Who is it aimed at?
If it is necessary to provide you with additional information about how your personal information is used in connection with specific SaaS Services, we will provide you with separate or additional privacy notices.
Depending on the SaaS Service, we may provide additional or different privacy statements or notices for specific interactions you have with us or to highlight how we use your personal information for specific Services. When we do this, it will be clear which statements apply to which interactions and which SaaS Services.
Within our SaaS Services, there may be links to third party websites or applications. We are not responsible for the content or data protection compliance of third party websites or applications. Data subjects should review those websites or applications for their privacy policies and the terms and conditions that apply to them.
Who is the Controller of your personal data?
Proprietor: WORKMETER SL
VAT NO: B65020000
Registration: Barcelona Trade Register, entry number Volume: 42357 Folio 107 Page: 405095 Entry: 1
Registered Office: Vía Layetana. 45 4º 1ª. 08003, Barcelona, Kingdom of Spain.
Tel: (+34) 931810661
For what purpose do we collect your personal information?
We process the information you provide for the following purposes:
- Main purposes:
- Information about our activities: answering calls, responding to emails or text messages (SMS, WhatsApp and/or Telegram); as well as queries made through forms, chat sessions, and other functionalities of our website (www. workmeter.com).
- Set up and manage your account, provide technical and customer support and training, verify your identity and submit important account, subscription and SaaS Services information.
- Provision of SaaS services, as well as their monitoring, documentation and invoicing.
- Provide any third party that has made our SaaS Services available to you (e.g., your employer or our subscriber) with information about your use of the SaaS Services.
- Display information that you choose to post, share, upload or make available in chat rooms, messaging services, community and event forums (including community and event profiles), as well as for related collaboration, peer-to-peer connection, gaming and information sharing.
- Compliance with legal, accounting, tax and administrative obligations with the various Public Administrations and Judges and Courts.
- Secondary purposes:
- Manage the sending of advertising of SaaS Services of the Data Controller, by all available channels (e.g. SMS, WhatsApp, Twitter, …).
- Management of applications in recruitment and of the relationship with the interested parties as candidates.
- Offer and suggest customised content such as news, research, reports and commercial information.
Analyse the way you use our SaaS Services to suggest features or services that we think you will find interesting and to enable us to make our SaaS Services easier to use
- Customise your experience with our SaaS Services.
We may retain your browsing and usage information to make your searches within our SaaS Services more relevant and use that knowledge to show you online advertising on our websites and applications.
We may sometimes share your personal information between our SaaS Services so that we can make all the SaaS Services we offer you more intuitive (e.g., instead of asking you to enter the same data multiple times).
- Communicate with you in connection with surveys and polls in which you wish to participate and conduct them in order to analyse the data collected for market research purposes.
- For internal research and development purposes, and to improve, test and enhance the features and functions of our SaaS Services, even after the end of the commercial relationship or subscription with customers and users. Always in an aggregated and dissociated manner by pseudonymisation and/or anonymisation procedures.
- Comply with our internal and external audit requirements, including our information security obligations (and if your employer or our subscriber provides you with access to the SaaS Services, comply with their internal and external audit requirements)
- Protect our rights, privacy, security, networks, systems and assets or those of others.
- Prevention, detection or investigation of a crime or other breach of law or requirement, prevention of loss or fraud.
- In order to exercise our rights and to defend ourselves against claims and to comply with laws and regulations that apply to us or to third parties with whom we work.
- To, from time to time, participate in or be subject to any sale, merger, acquisition, restructuring, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any pre-bankruptcy, bankruptcy or similar proceedings).
Where does your personal data come from?
We collect personal information about you primarily from your interactions with us, from certain third parties (such as your employer or the subscriber providing access to the SaaS Services) and other sources – where legally permitted.
- We obtain personal information directly from you:
- Through your interactions with us and the SaaS Services.
For example, when you purchase or use our SaaS Services, register for an event, request information or call us for assistance (please note that we may record or monitor phone calls for compliance and quality assurance purposes).
- Through your system/device and the use of SaaS Services.
Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve the SaaS Services, analyse usage and improve the user experience.
- Through cookies and similar technologies included in our services.
- We also collect your personal data from third parties such as:
- The person, natural or legal, public or private, who provides you with access to the Services (e.g. your employer or our subscriber) to set up a user account.
- Business partners and service providers who work with us in connection with the SaaS Services.
- In addition, we sometimes obtain personal information about you from publicly available sources such as public websites, open government databases, referenced data already in the public domain and other sources to help us maintain data accuracy, provide and improve the SaaS Services.
What categories of data do we process?
In accordance with the aforementioned purposes, the Data Controller, depending on the processing in question (data of employees, collaborators, suppliers, users, subscribers, etc.), will process all or part of the following categories of data:
- Identification data: name, surname, postal address, e-mail address, telephone number, signature and social security number.
- Personal characteristics: marital status, date of birth, place of birth, sex, nationality, mother tongue, family details.
- Social circumstances: housing/housing characteristics, family situation and property.
- Economic, financial or banking and insurance data: banking and insurance data.
- Academic and professional data: education/qualifications, student record, professional experience, membership of professional bodies or associations, in the case of selection processes.
- Online identifiers.
- Traffic and location data.
- Electronic communications metadata.
The personal data requested are obligatory, so that refusal to provide them could make it impossible to fulfil the purposes for which they are processed.
You are the guarantor that the data provided are true, accurate, complete and up to date, and you are responsible for any damage or loss, direct or indirect, that may be caused as a result of a breach of this obligation.
In the event that you provide us with data of third parties, you must have their consent, undertaking to provide them with this information and exempting the Data Controller from any liability in this regard. However, the Data Controller may carry out checks to verify this fact, adopting the appropriate due diligence measures, in accordance with data protection regulations.
- What is the legitimacy for the processing of personal information?
We process your data on the following legal bases:
- The consent given by you expressly, freely and unequivocally after having been informed in detail of the purpose(s) by the Data Controller.
Remember that the data you provide and/or we request are adequate, relevant and strictly necessary and that, under no circumstances are you obliged to provide them; and that failure to provide them may affect the fulfilment of the purpose(s) pursued.
The preparation and/or execution of the contractual relationship between you and the Data Controller.
- Compliance with legal obligations on the part of the Data Controller.
- The legitimate interest of the Data Controller or a third party to provide and improve the contracted services, to manage the relationship with the data subjects, for marketing actions and to exercise rights and manage liabilities arising from the activity of the Data Controller.
Where we rely on legitimate interests as a legal basis for processing your personal information, we balance those interests with your interests, fundamental rights and freedoms. To find out more about how this balancing exercise was conducted
To whom may we disclose your personal information?
As a general rule, we will not pass on your personal data to third parties, unless expressly authorised or legally obliged to do so.
However, you should be aware that, in order to achieve the purpose(s) indicated above, it may be necessary, and even obligatory, for your data to be communicated to or processed in other ways by different service providers of the Data Controller, such as consultancies, management companies, IT or telecommunications companies, software service providers, storage, operating systems and/or computer applications or programmes, etc., who will be obliged to use your data, solely and exclusively, to comply with the obligations assumed with the Data Controller.
In all cases, the Data Controller assumes responsibility for the personal information you provide to us. We therefore ask those suppliers/companies with whom we share your personal information to apply the same level of data protection as we do.
Likewise, your personal information will be at the disposal of the Public Administrations, Judges and Courts, for the attention of possible liabilities arising from the processing of your personal data.
For a better understanding of the various possible recipients of your data, please note that, by using the Services, your personal information may be processed by:
- The person who provides you with access to our Services (e.g. your employer or our User).
- Business partners with whom we deliver co-branded services, provide content or organise events, conferences and seminars.
- Third parties who assist us in providing the Services or who act on our behalf.
- Third parties when reasonably necessary to protect our rights, users, systems and/or the Services (legal advisors, information security professionals, …).
- Anyone with whom you have asked us to share information or with whom, by your conduct, this necessarily happens (for example, when you make information available/share information in a public forum).
- Third parties who may be involved in or subject to any sale, merger, acquisition, restructuring, joint venture, assignment, transfer or other disposition of all or part of our business, assets or stock (including in connection with any bankruptcy, pre-insolvency and similar proceedings), in which case we may disclose your personal information to prospective purchasers, sellers, advisors or business partners and your information may be a transferred asset in a business sale.
For the fulfilment of the purpose(s) indicated, international transfers of your personal data (processing in countries outside the EEA) will be carried out to those suppliers/companies to whom it is necessary to transfer or communicate your personal data for specific processing.
These suppliers/companies may or may not be located in countries where the law requires a level of protection for personal data equivalent to that of the EEA. In the latter case, we will ensure that any transfer of your personal information by us or by third parties with whom we share it, as well as the way in which we handle it, complies with the legislation in force at the time, as well as with the requirements established by the Spanish Data Protection Agency and the European Data Protection Supervisor (EDPS).
Relevant recipients of international transfers:
|Company: Google LLC.
Address: Plaza Pablo Ruiz Picasso, I, 28020, Madrid, Spain
Processing: G-Suite, a set of office automation solutions through which the Data Controller stores and edits files containing personal data and receives and sends communications
Guarantee(s) of adequacy it provides
Adherence to the Privacy Shield framework (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_es)
|Company: HubSpot, Inc.
Address: 25 First Street, 2nd Floor, Cambridge, MA 02141
Processing: use of personal data for marketing, sales and customer service cloud solutions
Guarantee(s) of adequacy it provides
Adherence to the Privacy Shield framework (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_es)
|Company: Dropbox, Inc.
Address: 1800 Owens St, San Francisco, CA 94158
Processing: storing, editing and communicating files with personal data in cloud solutions
Guarantee(s) of adequacy it provides
Adherence to the Privacy Shield Framework (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_es)
|Sendinblue, a simplified joint-stock company (société par actions simplifiée) registered in the Paris Trade and Companies Register under number 498 019 298
Address:7 rue de Madrid, 75008, Paris (France)
Processing: offering solutions for sending transactional e-mails and SMSs
|Company: Odoo S.A.
Address: Chaussée de Namur, 40 – 1367 Grand-Rosière
Processing: use of personal data for business management cloud solutions: quotes
invoicing, customer communications, etc.
Guarantee/s of adequacy it provides:
|Company: Amazon Web Services EMEA SARL
Nationality : Luxembourg
Address : 6 rue Plaetis
Luxembourg – LU26888617
The personal information we collect is stored in the United Kingdom, even if your personal information is collected in the country in which you reside and outside the EEA.
Those third parties with whom we share your personal information may handle or transfer your personal information outside the United Kingdom and the EEA to other countries in which they maintain facilities.
What are your rights?
As the owner of personal data processed/used by the Controller, you have the following rights:
- Right to request access to your personal data
- Right to rectify incorrect or inaccurate data
- Right to erasure of your personal data
- Right to object to the processing of your personal data
- Right to request the restriction of the processing of your personal data
- Right to portability of your personal data (if applicable)
- Right to transparency in the information received
- Right not to be subjected to automated individual decisions
- Right to withdraw the consent given for the processing of your personal data
- Right to the retention of your data
- The right to lodge complaints with the Spanish Data Protection Agency when they consider that their rights have not been respected.
How can you exercise your rights?
You may exercise your personal data protection rights by sending a written communication to the address of the Data Controller, indicated above, or to the following e-mail address: firstname.lastname@example.org, enclosing a photocopy of your valid identity card/passport/foreigner’s card or equivalent document.
Models, forms and more information about your rights are also available on the website of the Spanish Data Protection Agency: www.agpd.es.
Can you withdraw consent?
You always have the possibility and the right to withdraw consent for any specific purpose given at the time, without affecting the lawfulness of processing based on consent prior to its withdrawal or processing under any other legal basis or ground.
Where can you complain if you feel that your data is not processed correctly?
If you consider that your data is not being processed correctly by the Data Controller, you can send your complaints to the following e-mail address: email@example.com and/or to the corresponding Data Protection Authority (https://edpb.europa.eu/about-edpb/board/members_es), the AEPD being the one indicated in Spanish territory: www.agpd.es.
How long do we store your personal information?
We only store your personal information to the extent that we need it in order to use it in accordance with the purpose(s) for which it was/are collected, and in accordance with the legal basis for the processing.
The default retention period shall be 5 years from the end of the legal relationship with the personal data subject. However, the following specific retention periods shall apply:
- Marketing and communication actions: 10 years from the collection of data by the Data Controller or a third party.
- Information about our services: until the resolution of requests for information.
- Management of subscription to the “customer area” of the website: 3 years from the last login, or until you express your wish not to continue subscribing (whichever comes first).
- Management of applications: 2 years after the CV is sent to the Data Controller.
We will keep your personal information as long as you do not exercise your rights of deletion, cancellation and/or limitation of the processing of your data. In these cases, we will keep the information duly blocked, without making any use of it, while it may be necessary for the exercise or defence of claims or may derive some kind of judicial, legal or contractual liability from its processing, which must be attended to and for which its recovery is necessary.
How do we protect your personal information?
- By means of the appropriate technical and organisational measures to prevent their alteration, loss and/or unauthorised processing or access, as required by law, although absolute security does not exist.
- We ensure that our employees and partners are properly trained to protect your personal information.
- Our procedures indicate that we may ask you for proof of identity before we share your personal information with you.
- In accordance with our guarantee of security and confidentiality, we are particularly interested in offering you the highest level of security and protecting the confidentiality of the personal information you provide to us. Therefore, commercial transactions are carried out in a secure server environment under SSL (Secure Socket Layer) protocol.
How are data of minors handled?
The website of the Data Controller (www.workmeter.com), its SaaS Services are not directed at minors. We may from time to time run a campaign in which minors may show their interest. However, we do not knowingly collect any personal information from minors, except with the permission of a parent or guardian.
If you are a minor, please do not attempt to register as a user of our websites, applications or products. If we discover that we have mistakenly obtained personal information from a minor, we will delete that information as soon as possible.
Cookies and similar technologies
In providing the SaaS Services, we may use certain other tracking technologies in addition to Cookies, such as:
- Web beacons.
Our web pages may contain electronic images known as Web beacons (also known as single-pixel gifs and transparent graphic images) that we use to help deliver cookies on our sites, count users who have visited those sites, deliver the SaaS Services and analyse the effectiveness of our promotional campaigns, for example.
We may also include Web beacons in our marketing e-mails or newsletters to determine whether an e-mail is opened or a link is clicked.
Web beacons are also used to deliver interest-based advertising.
- Web server and application logs.
Our servers automatically collect certain information to help us administer and protect the SaaS Services, analyse usage and improve the user experience. The information that is collected includes:
- IP address and browser type
- Device information, including unique device identifier (UDID), MAC address, identifier for advertisers (IFA) and similar identifiers that may be assigned by us or by third parties
- Device operating system and other technical data
- The city, state and country from which you are accessing our website
- The pages you visited and the content you viewed, stored and purchased
- The information or text you entered
- The links or buttons you clicked on
- URLs visited before and after using our services
- No-tracking” signals
Some browsers transmit Do Not Track (DNT) signals to websites. Due to the lack of common interpretation of DNT signals across the industry, we currently do not alter, change or respond to DNT requests or signals from these browsers. We continue to monitor industry activity in this area and will reassess our DNT practices as appropriate.
- Connection through Social Networks (RRSS)
The Data Controller has an account or profile on the following Social Networks: Facebook®, Instagram®, Twitter®, LinkedIn®, YouTube® and Vimeo®.
Some of our SaaS Services may include Social Networking features such as “like”, “share” and “save” buttons; some plug-ins, as well as some interactive mini-programs.
In addition, users may choose to use their own Social Media login to log in to some of our SaaS Services.
If you choose to connect through a social networking or similar service, we may receive and store authentication information from that service to enable you to log in, as well as any other information you choose to share when you connect to these services. Such services may collect information such as the web pages you visited and IP addresses and may set cookies to enable the features to function properly. We are not responsible for the security or privacy of information collected by these third parties.
It is your duty to review the privacy statements or policies relevant to the third party services you use or access or connect to.
If you do not want your personal information shared on Social Networks or with other Social Networking users, do not connect your Social Networking account with your SaaS Services account and do not participate in the social interaction feature of the SaaS Services.