Privacy policy

Our privacy policy is based on the terms used by the European legislator under the General Data Protection Regulation (GDPR). The privacy policy must be written in such a way that the general public as well as our customers and business partners can easily read and understand it. To ensure this, we would first like to explain some of the terms used.

1. Personal data.

Personal data is any information relating to a specific or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more factors specific to that natural person's physique, physiology, genetic identity, mind, economy, culture or society.

2. Affected person.

A data subject is any identified or identifiable natural person whose personal data are processed by the controller.

3. Processing.

Processing is any process or set of operations performed on personal data, such as automation, recording, organisation, structuring, storage, adaptation, alteration, access, consultation, use, transmission, disclosure, making available, addressing, combination, restriction, erasure or destruction.

4. Profiling.

Profiling is any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects relating to that natural person's professional performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.

5. Pseudonymisation.

Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. Controller.

The controller is the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, Union or Member State law may determine the controller or the specific criteria for its designation.

7. Processor.

The processor is a natural or legal person, public authority, governmental body or any other body processing personal data on behalf of the controller.

8. Recipients.

The recipient is a natural or legal person, public authority, agency or any other body to which the personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the framework of a particular investigation in accordance with Union or national law shall not be considered as recipients. The processing of such data by public authorities should comply with the data protection rules applicable according to the purposes of such processing.

9. Third parties.

Third parties are natural or legal persons, public authorities, services or bodies other than the data subject, the controller, the processor and the persons authorised to process personal data under the direct authority of the controller or the processor.

10. Consent.

The data subject's consent is any freely given, specific, informed and unambiguous indication of his or her wishes by means of a clear affirmative statement or action that he or she consents to the processing of personal data concerning him or her.

The responsible entity within the meaning of the GDPR and other national data protection laws of the Member States as well as other data protection regulations is:

Zener Encitel, S.L.

Enrique de Frutos

Ronda de Valdecarrizo, 47,nave B12

28760 – Tres Cantos

Spain

Email address: privacy@zener.es | Website: www.zener.es

You can contact our data protection officer in the following manner: 

PRODA CYL, SLU

C/ Angustias 32, 2B

47003 – Valladolid

Spain

 

Phone: +34 983 363 893

 

Email address: prodacyl@prodat.es

1. Scope of processing

We process the personal data of visitors and users of our website only to the extent necessary to provide a functioning website and our content and services. We process the personal data of our users on a regular basis with their consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis

Insofar as we obtain the data subject's consent to the processing of personal data, Art. 6 para. 1 GDPR serves as the legal basis.

In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations necessary to perform pre-contractual actions.

Insofar as the processing of personal data is necessary to comply with a legal obligation that is subject to our company, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the first interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

3. Storage and deletion of your data

We delete or block the data subject's personal data as soon as the purpose of storage is removed. They may also be stored if this is provided for by European or national legislators in EU regulations, laws or regulations to which our company is subject. Data is also blocked or deleted when a storage period prescribed by the aforementioned regulations expires, unless additional storage is necessary for the conclusion or fulfilment of a contract.

Scope of processing

Each time our website is accessed, our system automatically collects data and information from the calling computer's computer system. This may include information such as the following:

• Information about the type and version of your Internet browser.
• The operating system of your computer or smartphone.
• Your Internet service provider.
• Your IP address.
• Date and time of access.
• Websites you came from.
• Websites you visit from our website.
• The legal basis for the temporary storage is Art. 6 para. 1 lit. f GDPR.

We collect such information in so-called "log files", so that we can display our website correctly and identify the causes of any technical problems, for the technical optimisation of our websites and to protect our computer systems and networks. For these purposes, our legitimate interest in processing the data is based on Art. 6 para. 1 lit. f of the GDPR.

The data will be deleted as soon as they are no longer required for the purposes for which they were collected. As a rule, this technical information will be deleted or rendered unrecognisable after seven days at the latest.

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Consequently, there is no contradiction on the part of the user.

1. Description and scope of data processing

On our website you can contact us via the contact form or via the "Work with us" form. If you allow it, the data entered in the input mask will be transmitted to us and saved. In addition to the input-specific macro data, the IP address and the date and time of the request are collected and stored. For the processing of the data, you give your consent in the context of the sending process.

Alternatively, you can contact us by e-mail. In this case, the user's personal data transmitted by e-mail will be stored.

In this context, the data will not be passed on to third parties under any circumstances and will be used exclusively for the purpose of processing the conversation.

2. Legal basis for processing

The legal basis for data processing in the presence of the user's consent is Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f. GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask is carried out solely for the purpose of processing your request. In the case of contact by e-mail, this also includes the legitimate interest necessary for the processing of the data.

Further personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

If you have requested information on a service or product, we reserve the right to store the data for two years in order to measure the profitability of our sales and marketing. Otherwise, we will delete the data as soon as it is no longer needed to fulfil the purpose for which it was collected. For personal data from the input form of the contact form and those sent by e-mail, this happens when the respective conversation with the user ends. The conversation is terminated when the circumstances make it clear that the relevant facts have been clarified.

5. Possibility of objection and deletion

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot continue, and all personal data stored in the course of the contact will be deleted.

1. What are cookies?

Web browser cookies

A web browser cookie is a small text file that a website sends to your computer or mobile device and that your web browser stores. Web browser cookies can store information such as your IP address or other identifiers, your browser type and information about the content you display and interact with on the digital services. By storing such information, web browser cookies can store your preferences and settings for online services and analyse how you use those services.

Tracking technologies: web beacons, gifs, pixels, page tags, scripting

Emails and mobile applications may contain small transparent image files or lines of code to record how you interact with them. This information is used to help website and app publishers better analyse and improve their services.

2. Use, legal basis and purpose

We use cookies to make our website more user-friendly. Some elements of our website require identification of the calling browser, including after a page break.

Before consent is given, 2 functional cookies are set. The "PHPSESSID" cookie is used to recognise the language of the browser and thus adapt the language of the website. After closing the browser, this cookie is deleted. The "wBounce" cookie only contains the value "true". This value is used to determine whether the user has already seen a pop-up or not. If the user has already interacted with one, we do not want to show it again for a certain period of time.

In addition, we also set the two IAB cookies "euconsent" and "epubconsent". These cookies are stored when a user does not want to be tracked. The same applies to the storage of data in local storage. This only serves to remind us that a user has not given consent. Otherwise, we would have to ask the same question every time the same user visits the website.

The aforementioned cookies, as well as the storage of data in local storage, only enable functionalities that should contribute to improving the user experience on our website. We do not use cookies with personal data without obtaining the consent of the users.

In addition, we use cookies on our website that allow us to analyse the browsing behaviour of users.

By accessing our website, the user is informed about the use of cookies for analytical purposes and his consent is obtained for the processing of personal data used in this context. In this context, a reference to this privacy policy is also included.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f of the GDPR.

The legal basis for processing personal data using cookies for analytical purposes is the consent of the user (Art. 6 para. 1 lit. a GDPR).

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be provided without the use of cookies. For these functions, it is necessary to recognise the browser even after a page break. We require cookies for the following applications: acceptance of language settings. User data collected by technically necessary cookies are not used to create user profiles.

The use of analytics cookies is intended to improve the quality of our website and its content. Through analytics cookies, we learn how the website is used and can constantly further optimise our offer.

3. Duration of storage, objection, and deletion options

Cookies are stored on the user's computer, which transmits them to us. You, as the user, therefore, have full control over the use of your cookies. By changing the settings of your Internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, you may not be able to use all functions of the website to their full extent.

Google Analytics

Description of the Service

This is a web analytics service. With this, the user can measure the return on interest advertising "ROI" as well as track user behaviour with flash, video, websites and applications.

Company in charge of the processing

Google Ireland Limited.

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data Protection Officer of the Data Controller

Below you can find the e-mail address of the data controller of the company in charge of the processing.

https://support.google.com/policies/contact/general_privacy_form

Purpose of the data

This list represents the purposes of data collection and processing.

• Marketing.
• Anañytics.

Technologies used

This list represents all the technologies used by this service to collect data. Typical technologies are cookies and pixels placed in your browser.

• Cookies.
• Pixel.
• JavaScript.
• Device fingerprinting.

Collected data

This list represents all (personal) data that is collected by, or through the use of this service.

• Click path
• Date and time of visit
• Device information
• Location information
• IP address
• Visited pages
• Referrer URL
• Browser information
• Computer name
• Browser language
• Browser type
• Screen resolution
• Device operating system
• Interaction data
• User behaviour
• URL visited.

Legal basis

The legal bases required for data processing are listed below.

• Article 6 para. 1 s. 1 lit. a GDPR.

Place of processing

This is the main location where the collected data is processed. If data is also processed in other countries, you will be informed separately.

• European Union.

Duration for storing data

The retention period is the period of time the collected data are kept for the purposes of processing. Data should be deleted as soon as they are no longer required for the stated processing purposes.

The retention period depends on the type of data stored. Each customer can choose how long Google Analytics retains the data before it is automatically deleted.

Transfer to third countries

This service may send the collected data to a different country. Please note that this service may transfer data to a country without the required data protection standards. If the data is transferred to the USA, there is a risk that the US authorities may process your data to take control and surveillance measures, possibly without legal recourse. A list of countries to which data is transferred can be found below. For more information on protection measures, please refer to the privacy policy of the website provider or contact the website provider directly.

• United States of America
• Singapore
• Chile
• Taiwan.

Data recipients

The recipients of the data collected are listed below.

• Google Ireland Limited.
• Alphabet Inc.
• Google LLC.

Click here to read the privacy policy of the data processor.

https://policies.google.com/privacy?hl=en

Click here to read the cookie policy of the data processor:

https://policies.google.com/technologies/cookies?hl=en

Click here to disable this manager on all domains:

https://tools.google.com/dlpage/gaoptout?hl=de

Storage information

• Maximum duration of cookie storage: 2 Years
• Information stored
• Name: _ga; Used to distinguish users; Type: cookie; Duration: 2 Years;
• Name: _gid; Used to distinguish users; Type: cookie; Duration: 1 day;
• Name: _gat_gtag_xxx; Used to distinguish users; Type: cookie; Duration: 1 Minute; Name: _gat_gtag_xxx; Used to distinguish users; Type: cookie; Duration: 1 Minute;
• Name: _gac_xxx; Contains information about which ads have been clicked; Type: cookie; Duration: 2 Months, 29 days.

Our services are not directed to children under the age of 13. We do not knowingly collect information from children under the age of 13. If you are under this age limit, please do not use the Services or provide us with your personal information. If you are a parent of a child under the age limit and you learn that your child has provided personal information to Zener, please email us at privacy@zener.es and insist on exercising your rights of access, correction, deletion or objection. If you reside in California and are under the age of 18, and you wish to delete publicly available content, please email us at privacy@zener.es.

If we process your personal data, you may exercise the following rights once we have correctly identified you:

1. Right to information

You can ask our company to confirm whether we are processing your personal data.

If we are processing your personal data, you may request information on a wide range of circumstances in accordance with the GDPR, such as:

(1) the purposes for which your personal information is processed

(2) The categories of personal data that are processed

(3) The recipients or categories of recipients to whom your personal information has been disclosed or continues to be disclosed

(4) The intended duration of storage of your personal data or, if no specific information is available, the criteria for determining the retention period.

(5) The existence of a right to rectification or erasure of your personal data, a right to restrict our processing or a right to object to such processing

(6) the existence of a right of appeal to a supervisory authority

(7) All available information about the origin of your personal data, unless you have provided it

(8) The existence of automated decisions, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the scope and expected impact of such processing on the data subject.

You have the right to request information on whether your personal information relates to a third country or an international organization. In that regard, you may request appropriate safeguards in accordance with Art. 46 of the GDPR in relation to the transfer.

2. Right of correction

You have the right to correct or supplement your personal data if the information is incorrect or incomplete. We will carry out the correction without delay.

3. Right to restrict processing

Under certain circumstances, you may request the restriction of the processing of your personal data.

(1) If you dispute the accuracy of your personal information for a period of time that allows us to verify the accuracy of such information

(2) If the processing is unlawful and you refuse to have your personal data erased and instead request that we restrict its use

(3) If we no longer need your personal information for the processing, but you need it to assert, exercise or defend your rights

(4) If you object to the processing and it is still uncertain whether the legitimate reasons of our group of companies and affiliates outweigh your reasons.

If the processing of your personal data is restricted, we may only process such data, with the exception of its storage, with your consent or in order to assert, exercise or defend legal claims or protect the rights of another natural or legal person.

If the conditions are restricted, we will inform you before the restriction is lifted.

4. Right to erasure

You can ask us to delete your personal information immediately and we will be obliged to do so if any of the following conditions are met:

(1) Your personal data are no longer required for the purposes for which they were collected or otherwise processed

(2) You revoke your consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 GDPR and there is no other legal basis for the processing.

(3) Pursuant to Art. 21 para. 1 GDPR: objection to the processing and there are no prior justifiable grounds for the processing, or Art. 21 para. 2 GDPR.

(4) Your personal data have been processed unlawfully.

(5) The personal data concerning you must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.

We have disseminated your personal data and, in accordance with Art. 17 (1) GDPR, we must take appropriate steps to inform other companies that process your personal data that you have removed all links to your personal data, taking into account the technology available and the costs of implementing the personal data (and all copies thereof) ("right to be forgotten"). The right to erasure does not exist if the processing is necessary.

(1) To exercise the right to freedom of expression and information.

(2) For compliance with a legal obligation required by Union or Member State law to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(3) For reasons of public interest in the field of public health, in accordance with Art. 9. lit. h and i, as well as Art. 9 (3) GDPR.

(4) To assert, exercise or defend legal claims.

5. Right to information of third parties by our company

If you have the right to rectification, erasure or restriction of processing by our company, we are obliged to notify all other recipients to whom we have disclosed your personal data of this rectification or erasure or restriction of processing, unless this is impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal information you have provided to us in a structured, common, machine-readable format. You also have the right to transfer this information to another person without hindrance from the controller to whom you have provided the personal data, provided that

(1) The processing is based on consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR) or on a contract.

(2) The processing is carried out by automated means.

In exercising this right, you also have the right to have personal data concerning you transmitted directly from one person to another, insofar as this is technically possible. The freedoms and rights of other persons are not affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of public authority delegated to the controller.

7. Right to object

You have the right to object to the processing of your personal data in accordance with Art. 6 para. 1 lit. e or f of the GDPR, provided that there are reasons for this arising from your particular situation. This also applies to profiling based on these provisions.

We will stop processing your personal information in this case, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the assertion, enforcement or defence of legal claims.

In case your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent, until it is revoked.

9. Automated decision-making on a case-by-case basis, including profiling

You have the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning you.

This does not apply if the decision:

(1) Is necessary for the conclusion or performance of a contract between the two parties; or

(2) Is authorised by Union or Member State law to which the controller is subject, and where such law contains appropriate measures to safeguard your rights and freedoms and legitimate interests

(3) It is taken with their express consent.

In the cases referred to in (1) and (3), the responsible person shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention by our company to express your point of view and challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative remedy or judicial action, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you have your habitual residence, place of work or place of the alleged breach, in case you consider that the processing of your personal data does not comply with the GDPR.

Please find the names and contact details of the competent supervisory authorities in the European Union at the following link:

https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.html

The supervisory authority with which the complaint has been lodged will inform the complainant about the course and outcome of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.

Protecting the information you provide to us or that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, unauthorised access, alteration, disclosure or destruction. Zener has taken steps to ensure the continued confidentiality, integrity, availability and resilience of systems and services that process personal information, and will restore availability and access to information in the event of a physical or technical incident in a timely manner.

We reserve the right to update this Privacy Policy from time to time. If we make material changes that restrict Zener's rights or obligations under this Privacy Policy, we will post a clear notice in this section of this Privacy Policy when they are updated.