Privacy policy

Treatment responsible
Name: ORDERDATA, S.L. (hereinafter, ORDERDATA or the Company)
Fiscal identity: ES-B05436571
Postal address: C/ Ramon y Cajal 3, 5A, Palma de Mallorca
E-mail: hello@orderdata.com

ORDERDATA, the Company, as responsible for the website www.orderdata.com and its Data platform, in accordance with the provisions of Regulation (EU) 2016/679 of 27 April 2016 (RGPD) on the protection of individuals with regard to the processing of personal data and the free movement of such data and other regulations in force concerning the protection of personal data, and by Law 34/2002, of 11 July, from Services of the Information Society and Electronic Commerce (LSSICE), informs you that it has implemented the necessary security measures, of a technical and organisational nature, to guarantee and protect the confidentiality, integrity and availability of the data entered.
1. Treated data
The Company treats the following personal data to which it has access by the following means:
1.1. Customer data
In order to buy and subscribe to a service OrderData and/or carry out certain actions on the Web platform the User must complete the Order Form with a series of data necessary for the provision of our services. The form for collecting personal data specifies the data that must be filled in by the user, and refusal by the user to provide such data shall mean that they cannot access the service. Likewise, the fact of being a Customer on the Web platform implies having a User Account profile as described in “b) User Account Data” with fields in which the User can indicate what he considers appropriate (except for the Prohibited Data indicated below).

The data requested in the Customer Order Form are:
  • Name of the person managing the account
  • Entity legal name and ID
  • Email address of the person managing the account
  • Fiscal information entity for invoicing and fiscal purposes
  • Bank details for payment purposes
1.2. User Account Data
In order to access the content of the Web platform, each of the individuals of the Customer entity should set up an account (User Account as decribed in the Terms & Conditions).

The data requested in to set up a User Account are:
  • Name of the person
  • Email address of the person
  • Position of the person
1.3. Data associated with Web browsing
When a User accesses any of the sections or subdomains of the Web platform, the Company collects the navigation data associated with each one of the Users. In such a way, all the actions carried out by the user within the website associated with the user ID, IP address, general information about the device and its operating system/browser, date and time, as well as the IDs of the rest of the elements associated with that action are collected.
1.4. Data associated with our Cookie Policy
The User can check our Cookie Policy through the Web at www.orderdata.com/cookies
1.5. Data regarding your communications with the Company
When you send us a communication, we collect the metadata of the same (time and date of the call or e-mail, identity of the sender and receiver, technical data) and the data incorporated in any communication between the User and the Company.
1.6. Data included in User Content
When a data source of the Customer is integrated in our Data Plaform, we collect any personal data included in such data (as defined in the Terms of Use), which are processed by the company on behalf of the Customer.
1.7. Prohibited Data
In any case it is forbidden to provide the Company with any content that contravenes any prohibition and limitation established in the Terms & Conditions (in particular, but not limited to, the prohibition to use personal data -both of the User and of third parties- containing sensitive information relating to identifiable or identified persons, such as: racial origin; membership of a trade union; religion, ideology or sexual orientation; health data; or data relating to criminal records, procedures and sanctions or fines arising from these or from the non-compliance with monetary obligations).

The user guarantees (a) the authenticity and veracity of all data (especially but not only those that are personal data) communicated through the web, (b) that the data shared by him is personal data and that it reflects his own image or a third interested party’s from which he has permission to use such data, (c) and that he will keep updated the information provided to the Company, so that it responds at all times to their real situation, him being the sole responsible for false or inaccurate statements made, as well as for the damage caused by it to the Company or any third party.
2. Purposes of data processing
The legal basis for all data processing is the User’s consent. We inform you that the purpose of data collection and processing is, either to inform users about our company’s services, or to actually perform such services: the rendering of a clip made by a creator to comply with the object of our service.

Your personal data will only be used for the following purposes:
  • Carry out the necessary commercial and administrative formalities with the users of the platform.
  • Send or view electronic commercial communications. They can be of two types: (a) recommendations of User Content or similar that -based on the information we have- we believe may be of interest to you (core functionality of our web services), (b) the periodic sending of electronic commercial communications (including e-mails) promoting or advertising the services and products offered by the Company – web and app – (the User will have the option of unsubscribing from the reception of these last types of electronic commercial communications and of opposing himself to the processing of personal data both in the data collection process and in each of the electronic commercial communications). The communications may include links to external sites and promotions offered by brands or collaborating companies with the Company.
  • Track user activity on web portals to which users are redirected from the web, including the registration of purchases or possible purchases of products and manage the relationship between the Company and those responsible for those web portals.
  • Respond to queries and/or provide information required by the User.
  • Perform the services and/or products contracted or subscribed by the User.
  • Use your data to contact you, both electronically and non-electrically, to obtain your opinion on the service provided and notify you of changes, important developments in the privacy policy, legal notice or cookie policy.
  • Profiling and usage analysis will be performed.
  • The data of clients and/or suppliers will be treated, within the contractual relationship that binds them with the person in charge, in compliance with the administrative, fiscal, accounting and labour obligations that are necessary by virtue of the legislation in force.
Specific purposes according to the different categories:
  • Category “b) User Data Account”: The Web platform may include forms that are clearly linked to specific purposes which are indicated on the website itself (for example, data collected on the “contact form” will be processed for the purpose of responding to and communicating with those who wish to communicate with the Company).
  • Category “d) Data associated with the Cookie Policy”: it will also be processed for the purposes indicated in the Cookie Policy.
  • Category “f) Data included in the Customer managed Content”: it will only be treated by the Company as processors (not as data controllers) as indicated in clause 9.
To unsubscribe, you can revoke your consent at any time by sending an email with the subject “Unsubscribe” hello@orderdata.com, including in the body of the email the Entity legal name and the email used when seending the Order Form.

According to the Spanish Law LSSICE, the Company does not practice SPAM, therefore, it does not send commercial e-mails that have not been previously requested or authorized by the User. Consequently, in all communications that the user will receive from the Company, the user will have the ability to withdraw their consent to receive our communications.
Conservation time limits
We will not treat your personal data for any other purpose than those described except by legal obligation or injunction. Your data will be kept for the duration of the commercial relationship between us or until you exercise your right of cancellation or opposition, or limitation to treatment. However, we will keep certain personal identification and traffic data for a maximum period of 2 years in the event that it is required by the Judges and Courts or to initiate internal actions arising from improper use of the website.

You will not be subject to decisions based on automated processing that produce effects on your data.

Likewise, we inform that our information retention policies comply with the terms established by the different legal responsibilities for the purpose of prescription:
General
By virtue of the specified on the article 30 of the Commercial Code, and except for other criteria, all the documents and / or information of the company will be kept for 6 years.

This affects all accounting, tax, labor or commercial documentation, including correspondence.
Specific Terms
The company must also set minimum deadlines depending on the type of data and according to the different prescription periods, which must be known by each of the departments.

This table lists the prescription terms that affect or may affect the organization.
Matter
Prescription
Normative
Labor, infringment proposes
3 years
Art. 4.1 RD 5/2000
Social Security for the purposes of infractions
4 years
Art. 4.2 RD 5/2000
Prevention of Occupational Risks for the purposes of infractions
5 years
Art. 4.3 RD 5/2000
Fiscal for the purposes of tax debts
4 years
Art. 66 Ley 58/2003
Fiscal for the purpose of verifying compensated quotas or applied deductions
10 years
Art. 66 bis Ley 58/2003
Accounting and commercial
6 years
Art. 30 del CC
Crimes against Public Finance and Social Security
10 years
Art. 131 LO 10/1995
Will not be subject to decisions based on automated treatments that produce effects on your data.
3. Treatment legitimation
The legal basis for the processing of data is your consent given to carry out the purposes described above, which will be requested at the time the user places an order on the platform and accepts the conditions of service.

Failure to provide the personal data requested or not to accept this data protection policy means the impossibility of placing an order, subscribing, registering or receiving information about the Company’s products and services.

In cases where there is a prior contractual relationship between the parties, the legitimacy for the development of administrative, fiscal, accounting and labour obligations that are necessary under current legislation will be the prior existence of the commercial relationship established between the parties.

In any case, the booking of a service and with it the placing of an order, is made freely and voluntarily from the Web/App of the Company, and is considered as the establishment of a contractual relationship between the Company and the user. This relationship is based on the provision of information about the Company’s services, contracted services and other related services by the Company to the user. Therefore, the sending of informative communications that fall into this category is considered part of the service contracted by the user at the time of booking a service on the Web/App. This is without prejudice to the fact that the user may, at any time, unsubscribe from the communications.
4. Communications
Any communication sent will be incorporated into the information systems of The Company. By accepting these conditions, terms and policies, the User expressly consents the Company to perform the following activities and / or actions, unless the User indicates otherwise:
  • Sending commercial and / or promotional communications by any means enabled informing users of activities, services, promotions, news, offers and other information related to services and products offered by the Company.
  • If the User has expressly consented to the emailing of commercial communications by subscribing to the NEWSLETTER, the emailing of such communications by electronic means informing Users of the activities, services, promotions, advertising, news, offers and other information on the services and products of the Company, or other products or services that are similar and that may be of interest to the User.
  • The conservation of the data during the terms foreseen in the applicable dispositions.
5. Official means of communication
The user is informed that the means enabled by the company to communicate with customers and others affected is the corporate phone, corporate mobile phones and corporate email.

If you send personal information through a means of communication other than those indicated in this section, the Company will be exempt from any liability in relation to the security measures of such chosen means of communication.
6. Assignments or transfers and consents to display
The Company carries out transfers to third parties that proceed to the treatment and manipulation of the data as well as international transfers with the same purpose. The user expressly accepts the transfer of his data to other subdivisions of the Company as long as it is limited to the purposes indicated in this document and especially to the contents in the first clause.

Also, the Company will provide information to law enforcement agencies under court order or by obligation of a legal rule, without prejudice to blocking or cancelling your account if there may be evidence of the commission of a crime by the user. The information provided will be only that which is currently available to the provider. The information you provide us through the web will be hosted on the servers of the Company.
7. Rights of all interested parties
As an interested party, you can request the exercise of the following rights before the Company by submitting a letter to the address of the heading or sending an email to hello@orderdata.com, indicating as subject: “GDPR: Rights affected”, and attaching a photocopy of your ID card or any analogous document in law.

Rights:
  • Right of access: allows the interested party to know and obtain information about their personal data subject to treatment.
  • Right of rectification or suppression: right to correct errors and to amend data that appears to be inaccurate or incomplete.
  • Right of cancellation: right to delete any data that proves to be inadequate or excessive.
  • Right of opposition: right of the data subject not to have his personal data processed or ceased to be processed.
  • Limitation of processing: entails the marking of stored personal data in order to limit their future processing.
  • Portability of data: the provision of the data undergoing processing to the data subject, so that the data subject may transmit them to another data controller without impediment.
  • Right not to be the subject of automated individual decisions (including profiling): right not to be the subject of a decision based on automated processing that produces effects or significantly affects.
As a user, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing carried out prior to the withdrawal of consent. You also have the right to lodge a complaint with the supervisory authority if you consider that your data protection rights may have been violated (agpd.es).
8. Additional information
8.1. Intellectual property
Through this Privacy Policy we inform you that the photographs, videos and other type of content that are posted on the Web or App platform are the property of the Company, including those of minors, for which the Company has obtained the prior consent of parents, guardians or legal representatives by signing the forms made to that effect by the centres in which minors are part.
8.2. Social media
We inform you that the Company can have presence in social networks. The treatment of the data that is carried out of the people that become followers in our social networks will be governed by this section, as well as by those conditions of use, privacy policies and regulations of access set out by each particular social network and which will have been previously accepted by the user.

The Company will treat your data for the purpose of correctly managing your presence on the social network, informing you of activities, products or services of the provider, as well as for any other purpose that the regulations of the Social Networks allow. It is forbidden to publish any Contents which:
  • Are allegedly illegal under national, EU or international law or that perform allegedly illegal activities or contravene the principles of good faith.
  • Attempt against the fundamental rights of the people, disturb, generate any nuisance in the network, or can generate negative opinions in our users or third parties; as well as those contents that the Company may consider inappropriate.
  • In general, contravene the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of private life, consumer protection and intellectual property rights and industrial.
In addition, the Company reserves the right to remove, without prior notice from the corporate social network, those contents that are considered inappropriate.

The communications sent through the social networks will be incorporated into a file owned by the Company, being able to send you information of interest.

You can access more information, as well as consult the companies that are part of our group, in this privacy policy.

In any case, if you send personal information through any social network, the Company will be exempt from responsibility in relation to the security measures applicable to such platform, having the user to consult their corresponding particular conditions.
8.3. Security measures
The data you provide will be treated confidentially. The Company has adopted all the technical and organisational measures and all the necessary levels of protection to guarantee the security in the treatment of the data and to avoid its alteration, loss, theft, treatment or unauthorised access, in accordance with the state of the technology and the nature of the data stored. Likewise, it is also guaranteed that the treatment and registration in files, programs, systems or equipment, premises and centres comply with the requirements and conditions of integrity and security established in current legislation.
9. The Company as treatment manager
The User, while using the services provided by the Company through the web and while using the actual web may include, through User Content, any personal data of third parties or their own (“Content Data”). This User is solely responsible for these Content Data, as “Responsible of Treatment”. The Company provides a service of treatment of this information in the name and account of the User, as “Treatment Manager” in order to allow the use of the Platform and provide the services offered through the Platform.

To the extent that the Company is “Treatment Manager”, the Company (a) implements technical and organizational measures to safeguard the Content Data of any access, loss, destruction, theft, use or unauthorized or unlawful disclosure; (b) treats only the Content Data in accordance with the instructions provided by the User, which include the configuration of his User Account and indications (“clicks” on the Platform) regarding this particular material, (c) does not use the Content Data for purposes other than those related to the development of the Services or according to the instructions provided by the user, (d) does not communicate the Content Data, not even for conservation by third parties (this does not preclude that if a User’s instruction is that a User Content should be public and logically subject to recommendations the Company complies with that instruction and allows access to Users of such Content Data and may even recommend the display of such User Content).

Upon expiration or termination of this Agreement by reason of termination of the User Account of the User responsible for these Content Data, we will stop using any Content Data and destroy it. The Company reserves the right to save such stored Content Data before removing it for as long as the Company may be subject to liability as a result of such data processing. If you detect that another User uses in the Company your old Content Data without being authorized, you must inform the Company of it, since the Company does not monitor, edit or control the User Content.

The User responsible for the Content Data authorizes us as the Treatment Manager to allow access and treatment of such Content Data to one or more service providers (data hosting and messaging), as a subcontractor on your behalf, if we reasonably consider that such access and treatment is necessary for the development of the Services. These providers process the data for the sole purpose of providing the aforementioned services which we have indicated, and are currently the Google group (whose subsidiaries with possible access to the data would be: (i) Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland, (ii) Google Asia Pacific Pte Ltd., with offices at 8 Marina View Asia Square 1 #30-01 Singapore 018960, or (iii) Google Inc, with offices at 1600 Amphitheatre Parkway, Mountain View, California 94043, (in Ireland, Singapore and the U.S.A. respectively); the Amazon group (whose subsidiaries with possible access to data are (i) Amazon.com, Inc. in the U.S.A. and (ii) Amazon Web Service Ireland Ltd. in Ireland); or the Facebook group (whose subsidiaries with possible access to data are (i) Facebook, Inc, with offices at 1601 S California Ave; Palo Alto, California 94304 and (ii) Instagram, Inc. with offices at 1601 Willow Rd; Menlo Park, California 94025). The countries outside the European Economic Area where data may be processed (all of them except Ireland) may not have personal data protection standards equivalent to those in Spain/Europe). Before such processing takes place, we will ensure that you have entered into a contract with such third parties that is sufficient to commit you to processing personal data in accordance with the applicable provisions of this Policy.

The User responsible for the Content Data declares and guarantees to have all the necessary consents of the persons whose personal data will be treated in accordance with this clause (including the International Transfer of data from this subcontracting or to other users of the Platform from other countries to which it has access). The User responsible for the Content Data will indemnify the Company and exempt him from liability in relation to any claim, damage or loss that may suffer that is related to the processing of personal data of third parties treated in accordance with this clause.
10. Changes to this privacy policy
The Company reserves the right to modify this policy to adapt it to any new legislation or jurisprudence. In any case, the modification of the privacy policy will be notified to the users.
11. Legislation
To all effects the relations between the Company and the Users of its services are subject to the Spanish legislation and jurisdiction, to which the parties expressly submit, being competent for the resolution of all the conflicts derived or related to its use the Courts and Tribunals of Barcelona.