Privacy Policy Consumers | Protects the data and privacy of users and children on the internet

Privacy Policy Consumers

Declaration

Our organization respects and fulfills the fundamental right to privacy. We proactively protect personal data.

• Personal data are specific to each person. When you bring them to our organization you lend them to us and our commitment is to treat them legally, loyally and transparently, and, above all, confidentially.

• We treat your data on an equal basis, without discrimination or distinction of any race, color, sex, language, religion, political opinion, national or social origin, economic position, birth, or any other condition; and without distinction as to the legal or international status of the country or territory under whose jurisdiction you belong.

In our organization we always facilitate the access and control of your personal data. We want to be your trusted privacy organization.

Data Controller

Lex Program Online S.L. is the owner of the website, and our tax identifier is ESB75213181. We have the address at C / Portuetxe, 23, Building CEMEI Of. 312. 200018 Donostia – San Sebastián (Spain).

Contact addresses

DATA PROTECTION OFFICER (DPO): Name and surname: Yeimy Ramírez
Address: C/Portuetxe, 23, Edificio CEMEI Of. 312. 200018 Donostia – San Sebastián
(Spain). Telephone: +34 943426346. Email: dpo@lexprogram.com

PRIVACY OFFICER:

Name and surname: Iñaki Jauregui Navarro. Address: C/Portuetxe, 23, Edificio CEMEI Of. 312. 200018 Donostia – San Sebastián (Spain). Phone: +34 943426346
Email: privacy@lexprogram.com

The Legal Notice lists all the addresses of the persons or bodies with functions related and assigned in matters of privacy.

Our records of processing activities

1. Registration of consent

What personal data we process: Data about your visit, length of stay, place of origin of the visit, the language used, the declared residence, the declared age, your IP, your consent, the rights exercised, the authorized cookies, and the privacy policy, cookies policy and terms of services accepted, requests for advertising exclusion, non-sale or data transfers, and other treatment limitations.

Where we get your data: We can obtain your data by using technical procedures for capturing technical and security data and from your own statement when making a positive or negative, explicit, previously informed action on our website or a website owned by a previously declared business partner.

Why we treat your data: Because at the time you have expressly consented, or you have signed a contract with our organization or your company or organization, or we simply have a legitimate interest in storing them, protecting in any case, your fundamental right to privacy against our interest. Please also note that we may have to store and process them in the public interest or legal obligation.

What we process your data for: To comply with our contractual obligation to register your consent (or refusal) and ensure that we previously comply with our duty of information. We always provide you with a copy of the consent, so that you can always exercise your rights and claim us if we ever breach our obligations.

With whom we share your data: Your personal data is not shared with third parties, other than with those responsible for processing when we carry out the registration under their entrustment.

International transfers: International transfers are not planned.

How we protect your data: Access Control and access codes. Encryption. Pseudonomization. Firewall. SSL connection. Principle of data minimization. Insertion of confidentiality clauses. Principle of proportionality. Restoration systems or Back Up. Training and awareness of human resources. Contracts commissioned and/or co-responsible for the treatment.

How long we keep your personal data: at most 1 year, always having that the treatment will be the present shortest possible time for the purpose of the processing, except when applicable laws, contracts and regulations require otherwise.

2.External services of the website

What personal data we process: We may use external services on our website. We do not record activity arising from these services. These services provide us with information society services such as: the font of the website, cloud storage, consent registration, provision of sliders, templates for the creation of websites, ecommerce services, the use of APIs and other applications to convert currency, incorporate comments, etc. These external services usually collect personal data such as the I P, and browser connection data, type of device, type of screen, connection speed and even some such as the filling of forms collect personal data from documents, files, images being able to store and process name, surname, address, telephone, card or identification number, Emails and communications, and cached data.

Where we get your data: We can obtain your data by using technical procedures to capture technical and security data and your own activity when carrying out actions on our website or a website owned by a business partner, and even when they have generated cookies and / or tracking scripts with your consent they can monitor your activity on the internet.

Why we process your data: Because our business partners provide services and have a legal interest in providing their services with technical security, recording use, improving their provision and statistically analyzing their use. The data collected cannot be combined with other databases without a legitimizing basis of consent or legal or contractual obligation and at this time we lack evidence that they carry out illegal treatments, so their use is lawful.

Why we process your data: Our external services may process your data to establish technical security measures, record the use of services, improve their provision and statistically analyze their use. The data collected by these business partners is governed by the privacy policy of the provider of the linked service. We recommend reading them and exercising your data protection rights in them.

Who we share your data with: Your personal data is not shared with third parties.

International transfers: International transfers are not planned.

How long we keep your personal data: 1 year, unless we have a legal, contractual, or administrative obligation that obliges us to keep this data for a longer time, in which case it will be the legally stipulated, plus one year.

3.- Data obtained on our website

The personal data collected on our website may be processed by LEX PROGRAM in accordance with the following:

What personal data we process LEX PROGRAM will process the following categories of data:

Identification data: name, surname, national identity document or foreigner identity number and image.
Contact details: address, landline, mobile phone, email address.
Personal characteristics data: nationality.
Bank details: account number, holder, SEPA mandate.
Other data: data provided by the interested parties themselves in the open fields of the forms provided on the Website.
Navigation data.

Why we treat your data: We can treat your personal data since the processing of data of the Website is necessary for the fulfillment of the purposes arising between the user and LEX PROGRAM, in this case we will always have a legitimate interest to do so.

However, the processing of your data for marketing purposes, relating to goods and services of LEX PROGRAM and similar services for its customers, will be based on consent. And in the absence of this, it may be done based on legitimate interest or when there is a prior contractual relationship or pre-contractual request.

The processing of data for statistical purposes will be based on legitimate interest provided that the data is not transferred to third parties in a non-aggregatedornon-commercial manner. If they are transferred to third parties or technologies of processors are used that can use the data for themselves or for other third parties, it will necessarily be based on consent.

The sending of commercial communications from third parties with which LEX PROGRAM collaborates is based on the user’s consent.

We have made an effort to minimize the processing of personal data by applying the principle of minimization of processing.

The withdrawal of consent to any of the treatments will not affect the legality of the treatments carried out previously.

To revoke consent or exercise rights, the User may contact LEX PROGRAM by : Letter addressed to the Privacy Officer of LEX PROGRAM at the address indicated in our Legal Notice or by email addressed to info@lexprogram. .com

Why we treat your data: We can treat the data for the following purposes:

a) Manage your contact requests with LEX PROGRAM through the channels provided for this purpose on the LEX PROGRAM Website.

b) Manage purchases made within the framework of the Website, including payment management and order submission.

c) Contact the User to finalize the order if he has saved his shopping cart or has saved products in his shopping cart without completing the payment process.

d) Manage the subscription to the newsletter, made through the channel provided on the LEX PROGRAM Website.

e) Carry out analyses on the use of the Website and check the preferences and behavior of users.

f) Manage the sending of commercial communications about products and services of LEX PROGRAM, unless the user indicates otherwise by checking the corresponding box or shows his opposition to such treatment.

g) Send commercial communications (offers, promotions, etc.) to the user by electronic and / or conventional means, about products and services of third companies with which LEX PROGRAM collaborates if the user gives his consent to do so by checking the corresponding box.

h) Manage the sending of satisfaction surveys based on the purchase of the product or service of LEX PROGRAM made, to improve day by day the experience of our customers.

i) The data will be kept for the time necessary to carry out the purposes for which they were collected, and during the limitation period of the legal actions that may arise from it. Notwithstanding the foregoing, the user may request their withdrawal from LEX PROGRAM, opposing, revoking their consent and even requesting the deletion of their data.

With which recipients the user’s data will be shared: Your personal data is not shared with third parties, except for:

Public Administrations and competent national and/or European authorities, in the cases provided for by Law.
Our treatment managers such as our accounting, financial and administrative advisors. Also, the labor consultants and the banking entities with which we collaborate, as well as our managers of the maintenance of our equipment and computer systems such as information security.

International transfers: International transfers are not planned.

Our data processors have your data residing in the European Union and their data processing will always be carried out in compliance with legal obligations and in accordance with the purposes and legal bases indicated above. These suppliers will not process your data for their own purposes that have not been previously informed by LEX PROGRAM.

How we protect your data: In our treatments we apply the following technical and organizational security measures:

Access control and access codes. Encryption. Pseudonomization. Firewall. SSL connection. Principle of data minimization. Insertion of confidentiality clauses. Principle of proportionality. Restoration systems or Back Up. Training and awareness of human resources. Contracts commissioned and/or joint controllers.

How long we keep your personal data: 1 year, unless we have a legal, contractual or administrative obligation that obliges us to keep this data for a longer time, in which case it will be legally or contractually stipulated, which will be longer than one year.

What rights do you have?

Your personal data is YOURS, you lend it to us, and we store and process it because you want it or instead of it, because we have a contractual obligation, or a legal obligation, or a public interest to satisfy, or a legitimate interest that in no case will prevail over your right to privacy. Consequently

YOU CAN

• Request access to your personal data when you want to know the data stored, its categories, its legal basis and purpose of the treatment, the treatment activities carried out, if we have sold, assigned, transferred, rented, shared, who are the recipients, as well as what our data sources are. The information included in the Records of Treatment Activities provides you with many of these data, including the recipients of your data in the last twelve months. You can also request from the Data Controller explanations of the Privacy Policy or Notice, and any essential data about our storage and processing of your personal data.

• Tell us that we have them badly registered and that they contain errors, and request, therefore, their modification and rectification.

• Request that we do not carry out further processing by opposing or withdrawing your consent and even request that we delete them; You can ask us for a copy of the data we have and take it with you or another organization.

• Limit our storage and processing in such a way that we do not process any data of yours or those of sensitive or special category; nor do we carry out profiling treatments, combinations of databases, massive treatments or that serve for automated decision-making and to limit your monitoring, including geolocation.

• Expressly prohibit us from advertising to you and from transferring, sharing, renting, or selling your data.

Always remember that if you exercise your privacy rights as a user, consumer, employee, or job seeker you can never be discriminated against, retaliated, or prevented by the owner of a website and / or its Treatment Manager for your access and permanence in it or to provide you with products and services.

How do you exercise these rights?

Some of these rights can be exercised directly, specifically on the Register of Treatment Activities of the Consent Record of the website. So you can exercise your right to see what data we record and store about you, what you have consented to and when you have consented. If you have subsequently modified or rectified your consent, or if you have opposed or limited our processing, and if you want to port the data, you take the data in a structured csv format. If you would like to withdraw the consent we delete them directly, and you can also write to us and tell us what data is wrong and we must rectify.

The rest of the personal data in our records of treatment activities can be requested by email or a letter by mail to the Privacy Officer, indicating which right you exercise and your claims. We are committed to respond to you and comply with your rights within the period established in the Law. If we do not attend to your rights, you can complain to the corresponding control authority (your habitual residence or your place of work, or the Control Authority of the place of the alleged infringement). We provide you with the address of the one that corresponds to your residence. If there is no residence in your residence, we provide you with the address of the web editor:

SUPERVISORY AUTHORITY

Country: Spain

Control authority: Spanish Agency for Data Protection (AEPD)

Address: C/Jorge Juan, 6

28001 Madrid

City: Madrid

Phone: (+34) 91 266 35 17

Fax: (+34) 91 455 5699

Email: internacional@aepd.es

Website: https://www.aepd.es/

If in the execution of our privacy and data protection policy we cause you damage, you can claim individually, and perhaps collectively, in the ordinary courts of your jurisdiction.

International Transfers

We do not make international data transfers. Now, when we respond to your emails, we send you files to the cloud or to a server or service that you have hired, without knowing it you may be sharing your personal data and authorizing Google (Gmail); Microsoft (Skype, Hotmail, Outlook); Facebook (Whatsapp), Telegram (Telegram ), etc. and all its business partners to read and store such data. We recommend that you review their privacy policies.

Protection of children and young people

Our website is aimed at all audiences.

If you are a parent or guardian, or in your place educator, and you know that we have captured and stored data of minors, please contact us to proceed with its deletion.

Incidents and security breaches

We are not infallible. From our proactive responsibility we adopt all the technical and organizational security measures reasonably necessary to secure your information. Now, the internet and the world of electronic communications is an environment of cyber risk, and it may be that a human or computer coding failure, or simply an attack, unauthorized access, theft, unauthorized disclosure, regardless of whether it is sought or caused by hackers, can cause incidents and security breaches.

For this case, you should know that we have an obligation to keep a record of incidents in which the place, day and time of detection of the incident, the type of attack, its origin, and what the security breach consists of and what have been the systems, data and equipment affected. We are obliged to resolve incidents and security breaches, and note in the registry the solutions made.

If the incidents involve a security breach that puts your rights and freedoms at risk, or affect your sensitive or special category personal data, or may facilitate the usurpation of your identity, or pose a risk of fraud, reputational damage or loss of confidentiality of your specially protected data, we have the obligation to notify them to the Control Authorities. If this case occurs, we will notify you within the legal period of the nature of the security breach, the affected interested parties, the data and what category of data have been affected, the security measures implemented to resolve the incident and the measures adopted to reduce the risks to those affected. However, if the data on which the security breach is suffered were encrypted or encrypted, or if we reasonably conclude the absence of risk, we do not have this obligation to notify. Nor do we have it if we proceed to make a public communication warning those affected to adopt their own preventive measures

Social Media

We use social networks.
Facebook, Meta Platforms Social Network, Inc. 1601 Willow Road Menlo Park, CA 94025 UU). The main page is https://www.facebook.com/ and its privacy policy can be read in https://www.facebook.com/privacy/explanation. Contact them +1 (650) 543-4800. Meta Platforms Ireland Limited with registered office at 4 Grand Canal Square Grand Canal Harbour Dublin Ireland.
Instagram, Social Network of Meta Platforms, Inc. 1601 Willow Road Menlo Park, CA 94025 (USA) UU). The main page is https://www.instagram.com/ and its privacy policy can be read in https://help.instagram.com/519522125107875. Contact them +1 (650) 543-4800. The representative in Europe is Meta Platforms Ireland Limited with registered office at 4 Grand Canal Square Grand Canal Harbour Dublin Ireland.
Linkedin: Red Social del Grupo Microsoft., empresa LinkedIn Ireland Unlimited Company. Wilton Place,Dublin 2, Ireland. Identification Number at the Companies Registration Office of the Republic of Ireland: 477441. VAT ID: IE 9740425P Attn: Legal Dept. (Privacy Policy and User Agreement). Formulario de contacto: https://www.linkedin.com/help/linkedin/ask/. Política de Privacidad: https://www.linkedin.com/legal/privacy-policy
Twitter, Twitter, Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103 UU). The main page is: https://twitter.com/ and its privacy policy you can read in https://twitter.com/es/privacy. The representative in Europe is Twitter International Company with address at One Cumberland Place, Fenian Street. Dublin 2, D02 AX07 Ireland.

The legal basis is the contractual and express consent with the Social Network. Your data is shared voluntarily and publicly, or through your guardian or legal representative in our social network account or in the media and audiovisual networks and channels in a public and notorious way and through data voluntarily shared through forms, surveys, contests formulated by our organization, employees, Commercial representatives or marketing agencies.

The data you share will be recorded and stored by the social network and will identify you, your browser, computer and related devices. All the information you share can be captured by third parties and the SOCIAL NETWORKS will treat it for profiling and advertising segmentation combining them with their own or third-party databases to create new databases of potential customers, profiled for the sale or offer of segmented products and services; Your personal data may be transferred internationally. It is also possible that SOCIAL NETWORKS monitor your activity when you stay in their network.

SOCIAL MEDIA treatments are especially invasive. They perform: 1) TRACKING, tracking and monitoring of natural persons, his/her IPs, their geolocations, their actions, etc. 2) PROFILING: segmentation or profiling for personalized and behavioral advertising; 3) BEHAVIORAL ALGORITHMS. Data processing with behavioral, segmentation and profiling algorithms. 4) USE OF ARTIFICIAL INTELLIGENCE, for reading, storage, and extraction of data for subsequent profiling, segmentation and behavioral analysis 5) MASSIVE TREATMENT Massive data processing 6) BIG DATA: Analysis and extraction and application of behavioral and statistical algorithms on large databases 7) INTERNATIONAL ASSIGNMENTS.

It is an environment of HIGH-RISK DATA, existing DIFFICULTY OF DESTRUCTION.

In our sections we will process your data to answer and process queries, requests, suggestions and comments; Manage company social networks; Create a community of people; promote our products and services; perform affiliate programs, memberships; provide offers and discounts; Extract information from social networks for segmentation and profiling of users for marketing; discover trends; perform actions and measurements of our branding and reputational level; Contribution of value of our brand, services or products to the user.

The level of security of the social network is high since they have established an access control and passwords; Cloud storage in secure environment; Restoration or back up systems. Information security systems and firewall, intrusion detection activated.

The owner of the data may exercise the rights of access, rectification, deletion, opposition, limitation and portability, without limitation or qualification. In addition, the owner, at any time, can withdraw the consent given and directly delete the information provided to the social network. You can also object to the automated processing of your data.

Contact us if you have questions

We have made every effort to keep our explanations brief and easy to understand. However, if you want additional information or have any questions or concerns about our information security and data protection practices, please contact us.