PRIVACY POLICY

Date: 28.09.2022

Person responsible for processing: BPTE

Purposes of processing:

  • Providing information via the website. 
  • Management of queries through forms, or the website chat. 
  • Free download of training material(s).
  • Attendance and viewing of online training sessions. 
  • Management of the contracting of licences for the Software owned by Pridatect S.L.
  • Management of legal service contracts. 
  • Access to the Pridatect Management and Pridatect Advance Platform, owned by BORNEO S.L. (from now on, the “Platform”)
  • Access to the private area UserDesk, property of Pridatect S.L. 
  • Access to the private area of the Academy (materials and video platform). 
  •  

Legal Bases For Processing

  • Express consent of the interested party. 
  • Execution of a contract or implementation of pre-contractual measures. 
  • Legitimate interest in data processing. 
  • Compliance with legal obligations. 

Data Retention

  • The data will be kept for the time strictly necessary to fulfil the purposes it was collected for, provided that the data subject does not revoke his consent. Exceptions will, as well, be made for the fulfilment of legal obligations. 

Target Group

  • Personal data collected through the website will not be transferred to third parties. Without prejudice to those third parties that provide services to Pridatect S.L. with the aim of managing the provision of services, the contractual and/or pre-contractual relationship with the interested parties or processing requests made by them. 

Rights of the Interested Parties

  • Access, rectification, opposition, deletion (‘right to be forgotten’), limitation of treatment, portability and not being the subject of automated decisions. 

Websites:

  • Main website: https://www.pridatect.es/
    Alternative domains: https://www.pridatect.com, https://www.pridatect.de, https://www.pridatect.co.uk; https://www.borneo.io.
  • Social network profiles:
    Twitter – https://twitter.com/pridatect_en
    LinkedIn – https://www.linkedin.com/company/pridatect/
    Facebook – https://www.facebook.com/Pridatect/

Further Information

  • Additional and detailed information on Data Protection can be found in the attached clauses below:

ADDITIONAL INFORMATION ON DATA PROTECTION

In accordance with the provisions of Articles 13 and 14 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR“), and the Data Protection Act 2018, on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, “DPA 2018“), which regulates the right to information in the collection of data, we inform you of the following points:

The personal data that you have provided to us through the website and in any other communications with you will be subject to the Register of Processing Activities for which PRIDATECT S.L. is responsible.

Pridatect, S.L.
Av. Josep Tarradellas 8-10,5º4ª, 08029, Barcelona
E-mail: legal@borneo.io

Pridatect S.L, has the following profiles in the main social networks of the Internet: Twitter, LinkedIn and Facebook. 

Pridatect S.L. acknowledges that it is responsible for processing the data of its users, followers, or persons who make comments through them. Likewise, Pridatect S.L. is exonerated from any type of responsibility derived from comments made by users and followers on its social networks. Pridatect S.L. may use the profiles described above to inform its users of topics it considers of interest. 

A visit to the website by the user must be made in a responsible manner and in accordance with current legislation and good faith. The website provides a wide range of information, services and data. The user assumes responsibility for correct use of the website. 

The use of any of the contents of the website for purposes that are or could be illicit is totally prohibited, as well as the carrying out of any action that causes or could cause damage or alterations of any kind not consented to by Pridatect S.L., to the website or its contents.

The company reserves the right to make any changes it deems appropriate to its website without prior notice, and may change, delete or add both the content and services provided through it and the way in which they are presented or located on its servers.

Depending on the purpose, we will need to process various types of data, which in general will be the following:

  • The website is totally informative about the services of Pridatect S.L. 
  • Pridatect S.L. offers users the possibility of directly contacting the company through the contact forms provided for this purpose. The collection and automated processing of data that is made through the form ‘Request your free trial’ of Pridatect S.L. are only collected in order to manage your free trial request.
  • The website is fully informative about the services offered by Pridatect S.L. The data may be processed to respond to requests for information about these services. 
  • The collection and automated processing of data that is carried out through the form or chat on the website to request a demonstration or a free trial is collected in order to allow for the possibility of contacting us for legitimate commercial purposes. 
  • Similarly, personal data is collected and processed through forms for registration in online training sessions as well as to allow the users to download various teaching resources.
    • In addition, the online training sessions are recorded to be available to all users on the Pridatect website. Questions asked by participants during the session and the corresponding answers are also recorded and reproduced when the session is made available to users via the website. Statistical data is collected during and after the training session. 
    • If you participate in a webinar, in addition to your registration data, we receive information about the duration of participation, interest in the webinar, questions asked and/or answers given in order to further support the customer or improve the user experience. 
  • The website incorporates a link that facilitates access to the platform through which Pridatect S.L. provides a number of its services through a private area of the website called the “Userdesk”. The personal data incorporated in the aforementioned private area will be processed with the aim of effectively providing the service contracted in accordance with this privacy policy as well as in accordance with the contractual terms and conditions agreed between Pridatect and its clients. 

The website incorporates components from third parties. You can consult the complete information on these in the “To who is your data communicated?” section of this privacy policy. 

Pridatect S.L. provides a number of its services through its private area: the “Pridatect Platform”, or “Platform”. The access to the website requires the acquisition of the consent of the user through privacy and cookie policies. In case of disagreement with this policy, you must refrain from using the Pridatect Platform. In this case you can request both the cancellation of the service and the elimination of any registered user data. 

The user is informed, and accepts, that access to the Pridatect Platform is necessary for the provision of the service contracted and, therefore, for the development of the commercial relationship with Pridatect S.L. Usage of the Platform implies consent to the current Privacy Policy.

In order to effectively provide the service, and prior to signing, we will need to process the data for different purposes: 

  • The collection and automated processing of data that is carried out through the login form allowing access to the private area of the Platform for clients of Pridatect S.L is collected in order to access the account in the private area. This is a commercial and contractual purpose.
  • The website is fully informative about the legal documentation and/or other documents required for effective compliance with data protection regulations. 
  • The website facilitates the management of the contractual relationship between Pridatect S.L. and its clients. Likewise, the website processes the data with the aim of facilitating communication between Pridatect S.L. and Pridatect S.L. customers. 
  • The data may also be processed to respond to requests for information about the aforementioned services. 

The Pridatect Platform, and the rest of the Pridatect website and offering, may include software components supplied by third parties that are used with the permission of the respective licensors and/or copyright holders on the terms provided by those parties. In this sense, Pridatect S.L. informs you that it communicates data to external suppliers, such as data processors, to carry out certain services. This can be found in the ‘To which recipients is your data communicated to’ section.

You are responsible for maintaining the confidentiality of your password and account, and are fully responsible for all activities that occur through the usage of your password or account. 

 

Despite having taken all the security measures available to us, given the characteristics of the technology and networks, Pridatect S.L. cannot guarantee zero risk with respect to hacking and theft of user data. Therefore, the user accepts this inherent risk, exonerating Pridatect S.L. from any responsibility for any possible damages derived from said risks. 

 

In order to minimise any possible damage, the user agrees to (a) inform Pridatect, S.L. immediately when they detect any unauthorised use of their password or account, as well as any breach of security, and (b) to ensure that they leave the Platform once their session is over. Pridatect S.L.. can not, and will not, be liable for any loss or damage arising from the breach of these obligations.

 

The data incorporated in the Private Area will be kept for the duration of the contractual relationship that is the object of its use, with the sole objective of effectively managing compliance with regulations that are the object of a separate main commercial client contract. Information on user accesses, screens, user interaction, blocking and exceptions may also be processed with the aim of introducing improvements in future versions of the Platform. 

The personal data that the user may provide:

  • Identification details: Name and surname
  • Contact details: Telephone number and e-mail address. 
  • Employment data: Company, job position
  • Username and password.
  • Data on the access device. 
  • Device data, such as device identification number, type, location, operating system, browser type and version, language used, pre-defined consent preferences and also internet provider, if applicable.
  • Tracking data, such as Internet Service Provider, Unique device identifier, Geographic location, Operating system of the device, Date and time of visit, Duration of visit, Referrer URL, Videos viewed, IP address, Browser information, Device information, Mouse movements, Pages visited, Screen resolution, Clicks
  • Any other information or data you decide to share with us through the Pridatect Platform (E.g. pre-existing security policies).

 

In some cases, it is compulsory to fill in a form to access certain services, such as downloading the training material. Likewise, not providing the personal data requested or not accepting this data protection policy may mean that it is impossible to contact us through the website.
The personal data obtained through any of the channels of the website will form part of the Register of Processing Activities (RoPA) owned by Pridatect S.L. This will be updated periodically in accordance with the provisions of the GDPR; Pridatect S.L. has adopted all the relevant security measures in this regard.
The user is informed of the possibility of withdrawing his or her consent if it has been given for a specific purpose, without this affecting the lawfulness of the previous processing based on consent prior to withdrawal.

The processing of your data can be based on the following legal bases: 

  • Express consent by users to complete the forms for sending commercial communications and information adapted to the user’s profile. 
  • Application of pre-contractual measures for the execution of contracts of sale and supply of licenses and/or professional services. 
  • Application of contractual measures for the provision of the services agreed between Pridatect S.L. and its clients.
  • Legitimate interest in relation to the following purposes: 
  • Creation of profiles by means of navigation on the website by a client or user registered on the platform, as well as all those users who have provided us with data for any other purpose. 
  • Creation of profiles for sending information on promotions, latest news and personalised information adapted to the user’s profile.
  • The legitimate interest of Pridatect S.L. is to be able to guarantee that our website remains secure, as well as to help us understand the needs, expectations and level of satisfaction of our users and, therefore, improve our services and products. All actions are carried out with the aim of improving the level of user satisfaction and ensuring a unique browsing experience and commercial product. 
  • Compliance with legal obligations to prevent fraud, ensure collaboration with public authorities and/or avoid possible claims from third parties. 

The processing of data for the purposes described will be maintained for the time necessary to comply with the purpose of their collection, as well as to comply with the legal obligations arising from the processing of the data. Without prejudice to the fact that the conservation is necessary for the formulation, exercise or defence of potential claims; whenever permitted by the applicable legislation. 

 

The default standard retention period for Pridatect S.L. records are 6 years. This is defined as 6 years after the last entry in a record followed by first review or destruction to be carried out. This is in accordance with Spanish Law in accordance with the provisions of Article 30 of the Royal Decree of August 22, 1885, Commercial Code.  For tax purposes, the accounting books and other records where user data may be contained will be kept for 4 years in accordance with Articles 66 to 70 of Law 58/2003, of 17 December, on General Taxation. This is in line with the principles of the UK’s ‘Generally Accepted Accounting Practice’ guidelines (GAAP)

 

Records must only be retained beyond the default Pridatect S.L. retention period if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value. The disposal periods for records retained for extended duration must be included within line of business retention schedules.

 

The maximum retention period for any Pridatect S.L. records identified as having historic value is defined as 20 years after the last entry in the record, with an additional one calendar year for final review and transfer or destruction.

 

Pridatect S.L., undertakes to cease the processing of personal data when the conservation period has expired, as well as to erase them properly in our database(s). 

In general, Pridatect S.L. will not pass on personal data to third parties, except in those situations in which the data may be passed on to collaborators who provide services to Pridatect S.L., with the aim of managing the provision of services, the contractual and/or pre-contractual relationship with the interested parties or processing requests made by them. In these cases, we ensure that the recipients respect confidentiality and have the appropriate measures in place to protect personal data.


Pridatect S.L., tries to guarantee the security of personal data when it is sent outside the company. The third parties with which Pridatect. S.L. contracts are obliged to guarantee that the information is treated in accordance with current data protection regulations.


In those cases where the law may require the disclosure of personal data to public bodies or other parties, only what is strictly necessary for the fulfilment of such legal obligations will be disclosed.


Pridatect, S.L. is part of the Borneo Group – a company headquartered in Singapore, which has made a uniform commitment to comply with the GDPR standard and has implemented necessary data protection requirements. As there are data transfers within the Borneo Group for the purpose of standard business operations, where such data transfers are necessary and legally permissible, the Borneo Group has decided to implement binding internal data protection rules (“Binding Corporate Rules” as defined in Art. 46(2)(b), 47 GDPR). These data protection regulations ensure the protection of personal data within the scope of our internal company data transfers. If you would like further information on this, please contact us at any time at the following e-mail address: dpo@pridatect.com.

 

Pridatect S.L. gives personal data to: 

The physical server that stores the personal data of the Pridatect S.L. Platform is located in Germany. For more information you can access the following link: https://www.amazon.es/gp/help/customer/display.html/ref=footer_privacy?ie=UTF8&nodeId=201909010 

It is important to note that Aircall, SalesForce, Stripe, Calendly, Google Facebook & Zapier – as processors – have either a headquarters in the United States, are affiliated with a United States office, or process data in the United States. Information we collect from you might be processed in the United States, and by using these services you acknowledge and consent to the processing of your data in the United States. The United States has not yet received a finding of “adequacy” from the European Union under Article 41 of the GDPR, which means your data might not receive their equal protection as under the GDPR. 

Until further developments are achieved in this matter, we rely on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, we collect and transfer to the U.S. personal data only: with your consent and / or to perform a contract with you. We and our processors endeavor to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with us and the practices described in this Privacy Policy. Please note that transfers to the US are very limited, and in particular, transfers from large cloud companies (Google, Youtube, etc.) could be declared illegal in court. Therefore, this paragraph as a “disclaimer” should not be understood as a disclaimer that may protect the company in case of inspection, but rather, as a gesture of good faith or transparency that allows users to make a better decision.

The bulk of user data is stored in Germany, within the European Union (EU). In order to guarantee a sufficient level of protection for data sent to third countries outside the EU, Pridatect S.L. will take sufficient technical and organisational measures.

You can address your communications and exercise your rights by sending written communication to the following e-mail address: dpo@pridatect.com 

 

By virtue of what is established in the regulations on data protection you can request: 

 

  • Right of access: you can ask for information about the personal data we have about you. 

 

  • Right of rectification: you can communicate any change in your personal data. 

 

  • Right to delete and forget: you can request the deletion of your personal data after they have been blocked. 

 

  • Right to limit processing: this involves restricting the processing of personal data. 

 

  • Right to oppose: you may withdraw your consent to the processing of your data by opposing future processing. 

 

  • Right to portability: in some cases, you can request a copy of the personal data in a structured, commonly used, machine-readable format for transmission to another service.

 

  • Right not to be subject to individual decisions: you can request that decisions not be taken on the basis of automated processing alone, including profiling, which produces legal effects or significantly affects the data subject. 

 

In some cases, the request may be refused if you ask for the deletion of data necessary for the fulfilment of legal obligations. Also, if you have a complaint about the processing of your data, you can make a complaint to the competent data protection authority. 

The user is solely responsible for the validity and correctness of the data included on the website, exonerating Pridatect S.L. from any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated as and when changes occur. The user agrees to provide complete and correct information in the contact or subscription form.

Pridatect S.L. is not responsible for the validity of the information that is not of its own elaboration and of which another source is indicated, and therefore it does not assume any responsibility for hypothetical damages that could arise from the use of this information.

 

Pridatect S.L. reserves the right to update, modify or eliminate the information contained in its web pages and may even limit or not allow access to this information. Pridatect S.L. is exonerated from any responsibility for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by Pridatec S.L., provided that this information comes from sources other than Pridatec S.L. 

Pridatect S.L. has adopted the legally required levels of security for the protection of personal data, and attempts to employ all those means or additional technical measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided to Pridatect. S.L. Nevertheless, the user must be aware that security measures on the Internet are not impregnable. 

 

Therefore, Pridatect S.L. is not responsible for any hypothetical damage or harm that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, caused by reasons beyond the control of Pridatect, S.L. Delays or blockages in the use of this electronic system caused by deficiencies or overloading of telephone lines or overloading of the Data Processing Centre, the Internet system or other electronic systems, as well as damage that may be caused by third parties through illegitimate interference are to be considered beyond the control of Pridatect, S.L. 

The Pridatect S.L. website and Social Networks use cookies to optimise and personalise your browsing experience. Cookies are physical information files that are stored in the user’s own computer or other browsing device. The information collected through cookies serves to facilitate the user’s navigation of the portal and to optimise the browsing experience. The data collected through cookies may be shared with Pridatect S.L., but in no case will the information obtained by them be associated with personal data or data that can identify the user. However, if the user does not wish to have cookies installed on his or her hard drive, he or she has the possibility of configuring the browser in such a way as to prevent the installation of these files. For more information, see our Cookie Policy. 

Security breaches can be caused by employees, third parties or computer errors. Therefore, we are legally obliged to notify data subjects if their personal data has been seriously affected within a maximum of 72 hours. In addition, users will be notified as soon as the security breach is resolved. Furthermore, the supervisory authority (ICO) will be contacted if the breach is significant and requires notification.

This privacy policy is subject to change. We encourage you to review the privacy policy from time to time.

As we do not have an establishment in the United Kingdom (“UK”), we have appointed a representative who you may address if you are a UK-based customer and wish to raise any issues or queries you may have relating to our processing of your personal data and/or this privacy and cookies policy.

 

Our UK representative is:

The DPO Centre, 50 Liverpool Street, London EC2M 7PY, UK

Our UK representative can be contacted directly:

+44 (0) 203 797 1289

Advice@dpocentre.com