1.-Object and scope
Diurnus S.L. (hereinafter, Diurnus), in compliance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016 (RGPD), highlights this Policy in relation to the processing of personal data.
This policy will be applicable:
The user and / or client assumes the responsibility for the veracity of the data provided by him, pledging that they are true and are updated, not being able to use the identity of another person or communicate their personal data unless it proves to have of an authorization with legal validity. For such purposes, the user and / or customer will be solely responsible for any damage, direct and / or indirect caused to third parties or Diurnus for the use of personal data of another owner without their prior authorization, or their own data. of a personal nature when these are false, erroneous, are not updated or are inadequate. The user and / or client who communicates the personal data of a third party will be responsible for having obtained the consent of the interested party, as well as the consequences otherwise.
The user and / or client who communicates personal data to Diurnus claims to be of legal age in accordance with the provisions of Spanish law, and should not otherwise provide data to Diurnus. Any information provided by a minor will require the consent or prior authorization of their parents, guardians or legal representatives, who will be responsible for the personal data provided by the minors in their charge.
This Policy will be of subsidiary application in relation to other conditions on the collection or processing of personal data that may be established with a special nature and be communicated through registration forms or contracts of particular services, this Policy being complementary to the mentioned in what was not expressly provided for in them.
The use of the services of Diurnus requires the express acceptance of this Data Protection Policy.
2- Purposes of the collection and treatment of data by Diurnus
Diurnus has several files where it collects and stores the personal data that is communicated to it in its capacity as responsible for the treatment. The purposes of the collection and processing of personal data by Diurnus are listed below:
a) The maintenance of the contractual relationship according to the nature of the contracted services, this being the main purpose, so that Diurnus can contact the client through email, telephone or any other means indicated by it.
b) To enable the sending of documentation and information in relation to the contracted services and for the sending of commercial communications whose purpose is said services or similar, through e-mail, postal mail, telephone, SMS or any other means indicated by the client, unless he expressly expresses his opposition when he makes the contract. Independently of the option chosen by the client in the contracting process, the client may modify his decision at any time and as many times as he wishes, through the specific section available in his Client Area, choosing whether or not to receive information Diurnus commercial.
c) Maintaining the historical records of Diurnus business relationships, during the legally established deadlines.
d) In the cases in which access or treatment by Diurnus is made with respect to personal data in which the client has the status of responsible or responsible for treatment, Diurnus will act as the processor in accordance with the provisions of art. 28 of the RGPD. The section “Diurnus as charge of treatment” included in this Policy collects more information about it.
e) Diurnus will proceed to retain and preserve certain traffic data generated during the development of the communications, as well as to communicate said data to the competent bodies, provided that the anticipated legal circumstances concur, all in compliance with Law 25/2007, of 18 October, of conservation of data related to electronic communications and public communications networks.
f)For all the purposes that appear expressly in the contracts corresponding to each of the services contracted by the client and accepted by him.
3- Recipients of the data
They will be recipients of the personal data collected by Diurnus:
4.- Period of conservation of the data
The conservation of personal data by Diurnus will be carried out during the period of time strictly necessary to fulfill the purposes set out in this Policy, keeping Diurnus duly blocked said data during the period in which responsibilities of its relationship could derive. with the clients.
Regarding the data object of conservation according to the Law 25/2007, of October 18, of conservation of data relative to the electronic communications and to the public networks of communications, the period of conservation of the same ones will be the detailed one in said normative.
5.- Rights of users
The rights of users in relation to the collection and processing of data by Diurnus are the following, recognized by the RGPD:
Diurnus reserves the right to charge a fee for administrative costs arising in cases of manifestly unfounded or excessive requests for their repetitive nature, as well as the right to refuse to act on them, according to art. 12.5 RGPD.
6.- International transfers
In the case of Diurnus services that require the realization of international transfers to enable their provision, said circumstance will be indicated in the contract corresponding to the specific service contracted by the client and expressly accepted by the client prior to the same
7.- Control authority
In the case of considering that the processing of their personal data has not been carried out in accordance with current legislation, users may communicate it to the control authority that in each case corresponds. In Spain, the control authority is the Spanish Data Protection Agency, whose contact details are published in http://www.agpd.es/portalwebAGPD/CanalDelCiudadano/contacteciudadano/index-ides-idphp.php
8.- Diurnus as the treatment manager
In relation to the personal data in respect of which the client holds the status of responsible or responsible for the treatment, Diurnus will treat said data in accordance with art. 28 RGPD and concordant, when this is necessary for the provision of contracted services. Diurnus will act in said case as the person in charge of the treatment, in accordance with the conditions indicated below:
a)In the event that Diurnus should have access to the treatment resources located in the client’s facilities, he will be responsible for establishing and implementing the security policy and measures, as well as for communicating them to Diurnus, who agrees to respect them and demand compliance from the people who participate in the provision of services.
b)When Diurnus remotely accesses the data processing resources, the client must establish and implement the security policy and measures in their remote treatment systems, with Diurnus responsible for establishing and implementing the security policy and measures in their own local systems.
c)In the cases in which the service was provided by Diurnus in its own premises, Diurnus will collect in its Activity Register the circumstances regarding the processing of data in the terms required by the RGPD, including security measures corresponding to said treatment.
a) Guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
b) Restore availability and access to personal data quickly, in case of physical or technical incident.
c)Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
d) Pseudonymize and encrypt personal data, if applicable.
a) To perform the processing of personal data on portable devices only by users or user profiles assigned to the provision of services.
b) To treat the data outside the premises of the client or Diurnus, only by users or user profiles assigned to the provision of services.
c) At the entry and exit of media and documents containing personal data, including those that are part of or attached to an email, outside the premises under the control of the customer responsible for processing.
d) The execution of the data recovery procedures that Diurnus is obliged to perform.
9.- Data of the person responsible for the treatment
10.- Data of the Delegate of Data Protection