Effective as of June 2020
- Information we collect
- How we use the information we collect
- How we share the information we collect
- Cookies and other tracking technologies
- Information collected by third parties
- Email opt-out
- Payment processing
- Children and COPPA compliance
- Business transitions
- California users consumer rights
- Users located outside of the European Union
- EU users’ rights under the GDPR
- Data retention
- Cooperation with law enforcement; fraud protection
- Who we are
- Explain the way we use information that you share with us in order to give you a great experience with our Website;
- Ensure that you understand what information we collect with your permission, what we do with it and with whom we share it; and
- Explain your rights under applicable law.
2. Information we collect
The information we collect includes personal identifiers, commercial information, electronic network activity and geolocation data, and can be divided into the following broad categories:
- Technical Dataincludes internet protocol (IP) address, device type, device version, browser type and version, browser plug-ins types, time zone setting and location, traffic data, search criteria, weblogs and other communications data, operating system and platform and other technology on the devices you use to access the Website.
- Usage Dataincludes information about how you use our Website or Service, such as the particular pages you interact with, how often you visit, how long you’re on the Website, surveys, the products and/or services you’re looking at and/or purchase.
- Verification Dataincludes proof of identity and proof of address as further detailed in our Subject Access Request Form.
- Financial Datamay include details about your payment history and services or products you have purchased from third parties offering products or services through the Website (collectively, “Offerors”).
- Identity Dataincludes name, address, telephone number, email address.
More specifically, we may collect and store the following information relating to you:
2.1 Anonymous data
2.2 Direct Interactions
We collect information from you when you voluntarily submit information directly to us or via our Website. This refers to personal data you provide, for example, by corresponding with us via phone, email or live chat. This personal information may include name, age, address, phone and email, as necessary to address your query. We will not share that information in a manner that identifies you as an individual with any other entity unless we have your permission.
2.3 Tracking technologies
- Automated technologies or interactions
As you interact with our Website, we may automatically collect technical and usage data about your device, browsing actions and patterns. For example, we collect information which may include your IP address, browser type, your location, language preferences, device information and access times. While an IP address does not identify an individual by name, it may, with the cooperation of the ISP, be used to locate and identify an individual. Your IP address can reveal what geographic area you are connecting from, or which ISP you are using. Finally, other websites you visit have IP addresses, and we may collect the IP addresses of those websites and their pages. We also collect IP addresses for system administration and to report aggregate information to any sponsors. We may also receive information from our web logs, which automatically record anything a web server sees, which may include email addresses you enter into a form or pages viewed by a user at a particular IP address. We collect this personal data by using cookies, pixel tags and other similar tracking technologies. The sole purpose of passively collecting your information is to improve your experience when using our Website.
- Information received from our service providers and partners
We may also receive information about you from our service providers and partners, which we use to personalize our Service, to measure ad quality and responses to ads, and to track your purchases from Offerors.
3. How we use the information we collect
We have set out below, in a table format, a description of all the ways we process your personal data, and the legal basis we rely on to do so.
Type of Data
To allow you to visit the Website
To manage our relationship with you. For example: general enquiries such as how the Website works, complaints and payment queries
Any data you choose to share with us or request us to view
To administer and protect the Website (including troubleshooting, fraud prevention, spam prevention, security incident prevention and correction, data analysis, testing, system maintenance, support, reporting and hosting of data), operate the Website (including notifying you of any changes), optimize your user experience, and send you service and support messages such as updates, patches and security alerts
To analyze your use of the Website and deliver relevant website content and third-party advertisements, for example by providing customized, personalized, or localized content, recommendations, features, and advertising.
For purposes of legitimate interests
To maintain and retain records in connection with actual and potential legal claims and regulatory investigations; and for governance & compliance purposes
Necessary for the compliance with a legal obligation to which we are subject
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please email us at [email protected]
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. How we share the information we collect
This section describes how the information collected or generated through your use of the Website may be shared by us with third parties. The information we may disclose for a business purpose includes personal identifiers, commercial information, electronic network activity and geolocation data. We do not sell our users’ personally identifiable information.
4.1 Marketing and advertising
We do not provide any personally identifiable information to third-party advertising companies; however, when you click on an Offeror’s link, you consent to our providing your personal information to such Offeror so that they may fulfill your request for products or services.
4.2 Service providers
To provide you with the best experience on our Website, we may use third parties who automatically process your Usage Data on our behalf. Where possible, we will make sure this data is anonymized.
For your information, click here to view some examples of how third parties process your personal data.
5. Cookies and other tracking technologies
A cookie is a small text file that is placed on your computer, mobile phone, or other device when you visit a website. The cookie will help website providers to recognize your device the next time you visit their website. There are other similar technologies such as pixel tags (transparent graphic images placed on a web page or in an email, which indicate that a page or email has been viewed), web bugs (similar to pixel tags), and web storage, which are used in desktop software or mobile devices.
There are also technologies such as mobile device identifiers and SDK integrations to help companies recognize your device when you return to an app or otherwise use a service. Our policy regarding cookies can be found here.
6. Information collected by third parties
Please read these third-parties privacy policies to find out how they collect and process your personal information.
7. Email Opt-out
Users who no longer wish to receive email updates or other notifications may opt out of receiving these communications by following the instructions contained in the applicable email. Please know that such a decision will not stop advertising or content that is generated prior to the time when we can accomplish the removal of your information.
8. Payment Processing
Payment processing is only handled by Offerors. We do not collect or store your payment information.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered or disclosed, used or accessed in an unauthorized way. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. However, the transmission of data via the internet is not completely secure and we cannot guarantee that unauthorized parties will not be able to defeat those measures: unauthorized entry or use, hardware or software failure, and other factors may compromise the security of our user information at any time.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Children and COPPA compliance
We believe that parents should supervise their children’s online activities and consider using parental control tools available from online services and software manufacturers that help provide a child-friendly online environment. These tools can also prevent children from otherwise disclosing online their name, address and other personal information without parental permission.
11. Business transitions
12. California user consumer rights
California residents may choose to opt out of our disclosure of their personal information to third parties for direct marketing purposes. As detailed above, our policy is not to disclose personal information collected online to a third party for direct marketing purposes without your request or approval. If you choose to opt-out at any time after granting approval, email [email protected]
If you are a California resident, you also have the right to:
- request that we disclose to you the categories of personal information we collected about you, including the categories we disclosed to a third party for a business purpose; the categories of sources from which the personal information is collected; the business or commercial purpose for collecting that information; the categories of third parties with whom we share that information; the actual personal information we collected from you. This enables you to receive a copy of the personal data we hold about you.
- request that we delete any personal information we have collected from you. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons and our need to keep appropriate archives for our business operations.
- not be discriminated against for exercising any of the rights granted to you under the California Consumer Privacy Act of 2018.
If you wish to exercise any of the rights set out above, please email us at [email protected]. We will respond to you within 45 days of receipt of your request. We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information, in relation to your request, to speed up our response.
California resident may file grievances and complaints with California Department of Consumer Affairs, 400 R Street, STE1080, Sacramento, CA 95814; or by phone at 916-445-1254 or 800-952-5210; or by email to [email protected]. We would, however, appreciate the chance to deal with your concerns before you approach the DCA, so please email us at [email protected] in the first instance.
13. Users located outside of the European Union
14. EU users’ rights under the GDPR
If you are located in the European Union, or if the EU’s General Data Protection Regulation (“GDPR”) otherwise applies to your data as processed by us, you have the right to:
14.1 request access to your personal data. This enables you to receive a copy of the personal data we hold about you and our full list of third parties who process your data, and to check that we are lawfully processing it.
- request confirmationas to whether or not your personal data is being processed.
- request the correction of your personal data that you consider to be inaccurate. This enables you to have any incomplete or inaccurate data we hold about you corrected. However, we may need to verify your identity and the accuracy of the new data you provide to us.
- request erasure of your personal data. This enables you to ask us to delete or remove personal data, for example: i) where there is no good reason for us continuing to process it; ii) where you have successfully exercised your right to object to processing (see below); iii) where we may have processed your information unlawfully; iv) where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons and our need to keep appropriate archives for our business operations. These reasons will be notified to you at the time of your request. In addition, as explained in Section 2.3, certain information may always be publicly available to others and other information is made publicly available to others by default.
- object to processing of your personal data. This enables you to object to the processing of your personal data if you feel it impacts on your fundamental rights and freedoms. For example, this can be where we are processing your personal data for direct marketing purposes. In some cases, we may have compelling legitimate grounds to process your information which can override your right to object.
- request restriction of processing of your personal data. This gives you the option to ask us to suspend the processing of your personal data in the following scenarios: i) if you want us to establish the data’s accuracy; ii) where our use of the data is unlawful but you do not want us to erase it; iii) where you need us to hold the data, even if we no longer require it e.g. to establish or defend legal claims; or iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate ground to use it.
- request transfer of your personal data. If you request us to do so, we will provide to you, or a third party of your choice, your personal data in a commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use, or where we have used the information to perform a contract with you.
- withdraw consent to the processing of your data. If you request us to do so, we will no longer process your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide our Service for you. Also, we will advise you of this at the time you withdraw your consent.
- not have a decision made about you based solely on automated processing.
If you wish to exercise any of the rights set out above or request details about the specific legal basis we are relying on to process your personal data, please email us at [email protected] using the Subject Access Request Form.
We will respond to you within 30 days of receipt of your request. Occasionally it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise your other legal rights). This is a security measure to ensure that your personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask you for further information, in relation to your request, to speed up our response.
You will not have to pay a fee to access your personal data (or to exercise any of your other legal rights). However, we may charge a reasonable fee (or refuse to comply) if your request is clearly unfounded, repetitive or excessive.
You have the right to make a complaint at any time to the Agencia Española de Protección de Datos (“AEPD”), the Spanish supervisory authority for data protection issues (www.aepd.es). We would, however, appreciate the chance to deal with your concerns before you approach the AEPD so please email us at [email protected] in the first instance.
15. Data retention
If you are located in the European Union, or if the GDPR otherwise applies to your data as processed by us, we will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or internal reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for compliance, governance, legal and/or regulatory purposes in which case we may use this information indefinitely without further notice to you.
16. Cooperation with law enforcement; fraud protection
We fully cooperate with law enforcement agencies in identifying those who use our Website or Service for illegal activities. We reserve the right to disclose information about users who we believe are in violation of applicable laws or regulations, or as required to respond to a subpoena, court orders or other legal process requiring such disclosure. We also reserve the right to report to law enforcement agencies any activities that we reasonably believe to be unlawful and to exchange information with other companies and organizations for fraud protection.
Please note that if you opt out of receiving notices from us, change notices will still govern your use of the Website, and you are responsible for reviewing such legal notices for changes, as posted on the Website.
18. Who we are
For the purposes of the GDPR, Optima Media, S.L., located at Carrer Vilamarí 86-88, 08015 Barcelona, Spain, is the Data Controller and is responsible for your personal data. This means that we determine the purposes and ways of the processing of your personal data.
When you provide personal information directly to an Offeror, the Offeror is the Data Controller, and if Optima Media, S.L. handles such data on behalf of the Offeror, it does so as Data Processor under the GDPR.
Last update: June 2020