Apipana.io® is a registered trademark of Secretarybirds S.L.U. (hereinafter, “Apipana.io”), tax ID No. B70688361, with its registered office at Plaza Isabel la Católica, Nº 7, 2º derecha, 18002 – Granada (Spain). Apipana.io informs the users of its Internet portal (hereinafter, the “Users” and the “Portal”) about its personal data protection policy (hereinafter, the “Personal Data”) so that Users may freely and voluntarily decide whether they wish to provide Apipana.io with the Personal Data that may be requested from them or that may be obtained from Users on the occasion of their visit to the website, the sending of a C.V., their subscription or registration to any of our informational newsletters (current or future), or their request for information about our company or about our consulting and software development services.

Apipana.io reserves the right to amend this privacy policy in order to adapt it to new legislation or case law, as well as to industry practices. In such cases, Apipana.io will announce on this page any changes made reasonably in advance of their implementation. Certain services provided/offered through the Portal may be subject to specific terms and conditions containing particular provisions regarding the protection of Personal Data and electronic commerce.

Apipana.io, as the Controller of the personal data of its USERS and other data subjects with whom it maintains a relationship, informs you that such data will be processed in accordance with Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation, “GDPR”) on the protection of natural persons with regard to the processing of personal data and the applicable Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”).

Data Controller:

• Name: Apipana.io® is a registered trademark of Secretarybirds S.L.U. (hereinafter, “Apipana.io”).
• Tax ID: B70688361.
• Registered office: Plaza Isabel la Católica, Nº 7, 2º derecha, 18002 – Granada, Spain.
• Contact email: info@apipana.io.
• Contact telephone: (+34) 670 684 001.
• Data Protection Officer (DPO) contact: dpo@apipana.io.
• In accordance with Article 30 of Regulation (EU) 2016/679 (GDPR), an internal Record of Processing Activities is maintained and is available to the competent Supervisory Authority upon request.

Planned processing purposes:

MANAGEMENT AND MAINTENANCE OF THE RELATIONSHIP with our customers, suppliers, partners, users of our website, customer/supplier service, data processors, control and management of the employment relationship with our staff, access control, video surveillance of the company’s premises, marketing and communication, recruitment and selection processes, followers on Apipana.io social media profiles, registered users on our website, subscribers to our newsletters, participants in activities and events, including the possibility of training actions in which Apipana.io manages or participates.

WHAT PERSONAL DATA DO WE PROCESS:

Purely identifying data (first name and surname) and, where applicable, contact details (postal address, telephone number and email address), data necessary for drawing up the contracts required (events) or for accessing specific services, CVs received by email, data provided at events or presentation activities of Apipana.io, data supplied via the social media profiles owned by Apipana.io, training activities managed by the company for employees, suppliers and customers, and data relating to events, promotional activities or similar.

By filling in any of our forms/sections/communication channels, you may provide, among others, the following personal data:

• Your first name and surname and contact details (address, telephone numbers and email address), as well as a free-text field.
• Other contact details and preferences, your user IP address, time, browser, etc.
• When you visit our website, we will collect your data if you complete any of our data/contact forms, information request forms, or subscribe to current or future newsletters.
• If personal data have been provided by users, such data must be truthful, and any changes to them must be notified to Apipana.io, the user being, in any case, responsible for the truthfulness and accuracy of the data supplied at all times.
• The data subject who provides his or her personal data to Apipana.io declares that he or she is of legal age and assumes full responsibility for such declaration.

Other processing activities

• Sending of commercial advertising communications by email, SMS, WhatsApp, social media or any other electronic or physical means, present or future, that allows commercial communications to be made. These communications will be carried out by the CONTROLLER and will relate to our company or to our software development services, as well as to events and activities organised by Apipana.io.
• Actions requested by the User: Handling requests or any type of enquiry made through the Apipana.io website by the user/customer using any of the contact methods made available, or through registration for our events and activities organised by/with the participation of Apipana.io.
• Processing registrations for events and PROMOTIONAL ACTIVITIES in which customers or registrants wish to participate. In this case, images or videos taken of individual participants during such events, and provided that their explicit and unequivocal consent has been obtained, may be published on the entity’s website, on its social media profiles, in corporate publications and brochures, on noticeboards and in any other similar communication media owned by Apipana.io, for the purpose of promoting such activities or events. In the case of promotional activities or similar, participants’ data (first name, surname and age) may be published in the same media, for the purpose of publicising participation in or the results of the activities. If this processing of data is not expressly consented to, such data will only be known internally by the participants, as a necessary requirement for the proper performance of the activity (legitimate interest).

• DATA STORED DURING YOUR VISIT: When you visit our website, our web servers generally store, among other data, information about the browser and operating system you use, the website from which you visit us, the pages you visit on our website and the date of your visit. For security reasons — for example, in order to detect possible attacks on our website — the IP address assigned to you by your Internet service provider is also stored for a period of seven days. With the exception of the IP address, personal data will only be stored if you provide such information to us, for example in connection with a registration, survey, quotation request, user registration or promotional activity. Apipana.io uses your personal data for the technical administration of the website, customer management, the performance of surveys and for marketing tasks, only to the extent necessary and always after informing the User and data subject in advance.
• NEWSLETTER SUBSCRIPTION: In the event of subscription to any of our current or future informational newsletters, as indicated, you consent to the use of your personal data for the sending of advertising or the carrying out of other marketing actions. Such data will be stored and used on an ongoing basis for those purposes, such as sending the aforementioned newsletters about our company or our consulting and software development services, as well as about events and activities organised by Apipana.io, through communication channels such as email, postal mail or any other channel authorised by you. We may use your data to create and keep up to date your profile as a customer/supplier, employee or user, so that we can send you personalised information. Likewise, we may use the data you provide to analyse and improve the effectiveness of our website services, advertising and marketing.
• SENDING OF CVS BY CANDIDATES: We process and analyse the documents supplied as CVs, whether submitted in person (in which case you must provide explicit consent) or via the addresses provided on our website: recruitment@apipana.io. The legal basis for this is your consent to receive the newsletter in accordance with Article 6(1)(a) GDPR. You may revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter. By using these forms, the applicant authorises Apipana.io to analyse the documents sent, all content that is directly accessible through search engines (Google), the profiles he or she maintains on professional social networks such as LinkedIn or similar, the data obtained in entrance tests and the information disclosed in the job interview, for the purpose of assessing his or her application and, where appropriate, offering him or her a position at Apipana.io, subject to his or her explicit consent. If the candidate is not selected, Apipana.io may keep his or her CV on file for inclusion in future recruitment processes, unless the candidate states otherwise.
• OBTAINING IMAGES FOR THEIR DISSEMINATION BY Apipana.io: At certain events organised by Apipana.io, such as events and similar activities, Apipana.io may take images of attendees for subsequent dissemination on websites, media and social networks for which it is the owner/controller. In such cases, Apipana.io is committed to your privacy, informing you in advance and providing means for obtaining your explicit consent, through paper forms or online/web registration forms. In both cases, Apipana.io will provide means to ensure that minors are legally represented by their parents/guardians or legal representatives.
• OBTAINING IMAGES BY THE VIDEO SURVEILLANCE SYSTEMS INSTALLED AT Apipana.io OFFICES: for the purposes of access control, video surveillance and security. Data processor. In accordance with the Spanish Data Protection Agency (AEPD), the retention period for images from security cameras is 30 days. Once this period has elapsed, such images must be deleted from any file or medium in which they may be stored.
• APIPANA WHISTLEBLOWING CHANNEL: In compliance with Law 2/2023, Apipana.io has set up this channel, which ensures confidentiality, privacy and, where applicable, anonymity of the whistleblower. The privacy applicable to this whistleblowing channel (ethics hotline) is as follows:

CONTROLLER: “Apipana.io® is a registered trademark of Secretarybirds S.L.U.” (hereinafter, “APIPANA”). Tax ID: B70688361. PURPOSE OF THE PROCESSING: Apipana.io will process the data collected in this form and any data generated as a result of the investigations carried out, exclusively for the purpose of processing and deciding on the admissibility of the reports received within the framework of the entity’s crime prevention management model, analysing them, conducting the corresponding investigations and taking any appropriate action. LEGAL BASIS: Processing will be carried out on the basis of: (i) the public interest in preventing criminal offences; (ii) the legitimate interest of Apipana.io in preventing irregularities and/or breaches of the provisions set out in its Protocol and in the overall management of human resources within Apipana.io; (iii) where you are an employee of Apipana.io, the entity’s authority to manage its workforce and, where appropriate, to adopt appropriate disciplinary measures; and (iv) the explicit consent of the reporting data subject by accepting this Privacy Policy. DATA DISCLOSURE: The recipients of the information are the EXECUTIVE COMMITTEE and its officers designated by the entity and other persons or entities whose cooperation is necessary in the context of an investigation or for auditing the functioning of the whistleblowing channel. Depending on the facts reported, Apipana.io may also be obliged to disclose or communicate your personal data and the information you provide to law enforcement authorities, to other public authorities with powers to investigate the reported facts, as well as to the courts and other judicial bodies. Without prejudice to the foregoing, in the event that a report proves to be false, your data may be communicated to the person or persons reported so that they may, if they deem it appropriate, initiate any legal action available to them in relation to the false report, as well as to the persons involved in legal proceedings brought as a result of the investigation. RETENTION PERIODS: The personal data you provide will be processed for as long as is strictly necessary to decide whether it is appropriate to initiate an investigation into the reported facts and, where applicable, for the processing of such investigation. If the investigation ends in the closure of the case, the data will be deleted. In any event, upon expiry of a period of three (3) months from the submission of the report, Apipana.io will proceed to delete your data. EXERCISE OF GDPR RIGHTS: To exercise your rights of access, rectification, erasure, objection, restriction of processing or portability, you may write to Plaza Isabel la Católica, Nº 7, 2º derecha, 18002 – Granada, enclosing a photocopy of your ID card or equivalent document where strictly necessary for proper identification, or by email to: dpo@apipana.io. If you consider that your right to the protection of personal data has been infringed, you may lodge a complaint with the Spanish Data Protection Agency (www.aepd.es). Additional (second-layer) information on applicable privacy is available on our website: www.apipana.io.

DATA RETENTION CRITERIA: As a general rule, the data provided will be retained for as long as there is a mutual interest in maintaining the purpose of the processing and, when they are no longer necessary for such purpose, they will be deleted using appropriate security measures to ensure the pseudonymisation of the data or their complete destruction.

In addition to this general rule, the following variations apply:

• (i) Disaggregated data: will be retained with no specific deletion period.
• (ii) Data of users, companies and suppliers, etc. of Apipana.io: retention period of 4 years (Articles 66 et seq. of the Spanish General Tax Law), and retention period of 6 years (Article 30 of the Spanish Commercial Code regarding accounting records and invoices).
• (iii) Data provided for subscription to our newsletter: from the moment the User gives consent until such consent is withdrawn.
• (iv) Employment or social-security-related documentation: 4 years (Article 21 of Royal Legislative Decree 5/2000 of 4 August approving the consolidated text of the Law on Social Order Infringements and Sanctions). (v) Data provided by candidates through the submission of their CVs: the CV may be retained for a maximum of two years for future selection processes unless the candidate states otherwise.
• (v) Video surveillance images: Instruction 1/2006, Article 6, regarding image retention periods, which continues to set a period of 30 days.
• (vi) Whistleblowing Channel: 3 months, in accordance with Law 2/2023 regulating the channel.

Disclosure of data: Your personal data may be disclosed to:

• Companies, entities and other organisations that have been engaged to provide services, such as hosting, marketing services, contracted cloud services, market analysis and information society services.
• Partner/sponsor companies with which Apipana.io has entered into a collaboration or sponsorship agreement.
• Companies or other organisations to which you have asked or agreed that we may share your personal data.
• Existence of subcontractors: For certain internal activities/processes of Apipana.io, it is necessary to subcontract third parties that provide specific services. These subcontractors may be external providers both inside and outside the EU. Apipana.io ensures that all subcontractors comply with the obligations and requirements assumed by Apipana.io in its Data Processing Agreement; specifically, that their level of data protection meets the standard required by the relevant data protection laws. If a jurisdiction lies outside the EU and is not on the European Commission’s list of countries with an adequate level of data protection under the GDPR, a specific agreement will be put in place between Apipana.io and the subcontractor to ensure that all personal data are handled in accordance with the requirements of applicable EU data protection laws.
• Companies related or affiliated with Apipana.io (subsidiaries, investee companies, holding entities, etc.).
• Providers of professional services, such as lawyers, court representatives, arbitrators, notaries, registrars or similar professionals in certain cases.
• Public bodies, courts, regulators and other administrative authorities, where we consider it necessary to comply with a legal or regulatory obligation, or otherwise to protect us from claims against us or third parties, or to protect individuals’ safety, as well as to prevent or otherwise combat fraud or for security or protection reasons.
• Any third party that purchases or to which we transfer all or a substantial part of our assets and business. If such a sale or transfer occurs, we will use all reasonable efforts to ensure that the entity to which we transfer your personal data uses them in accordance with this Privacy Policy.

Data will be processed on the legal basis of the explicit consent of the person providing them. Such consent may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal. Providing data is voluntary, although if you do not provide them, we will be unable to process them for the purposes indicated. If third-party data are provided through this website, the person providing them assumes responsibility for having obtained prior consent from those third parties, having informed them of all the provisions of Article 14 of the General Data Protection Regulation.

INTERNATIONAL DATA TRANSFERS:

On 10 July 2023, the European Commission adopted a new adequacy decision to enable international transfers of personal data between entities in the European Union (EU) and the United States (US) under the EU-U.S. Data Privacy Framework.[web:24][web:27][web:28] Following the judgment of the Court of Justice of the European Union (CJEU) of 16 July 2020, known as the Schrems II ruling, international transfers of personal data to the US were called into question due to the issues identified by the CJEU relating to US surveillance practices and the lack of mechanisms for EU citizens to challenge interferences with their rights.

With this adequacy decision, the European Commission recognises that the US ensures a level of protection equivalent to that of the EU, but only where international transfers take place to entities certified under the new privacy framework, the EU-U.S. Data Privacy Framework.

Therefore, IN ACCORDANCE WITH THE ABOVE, personal data may flow safely from the European Union to US companies participating in the Framework, without the need to implement additional data protection safeguards.

Other international transfers to the US: Both the safeguards adopted and the legislative changes that have taken place in the US will facilitate the use of mechanisms such as standard contractual clauses or binding corporate rules.

This does not exclude the fact that a transfer impact assessment will still be required for any transfer carried out outside the scope of the EU-U.S. Data Privacy Framework. The adequacy decision ensures that transfers of data between the EU and the US can take place on the basis of a stable and reliable arrangement that protects individuals and provides legal certainty for businesses.

LEGAL BASIS FOR THE PROCESSING ACTIVITIES DESCRIBED:

As a general rule, prior to processing personal data, Apipana.io obtains the data subject’s explicit and unequivocal consent by including informed consent clauses in the various information collection systems, and on the basis of the User’s legitimate interest.

Where the data subject’s consent is not required, the legal basis for processing relied upon by Apipana.io is the existence of a prior contractual/commercial relationship as a customer, software development agreement, CUSTOMER REGISTRATION DOCUMENT, collaboration agreement entered into with Apipana.io, etc.

Notwithstanding the above, the legal bases are as follows:

• Where processing is necessary for the performance of a contract to which you are a party or the data are necessary in the context of a pre-contractual relationship.
• Where the use of your personal data is necessary for the purposes of our legitimate interests or those of the companies with which we have shared your personal data.
• Where processing of the data is necessary in order to comply with applicable legal/regulatory obligations, including GDPR and the Spanish LOPDGDD and similar legislation in force at any given time, including those relating to the placing on the market of software development services/products of Apipana.io or third parties, consumer protection and other applicable regulations.
• In accordance with the applicable Information Society Services legislation (LSSI-CE), where there is a demonstrable pre-existing relationship, data may be used to send electronic commercial communications relating to that specific activity, unless you object in the manner provided for that purpose.
• Where we consider it necessary to process your personal data to comply with a legal or regulatory obligation, or to protect vital interests.
• Where we have your consent, for example, to collect technical information such as cookie data and similar technologies as described in the “Cookie Use Information” section.
• Acceptance of a contractual relationship within the relevant social network environment, and in accordance with its Privacy Policy in each case, when you visit any of our current or future social media profiles.

DATA SUBJECT RIGHTS:

These are your rights as a data subject or holder of personal data:

Right of access: You have the right to obtain confirmation from the entity as to whether or not personal data concerning you are being processed. Apipana.io will, where applicable, provide a copy of the personal data undergoing processing.

Right to rectification: You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of a supplementary statement.

Right to erasure: You have the right to obtain without undue delay the erasure of personal data concerning you. Apipana.io will be obliged to erase such personal data without undue delay where any of the following grounds apply:

1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
2. You withdraw the consent on which the processing is based and there is no other legal ground for the processing.
3. You object to the processing and there are no overriding legitimate grounds for the processing.
4. Your data have been unlawfully processed.
5. Your data must be erased for compliance with a legal obligation.
6. Your personal data have been collected in relation to the offer of information society services to children (under 16 years of age).

Right to restriction of processing: Where the processing of your personal data has been restricted at your request, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest. You have the right to obtain restriction of processing of your personal data where one of the following applies:

1. When you contest the accuracy of the personal data, for a period enabling Apipana.io to verify the accuracy of the data.
2. The processing is unlawful and, as data subject, you oppose the erasure of the personal data and request the restriction of their use instead.
3. Apipana.io no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims.
4. When you have objected to processing, pending the verification whether the legitimate grounds of Apipana.io override those of the data subject.

Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from Apipana.io where:

1. The processing is based on your consent, and
2. The processing is carried out by automated means.

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on the public interest or on the legitimate interests of the controller. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. Where you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.

Please remember that whenever the legal basis for processing your data is your consent, you have the right to withdraw such consent at any time and in all cases, in a manner as easy as that in which it was given.

You also have the right to lodge a complaint with the relevant supervisory authority, which in general is the Spanish Data Protection Agency. For more information, please visit its website at the following link: https://www.aepd.es.

Lastly, you have the right not to be subject to a decision by Apipana.io based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

In accordance with Articles 37 et seq. of Regulation (EU) 2016/679 of 27 April 2016 (GDPR), Apipana.io has appointed a Data Protection Officer (DPO), officially notified to the Supervisory Authority (www.aepd.es), whose contact details are as follows:

Data Protection Officer contact details for exercising your rights:

By post:

• Address: Plaza Isabel La Católica, Nº 7, 2º Dcha., 18002 – Granada, Spain

Online:

• Email address: You may submit your request to: dpo@apipana.io

In both cases, you must:

• Provide sufficient data and information to process your request. To this end, you may use the template forms made available by the Spanish Data Protection Agency at https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos
• Sign the form by hand or, where you have a recognised digital certificate, sign it electronically.
• Where acting on behalf of a third party, provide documentary proof of the representation of the data subject.
• Send the form and documents evidencing your identity by any of the aforementioned means.
• Note: In case of reasonable doubt as to the identity of the applicant, data subject and/or his or her representative, we may request a copy of your ID card, passport, foreigner identification number (NIE) or other equivalent identification document.

Additional information in relation to your request:

Apipana.io will assess whether or not the request complies with the applicable legal framework. It will inform the applicant of the decision taken and act accordingly: if the request is upheld, it will take the appropriate measures according to the right exercised; if the request is rejected, it will indicate the legally established avenues of appeal. Where requests are manifestly unfounded or excessive (for example, due to their repetitive nature), Apipana.io may: (i) charge a fee taking into account the administrative costs incurred; or (ii) refuse to act.

If a user/data subject considers that there is a problem with the way Apipana.io is processing his or her data, he or she may submit a complaint to Apipana.io at the address indicated above, or to the Spanish Supervisory Authority, i.e. the Spanish Data Protection Agency (AEPD): https://www.aepd.es.

MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED:

Data collected through any of the contact forms available on this website, or even for the provision of information, or provided by Users in connection with their participation in activities/events organised by Apipana.io, will be included, depending on their purpose, in the Internal Record of Processing Activities (Article 30 of Regulation (EU) 2016/679 of 27 April 2016). The Record of Processing Activities is available to the Supervisory Authority.

By ticking the corresponding boxes and entering data in the various fields marked with an asterisk (*) in the contact form or presented in download/contracting forms, Users expressly, freely and unequivocally accept that their data are necessary for Apipana.io to handle their request, while providing data in the remaining fields is voluntary. The User guarantees that the personal data provided are truthful and is responsible for notifying any changes to them.

Apipana.io expressly informs and guarantees Users that their personal data will not, under any circumstances, be transferred to third parties and that whenever it intends to make any future transfer, it will first request Users’ explicit, informed and unequivocal consent, providing information about the recipient and the purpose of the transfer. All data requested through the website are mandatory, as they are necessary to provide the User with an optimal service. If all data are not provided, the information and services offered may not be fully tailored to your needs.

SECURITY MEASURES:

In accordance with the personal data protection regulations in force, and in particular with Regulation (EU) 2016/679 of 27 April 2016 and Spanish Organic Law 3/2018 (LOPDGDD), the personal data for which it is responsible are processed by Apipana.io in compliance with the principles set out in Article 5 GDPR, under which they are processed lawfully, fairly and transparently in relation to the data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

In any case, Apipana.io has implemented sufficient mechanisms to:

1. Ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.
2. Restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident.
3. Regularly test, assess and evaluate the effectiveness of the technical and organisational measures implemented to ensure the security of processing.
4. Pseudonymise and encrypt personal data, where applicable.

Apipana.io guarantees that it has implemented appropriate technical and organisational policies to apply the security measures laid down in GDPR 679/2016 and Spanish Organic Law 3/2018 (LOPDGDD), in order to protect Users’ rights and freedoms, and has provided them with adequate information to enable them to exercise those rights. Apipana.io has put in place all means and technical measures available to it to prevent loss, misuse, alteration, unauthorised access to and theft of the Personal Data provided by the data subject to Apipana.io. Nevertheless, Users should be aware that Internet security measures are not impregnable.

The personal data included in the Internal Record of Processing Activities will be processed with the utmost confidentiality and security, and the Data Controller may send you commercial information regarding NEWS and UPDATES about our company or our consulting and software development services, as well as about events and activities organised by Apipana.io. In such cases, the sender undertakes to indicate the advertising nature of the communication and to provide a simple, clear and free-of-charge mechanism for you to opt out of receiving such communications.

The consulting and software development services offered by Apipana.io, whose description is provided on the website for the purpose, where applicable, of requesting information, are intended exclusively for adults. In the event that Apipana.io should in future offer any remote programming/support service or online downloadable product/software, or information on registration for or participation in a promotional activity, event or similar, in which the collection of minors’ personal data may occur, Apipana.io will always request parental consent so that minors may access such services and their Personal Data may be subject to automated processing as set out in this Data Protection Policy.

As previously indicated, the collection and automated processing of Personal Data is intended to maintain any contractual relationship that may be established with Apipana.io, the management, administration, provision, expansion and improvement of consulting and software development services and software products/applications that the User may decide to purchase, contract, register for or use, the adaptation of such services to Users’ preferences and interests, the study of how Users make use of the services, the design of new programming services or software products, the sending of timetable updates and news, and the sending, by traditional and electronic means, of commercial information about our company or our consulting and software development services, as well as about events and activities organised by Apipana.io.

USE OF PUBLIC PROFILES ON SOCIAL NETWORKS:

Apipana.io has profiles on the main social networks and is, in all cases, the controller of the data of its followers, fans, subscribers, commentators and other user profiles (hereinafter, followers). The processing carried out by Apipana.io in relation to such data will be, at most, that which the social network allows for corporate profiles. Accordingly, Apipana.io may inform its followers, by any means permitted by the social network, about its news, activities and promotions. Under no circumstances will Apipana.io extract data from social networks unless the user’s specific and explicit consent has been obtained for this purpose. Where, due to the nature of social networks, effective exercise of a follower’s rights is conditional upon modification of his or her personal profile, Apipana.io will assist and advise him or her for this purpose to the extent possible.[web:33] The social media profiles owned by Apipana.io are:

1. A) OFFICIAL Apipana.io PROFILES ON SOCIAL MEDIA:

• YouTube: ____________________
• Instagram: ____________________
• LinkedIn: ____________________

For what purposes will we process your personal data?

• To respond to your enquiries, requests or petitions.
• To manage the service requested, respond to your request or process your application.
• To interact with you within a community of followers.
• To publish images of your participation in our events, where you have expressly authorised us to do so.

What is the legal basis for processing your data?

• For more information about YouTube please click here.
• For more information about Instagram please click here.
• For more information about LinkedIn please click here.

Acceptance of a contractual relationship within the relevant social network environment, and in accordance with its Privacy Policy:

In all cases, Apipana.io is the controller of the data of its followers, fans, subscribers, commentators and other user profiles (hereinafter, followers). The processing carried out by Apipana.io in relation to such data will be, at most, that which the social network allows for corporate profiles. Accordingly, Apipana.io may inform its followers, by any means permitted by the social network, about its news and activities. Under no circumstances will Apipana.io extract data from social networks unless the user’s specific and explicit consent has been obtained for this purpose. Where, due to the nature of social networks, effective exercise of a follower’s rights is conditional upon modification of his or her personal profile, Apipana.io will assist and advise him or her for this purpose to the extent possible.

Right to information

Upon request, Apipana.io will promptly inform you in writing, in accordance with the applicable legislation, whether we hold any personal data relating to you and, if so, which data. If you are registered as a user, we offer you the option of accessing your data in person and, where appropriate, having them deleted, amended and/or updated.

DESCRIPTION OF MEASURES ADOPTED BY Apipana.io UNDER THE GDPR:

Users/customers and suppliers of APIPANA are hereby informed that, in accordance with the GDPR and LOPDGDD regulations applicable to the activities carried out by Apipana.io, the following measures have been implemented to achieve an optimal level of compliance:

• Drawing up a record of processing activities in accordance with Article 30 GDPR.
• Identifying the legal bases for data processing in accordance with Articles 6 and 9 GDPR.
• Auditing the channels through which information is collected and the internal forms/documents used and informing data subjects about the processing of their data, in accordance with Articles 13 and 14 GDPR.
• Handling data subjects’ rights with regard to their rights of access, rectification, erasure, restriction of processing, data portability (Article 20 GDPR), objection and automated individual decision-making, by establishing a direct contact channel: dpo@apipana.io
• Auditing and requesting evidence of compliance from the entity’s data processors, and entering into data processing agreements in accordance with Article 28 GDPR. Apipana.io facilitates this process by making available: (1) a document setting out compliance safeguards and details of the measures adopted, and (2) a model data processing agreement of Apipana.io.

• Carrying out a risk analysis and, where appropriate, a data protection impact assessment; to facilitate compliance with these obligations, you can consult the Spanish Data Protection Agency’s website at: https://www.aepd.es/es/prensa-y-comunicacion/notas-de-prensa/la-aepd-publica-un-modelo-de-informe-para-ayudar-las-empresas.

• Apipana.io, as a responsible entity committed to regulatory compliance, recommends that its employees, customers, users and data subjects subscribe to the alert bulletins of INCIBE (www.incibe.es), OSI (www.osi.es) and INCIBE-CERT (www.incibe-cert.es).

The subscription links for the various portals referred to above will enable you to learn in advance about potential threats and incidents:

• INCIBE ALERTS
• OSI ALERTS
• INCIBE-CERT ALERTS

• Existence of an internal protocol for reporting security breaches; this covers the notification of personal data breaches to the data protection authorities (Article 33 GDPR) and to the data subjects whose data have been compromised (Article 34 GDPR). To this end, in the event of any incident posing a risk to the rights and freedoms of the data subjects, Apipana.io will notify the CLIENT as soon as possible and will assist the CLIENT in making such notifications.
• Apipana.io, in compliance with current regulations, also informs you of your right to lodge a complaint/request further information with the supervisory authority (aepd.es).

Main applicable regulations:

If you would like more information about the regulations that protect and govern your rights, below is a list of the regulations that have inspired this privacy policy and are relevant to you:

• Regulation (EU) 2016/679
• Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights
• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce
• The so‑called cookie law

CONTACT: If you need any clarification regarding this Privacy Policy, wish to ask a question or lodge a complaint, or exercise your rights, please contact our internal Data Protection Officer in writing using the details below, indicating in the subject line: “Data Protection”:

• • Address: Plaza Isabel La Católica, Nº 7, 2º Dcha., 18002 – Granada, Spain
  • Contact email: dpo@apipana.io
  • Contact telephone: (+34) 670 684 001

Privacy Policy drafted, updated and reviewed on 1 March 2024.