Privacy Policy

In accordance with the provisions of the regulations in force on the Protection of Personal Data:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
• Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD).
• Royal Decree 1720/2007, of 21 December, approving the Regulation implementing Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).
• Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

we inform you that:

www.obsidiaan.io is the domain name owned by OBSIDIAAN TECH S.L, with registered address at C/Las Palomas 4, postal code 18697 La Herradura, Granada, Spain, Tax ID (NIF): B09735028.

Email address: [email protected]

Hereinafter, we will refer to OBSIDIAAN TECH S.L as (obsidiaan).

Your data will be incorporated into the processing system owned by obsidiaan, and by accepting this Privacy Policy you give your informed, express, free and unequivocal consent for the personal data you provide through our website to be included and processed in mixed personal data files owned by and the responsibility of obsidiaan. The existence of these files is recorded in our register of activities as required by the GDPR and the LOPD-GDD, unless the exception provided for in article 30.5 of the GDPR applies.

Principles of data processing

The processing of the User's personal data will be subject to the following principles set out in article 5 of the GDPR and in article 4 et seq. of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights:

• Principle of lawfulness, fairness and transparency: the User's consent will be required at all times, after fully transparent information about the purposes for which the personal data are collected.
• Principle of purpose limitation: personal data will be collected for specified, explicit and legitimate purposes.
• Principle of data minimization: the personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
• Principle of accuracy: personal data must be accurate and always kept up to date.
• Principle of storage limitation: personal data will only be kept in a way that allows the User to be identified for as long as necessary for the purposes of processing.
• Principle of integrity and confidentiality: personal data will be processed in a way that guarantees their security and confidentiality.
• Principle of accountability: the Data Controller will be responsible for ensuring that the above principles are met.

For informational purposes, please note that personal data means any information relating to a person that you voluntarily provide to us through our website and that serves to identify them. For technical reasons, we store the IP address assigned to you by your internet access provider.

The categories of data processed at www.obsidiaan.io are identifying data: full name, address, telephone, email address and the banking details necessary to formalize registration for the retreat or service offered that you request from us by electronic means.

Accepting the privacy policy through the procedure established on this website will be understood as the granting of express and unequivocal consent to the processing of the data provided, as well as to any international data transfer that may occur due to the physical location of the servers of the service providers.

Purpose

The collection and processing of the personal data incorporated into these files has the following purposes:

• The management and provision of the services contracted in the field of digital marketing, software development, blockchain technology and cybersecurity.
• The implementation, maintenance and support of the technological solutions developed for your company or project.
• The creation and management of user accounts to access our services and platforms.
• Providing you with the technical and commercial information you request related to our technological services and products.
• Carrying out commercial communications related to our sector, which may include sending updates, news and offers via SMS, email and postal mail that may be of interest to you, based on the study and segmentation of the data collected during your browsing on our website or provided by completing any form.
• Analysis and improvement of our services, in order to offer you more effective and personalized solutions in the digital and technological field.

This website will not make automated decisions, including profiling.

Legitimacy

The data owner must explicitly authorize that they accept their data being incorporated into these files by granting their consent once their data has been completed in any of the forms on this website in which any personal data is mandatorily required and before they are sent.

The legal basis for the processing of your data is the performance of a contract (in the event that you make a registration or create an account) and the provision of your consent, which may be withdrawn whenever you request it. In compliance with the provisions of articles 8 of the GDPR and 7 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, only those over 14 years of age may give their consent for the processing of their personal data. In the case of a minor under 14 years of age, the consent of parents or guardians will be necessary for the processing, and this will only be considered lawful to the extent that they have authorized it. If the consent of their parents or guardians is not obtained, they cannot register on the website, so we will proceed to deny their request if we become aware of it.

Security and duty of secrecy

Obsidiaan undertakes to comply with the obligation of secrecy regarding the personal data provided, as well as the duty to keep them, adopting the appropriate technical, organizational and security measures necessary to prevent their alteration, loss, unauthorized processing or access.

The Website has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, as the transmission of data between the server and the User, and in feedback, is fully encrypted.

The data controller undertakes to guarantee, through a legal or contractual obligation, that this confidentiality is respected by its employees, associates, and any person to whom it makes the information accessible because it is necessary in order to provide the service to the client or user.

Duration of processing

Your data will be kept for the time strictly necessary to fulfill the purpose for which it was collected and as long as your consent persists, has not been expressly revoked or there is a legal obligation.

Recipients

Your data will be communicated to the persons or entities that must know them indispensably for the correct development and execution of the contracted technological services.

The payment processing services, management of marketing campaigns accepted by you and courier and transport companies in order to carry out your orders.

Rights

You have the right to obtain confirmation as to whether we are processing personal data concerning you, to access your personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

In certain circumstances, you may request the limitation of the processing of your data, in which case we will only keep it for the exercise or defense of claims. For reasons related to your particular situation, you may object to the processing of your data. You have the right to data portability when technically possible.

You may contact the postal address indicated or the email [email protected] to exercise your rights.

External links. In the event that this website includes hyperlinks to other sites not controlled by us, we are not responsible for their content or their privacy.

Any modification of this Privacy Policy will be published at least ten days before its effective application.

As those responsible for the file that collects personal data through this website, we have signed a data processor contract with the web service provider that developed this page, in accordance with the terms stipulated in the GDPR.

For the correct functioning of the website, we may need the provision of hosting, web platform, templates, tracking sources and security services. These services will be subject to their corresponding privacy conditions.

You may revoke your consent to receive advertising at any time by email or by any means of which we have a record.

Regarding the management of your data associated with our social profiles, access will depend on the functionality of the social network. You may stop interacting with, following or receiving information from our social profiles, delete the content that no longer interests you or restrict who you share your connections with, through the mechanisms stipulated in the different social networks by accessing the privacy policies of each Social Network, as well as configure your profile to guarantee your privacy.

On our website we may offer you links and services related to the different social networks. If you are a member of a social network and click on the corresponding link, the social network provider may link your profile data with the information on your visit to that website, so you should inform yourself about the personal data policies of the respective social network.

Claims before the supervisory authority

In the event that the User considers that there is a problem or infringement of the regulations in force in the way in which their personal data is being processed, they will have the right to effective judicial protection and to file a claim before a supervisory authority, in particular in the State where they have their habitual residence, place of work or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).