Privacy Policy
Contents
- Definitions used in this Policy
- Data protection principles we follow
- Rights you have regarding your Personal Data
- Personal Data we gather about you
- How we use your Personal Data
- See, edit or delete your Personal Data
- Who else can access to your Personal Data
- Email communications
- How we secure your data
- Cookies and other technologies we use
- Children’s Data Protection
- Contact information
- Changes to this Privacy Policy
- Appendix
Definitions used in this Policy
Child – a natural person under 16 years of age.
Data subject – a natural person whose Personal Data is being Processed.
GDPR – General Data Protection Regulation.
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations which is performed on Personal Data or sets of Personal Data.
Site/website (either capitalized or not) – refers to Meridional Events’ website: www.meridionalevents.com.
We/us (either capitalized or not) – Meridional Events, its employees, and/or appointed partners.
Data protection principles we follow
We promise to follow the following data protection principles:
- Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you with information regarding Processing upon request.
- Processing is limited to its purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
- Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
- Processing is limited with a time period. We will not store your personal data for longer than needed.
- We will do our best to ensure the accuracy of the data.
- We will do our best to ensure the integrity and confidentiality of data.
Rights you have regarding your Personal Data
The Data Subject has the following rights:
- Right to information – meaning you have to right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
- Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
- Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
- Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
- Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to processing – meaning in certain cases you have the right to object to Processing of your Personal Data, for example in the case of direct marketing.
- Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – if we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
- Right for the help of supervisory authority (see below) – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent – you have the right withdraw any given consent for Processing of your Personal Data.
Personal Data we gather about you
Information you have provided us with
Any information provided to us is voluntary unless you are placing an order, in which case we will require your e-mail address, telephone number, name and/or name of the company, billing address, country of use (we are required to collect this information for software orders for European VAT calculation purposes) and other details necessary for delivering you our services or to enhance your customer experience with us. We save the information you provide us with for you to comment or perform other activities on the website. This information includes, for example, your name and your e-mail address.
If you choose to submit a contact form through our site, for example, to request a quotation or technical support, we may connect additional details.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Information automatically collected about you
This includes information that is automatically stored by cookies and other session tools such as your IP address. This information is used to improve your customer experience and it is also used to help protect the Site and users from malicious activities. When you use our services or look at the contents of our website, your activities may be logged.
Information from our partners
We occasionally receive information from our trusted partners with confirmation that they have legal grounds to share that information with us. This is either information you have provided them directly with or that they have gathered about you on other legal grounds.
Publicly available information
We might gather information about you that is publicly available.
How we use your Personal Data
We use your Personal Data to:
- provide our service to you. This includes, for example, registering your account; providing you with other products and services that you have requested; providing you with promotional items at your request and communicating with you concerning those products and services; communicating and interacting with you, and notifying you of changes to any services.
- enhance your customer experience;
- improve the protection of the Site and our users against malicious activities;
- fulfil an obligation under law or contract;
- send you relevant promotional communications.
We use your Personal Data on legitimate grounds and/or with your Consent.
On the grounds of entering into a contract or fulfilling contractual obligations, we Process your Personal Data for the following purposes:
- to identify you;
- to provide you with a service or to send/offer you a product or service;
- to communicate either for sales or invoicing.
On the ground of legitimate interest, we Process your Personal Data for the following purposes:
- to send you personalized offers (from us and/or our carefully selected partners);
- to administer and analyse our client base (purchasing behaviour and history) to improve the quality, variety, and availability of products/ services offered/provided;
- to conduct questionnaires concerning client satisfaction.
As long as you have not informed us otherwise, we consider offering you products/services that are similar or the same to your purchasing history/browsing behaviour to be our legitimate interest.
With your consent we Process your Personal Data for the following purposes:
- to send you newsletters and campaign offers (from us and/or our carefully selected partners);
- for other purposes we have asked your consent for;
- for notifying you of any information regarding your account or purchased products or services.
If you decide to opt-in to our newsletter mailing list, you will receive e-mails that may include, without limitation, company news, updates, related product or service information. These e-mails may be provided in multiple languages. If at any time you would like to unsubscribe from receiving future newsletter e-mails, there will be unsubscribed instructions at the bottom of each e-mail. Alternatively, you can contact us at any time to withdraw your consent to receive such messages.
We Process your Personal Data to fulfil obligation rising from law and/or use your Personal Data for options provided by law. We reserve the right to anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised. We save your billing information and other information gathered about you for as long as needed for accounting purposes or other obligations deriving from law, but not longer than 10 years. To the extent that these laws permit, we will delete or anonymise your Personal Data upon request.
We might process your Personal Data for additional purposes that are not mentioned here but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
- the link between purposes, context and nature of Personal Data is suitable for further Processing;
- the further Processing would not harm your interests and
- there would be appropriate safeguard for Processing.
We will inform you of any further Processing and purposes.
See, edit or delete your Personal Data
We can remove the e-mail address details from our system upon request, as with any personal data we have gathered, although this does not include any data that we are required to keep for administrative, legal or security purposes. Please contact us if you need more information about the information we collect or if you want to view, edit or delete your personal information; we will process your request for you.
Who else can access to your Personal Data
We do not share your Personal Data with strangers. Personal Data about you is in some cases provided to our trusted partners to either make providing the service to you possible or to enhance your customer experience.
We only work with Processing partners who can ensure an adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it.
Email communications
Email contents, including attached files -if there were any-, are confidential information and they are intended only for the use of the individual and/or entity to which it is addressed. If you are not the intended recipient, disclosure, copying, use, or distribution of the information included in the email is prohibited. Please notify us at Meridional Events the mistake by replying to the email and delete it and the attached files immediately.
How we secure your data
We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.
Even though we try our best we can not guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
Cookies and other technologies we use
We use cookies and/or similar technologies to analyse customer behaviour, administer the website, track users’ movements, and to collect information about users. This is done to personalise and enhance your experience with us.
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions.
We use cookies for the following purposes:
- Necessary cookies – These cookies are required for you to be able to use some important features on our website, such as logging in. These cookies don’t collect any personal information.
- Functionality cookies – These cookies provide functionality that makes using our service more convenient and makes providing more personalised features possible. For example, they might remember your name and e-mail in comment forms so you don’t have to re-enter this information next time when commenting.
- Analytics cookies – These cookies are used to track the use and performance of our website and services
You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as optout.aboutads.info or youronlinechoices.com. For more information about cookies, visit allaboutcookies.org.
Hubspot
We use Hubspot as our CRM software. Hubspot has its own Privacy Policy which you can review here. They also have other legal terms that you might want to review. Hubspot helps us to comply with the GDPR, by recording your preferences about cookies or contact. In the same way, it helps us the task of viewing, editing or deleting your personal data if you require us to do it.
Mailchimp
Mailchimp is our platform for mailing purposes. You can read more about their legal policies here.
Meridional Events uses Google Suite, and we requested this service to be provided from servers located in Europe to work under the European GDPR. We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here. If you’d like to opt-out of tracking by Google Analytics, visit the Google Analytics opt-out page.
For uniform representation of fonts, this page uses web fonts provided by Google as Google Web Fonts. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. If your browser does not support web fonts, a standard font is used by your computer.
For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our plugin. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.
Hotjar
We use Hotjar to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Children’s data protection
We do not intend to collect or knowingly collect information from children. We do not target children with our services. If you become aware that your child has provided us with personal information without your consent, please contact us for assistance. If we become aware that a child has provided us with personal information, we take steps to remove that information and terminate the corresponding account, if applicable.
Contact Information
If you have any questions about this privacy policy or our treatment of your personal data, as well as if you want to exercise any of your rights, please contact us:
Meridional Events
+34 952 401 900
If you feel that your personal data has been processed unsatisfactorily, you have a right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in Spain is the Agencia Española de Protección de Datos.
Supervisory Authority
Agencia Española de Protección de Datos
c/ Jorge Juan, 6, 28001 Madrid
+34 91 399 62 00
internacional@agpd.es
https://www.agpd.es/
Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Policy without prior notice.
Last modification was made on 17th July 2019.
Appendix
According to the transposition of the GDPR to the Spanish jurisdiction, under which Meridional Events is governed, this complementary information is also of interest to you.
Information of general interest
This document has been designed for the treatment of low-risk personal data from which it can be inferred that it can not be used for the processing of personal data that includes personal data related to ethnic or racial origin, religious or philosophical political ideology, union affiliation, data genetic and biometric data, health data, and data on sexual orientation of people as well as any other data treatment that entails high risk for the rights and freedoms of individuals.
Article 5.1.f of the General Data Protection Regulation (hereinafter, GDPR) determines the need to establish adequate security guarantees against unauthorized or illegal treatment, against the loss of personal data, destruction or accidental damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility of demonstrating, as established in Article 5.2, that these measures have been implemented (proactive responsibility).
Also, it must establish visible, accessible and simple mechanisms for the exercise of rights and have defined internal procedures to guarantee effective attention to the requests received.
Attention to the exercise of rights
The controller will inform all workers about the procedure to address the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, reference to the Delegate for Data Protection if there is one, postal address, etc.) and taking into account the following:
- Upon presentation of your national identity document or passport, the holders of personal data (interested) may exercise their rights of access, rectification, erasure, object, data portability and restriction of the processing. The exercise of rights is free.
- The controller must respond to the interested parties without undue delay and in a concise, transparent, intelligible manner, with a clear and simple language and keep proof of compliance with the duty to respond to requests for the exercise of rights made.
- If the request is submitted by electronic means, the information will be provided by these means when possible, unless the interested party requests otherwise. The requests must be answered within 1 month from receipt and may be extended two more months, taking into account the complexity or the number of requests, but in that case, the interested party must be informed of the extension within one month of receiving the request, indicating the reasons for the delay.
Right of access
In the right of access, the interested parties will be provided with a copy of the personal data that is available together with the purpose for which they were collected, the identity of the recipients of the data, the expected conservation periods or the criteria used to determine it, the existence of the right to request the rectification or deletion of personal data as well as the limitation or opposition to its processing, the right to file a claim with the Spanish Agency for Data Protection and if the data has not been obtained from the interested party, any information available about its origin. The right to obtain a copy of the data cannot negatively affect the rights and freedoms of other interested parties.
Form for the exercise of the right of access
Right of rectification
The right of rectification will proceed to modify the data of the interested parties that were inaccurate or incomplete attending to the purposes of the treatment. The interested party must indicate in the application to which data it refers and the correction that must be made, providing, when necessary, the documentation justifying the inaccuracy or incompleteness of the data subject to treatment. If the data have been communicated by the responsible party to other responsible parties, they must notify them of the rectification of the data unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if so requested.
Form for the exercise of the right of rectification
Right of erasure
In the right of erasure the data of the interested parties will be eliminated when they manifest their refusal to the treatment and there is no legal basis that prevents it, they are not necessary for relation to the purposes for which they were collected, they withdraw the consent given and there is no other legal basis that legitimises the treatment or it is illegal. If the erasure derives from the exercise of the interested party’s right of opposition to the processing of their data for marketing purposes, the identification data of the interested party may be retained to prevent future treatments. If the data has been communicated by the responsible party to other responsible persons, he/she should notify them of the suppression of these unless it is impossible or requires a disproportionate effort, providing the interested party with information about said addressees, if so requested.
Form for the exercise of the right of erasure
Right to object
In the right to object, when the interested parties express their refusal to treat their personal data before the person in charge, the latter will stop processing them as long as there is no legal obligation to prevent it. When the processing is based on a mission of public interest or the legitimate interest of the responsible person, facing a request to exercise the right to object, the responsible person will stop processing the data unless compelling reasons that prevail over the interests, rights and freedoms of the interested party or are necessary for the formulation, exercise or defence of claims. If the interested party objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.
Form for exercising the right to object
Right of data portability
In the right of data portability, if the treatment is carried out by automated means and is based on consent or is made within the framework of a contract, interested parties may request to receive a copy of their personal data in a structured, commonly used and readable format mechanics. Likewise, they have the right to request that they are transmitted directly to a new manager, whose identity must be communicated, when technically possible.
Form for the exercise of data portability
Right of restriction of processing
In the right of restriction of processing, the interested parties can request the suspension of the processing of their data to challenge its accuracy while the responsible person makes the necessary verifications or in the case that the treatment is carried out based on the legitimate interest of the responsible or in compliance of a mission of public interest while verifying if these reasons prevail over the interests, rights and freedoms of the interested party. The interested party may also request the preservation of the data if it considers that the treatment is illegal and, instead of the deletion, requests the limitation of the processing, or if not yet needed by the person responsible for the purposes for which they were collected, the interested party needs them for the formulation, exercise or defence of claims. The fact that the data processing of the interested party is limited must be clearly stated in the systems of the person responsible. If the data have been communicated by the responsible party to other responsible persons, they should notify them of the restriction of processing of the data, unless it is impossible or requires a disproportionate effort, providing the interested party with information about said recipients, if so requested.
Form for the restriction of processing
If the request of the interested party is not followed, the person responsible for the processing will inform him/her, without delay and no later than one month after receipt of the request, of the reasons for not acting and of the possibility of submitting a claim to the Spanish Agency for Data Protection and to exercise legal actions.
Contents
- 1 Privacy Policy
- 1.0.1 Contents
- 1.0.2 Definitions used in this Policy
- 1.0.3 Data protection principles we follow
- 1.0.4 Rights you have regarding your Personal Data
- 1.0.5 Personal Data we gather about you
- 1.0.6 How we use your Personal Data
- 1.0.7 See, edit or delete your Personal Data
- 1.0.8 Who else can access to your Personal Data
- 1.0.9 Email communications
- 1.0.10 How we secure your data
- 1.0.11 Cookies and other technologies we use
- 1.0.12 Children’s data protection
- 1.0.13 Contact Information
- 1.0.14 Changes to this Privacy Policy
- 1.1 Appendix