Introduction
This Privacy Policy concerns all personal data obtained throughout the usage of the services made available by AEoncase SLU (“AEoncase”), registered in the Mercantile Register of Madrid, Spain, in volume 33183, page 1, sheet M-597078, entry 1.
Summary
Data controller
AEoncase SLU
How we collect personal data
- data provided directly by users on signup and/or use of the site
- some data is collected automatically when using the site or software
Data we process
- user login credentials (username, hashed password, email address)
- payment information
- user payment details (order history, invoicing information, including billing address)
- computer IP addresses used to access the services and perform some actions (purchases/subscriptions, consent to data processing, etc.)
- user messages sent to support
- data on the browser and devices (device type, screen resolution, etc.) used to access the services, as well as information about site visits (such as services viewed or searched for, length of visits, page interaction data, etc.)
Why we need this data
- to provide users with the services they have signed up for and fulfill contractual obligations
- to inform users about AEoncase products and services
- to comply with applicable law
- for security reasons, and to enforce the terms of use and other agreements
- to debug and improve the services, and develop new products
User rights regarding processing of personal data
Individuals have the following rights as per European Union General Data Protection Regulation 2016/679 (“GDPR”):
- right to be informed
- right of access
- right to rectification
- right to erasure
- right to restrict processing
- right to data portability
- right to object
- additional rights in relation to automated decision making and profiling
Some of these apply differently for each specific type of data processing, more detail provided below.
Automated decision-making including profiling
No automated processing with legal effects or that significantly affects users is performed.
Storage of personal data
Personal data is stored in the European Union.
Personal data disclosure
Personal data might be disclosed in the following circumstances, as permitted or required by law:
- business partners, suppliers, and other data processors: in order to provision, operate or improve our services
- in order to comply with any legal obligation, and to enforce our terms of use and other agreements
Subject access requests and exercise of other rights
Users can exercise their rights by contacting AEoncase at <privacy@aeoncase.com>. We ask users to:
clearly identify themselves so that we can determine which (if any) personal data relative to them we keep
indicate which of the above rights they want to exercise
Users have the right to lodge a complaint with their local data protection authority or the Spanish Data Protection Agency if they feel they have not received a satisfactory response from AEoncase within the legal one month period indicated by the GDPR.
Data controller
AEoncase complies at all moments with the dispositions of European Union Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as the Personal Data Protection Organic Law 15/1999 and the Royal Legislative Decree 1720/2007.
To this end, AEoncase will inform users, along with with each personal data collection form, of the existence and required acceptance of the specific conditions for processing their data. Users will have to accept this Privacy Policy and the Terms and Conditions of Use in order to use the services provided by AEoncase.
Personal data we process
| data | time and means of collection | nature of processing — retention period |
|---|---|---|
| user login credentials (username, hashed password, email address) | provided by the user on signup | to allow users to log in, access their account and manage purchases or subscriptions (contract basis) — as long as the account exists |
| email address | provided by the user on signup | to contact users when required to provide with services (e.g. automated notifications) or report personal data breaches as required by the GDPR (contract basis) — as long as the account exists |
| email address | provided by the user on signup, used with consent | to inform users about AEoncase products and services (consent basis) — address kept as long as the account exists, processing performed until consent is withdrawn (at any time) |
| payment information | provided by the user on purchase of or subscription to products and services | to process payment (contract and legal obligation basis) — never stored by AEoncase; parts thereof retained by payment processors to comply with their legal and regulatory obligations |
| billing address and purchase information | provided by the user on purchase of or subscription to products and services | for invoicing, stored for compliance with applicable law (legal obligation basis -- EU VAT Council Directive 2006/112/EC, Royal Legislative Decree 1624/1992) — up to 10 years |
| computer IP addresses used for specific actions such as purchases/subscriptions or consent to data processing | collected automatically when the user performs the corresponding action | stored for compliance with applicable law (legal obligation basis -- EU VAT Council Directive 2006/112/EC, EU Regulation 2016/679) — up to 10 years |
| messages and conversations with support | sent by the user | to provide support to the user — as long as the account exists |
| computer IP addresses and request information for certain operations | collected automatically when the user performs the corresponding action | used for security reasons, to operate or improve our services, enforce our terms of use and prevent abuses (legitimate interests basis) — up to 36 months |
| computer IP address, browser/device and visit data | collected automatically when the user visits a webpage | to present the services in the most effective manner and to measure and understand the effectiveness of our marketing effors (legitimate interests basis) — IP address masked and discarded immediately, individual (anonymous) event information retained for up to 36 months |
Lawful bases for processing and user rights
The GDPR grants the following rights to individuals:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object
This Privacy Policy clearly informs users about the use that will be made of their data, thus substantiating the right to be informed.
The data processing activities listed above are performed under different lawful bases, which affect which other rights are available to individuals.
- right to be informed
- right of access
- right to rectification
- right to erasure (when data no longer necessary for the original purpose)
- right to restrict processing
- right to data portability
- right to be informed
- right of access
- right to rectification
- right to restrict processing
- right to be informed
- right of access
- right to rectification
- right to erasure (when there is no overriding legitimate interest to continue this processing)
- right to restrict processing
- right to object
Disclosure of personal data
AEoncase solely and exclusively collects, uses and/or communicate to third parties personal data in compliance with the Privacy Policy and applicable law. AEoncase does not, as a general rule, sell or provide personal data to third parties. The data might however be shared if one of the following circumstances applies:
the user gives consent to it
the data is provided to trusted data processors only to the extent required to provision, operate or improve our services; e.g., in order to process payment or send email notifications
the data must be disclosed for legal reasons, when required so by law, judicial or administrative order, in order to enforce the Terms of Service, or to protect the rights, property or safety of AEoncase, its users or the public
In particular:
- user payment information will be provided to payment processors to carry out transactions
- invoicing information may be provided to suppliers, contractors or other data processors to carry out our legal duties regarding invoicing and accounting
Non-personal data
AEoncase collects automatically non-personal data which is processed in an isolated manner, and therefore anonymous, such as language or time zone, as well as information about activity in relation to the services and browsing activities over time.
User-provided data such as data files stored as per the functionality of the services are kept in infrastructure controlled and/or operated either direct- or indirectly by AEoncase and located in the European Union.
The software provided by AEoncase can collect non-personal information about the execution environment, operating system, system activity and other device information, as well as details about the activity in relation to the services (including possibly folder and file names, but under no circumstance data files) with two purposes: (i) debugging the services and software, and (ii) improving the services and software using statistical data derived from the above data. This data allows AEoncase to improve the services and facilitates communication with users.
Non-personal data of statistical nature might be disclosed in aggregate form that does not identify users personally.
Publicity
AEoncase reserves the right to identify the companies or organizations the users are affiliated with, or using the services on behalf of, as users of the services, and to use their logo and/or name, link to their websites, and refer to them on AEoncase’s website and other marketing materials, in such way that this information can not be attributed to an identified or identifiable natural person. Users can request AEoncase to stop such identification at any time by sending a written notice to contact@aeoncase.com.
Security measures
AEoncase is committed to protect, to the extent possible, the security of personal data from its users. AEoncase will comply with its privacy obligations relative to personal data and its duty to store them using the security measures mandated by current legislation to prevent their modification, loss, unauthorized use or access.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure, and while AEoncase strives to protect the information of its users, it cannot guarantee or warrant the security of any information transmitted to it, or that the data will not be be obtained, revealed, modified or destroyed by breaching AEoncase’s physical, technical and organizational measures. Users understand and assume this risk.
Data storage
AEoncase strives to guarantee the security and confidentiality of user data. AEoncase has adopted security measures to avoid loss, misuse or unauthorized access. Personal data is stored in the European Union.
Cookies
A “cookie” is a small file containing a string of characters that is sent to a user’s computer when they visit a website. AEoncase uses cookies which are exclusively associated to anonymous users and their devices, and do not provide by themselves personal data. Cookies cause no harm to the user’s computer or the user’s web browsing experience; on the contrary, cookies allow AEoncase to better understand how people interact with its services, and to improve their quality, e.g., by allowing to log in without entering a password. Users may configure their browsers to be notified and reject the installation of cookies sent by AEoncase, or easily remove any cookie, but this may limit their ability to use the services.
AEoncase use the following kinds of cookies:
Security cookies, used to prevent unauthorized data access and to secure login credentials. These cookies are required for proper operation of non-static website areas.
Session cookies, used for the overall operation of the services and to support basic functionality like navigation throughout the site. These cookies are required for proper operation of non-static website areas.
Preference cookies, used to remember user settings and change the appearance or behavior of the websites
Analytics cookies, used to understand browsing activity across AEoncase’s websites and services. This site uses Google Analytics. Refer to How Google uses data when you use our partners’ sites or apps.
Privacy policy changes
AEoncase reserves the right to update this Privacy Policy as it deems necessary or appropriate, and in particular pursuant to any changes made to the laws and regulations in force. Use of the services and access to the site constitutes acceptance of the Privacy Policy, and users are thus encouraged to review the Privacy Policy periodically.
Last reviewed: Dec 24 2018