Protection of personal data
To the extent that the data that is requested through registration forms will refer to the contact data as the authorized person of the Client, as well as for its use Business to Business by Vudoir, the treatment of such information will be excluded from the scope of application of the regulations on data protection, under the provisions of Article 2.2. Regulations for the Development of Organic Law 15/1999, of December 13, approved by Royal Decree 1720/2007, of December 21 (hereinafter, the “Regulations”). Nevertheless, and in the event that incidental or accessory information of a personal nature is provided, by signing a Vudoir Order Form, the Client consents to the processing of said information for the development, maintenance and control of the legal relations with Vudoir.
Vudoir, in its capacity as responsible for the processing, recognizes that the Customer may exercise their rights of access, rectification, cancellation and opposition, in the terms established in the applicable regulations, at the following address: c / Nápols 343, mezzanine A, 08025 Barcelona, Spain.
Processing of personal data on behalf of the Client
To the extent that for the provision of the Services, access and treatment by Vudoir to the personal data owned and / or under the responsibility of the Client (hereinafter, the “Data”), Vudoir declares that it is aware of the obligations set forth in article 12 of the Organic Law 15/1999, of December 13, on the Protection of Personal Data (hereinafter, “LOPD”) and its implementing regulations, binding itself to its fulfillment. Consequently and in accordance with the provisions of the aforementioned article, access to the Data that is the responsibility of the Client by Vudoir in connection with the provision of the Services, shall not be considered as a communication or assignment of the Data for the purposes of the provisions of article 11 of the LOPD.
The Client will be solely responsible for the file in the terms provided in the current legislation. In no case the conditions established in the present Agreement suppose a delegation of the responsibilities that correspond to him in his condition of responsible of the file. In this sense, the Client, declares manifest and guarantees that he has complied with all the obligations established by the LOPD and its development regulations that correspond to him as responsible for the processing of the Data whose treatment is entrusted to Vudoir on the occasion of the provision of the Services. .
In compliance with the provisions of Article 12 of the LOPD, when Vudoir acts as responsible for the processing, it undertakes to:
• Treat only and exclusively the Data that it accesses for the execution of the Services and, in any other case, of compliance with the instructions that the Customer may provide.
• Not to use the Data for any other purpose or to communicate it to any third party, even for the purpose of its conservation, unless such assignment has been previously and expressly authorized in writing by the Client. Vudoir will not incur any responsibility when, upon express indication of the Client, it receives or communicates the personal data to a third party, either by virtue of the provision of the Services or once the same have been completed.
• Once the Vudoir contract has been finalized, as indicated by the Client, it will destroy or return to the Client, or to the Client expressly designated, the Data to which he has had access in the format at that time.
The destruction of the Data will not proceed when there is a provision derived from the applicable legal regulations that require its conservation, in which case Vudoir will proceed to return them to the Client.
Vudoir will only retain, properly blocked, the Data as long as they could derive responsibilities from their relationship with the Client.
• Adopt the necessary technical and organizational measures to guarantee the security, confidentiality and integrity of personal data and avoid their alteration, loss, treatment or unauthorized access in accordance with the provisions of the LOPD Development Regulation, approved by Royal Decree 1720/2007, of December 21 (hereinafter, the “Regulations”) and taking into account the state of the technology, the nature of the data and the risks to which they are exposed. In particular, Vudoir states that it has effectively implemented the security measures corresponding to the basic level referred to in the Regulation.
In accordance with the provisions of Article 21 of the Regulation, Vudoir may not subcontract to third parties on behalf of the Client, in whole or in part, the Services when said subcontracting entails access by the subcontractor to the Customer’s Responsible Data, except in those cases in which that has prior written authorization from this.
Notwithstanding the foregoing, subcontracting is possible without the Client’s authorization, provided that:
a) Vudoir informs the Client prior to the contracting of the identity and services to be subcontracted. For these purposes, the Client expressly authorizes Vudoir to perform the following subcontracting:
1) OVH HISPANO, SLU (hereinafter, OVH HISPANO), with CIF B-83834747 and registered in the Commercial Registry of Madrid, Volume 19514, Book 0 , Folio 77, Section 8, Page M-342678. The registered office is in Madrid, C / Princesa nº 22, 2º Dcha., 28008 Madrid.
2) Conclave Group LLC d / b / a Cometa Group 1499 Post Road Fairfield, CT 06824 (US).
3) ALTUR SL Calle General Brito, 6 – PISO 3 B, Lleida, 25007, Lerida, Spain.
4) Dropbox Ireland, One Park Place, Floor 6, Hatch Street Upper, Dublin.
5) IBM (International Business Machines) Spain, Santa Hortensia 26-28, 28002 Madrid
b) Vudoir and the subcontractor company formalize a contract, under the terms provided in this document where it is expressly established that the subcontractor will in all cases comply with the instructions of the person in charge of the file.
Unless authorized by Vudoir in writing, the Customer, in the use of the Services, will not collect personal data from third parties that entail, in the terms provided by the Regulation, the need to implement security measures of medium or high level in relation to with the treatment of the Data.
Each of the parties undertakes to hold the other harmless from any type of damage, loss, expense and / or sanction in any order, especially those resulting from any disciplinary proceedings initiated by the Spanish Agency for Data Protection , as a consequence of the breach of the respective obligations and guarantees assumed in this Agreement as well as of the non-compliance with the obligations that, in their respective condition of being responsible for the file and in charge of processing, are required in accordance with the regulations on Data Protection of Personal Character.