Numu CMS

data-en

When this contract is accepted it will be considered valid, not being necessary a physical signature for security reasons.

That for the purposes of this contract are understood as:

  • Personal data: all information about an identified or identifiable natural person; will be consider as a natural person, any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, identification number, location data, online identifier or one or several elements of the physical, physiological, genetic, psychic, economic, cultural or social identity of said person.
  • Stakeholder: is the identified or identifiable natural person.
  • Treatment: any operation or set of operations performed on personal data or personal data sets, either by automated procedures or not, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of access authorization, comparison or interconnection, limitation, suppression or destruction.
  • Data controller: the natural or legal person, public authority, service or other body that, alone or together with others, determines the purposes and means of treatment.
  • Data processor: the natural or legal person, public authority, service or other body that processes personal data on behalf of the Data controller.
  • Violation of the security of personal data: any breach of security resulting from the destruction, loss or alteration, accidental or unlawful of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to said data.
  1. That THE DATA CONTROLLER has contracted with THE DATA PROCESSOR the provision of the services regulated in the contract signed by both parties for the service of “BRAND ADVERTISING AND THE ACTIVITY OF THE DATA PROCESSOR THROUGH MARKETING ON THE WEB PLATFORM AND IN THE APP OF THE CONTROLLER, AND COLLABORATION IN THE PROGRAM OF PRIZES AND REWARDS TO BE OBTAINED BY THE USERS THROUGH THEIR COMMENTS, REVIEWS AND OPINIONS IN OTHER MEDIA ” of the CONTROLLER activity.
  2. That in order to carry out these contracted services, it will be necessary for THE PROCESOR, in his capacity as Data Processor, to have access to personal data included in files provided by THE DATA CONTROLLER. This access is not considered data communication.
  3. The PROCESSOR will treat the necessary data of the CONTROLLER solely and exclusively for the performance of the contracted service, not transferring or divulging any of it to third parties without explicit consent of the CONTROLLER
  4. That for this reason and in compliance with the Organic Law of Personal Data Protection, and what is stipulated in the New European RGPD, both parties freely agree to regulate the access and treatment of the data of the CONTROLLER in accordance with the following

CLAUSES

First.- That THE CONTROLLER, as Data controller, knows that he/she must proceed to register in the Registry of the Data Protection Agency, and comply with all the legal requirements for the collection and processing of the data included therein. Likewise, manifests that he/she will adopt all the necessary technical and organizational measures to guarantee the security of the personal data, established in the R.D. 1720/2007, of December 21.

Second.- That the access by the PROCESSOR to the files of the CONTROLLER shall be solely and exclusively for the purpose of rendering the services entrusted in the \”provision of services\” contract. THE PROCESSOR agrees to treat them in accordance with the regulations stipulated for it in the RGPD, without waiting for the Data Controller to indicate the instructions, the way or the manner to carry out said treatment; it is explicitly stated in this contract that they will not be applied or used for a purpose different than that for which the services were contracted, and that they will not be communicated, even for their conservation, to other persons or entities except in the case fixed in the fifth clause. The data to which the PROCESSOR has access will be treated and guarded during the contractual relationship that links him/she to the CONTROLLER, being deleted and/or eliminated from the files of the PROCESSOR once the contractual relationship ends.

Third.- THE PROCESSOR will implement the necessary technical and organizational measures to guarantee the security and integrity of the personal data included in the files and to prevent their alteration, loss, unauthorized treatment or access, taking into account the state of technology, the nature of the stored data and the risks to which they are exposed, whether they come from human action, or from the physical or natural environment. The security measures mentioned are those determined in the R.D. 1720/07, of December 21.

Fourth.- THE PROCESSOR commits him/herself to professional secrecy with respect to the data included in the files, an obligation that will remain in force even after the end of his/her relationship with THE CONTROLLER. Said duty of secrecy affects all personnel and technical service of THE PROCESSOR that can access and/or process data of THE CONTROLLER.

Fifth.- THE CONTROLLER expressly authorizes the PROCESSOR to hire third parties whose intervention is considered opportune for good development of the services, informing the identity of the third party and of the services in charge. In addition, THE PROCESSOR is obliged to sign a contract with the third party stipulating the obligations that must be fulfilled in relation to the protection of personal data.

Sixth.- The signatories authorize THE PROCESSOR to incorporate their personal data included in this contract, along with those obtained during the duration of the contract between them, in order to provide the service of “BRAND ADVERTISING AND THE ACTIVITY OF THE DATA PROCESSOR THROUGH MARKETING ON THE WEB PLATFORM AND IN THE APP OF THE CONTROLLER, AND COLLABORATION IN THE PROGRAM OF PRIZES AND REWARDS TO BE OBTAINED BY THE USERS THROUGH THEIR COMMENTS, REVIEWS AND OPINIONS IN OTHER MEDIA”. To do this, unequivocal consent is requested:

In the event that for the contracted services, the PROCESSOR provides the personal data to other individuals, it must previously inform the CONTROLLER of this fact. Likewise, THE PROCESSOR is expressly authorized to communicate said personal data to those entities whose intervention is necessary to comply with this contractual relationship. In any case, the owner of the data may exercise the rights of access, rectification, cancellation and opposition, by addressing THE PROCESSOR in writing to the following ordinary mail address 1A Albert Street, Goodwood, SA, 5034.

Seventh.- The rescission, resolution or termination of the provision of services, will justify the obligation on the part of THE PROCESSOR to cancel the personal data provided by THE CONTROLLER. These data will have to be destroyed or returned to THE CONTROLLER, just like any support or document in which there is personal data that is object of treatment.

Eighth.- Co-controllers: both parties will be considered co-controllers. The joint responsibility will be considered of mutual agreement with the signing of this contract.

Ninth.- Obligations and rights of the Data Controller: according to what is established in the current regulations in Personal Data Protection, the Data controller must:

  • Apply appropriate technical and organizational measures in order to guarantee and be able to demonstrate that the treatment is in accordance with current legislation.
  • Adopt data protection policies.
  • Guarantee that the Data Protection Delegate or, failing that, the Privacy Manager participates adequately and in a timely manner in all matters relating to the personal data protection.
  • Adhere to the Code of Conduct that can be approved by the Commission or corresponding body.
  • Keep a record of treatment activities in case of processing personal data that pose a risk to the rights and freedoms of the interested party and/or in a non-occasional manner, or that involves the processing of special categories of data and/or data related to convictions and infractions.
  • Make available to the interested parties the essential aspects of this agreement.
  • Indistinctly attend the legal exercises established in the current regulations in Personal Data Protection even if said exercise is addressed to the Data Processor.

Tenth.- Obligations and rights of the Data Processor: according to what is established in the current regulations on Personal Data Protection, Data Processor must:

  • Guarantee that the persons authorized to process personal data are committed to respect confidentiality or are subject to an obligation of confidentiality of statutory nature.
  • Take all appropriate technical and organizational measures to guarantee a level of security appropriate to the treatment risk.
  • Respect the conditions to resort to another Data Processor, as established in the current regulations in Personal Data Protection.
  • Assist the Controller, taking into account the nature of the treatment, through appropriate technical and organizational measures, whenever possible, so they can fulfill the obligation of responding to requests aimed to exercise the rights of the interested parties.
  • Help the Controller to guarantee compliance with their obligations, taking into account the nature of the treatment and the information that is available to them.
  • At the discretion of the Controller, delete or return all personal data once the provision of treatment services has ended, and delete the existing copies unless the preservation of personal data is required under the Union Rights or the law of the Union or the Member states.
  • Provide the Controller with all the necessary information to demonstrate compliance with the obligations established in this article, as well as to allow and contribute to the performance of audits, including inspections, by the Controller or another auditor authorized by said Controller
  • Guarantee that the Data Protection Delegate or, failing that, the Privacy Manager participates adequately and in a timely manner in all matters relating to the personal data protection.
  • Adhere to the Code of Conduct that can be approved by the Commission or corresponding body.
  • Keep a record of treatment activities in case of processing personal data that pose a risk to the rights and freedoms of the interested party and/or in a non-occasional manner, or that involves the processing of special categories of data and/or data related to convictions and infractions.
  • Indistinctly attend the legal exercises established in the current regulations on Personal Data Protection even if said exercise is addressed to the Data controller.

Eleventh.- For any question or divergence that may arise from the interpretation of this contract, the parties submit themselves to the competent Authority.

Close Bitnami banner
Bitnami