure we process only personal data that are appropriate, relevant and limited to what is necessary in relation to the specific purposes for which they are collected.

Furthermore, as mentioned in section 8, we apply all reasonable measures to erase or rectify all data that may be non-relevant, inaccurate or incomplete, with respect to said purposes.

Our standards ensure and guarantee that the data will be processed with the appropriate level of security, including protection against an unauthorised or illicit processing activity and against its loss, destruction or accidental damage, through the application of appropriate technical or organisational measures, such as pseudonymisation or encryption of personal data. Likewise, we apply appropriate measures to guarantee the permanent confidentiality, integrity, availability and resilience of the processing activity systems and services.

Our staff has been specifically trained on data protection matters and periodically updated as part of our mandatory training programmes.

11.- Changes to this Privacy Policy

At Open Digital Services, we are committed to keeping this Privacy Policy up to date in order to collect any new information that may arise in relation to the scope of the processing that we carry out on your personal data. For this reason, it is important that you regularly spend time reading it and making sure you understand it.

For any possible modification that we need to make to this Privacy Policy, we will notify you in advance, at least through our Website and through a personalised message that we will send to your email address so that you can be properly informed at all times.

11.- Changes to this Privacy Policy

At Open Digital Services, we are committed to keeping this Privacy Policy up to date in order to collect any new information that may arise in relation to the scope of the processing that we carry out on your personal data. For this reason, it is important that you regularly spend time reading it and making sure you understand it.

For any possible modification that we need to make to this Privacy Policy, we will notify you in advance, at least through our Website and through a personalised message that we will send to your email address so that you can be properly informed at all times.