Personal data processing and Protection Policy

1.-Object and scope

Diurnus S.L. (hereinafter, Diurnus), in compliance with Regulation (EU) 2016/679, of the European Parliament and of the Council, of April 27, 2016 (RGPD), highlights this Policy in relation to the processing of personal data.

This policy will be applicable:

  • To users who visit the Diurnus website (http://www.diurnus.es/).
  • To those who, voluntarily, contact Diurnus by email, chat or complete one of the data collection forms published on the Diurnus website.
  • To those who request information about the services of Diurnus, or request to be part of any of the commercial actions of the same.
  • To those who hire any of the services of Diurnus, formalizing the corresponding contractual relationship.
  • To those who use any other service present on the website http://www.diurnus.es/ if this implies the communication of personal data to Diurnus or access to data by Diurnus to provide its services.
  • To any others that grant their express consent, directly or indirectly, for their data to be treated by Diurnus in relation to any of the purposes indicated in this Policy.

The user and / or client assumes the responsibility for the veracity of the data provided by him, pledging that they are true and are updated, not being able to use the identity of another person or communicate their personal data unless it proves to have of an authorization with legal validity. For such purposes, the user and / or customer will be solely responsible for any damage, direct and / or indirect caused to third parties or Diurnus for the use of personal data of another owner without their prior authorization, or their own data. of a personal nature when these are false, erroneous, are not updated or are inadequate. The user and / or client who communicates the personal data of a third party will be responsible for having obtained the consent of the interested party, as well as the consequences otherwise.

The user and / or client who communicates personal data to Diurnus claims to be of legal age in accordance with the provisions of Spanish law, and should not otherwise provide data to Diurnus. Any information provided by a minor will require the consent or prior authorization of their parents, guardians or legal representatives, who will be responsible for the personal data provided by the minors in their charge.

This Policy will be of subsidiary application in relation to other conditions on the collection or processing of personal data that may be established with a special nature and be communicated through registration forms or contracts of particular services, this Policy being complementary to the mentioned in what was not expressly provided for in them.

The use of the services of Diurnus requires the express acceptance of this Data Protection Policy.

2- Purposes of the collection and treatment of data by Diurnus

Diurnus has several files where it collects and stores the personal data that is communicated to it in its capacity as responsible for the treatment. The purposes of the collection and processing of personal data by Diurnus are listed below:

  • Regarding the “cookies”, used by Diurnus in the navigation of its website http://www.diurnus.es/ and that are stored in the user’s computer (computer or mobile device) collecting information about these visits, the purpose is to improve the usability of said web page, facilitate navigation through it, know the user’s browsing habits and needs for be able to adapt to them and obtain information for statistical purposes. In the case of users who are Diurnus customers, the information collected through the cookies also serves to identify them when accessing the tools that Diurnus places at their disposal to manage the contracted services. Users can configure their browser to notify them of the receipt of “cookies”, or to avoid it. If the user decides to withdraw the consent for the receipt of cookies after having granted it, he must eliminate all those stored on his computer and configure the options of the different browsers. The browsing of the Diurnus website once the collection of cookies is disabled is possible, although the use of some services may suffer limitations.
  • In the event that the interested parties complete any of the Diurnus forms to participate in any of their commercial actions, their purpose will be participation in them, as well as the sending of advertising information about the services of Diurnus unless the interested party manifests Form expresses opposition when your data is collected. In any case, the interested party may modify the option regarding the reception of commercial information at any time, through the means available for it in Diurnus. The purpose of the collection and processing of the data in the cases of sending an email to Diurnus or a communication of personal data through any other means (such as, for example, a contact form published at http: // www.diurnus.es) will answer questions, questions and requests for information about Diurnus and its services.
  • Regarding the contracting of the services of Diurnus, the data collected will be limited to the personal data necessary to establish the contractual relationship with the client and enable the provision of services. The purposes for which these data will be collected and processed will be the following:

a) The maintenance of the contractual relationship according to the nature of the contracted services, this being the main purpose, so that Diurnus can contact the client through email, telephone or any other means indicated by it.

b) To enable the sending of documentation and information in relation to the contracted services and for the sending of commercial communications whose purpose is said services or similar, through e-mail, postal mail, telephone, SMS or any other means indicated by the client, unless he expressly expresses his opposition when he makes the contract. Independently of the option chosen by the client in the contracting process, the client may modify his decision at any time and as many times as he wishes, through the specific section available in his Client Area, choosing whether or not to receive information Diurnus commercial.

c) Maintaining the historical records of Diurnus business relationships, during the legally established deadlines.

d) In the cases in which access or treatment by Diurnus is made with respect to personal data in which the client has the status of responsible or responsible for treatment, Diurnus will act as the processor in accordance with the provisions of art. 28 of the RGPD. The section “Diurnus as charge of treatment” included in this Policy collects more information about it.

e) Diurnus will proceed to retain and preserve certain traffic data generated during the development of the communications, as well as to communicate said data to the competent bodies, provided that the anticipated legal circumstances concur, all in compliance with Law 25/2007, of 18 October, of conservation of data related to electronic communications and public communications networks.

f)For all the purposes that appear expressly in the contracts corresponding to each of the services contracted by the client and accepted by him.

3- Recipients of the data

They will be recipients of the personal data collected by Diurnus:

  • Those suppliers of Diurnus that participate in the provision of the services, if this were necessary to enable them.
  • The companies that are part of the business group to which Diurnus belongs, understood this in accordance with the provisions of art. 42 of the Commercial Code, whose activity is the commercialization of services of the same or similar nature offered by Diurnus (for example, services of domain names, web hosting or electronic commerce).
  • The State Security Forces and Corps, as well as judicial or administrative bodies, if the collaboration of Diurnus was required to provide information related to its clients or services, in accordance with the Law.
  • Any other that is necessary to enable the provision of each specific service, providing the necessary information in the contracts of the services of Diurnus, which are expressly accepted by customers.

4.- Period of conservation of the data

The conservation of personal data by Diurnus will be carried out during the period of time strictly necessary to fulfill the purposes set out in this Policy, keeping Diurnus duly blocked said data during the period in which responsibilities of its relationship could derive. with the clients.

Regarding the data object of conservation according to the Law 25/2007, of October 18, of conservation of data relative to the electronic communications and to the public networks of communications, the period of conservation of the same ones will be the detailed one in said normative.

5.- Rights of users

The rights of users in relation to the collection and processing of data by Diurnus are the following, recognized by the RGPD:

  • Right of access: Users have the right to request and obtain information from Diurnus about their personal data, to access them and to obtain information about their treatment.
  • Right to obtain a copy of your personal data.
  • Right of suppression: Users can request the deletion of the data when they are no longer necessary for the purpose for which they were provided or if the other circumstances provided by the RGPD concur.
  • Right to rectification: In the event that your data were incorrect or incomplete, users have the right to request the rectification of the same.
  • Right to limitation of treatment: In the cases provided for in art. 18 of the RGPD, users have the right to request that the processing of their personal data be limited, so that the treatment operations that apply are not applied to them.
  • Right to portability: Users have the right to receive personal data that concern them in a structured and commonly used format, being necessary requirements that such data are the sole responsibility of the user and have been provided by him to Diurnus.
  • To exercise their rights, users can use the following channels:
  • In the case of non-customer users as well as Diurnus customers: They have at their disposal the email address info@diurnus.com, to which they can send an e-mail to exercise their rights. If they wish, they can also do so by sending a petition accompanied by their D.N.I. or a valid document proving your identity, addressed to the Commercial Department of Diurnus, Rambla Catalunya 5, 4-3 08007 Barcelona, ​​specifying the right you wish to exercise.

Diurnus reserves the right to charge a fee for administrative costs arising in cases of manifestly unfounded or excessive requests for their repetitive nature, as well as the right to refuse to act on them, according to art. 12.5 RGPD.

 

6.- International transfers

In the case of Diurnus services that require the realization of international transfers to enable their provision, said circumstance will be indicated in the contract corresponding to the specific service contracted by the client and expressly accepted by the client prior to the same

7.- Control authority

In the case of considering that the processing of their personal data has not been carried out in accordance with current legislation, users may communicate it to the control authority that in each case corresponds. In Spain, the control authority is the Spanish Data Protection Agency, whose contact details are published in http://www.agpd.es/portalwebAGPD/CanalDelCiudadano/contacteciudadano/index-ides-idphp.php

8.- Diurnus as the treatment manager

In relation to the personal data in respect of which the client holds the status of responsible or responsible for the treatment, Diurnus will treat said data in accordance with art. 28 RGPD and concordant, when this is necessary for the provision of contracted services. Diurnus will act in said case as the person in charge of the treatment, in accordance with the conditions indicated below:

  • Diurnus will treat said data in accordance with the instructions of the responsible or treatment customer, not using them for a purpose other than that contained in this Policy and / or in the applicable contractual conditions.
  • Once the provision of the services subject to the processing of personal data has been completed, the data will be destroyed, as well as that of any support or documents that contain any personal data or any information that may have been generated during, for and / or for the provision of services. However, Diurnus may keep these data duly blocked during the period in which responsibilities could be derived from its relationship with the customer.
  • In accordance with art. 28 of the RGPD, Diurnus will maintain the due professional secrecy with respect to the personal data to which it must access and / or deal with in order to comply in each case with the purpose of the service contract that is applicable to it, both during and after the termination of the same, undertaking to use said information only for the purpose envisaged in each case and to demand the same level of commitment from any person who, within their organization, participates in any phase of the processing of personal data, the responsibility of the client.
  • In the event that Diurnus uses the data for another purpose or communicates or uses it in breach of this Policy or its corresponding contractual conditions, it will be considered responsible for the processing.
  • In relation to the form and modalities of access to data in the provision of services, according to the RGPD the following rules will apply:

a)In the event that Diurnus should have access to the treatment resources located in the client’s facilities, he will be responsible for establishing and implementing the security policy and measures, as well as for communicating them to Diurnus, who agrees to respect them and demand compliance from the people who participate in the provision of services.

b)When Diurnus remotely accesses the data processing resources, the client must establish and implement the security policy and measures in their remote treatment systems, with Diurnus responsible for establishing and implementing the security policy and measures in their own local systems.

c)In the cases in which the service was provided by Diurnus in its own premises, Diurnus will collect in its Activity Register the circumstances regarding the processing of data in the terms required by the RGPD, including security measures corresponding to said treatment.

  • Without prejudice to the specific legal provisions or regulations that may be applicable in each case or the measures adopted by Diurnus on its own initiative, access and treatment of personal data by Diurnus will be subject to the necessary security measures to :

a) Guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.

b) Restore availability and access to personal data quickly, in case of physical or technical incident.

c)Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.

d) Pseudonymize and encrypt personal data, if applicable.

  • The customer authorizes Diurnus, as the person in charge of processing, to subcontract with third parties in the name and on behalf of the client, the storage services, custody of the backup data and security, as well as those that are necessary to enable the provision of contracted services, respecting in all cases the obligations imposed by the RGPD. The customer may contact Diurnus at any time to know the identity of the subcontracted entities for the provision of said services, which will act in accordance with the terms provided in this document and prior formalization with Diurnus of a data processing contract in accordance with the . 28.4 of the RGPD.
  • The customer gives his authorization to Diurnus to carry out the actions indicated below, provided they are necessary for the execution of the provision of the services, this authorization being limited to the action / s necessary to provide the service and with a maximum duration linked to the applicable contractual conditions:

a) To perform the processing of personal data on portable devices only by users or user profiles assigned to the provision of services.

b) To treat the data outside the premises of the client or Diurnus, only by users or user profiles assigned to the provision of services.

c) At the entry and exit of media and documents containing personal data, including those that are part of or attached to an email, outside the premises under the control of the customer responsible for processing.

d) The execution of the data recovery procedures that Diurnus is obliged to perform.

  • Diurnus is not responsible for the breach of the obligations derived from the RGPD or the corresponding regulations regarding data protection by the user and / or client as far as their activity is concerned and which is related to the execution of the contract or relations commercials that bind you to Diurnus. Each of the parties must face the responsibilities arising from their own breach of contractual obligations and current regulations.

9.- Data of the person responsible for the treatment

  • Social denomination: DIURNUS S.L.
  • CIF: B-60963220
  • Registered office: Rambla Catalunya 5, 4-3 08007 Barcelona
  • Contact email: info@diurnus.com

10.- Data of the Delegate of Data Protection

  • Contact email: info@diurnus.com