Who is the data controller?
The data controller of the personal data provided when using this website is:
Company name: BLOCKGUMMIES, S.L. (“Blockgummies”)
Tax ID: B09763947
Registered address: c/ Jon Arrospide, 11 – 1º, 48014 Bilbao (Bizkaia) SPAIN.
What personal data do we collect?
You can visit and browse our website without providing any personal details to us. In the event that you get in touch with us and fill the contact form available on our website, we will process the personal data you provide to us in order to respond to your requests, answer your enquiries and/or provide you with the information requested to us. In this case, we will only collect and process your name and e-mail address, as well as any other data that you voluntarily decide to provide to us as part of your communication. If the aim of your contact is to initiate or enter into any kind of business or contractual relationship with us, we may collect and process certain additional personal information on a case-by-case basis depending on the nature or scope of such relationship.
If you exclusively use our website for consultation purposes and do not provide us with any personal details, we will not process any personal data from you, with the exception of certain technical data transferred by your browser in order to permit your use of the website. For the technical provision of the website (as it occurs when you visit any other website), our system automatically collects certain technical data from your browser when the website is called up. The storage of technical data by our system is necessary to ensure the functionality of our website. This technical data may include IP address, country, browser type/version, browser language, operating system, time of access and the previous website from which you reached our website.
For what purposes do we use personal data?
We set out below a description of the purposes for which we may use personal information and/or technical information collected when using our website or obtained when you contact us.
- To respond to your enquiries and/or to provide you with the requested information when you contact us.
- To keep you updated by means of newsletters or similar electronic communications we may send to you from time to time about our news, events, updates, products and projects.
- To invite you to participate in surveys or events when may organize or promote from time to time.
- To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).
- To detect, prevent, or otherwise address fraud or security issues.
- To analyze and improve our website.
- To comply with legal or regulatory obligations that apply to us and to defend our legal interests in the event of a potential dispute or claim.
Which is the legal basis for processing personal data?
When we process personal data, we make sure that there is an appropriate legal basis for doing so. We set out below a description of the legal basis under which we may process personal data depending on the purpose for which is it is obtained or used.
- We process the personal data provided to us based on our legitimate interests (Art. 6.1.f) GDPR) to respond appropriately to your enquiries and keep a record of our communication with you when you voluntarily contact us. If your contact is aimed at the conclusion or initiation of a business or other contractual relationships with us, the additional legal basis is to take pre-contractual steps prior to entering into such relationship at your request and, where appropriate, to perform and handle thereafter our relationship with you (Art. 6.1.b) GDPR).
- We process personal data for direct marketing purposes and/or for inviting you to participate in events or surveys based on your consent (Art. 6.1.a) GDPR), solely when you have given permission to us to receive these kinds of communications or you have subscribed to our newsletter.
- We process personal data and/or technical information based on our legitimate interests (Art. 6.1.f) GDPR) to (i) administer, analyze, maintain, improve and protect our website; (ii) to detect, prevent or otherwise address fraud or security issues; (iii) to administer and handle our internal business operations; and (iv) to defend our legal interests in the event of a potential dispute or claim.
- Where applicable, we may process personal data and/or technical information based on our obligation to comply with legal or regulatory obligations that may apply to us in connection with our relationship with you (Art. 6.1.c) GDPR).
How do we protect personal information and for how long is it retained?
We have taken and we implement appropriate and market-standard organizational and technological safeguards and security procedures intended to prevent personal information from accidental or unauthorized loss, alteration, access or use. We have put in place commercially reasonable procedures to deal with and prevent any personal data breach or security incident. These security measures include encryption of data, firewalls and access controls to our business information.
With whom and why may we share personal information?
Blockgummies will not share personal data with third parties, except with the relevant person’s consent or when we are legally compelled or authorized to do so. We may share personal information in accordance with applicable law with the following categories of third parties and/or in the following events:
- Service providers. We may share personal information with our service providers, solely as necessary for them to provide services to us and subject to appropriate confidentiality obligations. For example, we may rely on service providers to host and maintain our website, perform backup and storage services, provide customer service, transmit communications and perform external audits or analytics services. In such cases, our service providers will process the data on our behalf and under our instructions, and under the appropriate contractual obligations. In the event that our service providers are located outside of the EEA, we will make sure that they are located in countries in respect of which the European Commission has issued adequacy decisions recognizing that country as providing an adequate level of data protection under European data protection laws. Otherwise, we will enter into appropriate agreements (based on so-called Standard Contractual Clauses approved from time-to-time by the European Commission) as required by European data protection law.
- Government agencies, regulators and official authorities. Where permitted or required by applicable law or under judicial order, we may also need to transfer personal data to government agencies and other regulators or authorities (e.g., tax authorities, courts and government authorities) to comply with our legal obligations.
- Mergers and corporate events. In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we may share our business information, including personal information, with the entity which acquires or proposes to merge or acquire our assets for the purpose of negotiating, concluding and implementing the transaction/merger. Such information may be transferred in accordance with applicable law on the basis of our legitimate interests in order to be able to organize and implement a planned sale or merger.
Which are your rights?
Where we process personal data about you, you are a “data subject” within the meaning of the GDPR and you have the following rights:
- Right of access: You can request data about whether we process personal data about you. If this is the case, you have a right of access to this personal data as well as to further data related to the processing (Art. 15 GDPR). Please note that this right of access may be limited or excluded in certain cases.
- Right of rectification: In the event that personal data about you is not (or is no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (Art. 16 GDPR).
- Right to erasure or restriction of processing: If the applicable legal requirements are met, you may request the erasure of your personal data (Art. 17 GDPR) or the restriction of the processing of such data (Art. 18 GDPR). However, the right to erasure under does not apply, inter alia, where the processing of personal data is necessary for compliance with a legal obligation.
- Right to object: For reasons arising from your particular situation, you may also object to the processing by us of personal data concerning you (Art. 21 GDPR). If the legal requirements are met, we will subsequently no longer process your personal data.
- Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to require that we provide you with the personal data relating to you that you have provided to us in a structured, common and machine-readable format.
- Right to revoke consent: If you granted your consent for a specific purpose, you may withdraw it at any time. The revocation is only effective for the future; this means that the revocation does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
- To exercise any of these rights, please send us a request in writing with reference “GDPR rights” to our address indicated above, together with an official document proving your identity. Otherwise, we may need to request specific information from you in order to confirm your identity and ensure your right to exercise any of your rights. This is a security measure to ensure that these rights are not exercised by any person who has no right to exercise them. We may also contact you to ask you for further information in relation to your request to speed up our response.
- If you believe that the processing of your personal data by us infringes the applicable laws, you are entitled to file a complaint before the relevant national supervisory authority (in Spain, Spanish Data Protection Authority, c/ Jorge Juan 6, 28001 Madrid, www.aepd.es).