- Definitions used in this Policy
- Data protection principles we follow
- Rights you have regarding your Personal Data
- Personal Data we gather about you
- How we use your Personal Data
- See, edit or delete your Personal Data
- Who else can access to your Personal Data
- Email communications
- How we secure your data
- Cookies and other technologies we use
- Children’s Data Protection
- Contact information
Definitions used in this PolicyChild – a natural person under 16 years of age. Data subject – a natural person whose Personal Data is being Processed. GDPR – General Data Protection Regulation. Personal Data – any information relating to an identified or identifiable natural person. Processing – any operation or set of operations which is performed on Personal Data or sets of Personal Data. Site/website (either capitalized or not) – refers to Meridional Events’ website: www.meridionalevents.com. We/us (either capitalized or not) – Meridional Events, its employees, and/or appointed partners.
Data protection principles we followWe promise to follow the following data protection principles:
- Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you with information regarding Processing upon request.
- Processing is limited to its purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
- Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
- Processing is limited with a time period. We will not store your personal data for longer than needed.
- We will do our best to ensure the accuracy of the data.
- We will do our best to ensure the integrity and confidentiality of data.
Rights you have regarding your Personal DataThe Data Subject has the following rights:
- Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
- Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
- Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
- Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
- Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
- Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – if we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
- Right for the help of supervisory authority (see below) – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.
How we use your Personal DataWe use your Personal Data to:
- provide our service to you. This includes, for example, registering your account; providing you with other products and services that you have requested; providing you with promotional items at your request and communicating with you concerning those products and services; communicating and interacting with you, and notifying you of changes to any services.
- enhance your customer experience;
- improve the protection of the Site and our users against malicious activities;
- fulfil an obligation under law or contract;
- send you relevant promotional communications.
- to identify you;
- to provide you with a service or to send/offer you a product or service;
- to communicate either for sales or invoicing.
- to send you personalized offers (from us and/or our carefully selected partners);
- to administer and analyse our client base (purchasing behaviour and history) to improve the quality, variety, and availability of products/ services offered/provided;
- to conduct questionnaires concerning client satisfaction.
- to send you newsletters and campaign offers (from us and/or our carefully selected partners);
- for other purposes we have asked your consent for;
- for notifying you of any information regarding your account or purchased products or services.
- the link between purposes, context and nature of Personal Data is suitable for further Processing;
- the further Processing would not harm your interests and
- there would be appropriate safeguard for Processing.
See, edit or delete your Personal DataWe can remove the e-mail address details from our system upon request, as with any personal data we have gathered, although this does not include any data that we are required to keep for administrative, legal or security purposes. Please contact us if you need more information about the information we collect or if you want to view, edit or delete your personal information; we will process your request for you.
Who else can access to your Personal DataWe do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners to either make providing the service to you possible or to enhance your customer experience. We only work with Processing partners who can ensure an adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.
Email communicationsEmail contents, including attached files -if there were any-, are confidential information and they are intended only for the use of the individual and/or entity to which it is addressed. If you are not the intended recipient, disclosure, copying, use, or distribution of the information included in the email is prohibited. Please notify us at Meridional Events the mistake by replying to the email and delete it and the attached files immediately.
How we secure your dataWe do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks. Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur. If you have an account with us, note that you have to keep your username and password secret.
- Necessary cookies – These cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
- Functionality cookies – These cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
- Analytics cookies – These cookies are used to track the use and performance of our website and services
Children’s data protectionWe do not intend to collect or knowingly collect information from children. We do not target children with our services. If you become aware that your child has provided us with personal information without your consent, please contact us for assistance. If we become aware that a child has provided us with personal information, we take steps to remove that information and terminate the corresponding account, if applicable.
AppendixAccording to the transposition of the GDPR to the Spanish jurisdiction, under which Meridional Events is governed, this complementary information is also of interest to you.
Information of general interestThis document has been designed for the treatment of low-risk personal data from which it can be inferred that it can not be used for the processing of personal data that includes personal data related to ethnic or racial origin, religious or philosophical political ideology, union affiliation, data genetic and biometric data, health data, and data on sexual orientation of people as well as any other data treatment that entails high risk for the rights and freedoms of individuals. Article 5.1.f of the General Data Protection Regulation (hereinafter, GDPR) determines the need to establish adequate security guarantees against unauthorized or illegal treatment, against the loss of personal data, destruction or accidental damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility of demonstrating, as established in Article 5.2, that these measures have been implemented (proactive responsibility). Also, it must establish visible, accessible and simple mechanisms for the exercise of rights and have defined internal procedures to guarantee effective attention to the requests received.
Attention to the exercise of rightsThe controller will inform all workers about the procedure to address the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, reference to the Delegate for Data Protection if there is one, postal address, etc.) and taking into account the following:
- Upon presentation of your national identity document or passport, the holders of personal data (interested) may exercise their rights of access, rectification, erasure, object, data portability and restriction of the processing. The exercise of rights is free.
- The controller must respond to the interested parties without undue delay and in a concise, transparent, intelligible manner, with a clear and simple language and keep proof of compliance with the duty to respond to requests for the exercise of rights made.
- If the request is submitted by electronic means, the information will be provided by these means when possible, unless the interested party requests otherwise. The requests must be answered within 1 month from receipt and may be extended two more months, taking into account the complexity or the number of requests, but in that case, the interested party must be informed of the extension within one month of receiving the request, indicating the reasons for the delay.