DATA CONTROLLER: The company "SERVICIOS DE PROGRAMACIÓN ESTRUCTURADA Y DISEÑO DE PÁGINAS WEB, S.L." (hereinafter, "SCRABIN"), with CIF: B-67235960, and located at Calle Padre Luque, número 1, 1º Iz. - 04001 - Almeria – España, and with contact email: [email protected], informs the users of its Internet portal (hereinafter, the "Users" and the "Portal") about its policy on personal data protection (hereinafter, "Personal Data") so that Users can freely and voluntarily decide whether they wish to provide SCRABIN with the Personal Data that may be required or obtained from the Users during their visit to the website, submission of resumes, subscription or registration in any of our informational newsletters, request for information about our platform and its functionalities, contracting new services/features/applications, SCRABIN profiles on social networks, activities, and promotions organized through our website.

SCRABIN reserves the right to modify this privacy policy to adapt it to legislative or jurisprudential changes, as well as industry practices. In such cases, SCRABIN will announce the changes introduced on this page with reasonable advance notice before their implementation. Certain functionalities offered on our Platform may contain specific conditions with particular provisions regarding Personal Data protection.

SCRABIN, as the Data Controller of its USERS' personal data, and other affected/data subjects with whom it maintains a relationship, informs you that these data will be processed in accordance with the provisions of the Regulation (EU) 2016/679 of April 27, 2016 (GDPR) regarding the protection of natural persons with regard to the processing of personal data and the current LOPD-GDD 3/2018 of December 5 (LOPD-GDD) regarding the protection of personal data.

INFORMATION / DATA PROCESSED: Purely identifying data (first name + last name) and contact data if applicable (address, phone number, and email address), data necessary for certain contracts/participations in company web presentations, subscription to our corporate newsletter service, resumes received by email, data provided in webinars or presentation events, data provided on social media profiles owned by SCRABIN, training activities managed by the company.

DATA CONTROLLER:

• SERVICIOS DE PROGRAMACIÓN ESTRUCTURADA Y DISEÑO DE PAGINAS WEB, S.L.
• Tax Identification Number (CIF): B-67235960
• Address: Calle Padre Luque, número 1, 1º Iz. - 04001 - Almeria – España.
• Contact Email: [email protected]
• Designated Data Protection Officer Contact: [email protected]

PURPOSES OF INTENDED PROCESSING:

MAINTENANCE OF THE RELATIONSHIP with Clients/Users, suppliers/partners, website visitors, employees, data processors, control and management of the relationship with employees and external collaborators, enrollments and terminations, management of the existing contractual relationship with collaborators, sponsors, and commercial relationship with suppliers, selection of SCRABIN staff, candidates in selection processes, followers on SCRABIN's social media, users registered on our Website, participants in activities and events, including the possibility of training actions where SCRABIN manages or participates. In this regard, the planned operations to carry out the processing are:

WHAT PERSONAL DATA WE PROCESS: When filling out our contact form, or through the registration possibilities offered by our website.

• Login Form: https://dashboard.findthatlead.com/login
• Blog Subscription Form: https://scrab.in/blog/

depending on each case, you are allowed to provide, among others, the following personal data:

• Your name and surname and contact details (address, telephone numbers, and email), and a space for free text.
• Other contact details and preferences.
• We collect your data if you contact us through the Site.
• When you visit our website, we will collect your data if you fill out any of our data/contact forms, information request, or subscription to current or future newsletters.
• If personal data has been provided by users, it must be truthful, and any changes that occur must be notified to SCRABIN, being responsible in any case for the truthfulness and accuracy of the data provided at all times.
• The interested party who provides their personal data to SCRABIN declares to be of legal age and is entirely responsible for such declaration.

Other processes:

• SENDING OF ELECTRONIC COMMERCIAL COMMUNICATIONS by email, SMS, WhatsApp, social networks, or any other electronic or physical means, present or future, that enable commercial communications to be made. These communications will be made by the DATA CONTROLLER and related to the services/features provided by our Platform, new applications subject to separate hiring, maintenance and improvements in operation, promotional activities, or those of its collaborators or suppliers with whom it has reached any promotion agreement. In this case, third parties will never have access to personal data.
• USER REQUESTED ACTIONS: Processing specific requests from our users, doubts, maintenance, or any request that, through the SCRABIN Website, is made by the user/customer through any of the contact forms made available to them, access to videos and presentations organized by/with the participation of SCRABIN.
• PROCESSING REGISTRATIONS FOR PRESENTATIONS AND PROMOTIONAL ACTIVITIES in which Platform users want to participate. In this case, images or videos made of the participants/attendees individually during the development of the same, and always and when express and unequivocal consent has been obtained, may be published on the entity's Website, on its social networks, in publications and corporate brochures, notice boards, and any other communication medium owned by the company, for the purpose of promoting such activities or events.
• DATA STORED DURING YOUR VISIT: When you visit our website, our web servers generally store, among other data, information about the browser and operating system you use, the website from which you visit us, the pages you visit on our website, and the date of your visit. For security reasons - for example, to detect possible attacks on our website - the IP address assigned to you by your Internet service provider is also stored for a period of seven days. With the exception of the IP address, personal data is only stored if you provide us with such information, for example, as part of a registration, survey, request for a quote, user registration, commercial promotion. SCRABIN uses your personal data for the technical administration of the web pages, customer/user management, surveys on the use of our Platform and its features, and for marketing tasks, only to the extent necessary, and always informing the User and data subject beforehand.
• NEWSLETTER SUBSCRIPTION: In the case of subscribing to any of our informational Newsletters, present or future, as informed, you give your consent to the use of your personal data for the sending of advertising or the performance of other marketing actions, these will be stored and used continuously for such uses, such as sending the aforementioned newsletters about our Platform and its features, through communication channels such as email or any other channel authorized by you. We may use your data to create and keep your user profile updated and thus be able to send you personalized information about advertising actions. Likewise, we can use the data you provide us to analyze and improve the effectiveness of the services of our website, advertising, marketing, market research, and sales activities.
• SENDING OF CV BY CANDIDATES: In the event of sending a CV to the email of SCRABIN, or through the enabled web form, the applicant authorizes SCRABIN to analyze the documents sent to it, all content that is directly accessible through search engines (Google), profiles maintained on professional social networks, such as LinkedIn or similar, data obtained in access tests and information revealed in job interviews, with the aim of assessing their application and, if applicable, offering them a position. In case the candidate is not selected, SCRABIN may keep their CV stored to include it in future calls, unless the candidate expresses otherwise.

DATA RETENTION CRITERIA: The data provided, in general terms, will be kept as long as there is a mutual interest in maintaining the purpose of the processing and when it is no longer necessary for this purpose, it will be deleted with appropriate security measures to guarantee the pseudonymization of the data or their total destruction.

In view of this general rule, the following possible variations are proposed:

• (i) Disaggregated Data: will be kept indefinitely,
• (ii) User, company, and supplier data, etc. SCRABIN: retention period of 4 years (Article 66 and following of the General Tax Law), retention period of 6 years (Article 30 of the Commercial Code regarding accounting books and invoices)
• (iii) Data provided for subscribing to our newsletter: from when the User gives consent until they withdraw it
• (iv) Documentation of a labor nature or related to social security: 4 years (Article 21 of Royal Legislative Decree 5/2000, of August 4, which approves the consolidated text of the Law on Infractions and Penalties in the Social Order), (v) data provided by candidates through the submission of their resume: the resume may be kept for a maximum of two years for future selection processes unless the candidate states otherwise
• (vi) Images obtained by the video surveillance systems installed in SCRABIN's offices, for security, access control, and internal production control: 30 days, in accordance with the instruction of the AEPD.

DATA COMMUNICATION: Your personal data may be communicated to:

• Companies, entities, and other organizations contracted for the provision of services, such as: hosting, marketing services, collaborators, related companies, market analysis, and information society services.
• Partner or sponsoring companies with which SCRABIN has reached a collaboration or sponsorship agreement.
• Companies or other organizations to which you have requested or accepted that we may share your personal data.
• For certain internal activities/services of the company, subcontracting to third parties providing specific services is necessary. These subcontractors may be external providers both inside and outside the EU. SCRABIN guarantees that all subcontractors comply with the obligations and requirements assumed by SCRABIN in its Data Access Agreement; specifically, that their level of data protection meets the standard required by relevant data protection laws. If a jurisdiction is outside the EU and not on the European Commission's approved list of satisfactory data protection levels under the GDPR, a specific agreement is established between SCRABIN and the subcontractor to ensure that all personal data is maintained according to the requirements of the applicable EU data protection laws.
• The purpose of data communication to the aforementioned companies, which are composed of and integrated with the controller, will be the same as those previously announced, as companies in charge of processing by the controller.
• Professional service providers, such as lawyers, attorneys, arbitrators, notaries, registrars, or other similar professionals involved in the internal operations of SCRABIN.
• Public bodies, courts, regulators, and other administrative authorities, when we consider it necessary to comply with a legal or regulatory obligation, or otherwise to protect us from claims against us or third parties, or the safety of individuals, as well as to prevent or otherwise combat fraud or for security or protection reasons.
• Any third party that buys or to whom we transfer all or a substantial part of our assets and business. In the event of such a sale or transfer, we will make all reasonable efforts to ensure that the entity to which we transfer your personal data uses them in accordance with this Privacy Policy.

In such cases, we will ensure that your data is used for appropriate purposes in accordance with this Privacy Policy and the corresponding contracts or clauses for data processing will be signed, applying the same or similar security measures as those applied by SCRABIN.

We may share your personal data with our parent company, Clientify, SL /our subsidiary, SCRABIN. We may also share your personal data with other affiliated/related companies, or with subsidiaries that provide ancillary services/features, with your consent when required by law, as well as with any third party that buys or to whom we transfer all or a substantial part of our assets and businesses. In the event that such sale or transfer occurs, we will make all reasonable efforts to try to ensure that the entity to which we transfer your personal data uses them in accordance with this Privacy Policy. These entities may act as data controllers, in accordance with their personal data protection policies, or as subcontractors, to perform tasks according to the instructions we give them.

The data will be processed on the legal basis of the explicit consent of the person providing them. This consent can be withdrawn at any time, although this will not affect the legality of the processing carried out previously. Providing the data is voluntary, although, if not provided, they cannot be processed for the indicated purposes. If third-party data is provided through this website, the person providing them assumes the responsibility of having obtained prior consent, informing them of everything provided for in Article 14 of the General Data Protection Regulation.

INTERNATIONAL DATA TRANSFERS:

On July 10, 2023, the European Commission adopted a new adequacy decision to enable international transfers of personal data between entities in the European Union (EU) and the United States (U.S.) under the EU-U.S. Data Privacy Framework. Following the ruling of the Court of Justice of the European Union (CJEU) on July 16, 2020, known as the Schrems II judgment, international transfers of personal data to the U.S. were challenged due to issues identified by the CJEU, related to U.S. surveillance practices and the lack of mechanisms for European citizens to address infringements of their rights.

With this adequacy decision, the European Commission recognizes that the U.S. provides a level of protection equivalent to that of the EU, but only when international transfers occur with entities certified under the new privacy framework, the EU-U.S. Data Privacy Framework.

Therefore, IN ACCORDANCE WITH THE ABOVE, personal data will circulate safely from the European Union to U.S. companies participating in the Framework, without the need for additional data protection guarantees.

Other international transfers to the U.S.: The safeguards adopted and the legislative changes that have occurred in the U.S. will facilitate the use of guarantees such as standard contractual clauses or binding corporate rules.

This does not exclude that an impact analysis will still be necessary for any transfer "Transfer Impact Assessment" carried out outside the EU-U.S. Data Privacy Framework. The adequacy decision ensures that data transmission between the EU and the U.S. is possible through a stable and reliable agreement that protects individuals and provides legal certainty for companies.

LEGAL BASIS FOR INFORMED PROCESSING:

As a general rule, prior to the processing of personal data, SCRABIN obtains express and unequivocal consent from the data subject through the incorporation of informed consent clauses in the different information collection systems, and based on the legitimate interest of the User.

If the consent of the data subject is not required, the legal basis for processing on which SCRABIN relies is the existence of a CONTRACT AS A USER OF OUR PLATFORM, ACCEPTANCE OF OUR TERMS OF USE, INFORMATION REQUESTS / MAINTENANCE TASKS, MAINTENANCE, REGISTRATION/USER SIGN-UP, data collection form of SCRABIN.

Notwithstanding the above, the legal bases are as follows:

• When processing is necessary for the performance of a contract to which you are a party or the data are necessary in the context of a pre-contractual relationship.
• When the use of your personal data is necessary for the satisfaction of our legitimate interests or those of the companies with whom we have shared your personal data.
• When data processing is necessary to comply with the legislation/regulatory requirements of the sector, GDPR and LOPD-GDD regulations, and similar applicable regulations in force at any given time, including those related to the marketing of services by SCRABIN or third parties, consumer and user protection, retail trade regulation, and other applicable regulations.
• In accordance with the provisions of the applicable Information Society Services (LSSI-CE) regulations, if there is a demonstrable prior relationship, the data may be used to send electronic commercial communications related to that specific activity, unless you object to this in the manner provided for.
• When we believe it is necessary to process your personal data to comply with a legal or regulatory obligation, or a vital interest.
• When we have your consent, for example, to collect technical information such as cookie data and similar technologies as described in: "Information on the Use of Cookies".
• The acceptance of a contractual relationship in the corresponding social network environment, and according to its Privacy policies in each case, when you visit any of our social profiles (Facebook, Instagram, LinkedIn, and YouTube).

EXERCISE OF GDPR RIGHTS:

SCRABIN provides information on the exercise of rights as a data subject or data owner:

Right of access: you have the right to obtain from the company confirmation as to whether or not personal data concerning you are being processed. SCRABIN, if applicable, will provide a copy of the personal data being processed.

Right of rectification: you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you will have the right to have incomplete personal data completed, including by means of an additional statement.

Right of erasure: you have the right to obtain without undue delay the deletion of inaccurate personal data concerning you. SCRABIN will be obliged to delete such personal data without undue delay when one of the following circumstances applies:

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. you withdraw the consent on which the processing is based and there is no other legal ground for the processing;
3. you object to the processing and there are no overriding legitimate grounds for the processing;
4. your data have been unlawfully processed;
5. your data must be erased for compliance with a legal obligation;
6. or if your personal data have been collected in relation to the offer of information society services to children (under the age of 16).

Right to restriction of processing: when the processing of your personal data has been restricted at your request, such data may only be processed, with the exception of storage, with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest. You have the right to obtain restriction of processing of your personal data when one of the following applies:

1. When you contest the accuracy of the personal data, for a period enabling SCRABIN to verify the accuracy of the personal data;
2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
3. SCRABIN no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
4. When you have objected to processing pending the verification whether the legitimate grounds of SCRABIN override yours.

Right to data portability: you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from SCRABIN, where:

1. the processing is based on your consent, and
2. the processing is carried out by automated means.

Right to object: you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on public interest or legitimate interests of the controller. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

We remind you that whenever the legal basis for the processing of your data is your consent, you have the right to withdraw that consent at any time and in any case, and as easily as you gave it.

You also have the right to lodge a complaint with the respective supervisory authority, usually the Spanish Data Protection Agency. For more information, you can visit their website at the following link www.aepd.es

Finally, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

CONTACT DETAILS TO EXERCISE YOUR RIGHTS: SCRABIN, in accordance with the Regulation (EU) 2016/679 of April 27, 2016 (GDPR), and the recent LOPD-GDD 3/2018 of December 5, has an appointed internal responsible person and a designated Data Protection Officer (DPO) for Data Protection management, whose contact details are provided below:

CONTACT DETAILS TO EXERCISE YOUR RIGHTS:

By postal mail: You can send your request to the following postal address:

• Address: Calle Padre Luque, número 1, 1º Iz. - 04001 - Almeria – España

Online:

• Email Address: You can submit the document to: [email protected]

In both cases, you must:

• Provide sufficient data and information to address the request. For this purpose, you may use the form templates provided by the Spanish Data Protection Agency https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos
• Sign the form by hand or, if applicable and if you have a recognized digital certificate, sign it electronically.
• If acting on behalf of a third party, you must provide a document proving the representation of the data subject.
• Send the form and documents proving your identity by any of the aforementioned means.
• Note.- In case of reasonable doubt about the identity of the applicant, the data subject, and/or their representative, a copy of the DNI, Passport, NIE, or equivalent identification document may be required.

ADDITIONAL INFORMATION FOR YOUR REQUEST:

SCRABIN will analyze whether the request is in accordance with the law or not. It will communicate the decision made to the petitioner, proceeding accordingly: if it is favorable, it will take appropriate measures according to the exercised right; if it is unfavorable, it will indicate the legally provided appeal system. In case the requests are manifestly unfounded or excessive (e.g., repetitive), SCRABIN may: (i) Charge a fee proportional to the administrative costs incurred (ii) Refuse to act.

If a user/data subject believes there is a problem with the way SCRABIN is handling their data, they can address their complaints to SCRABIN at the address indicated above, or through the Spanish Control Authority, in this case, the AEPD: www.aepd.es

MANDATORY OR OPTIONAL NATURE OF THE PROVIDED INFORMATION:

The data collected through any of the contact forms enabled on this Website, or even for the provision of information, or those provided by the Users on the occasion of their participation in activities/events developed by SCRABIN, will be incorporated, depending on their purpose, into the Internal Processing Activities Register (Article 30 of the Regulation (EU) 2016/679 of April 27, 2016). The Processing Activities Register is available to the Control Authority.

The Users, by marking the corresponding boxes and entering data in the different fields, marked with an asterisk (*) in the contact form or presented in download/hiring forms, expressly and freely and unequivocally accept that their data are necessary to meet their request, by SCRABIN, with the inclusion of data in the remaining fields being voluntary. The User guarantees that the personal data provided are true and is responsible for communicating any changes to them.

SCRABIN informs and expressly guarantees users that their personal data will not be transferred under any circumstances to third parties and that, whenever it intends to make any transfer of data in the future, it will previously request the express, informed, and unequivocal consent from the Users, informing them about the transferee's data and the purpose of the transfer. All data requested through the website are mandatory, as they are necessary for providing an optimal service to the User. If all data are not provided, it is not guaranteed that the information and services provided will be completely adapted to their needs.

SECURITY MEASURES:

In accordance with the provisions of the current regulations on personal data protection, and in particular in the Regulation (EU) 2016/679 of April 27, 2016, and the LOPD-GDD 3/2018 for the processing of personal data under its responsibility, and expressly with the principles described in Article 5 of the GDPR, whereby they are processed lawfully, fairly, and transparently in relation to the data subject and are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

In any case, SCRABIN has implemented sufficient mechanisms to:

1. Ensure the permanent confidentiality, integrity, availability, and resilience of the processing systems and services.
2. Restore the availability and access to personal data quickly, in case of a physical or technical incident.
3. Regularly verify, assess, and evaluate the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.
4. Pseudonymize and encrypt personal data, if applicable.

SCRABIN guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by GDPR 679/2016 and LOPD-GDD 3/2018 to protect the rights and freedoms of Users and has provided them with adequate information so that they can exercise them. SCRABIN has installed all technical means and measures at its disposal to prevent the loss, misuse, alteration, unauthorized access, and theft of Personal Data provided by the owner to SCRABIN. However, the User must be aware that Internet security measures are not impregnable.

Personal data incorporated into the Internal Treatment Activities Register will be treated with the utmost confidentiality and security. The Owner may send commercial information related to NEWS AND UPDATES ABOUT OUR PLATFORM AND ITS FEATURES, in which case, the sender undertakes to indicate its advertising purpose when sending, and to coordinate a simple, clear, and free system in case you wish to stop receiving them.

The Services/features of the SCRABIN Platform contained on the website are exclusively intended for adults. In the event that SCRABIN offers any application, product, or promotional activity, event, contest, or similar, in which the collection of Personal Data of minors may occur, SCRABIN will always request parental consent for minors to access them and their Personal Data may be subject to automated processing as provided in this notice on the Data Protection Policy.

As previously informed, the collection and automated processing of Personal Data are intended to maintain the contractual relationship, if any, established with SCRABIN, the management, administration, AND MAINTENANCE of the User's Platform account, requests for information that the User decides to raise, registration/contracting of new features, or use the adaptation of such services to the preferences and tastes of Users, the study of the use of services by Users, the design of new applications, features, packages, sending technical information updates, sending, by traditional and electronic means, technical, operational, and commercial information about the SCRABIN Platform.

USE OF PUBLIC PROFILES ON DIFFERENT SOCIAL NETWORKS:

SCRABIN has a profile on the main Internet social networks, being known in all cases as responsible for processing the data of its followers, fans, subscribers, commentators, and other user profiles (hereinafter, followers). The processing that SCRABIN will carry out with this data will be, at most, what the social network allows for corporate profiles.

SCRABIN may inform its followers through any means allowed by the social network about its news, activities, and events. In no case will SCRABIN extract data from social networks unless the user's consent is obtained expressly and punctually for this purpose. When, due to the nature of social networks themselves, the effective exercise of the follower's rights depends on the modification of their personal profile, SCRABIN will help and advise them to this end to the best of its ability.

What purposes will we process your personal data for?

• Respond to your queries, requests, or petitions.
• Manage the requested service, respond to your request, or process your petition.
• Interact with you and within a follower community.

Detail of profiles on Social Networks:

SCRABIN PROFILES ON SOCIAL NETWORKS:

• SCRABIN on LinkedIn: https://www.linkedin.com/company/findthatleadnow/
• SCRABIN on Facebook: https://facebook.com/Findthatlead/
• SCRABIN on Instagram: https://www.instagram.com/findthatlead?igsh=Y3h4bmY5eXM5bnl1
• SCRABIN on "X": https://x.com/findthatlead?t=invvXfR6tRlUQmHk5ZDiOA&s=09
• SCRABIN on YouTube: https://youtube.com/@findthatlead?si=JrpJTQrvugEaZkhr

What is the legitimacy for the processing of your data?

• For more information about Facebook, click here
• For more information about LinkedIn, click here
• For more information about Instagram, click here
• For more information about YouTube, click here
• For more information about "X", click here

Acceptance of a contractual relationship within the corresponding social network environment, and in accordance with its Privacy policies:

In all cases, SCRABIN is known as responsible for the processing of the data of its followers, fans, subscribers, commentators, and other user profiles (hereinafter, followers). The processing that SCRABIN will carry out with this data will be, at most, what the social network allows for corporate profiles. Therefore, SCRABIN may inform its followers through any means that the social network allows about its news and activities. In no case will SCRABIN extract data from social networks unless the user's consent for it is obtained punctually and expressly. When, due to the nature of social networks themselves, the effective exercise of the follower's rights is subject to the modification of their personal profile, SCRABIN will assist and advise them to that end to the extent of its possibilities.

RIGHT TO INFORMATION:

Upon request, SCRABIN will immediately communicate in writing, in accordance with applicable law, whether we have stored any of your personal data, and what these are. If you are registered as a user, we offer you the possibility to personally consult your data and, if necessary, proceed with their deletion, modification, and/or updating.

DESCRIPTION OF MEASURES ADOPTED BY SCRABIN DERIVED FROM THE GDPR:

Our Users/clients and suppliers of SCRABIN are informed that, in accordance with the GDPR and LOPD-GDD regulations applicable to the company's activities, the measures adopted to achieve an optimal level of compliance are detailed:

• Develop a record of processing activities in accordance with Article 30 of the GDPR.
• Identify the legal bases for data processing, in accordance with Articles 6 and 9 of the GDPR.
• Audit the channels for entering information and internal forms/documents and inform the data subjects about the processing of their data, in accordance with Articles 13 and 14 of the GDPR.
• Address the rights of data subjects, regarding their rights of access, rectification, erasure, restriction of processing, data portability (Article 20 of the GDPR), objection, and automated decision-making, establishing a direct channel of attention: [email protected]
• Audit and request compliance guarantees from the company's data processors, and sign a data processing agreement in accordance with Article 28 of the GDPR. SCRABIN facilitates the process by making available through our DPO: 1) document of compliance guarantees and detail of the measures adopted, 2) model contract for access to SCRABIN data.
• Conduct a risk analysis and, if necessary, an impact assessment; to facilitate compliance with these obligations, you can consult the AEPD website: https://www.aepd.es/es/prensa-y-comunicacion/notas-de-prensa/la-aepd-publica-un-modelo-de-informe-para-ayudar-las-empresas.
• SCRABIN, as a company responsible and committed to regulatory compliance, recommends to its customers, users, and interested parties the subscription to the alerts newsletters of INCIBE (www.incibe.es) OSI (www.osi.es) and CERT (www.incibe-cert.es).
  
  Links to subscribe to the different portals mentioned will allow you to be aware in advance of possible threats and incidents:
  • INCIBE ALERTS: https://www.incibe.es/newsletter/subscriptions
  • OSI ALERTS: https://www.osi.es/es/boletines/suscribirse
  • incibe-cert ALERTS: https://www.incibe-cert.es/newsletter/subscriptions
• Existence of an internal protocol for notifying security breaches; data security breaches to the data protection authorities (Article 33 of the GDPR) and to the data subjects whose data have been compromised (Article 34 of the GDPR). To this end, in the event of any incident that poses a risk to the rights and freedoms of those affected, SCRABIN will notify the CLIENT/User as soon as possible, and will assist them in making such notifications.
• The company has officially appointed a Data Protection Officer through the register enabled for this purpose at the AEPD (www.aepd.es) in accordance with Articles 37, 38, and 39 of the GDPR. SCRABIN provides the following contact email for the designated DPO for data protection/exercise of rights to CUSTOMERS/users and interested parties: [email protected]
• SCRABIN, in compliance with current regulations, also informs you of your right to file a complaint/request more information with the supervisory authority (www.aepd.es)

INTERNATIONAL DATA TRANSFERS:

On July 10, 2023, the European Commission adopted a new adequacy decision to enable international transfers of personal data between entities in the European Union (EU) and the United States (US) under the EU-U.S. Data Privacy Framework. Following the Court of Justice of the European Union (CJEU) ruling of July 16, 2020, known as the Schrems II ruling, international transfers of personal data to the US were challenged due to issues identified by the CJEU related to US surveillance practices and the lack of mechanisms for European citizens to address infringements on their rights.

With this adequacy decision, the European Commission recognizes that the US guarantees a level of protection equivalent to that offered by the EU, but only when international transfers occur with entities certified under the new privacy framework, the EU-U.S. Data Privacy Framework.

Therefore, IN ACCORDANCE WITH THE ABOVE, personal data will circulate safely from the European Union to US companies participating in the Framework, without the need to establish additional data protection safeguards.

Other international transfers to the US: Both the safeguards adopted and the legislative changes that have taken place in the US will facilitate the use of safeguards such as standard contractual clauses or binding corporate rules.

This does not exclude that an impact assessment will still be necessary for any transfer “Transfer Impact Assessment” carried out outside the EU-U.S. Data Privacy Framework. The adequacy decision ensures that the transmission of data between the EU and the US is possible through a stable and reliable agreement that protects individuals and provides legal certainty to companies.

Related Regulations:

If you wish to obtain more information about the regulations that protect and establish your rights, we provide you with the regulations that have inspired this privacy policy and are relevant to you:

• Regulation (EU) 2016/679
• Organic Law 3/2018, of December 28, on the protection of personal data and guarantee of digital rights
• Law 34/2002, of July 11, on information society services and electronic commerce

CONTACT: If you need any clarification regarding this Privacy Policy, have any questions or complaints, or wish to exercise your rights, please contact our Customer/User Service Department, our designated DPO through the data shown below, indicating in the subject line: "Data Protection"

Legal Notice drafted and revised as of May 15, 2024.