At the Cellbitec Foundation, we are committed to protecting our customers’ privacy and take our responsibility for the security of our customers’ information extremely seriously. We will be clear and transparent about the information we collect and what we do with it.
This policy sets out the following:
- What personal data we collect and process in relation to you as a customer and your use of our website, mobile apps and online services.
- Where we obtain this data from.
- What we do with this data.
- How we store it.
- To whom we transfer or disclose this data.
- How we manage your data protection rights.
- And how we comply with data protection regulations.
All personal data is collected and processed in accordance with the data protection laws of Spain and the European Union.
Data controller
In this policy, “Fundación Cellbitec” (referred to in this document as “we”, “us”, “our” or “the Foundation”) refers primarily to Fundación Cellbitec.
The Cellbitec Foundation is the “data controller” for all personal data obtained and used relating to both Cellbitec’s clients and all public and/or private entities or individuals who contact us by any means and for any purpose, under the conditions set out for this purpose by current legislation in both Spain and the European Union.
Cellbitec is a company registered in Spain, with tax identification number G04920096, entered in the Register of Foundations and with its registered office at the PITA Scientific Headquarters, University of Almería Campus, in the city of Almería.
What personal data do we collect?
By “personal data” we mean any information relating to you that enables us to identify you, such as your name, contact details, the organisation where you carry out professional and/or social activities, your payment details and information about your visits to our website.
We may collect your personal data when you contract services with us (either directly or indirectly through our trusted external partners), when you create an account on our website, when you use our website and/or our mobile app and other websites accessible via our website and/or our mobile app, when you take part in a survey or competition, or when you contact us.
Specifically, we may collect the following categories of information:
a. Name, address, email address, telephone number, passport number and details or details of another recognised form of personal identification, nationality, and credit/debit card details or other payment details.
b. Information about your purchases of our products and services, or those made from our trusted partners or other companies within our group of companies.
c. Information regarding your use of our website and/or our mobile app.
d. Communications you exchange with us or send to us via letter, email, chat service, telephone calls and social media.
Under no circumstances will we collect any personal data concerning your physical or mental health, political affiliation and/or activity, religious beliefs, alleged commission of offences or convictions for such offences, or any other data considered to be “sensitive” personal data in accordance with the applicable data protection laws in force at any given time.
What we use your personal data for, why we use it, and for how long
Your data may be used for the following purposes:
a. To provide the products and services you request from us: we use your information to provide the services you have requested or for the supply, warranty and/or maintenance of the products you have purchased from us.
b. To contact you in the event of any issues relating to the products and/or services you have contracted with us: we will send you communications regarding the services and/or products you have contracted with us or regarding any changes to them. These communications are not for commercial purposes and you cannot opt out of receiving them.
c. To verify/check your payment details (bank account and/or credit card or any other payment card): we use your payment details for accounting, billing and auditing purposes, and to detect and/or prevent any fraudulent activity.
d. Administrative or legal purposes: we use your data to carry out statistical and marketing analyses, test systems, conduct customer surveys, carry out maintenance and development work, or to resolve a dispute or claim. Please note that we may carry out data profiling based on the data we have obtained from you for the purpose of conducting statistical and marketing analyses. Any profiling activity will be carried out only with your prior consent and with every effort made to ensure that all data on which it is based is accurate. By providing us with any personal data, you explicitly agree that we may use it to carry out profiling activities in accordance with the provisions of this Privacy Policy.
e. Security, health, administrative and crime prevention/detection purposes: we may provide your data to government authorities or law enforcement agencies in compliance with legal requirements.
f. Communications with customer service: we use your data to manage our relationship with you as our customer and to improve our services and your experience with us.
g. Providing personalised services: we use your data to provide you, before, during and after the period of service provision with us or during the warranty period for products you have purchased from us, with information we believe may be of interest to you, and to personalise the services we offer you, such as special offers or other products and services we consider may suit your needs.
h. Marketing: From time to time, we will contact you via email to provide you with information about complementary products. However, you will have the option to accept or decline such communications by indicating your preference when you sign up for or purchase our products and services. In all emails we send you, you will also have the opportunity to indicate that you no longer wish to receive our direct marketing material.
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons for which we have collected your personal data and the purposes for which we need to use it.
In most cases, we will need to process your personal data in order to enter into our service contract with you.
We may also process your personal data for one or more of the following reasons:
To comply with a legal obligation (for example, tax requirements).
Because you have consented to us using your personal data (for example, for marketing-related purposes).
To fulfil our legitimate interests in the operation of our business (for example, for administrative purposes).
Only individuals aged 18 or over may give their own consent. Under no circumstances may individuals under this age enter into contracts and/or purchase our products and services.
We will not retain your data for longer than is strictly necessary to fulfil the purposes for which it is being processed. To determine the appropriate retention period, we will take into account the amount, nature and sensitivity of the personal data, the purposes for which we process it, and whether we can achieve those purposes through other means.
We must also take into account the periods during which it may be necessary to retain personal data to comply with our legal obligations (for example, in relation to claims during the warranty periods of our products and services) or to resolve complaints or enquiries and protect our legal rights in the event of a claim.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider whether, over time, we can reduce the personal data we use and how we can do so, and whether we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use such information without further notice.
Security of your personal data
We follow strict security procedures when storing and disclosing your personal data, as well as to protect it from accidental loss, damage or destruction. The data you provide to us is protected using SSL (Secure Socket Layer) technology. SSL is the industry standard for encrypting personal data and payment details, ensuring they can be transferred securely over the internet.
All payment data is transmitted via SSL through a dedicated network infrastructure (MPLS – Multiprotocol Label Switching) and is stored in accordance with the PCI DSS data security standards of the payment card industry.
We may disclose your information to trusted third parties for the purposes set out in this Privacy Policy. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in accordance with Spanish and EU data protection laws.
International data transfer
The Cellbitec Foundation operates in multiple jurisdictions, some of which are outside the European Economic Area (EEA), such as Azerbaijan, Iran and the United States. Although countries outside the EEA do not always have robust data protection legislation, we require all service providers to handle your information securely and in accordance with Irish and EU data protection laws.
How your personal data is shared
We may share your personal data with the following third parties for the purposes described in this Privacy Policy:
a. Government authorities, law enforcement agencies and regulatory bodies, in compliance with legal requirements.
b. Trusted suppliers of the Cellbitec Foundation who provide ancillary services necessary for the proper functioning of our foundation; such as our agents and official representatives or companies providing support and technical assistance services, at local, national or regional level.
c. Credit and debit card companies and other online payment providers that facilitate payments made to us and help detect fraud; they may therefore require information about your payment method and account details in order to process the payment or ensure the security of your payment transaction.
d. Legal advisers and other professional advisers, courts of law, and law enforcement agencies in all countries in which we operate to safeguard our legal rights in relation to our contract with you.
Social media: You may access third-party social media services via our website or mobile app, or before arriving at our website or mobile app. When you log in to your social media account, we will obtain the personal information you choose to share with us via these social media services in accordance with your privacy settings, in order to improve and personalise your use of our website or mobile app. We may also use social media plugins on our website or mobile app. Consequently, your data will be shared with the relevant social media providers and may appear on your profile, where it will be accessible to other users with whom you share these networks. For further information on these practices, please refer to the privacy policies of these third-party social media providers.
Cookies and website tracking
This site uses cookies to help us improve the service we offer you and to provide certain features that you may find useful. This site may include cookies from advertisers and partners that are stored on your device when you visit our website or mobile app. Please check our partners’ websites for information about their privacy and cookie policies.
Cookies are small text files stored on your computer’s hard drive via your web browser to enable us to recognise your browser and help us track visitors to our website, thereby allowing us to better understand which products and services best suit your needs. A cookie contains your contact details and other information that allows us to identify your device when you visit our website, with the aim of helping you complete your booking.. Most web browsers automatically accept cookies, but if you wish, you can change your browser settings to accept, reject or delete cookies. In the ‘Help’ section of the toolbar on most browsers, you will find information on how to configure your browser so that it does not accept new cookies, how to have the browser display a notification when new cookies are received, or how to disable all cookies. If you decide to change these settings, certain functions and features may not work as intended. The cookies we use do not detect any data stored on your computers.
If you would like more information about cookies and how to prevent them from being installed, please visit the following website: http://www.allaboutcookies.org.
We use tracking software to monitor our customers’ traffic patterns and the use of our website, which helps us to develop its design and structure. This software does not allow us to capture any personal data from users.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this policy. You may contact the DPO with any complaints via the email address info@cellbitec.com, stating ‘For the attention of the DPO at Fundación Cellbitec’ in the subject line of the message and using the body of the message to describe the matter you wish to raise.
We would also like to inform you that, under current regulations, you have the right to lodge a complaint with a supervisory authority at any time. For Fundación Cellbitec, as a Spanish data controller, the main supervisory authority for data protection is the Spanish Data Protection Commissioner.
Your data protection rights
Under certain circumstances, you have a legal right to:
· Request information about whether we hold any personal data about you and, if so, what data this is and why we hold or are using it.
· Request access to your personal data (commonly known as a ‘data subject access request’). This allows you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
· Request the correction of the personal data we hold about you. This allows you to correct any incomplete or inaccurate information we hold about you.
· Request the erasure of your personal data. This allows you to ask us to erase or delete your personal data where there are no other legitimate grounds for continuing to process it. You also have the right to ask us to erase or delete your personal data where you have exercised your right to object to its processing (see the following section).
· Object to the processing of your personal data where such processing is based on our legitimate interests (or those of a third party) and there is something about your particular situation that leads you to wish to object to the processing on that basis. You also have the right to object where we are processing your personal data for direct marketing purposes.
· Object to automated decision-making, including profiling; in other words, you have the right not to be subject to any automated decision-making by us using your personal data or profiling you.
· Request the restriction of the processing of your personal data. This allows you to ask us to suspend the processing of your personal data; for example, if you wish us to verify its accuracy or the grounds for processing it.
· Request the transfer of your personal data to you or a third party in a structured, commonly used and machine-readable format (commonly known as the right to ‘data portability’). This allows you to take the data we hold about you in a commonly used electronic format and to transfer your data to a third party in a commonly used electronic format.
· Withdraw your consent. In the limited circumstances where you have given your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right at any time to withdraw that consent for that specific processing. Once we have received notification that you have withdrawn your consent, we will no longer continue to process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for continuing to do so in accordance with the law.
If you wish to exercise any of these rights, please contact our Data Protection Officer (DPO) by email at patrono@fundacioncellbitec.com, or by post at PITA Scientific Headquarters, University of Almería Campus, Almería (Spain).
You will not be charged any fee for accessing your personal data (or for exercising any of your other rights). However, we may charge you a reasonable fee if your request for access is unfounded or excessive. Alternatively, in such circumstances, we may also refuse to comply with your request.
We may need to ask you for specific information to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who is not entitled to receive it.
Changes to the Privacity Policy
Our Privacy Policy is subject to change from time to time, and we will notify you of any changes via a notice on our website.
