Index

1. Purpose of the Privacy Policy
2. Definitions
3. Identity of the Data Controller
4. Applicable laws and regulations
5. Principles applicable to the processing of personal data
6. Data Processing activities carried out
7. Necessary and updated information
8. Personal data of minors
9. Technical and organizational security measures
10. Rights of the interested parties
11. Claims before the Control Authority
12. Acceptance and changes in the Privacy Policy

PURPOSE OF THE PRIVACY POLICY

The purpose of this "Privacy and Data Protection Policy" is to disclose the conditions that govern the collection and processing of personal data by Animal Data Analytics (ADA), making every effort to ensure fundamental rights, the honor and freedoms of the people whose personal data is processed in compliance with current regulations and laws that regulate the Protection of Personal Data according to the European Union and the Spanish Member State and, specifically, those expressed in the section "Treatment Activities ” of this Privacy Policy.

For all of which, in this Privacy and Data Protection Policy, users of the Website https://www.ada-animaldata.com are informed of all the details of their interest regarding how these processes are carried out, with what purposes, that other entities may have access to your data and what are the rights of users.

DEFINITIONS

"Personal Data": Any information about an identified or identifiable natural person ("the user of the Website"); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, psychological, economic, cultural or social of said person.

"Treatment": any operation or set of operations performed on personal data or sets of personal data, whether by automated procedures or not, such as collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of authorization of access, comparison or interconnection, limitation, deletion or destruction.

"Limitation of processing": the marking of the personal data stored in order to limit its processing in the future.

"Profiling": any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects related to professional performance, economic situation, health, personal preferences, interests , reliability, behavior, location or movements of said natural person.

"Pseudonymization": the processing of personal data in such a way that it can no longer be attributed to a data subject without the use of additional information, provided that such additional information is listed separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

"File": any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.

"Responsible for the treatment" or "controller": the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the treatment; if Union or Member State law determines the purposes and means of processing, the controller or the specific criteria for his appointment may be established by Union or Member State law.

"Processor" or "processor": the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.

"Recipient": the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered recipients; The processing of such data by said public authorities will be in accordance with the data protection regulations applicable to the purposes of the processing.

"Third Party": natural or legal person, public authority, service or body other than the data subject, the data controller, the data processor and the persons authorized to process personal data under the direct authority of the data controller or processor.

"Consent of the interested party": any expression of free, specific, informed and unequivocal will by which the interested party accepts, either through a declaration or a clear affirmative action, the processing of personal data concerning him.

"Breach of personal data security": any breach of security that results in the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized disclosure of or access to such data

"Genetic data": personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about that person's physiology or health, obtained in particular from the analysis of a biological sample from that person.

"Biometric data": personal data obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or dactyloscopic data.

"Health-related data": personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about their state of health.

"Main establishment": a) in the case of a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken in another establishment of the controller in the Union and the latter establishment has the power to enforce such decisions, in which case the establishment that has taken such decisions shall be considered as the main establishment; b) in the case of a processor with establishments in more than one Member State, the place of its central administration in the Union or, if it does not have one,

"Representative": a natural or legal person established in the Union who, having been appointed in writing by the controller or processor pursuant to Article 27 of the GDPR, represents the controller or processor with regard to their respective obligations in under this Regulation.

"Company": natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations that regularly carry out an economic activity.

"Supervisory Authority": the independent public authority established by a Member State in accordance with the provisions of Article 51 of the GDPR. In the case of Spain it is the Spanish Data Protection Agency.

"Cross-border processing" means (a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, if the controller or processor is established in more than a Member State, or b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member state.

"Information society service" means any information society service, that is, any service normally provided for remuneration, remotely, electronically and at the individual request of a service recipient.

IDENTITY OF THE DATA CONTROLLER

The Data Controller is that natural or legal person, public or private, or administrative body, which alone or jointly with others determines the purposes and means of personal data processing; in the event that the purposes and means of processing are determined by the Law of the European Union or the Spanish Member State.
In the aspects expressed in this Data Protection Policy, the identity and contact details of the Treatment Manager is:
Animal Data Analytics (ADA) – NIF/DNI B40177180
CALLE DÁMASO ALONSO, 14. 40006, SEGOVIA (Segovia), Spain
Email: ada@ada-animaldata.com
Telephone: 921 412556


APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:
Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data. Hereinafter GDPR.
Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce. Hereinafter LSSICE.


PRINCIPIOS APLICABLES AL TRATAMIENTO DE DATOS PERSONALES

The personal data collected and processed through this website will be treated in accordance with the following principles:
Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be lawful and fair, making it completely clear to the user when personal data concerning him or her is being collected, used, consulted or processed. The information related to the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language.
Purpose limitation principle: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a way that is incompatible with the purposes for which they were collected.
Principle of data minimization: The data collected will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed.
Principle of accuracy: The data will be accurate and, if necessary, updated, adopting all reasonable measures so that personal data that is inaccurate with respect to the purposes for which it is processed is deleted or rectified without delay.
Principle of limitation of the conservation period: The data will be kept in such a way that the identification of the interested parties is allowed for no longer than necessary for the purposes of the processing of personal data.
Principle of integrity and confidentiality: The data will be processed in a way that guarantees adequate security of personal data, including protection against unauthorized or illegal processing and against accidental loss or damage, through the application of appropriate technical and organizational measures.
Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.


DATA PROCESSING ACTIVITIES

The data processing activities carried out through the website are detailed below, specifying each of the following sections:

• Activity: Name of the data processing activity
• Purposes: Each of the uses and treatments that are carried out with the data collected
• Legal basis: The legal basis that legitimizes the processing of the data
• Data processed: Type of data processed
• Origin: Where the data is obtained from
• Conservation: Period during which the data is kept
• Recipients: Third parties or entities to whom the data is prov
• International transfers: cross-border shipments of data outside the European Union

1. MAIN PROCESSING ACTIVITIES
These are data processing activities whose purposes are necessary and essential for the provision of services.

2. OPTIONAL PROCESSING ACTIVITIES (if the user has marked their acceptance)
These are those personal data processing activities whose purposes are not essential for the provision of the service and which are only carried out if the user has marked YES in the consent for the carrying out these activities.

3. WEB PAGE
Legal bases (Art. 6.1.a GDPR) Consent of the interested party
Purposes: Cookies not necessary; Management and responses to inquiries received through the web contact form; Processing of personal data from the use of a website.
Data categories and groups: Web contacts (Identifying data)
Origin of data: The interested party or his legal representative
Category of recipients: They are not foreseen
International transfer: They are not foreseen
Conservation period: For a period of 1 year from the last confirmation of interest


NECESSARY AND UPDATED INFORMATION

All the fields that appear marked with an asterisk (*) in the forms on the Website must be completed, in such a way that the omission of any of them could lead to the impossibility of providing the requested services or information.
You must provide truthful information, so that the information provided is always up-to-date and does not contain errors, you must notify the Treatment Manager as soon as possible, the modifications and rectifications of your personal data that occur through an email to the address: ada@ada-animaldata.com.
Likewise, by clicking on the "I accept" button (or equivalent) incorporated in the aforementioned forms, you declare that the information and data that you have provided in them are accurate and truthful, as well as that you understand and accept this Privacy Policy. Privacy.


DATA OF MINORS

In compliance with the provisions of article 8 of the GDPR and article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent for the processing of their personal data legally by Animal Data Analytics (ADA).
Due to the foregoing, minors under 14 years of age may not use the services available through the Website without the prior authorization of their parents, guardians or legal representatives, who will be solely responsible for all acts carried out through the Website by them. minors in their care, including the completion of the electronic forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them.


TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

The Data Controller adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, prevent its alteration, loss, treatment or unauthorized access, depending on the state of technology, the nature of the data stored and the risks to which they are exposed.

Among others, the following measures stand out:

• Guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
• Restore availability and access to personal data quickly, in the event of a physical or technical incident.
• Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
• Pseudonymize and encrypt personal data, in case it is sensitive data.

On the other hand, the Data Controller has made the decision to manage the information systems in accordance with the following principles:

• Principle of regulatory compliance: All information systems will comply with the regulations of regulatory and sectoral legal application that affect the security of information, especially those related to the protection of personal data, security of systems, data, communications and electronic services.
• Risk management principle: Risks will be minimized to acceptable levels and a balance between security controls and the nature of the information will be sought. Security objectives should be established, reviewed, and consistent with information security aspects.
• Principle of awareness and training: Training, awareness programs and awareness campaigns will be articulated for all users with access to information, in terms of information security.
• Principle of proportionality: The implementation of controls that mitigate the security risks of assets will be carried out seeking a balance between security measures, nature and information and risk.
• Principle of responsibility: All members of the Treatment Manager will be responsible for their conduct in terms of information security, complying with the established rules and controls.
• Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed on a recurring basis to increase the ability to adapt to the constant evolution of risk and the technological environment.

RIGHTS OF INTERESTED PARTIES

Current data protection regulations protect the user in a series of rights in relation to the use given to their data. Each and every one of such rights are individual and non-transferable, that is, they can only be exercised by the data owner, after verifying his identity.

The rights of Website users are detailed below:

• Right of access: It is the right of the Website user to obtain confirmation of whether or not the Data Controller is treating their personal data and, if so, to obtain information about their specific personal data and the treatment that the Data Controller of the Treatment has been carried out or carried out, as well as, among other things, the information available on the origin of said data and the recipients of the communications carried out or foreseen in them.
• Right of rectification: It is the right that the user of the Website has to modify their personal data that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.
• Right of deletion: It is usually known as the "right to be forgotten", and it is the right that the user of the Website has, provided that current legislation does not establish otherwise, to obtain the deletion of their personal data when they are no longer necessary for the users. purposes for which they were collected or processed; the User has withdrawn his consent to the treatment and this does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data has been unlawfully processed; the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its application,
• Right to limit data: It is the right of the Website User to limit the processing of their personal data. The User of the Website has the right to obtain the limitation of the treatment when they challenge the accuracy of their personal data; the treatment is unlawful; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User of the Website has opposed the treatment.
• Right to data portability: In those cases where the treatment is carried out by automated means, the Website User will have the right to receive from the Treatment Manager their personal data in a structured, commonly used and machine-readable format, and to transmit them to another data controller. whenever technically possible, the Data Controller will directly transmit the data to that other Controller.
• Right of opposition: It is the right of the User not to carry out the processing of their personal data or to cease their processing by the Data Controller.
• Right not to be subject to automated decisions and/or profiling: The Website User's right not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, exists unless current legislation establishes otherwise.
• Right to revoke consent: It is the right of the Website User to withdraw, at any time, the consent given for the processing of their data.

The user of the Website can exercise any of the aforementioned rights by contacting the Treatment Manager and prior identification of the User using the following contact information:
Responsible party: Animal Data Analytics (ADA)
Address: CALLE DÁMASO ALONSO, 14. 40006, SEGOVIA (Segovia), Spain
Telephone: 921 412556
E-mail: ada@ada-animaldata.com
Website: https://ada-animaldata.com


RIGHT TO CLAIM BEFORE THE CONTROL AUTHORITY

The user is informed of their right to file a claim with the Spanish Agency for Data Protection if they consider that a violation of the data protection legislation has been committed regarding the processing of their personal data.

Control authority contact information:
Spanish Data Protection Agency
Email: info@aepd.es
Telephone: 912663517
Website: https://www.aepd.es
Address: C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain


ACCEPTANCE AND CHANGES IN THE PRIVACY POLICY

It is necessary that the user of the Website has read and agrees with the data protection conditions contained in this Privacy Policy, as well as that they accept the processing of their personal data so that the Data Controller can proceed to it in the manner, terms and purposes indicated.

The Treatment Manager reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Agency for Data Protection. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.