INDEX 

  1. Objective of the Privacy Policy
  2. Definitions
  3. Identity of the Data Controller
  4. Applicable laws and regulations
  5. Principles applicable to the processing of personal data
  6. Security measures
  7. Purposes of processing
  8. Legitimation of the treatment
  9. Recipients of your data
  10. Data processing activities carried out
  11. Personal data of minors
  12. Origin and types of data processed
  13. Rights of data subjects
  14. Acceptance 

1.-OBJECTIVE OF THE POLICY

The purpose of this “Privacy and Data Protection Policy” is to make known the conditions that govern the collection and processing of your personal data by Markennovy Personalized Care, SL to ensure fundamental rights, your honor and freedoms, all This is in compliance with current regulations that regulate the Protection of Personal Data according to the European Union and the Spanish Member State.

In accordance with these regulations, we need to have your authorization and consent for the collection and processing of your personal data, so below, we indicate all the details of your interest regarding how we carry out these processes, for what purposes, what other entities could have access to your data and what are your rights.

For all of the above, once our Data Protection Policy has been reviewed and read, it is essential that you accept it as proof of your agreement and consent.

2.- DEFINITIONS

  • “Personal Data”: Any information about an identified or identifiable natural person (“the user of the Website”); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, psychological, economic, cultural or social of said person.
  • “Processing”: any operation or set of operations performed on personal data or sets of personal data, whether by automated procedures or not, such as the collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of authorization of access, comparison or interconnection, limitation, deletion or destruction.
  • “Limitation of processing”: the marking of the personal data stored in order to limit its processing in the future.
  • “Profiling”: any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects relating to professional performance , economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person.
  • “Pseudonymization”: the processing of personal data in such a way that it can no longer be attributed to a data subject without the use of additional information, provided that such additional information is listed separately and is subject to technical and organizational measures designed to ensure that personal data is not attributed to an identified or identifiable natural person.
  • “File”: any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.
  • “Data controller” or “controller”: the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of processing; if Union or Member State law determines the purposes and means of processing, the controller or the specific criteria for his appointment may be established by Union or Member State law.
  • “Processor” or “processor”: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
  1. “Recipient”: the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered recipients; The processing of such data by said public authorities will be in accordance with the data protection regulations applicable to the purposes of the processing.
  • “Third Party”: a natural or legal person, public authority, service or body other than the data subject, the data controller, the data processor and the persons authorized to process personal data under the direct authority of the manager or manager.
  • “Consent of the interested party”: any free, specific, informed and unequivocal expression of will by which the interested party accepts, either through a declaration or a clear affirmative action, the processing of personal data that concern you.
  • “Breach of personal data security”: Any breach of security that results in the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized disclosure of or access to such data;
  • “Genetic data”: personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about the physiology or health of that person, obtained in particular from the analysis of a biological sample from such a person.
  • “Biometric data”: personal data obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or dactyloscopic data.
  • “Health-related data”: personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about their state of health.
  • ‘Main establishment’: a) in the case of a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken in another establishment of the controller in the Union and the latter establishment has the power to enforce such decisions, in which case the establishment that has taken such decisions shall be deemed main establishment; b) in the case of a processor with establishments in more than one Member State, the place of its central administration in the Union or, in the absence of such,
  • “Representative”: natural or legal person established in the Union who, having been appointed in writing by the controller or processor pursuant to article 27 of the GDPR, represents the controller or processor in respect of their respective obligations under this Regulation.
  • “Company”: a natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations that regularly carry out an economic activity.
  • “Supervisory Authority”: the independent public authority established by a Member State in accordance with the provisions of Article 51 of the GDPR. In the case of Spain, it is the Spanish Data Protection Agency.

Data Protection Authorities (other European countries):

Other International Data Protection Authorities:

  • “Cross-border Processing”: a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor of the processing in the Union, if the controller or processor is established in more than one Member State, or b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
  • “Information society service”: any information society service, i.e. any service normally provided for remuneration, remotely, electronically and on request of a recipient of services.

 3.-IDENTITY OF  RESPONSIBLE FOR TREATMENT

Who collects and processes your data?

The Data Controller is that natural or legal person, public or private, or administrative body, which alone or jointly with others determines the purposes and means of personal data processing; in the event that the purposes and means of processing are determined by the Law of the European Union or the Spanish Member State.

In this case, our identification data as Data Controller are the following:

Markennovy Personalized Care, SL CIF B25388851

Your personal data is processed by all the entities of our Group of Responsible or Markennovy Corporate Group, made up of, in addition to the entity detailed above, the following organizations:

Vista Optics Limited (01439686)
Address: Gorsey Lane Cheshire Science Centre. WA8 ORP, Widnes (Cheshire), United Kingdom
Contact:
mkservices@markennovy.com
Markennovy Personalized Care Limited (06087749)
Address: 2 Triton Centre, Premier Way. SO51 9DJ, Romsey (Hampshire), UK
Contact:
mkservices@markennovy.com
Markennovy Srl (07995540965)
Address: Via Milo Burlini 42. 31050 , Ponzano Veneto (Treviso), Italy
Contact:
800 719481 – mkservices@markennovy.com
Markennovy GmbH (HRB741496)
Address: Blumenstr. 19. 73728 , Esslingen (Stuttgart Baden-Württemberg), Germany
Contact:
mkservices@markennovy.com
Markennovy Material Sciences Ltd (06592606)
Address: Two Triton Centre, Premier Way. SO51 9DJ, Romsey (Hampshire), UK
Contact:
mkservices@markennovy.com
Markennovy Switzerland Subsidiary Mepc SL (0B25388851)
Address: Weinbergstrasse 62. 8802, Kilchberg (Horgen Zurich), Switzerland
Contact:
mkservices@markennovy.com

How can you contact us?

  • Postal address and our offices: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
  • Head office: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
  • Email: mkservices@markennovy.com- Telephone: 902111140

Who can help you with our Data Protection Policy?

We have a person or entity specialized in data protection, which is in charge of ensuring proper compliance in our entity with current legislation and regulations. This person is called the Data Protection Officer (DPO) and, if needed, you can contact him as follows:

Auratech Legal – NIF/DNI 70253028B
Email:   rgpd@auratechlegal.es- Telephone: 911 134 963

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data. Hereinafter GDPR.
  • Organic Law 3/2018, of December 5, Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
  • Law 34/2002, of July 11, of Services of the Information Society and Electronic Commerce. Hereinafter LSSICE.

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The personal data collected and processed through this website will be treated in accordance with the following principles:

  • Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be lawful and loyal, making it completely clear to the user when they are being collected, used, consulted or processed. the personal data concerning you. The information related to the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language. 
  • Principle of purpose limitation: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a manner incompatible with the purposes for which they were collected.
  • Principle of data minimization:The data collected will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed.
  • Principle of accuracy: The data will be accurate and, if necessary, updated, adopting all reasonable measures so that personal data that is inaccurate with respect to the purposes is deleted or rectified without delay. for those who are treated.
  • Principle of limitation of the conservation period: The data will be kept in such a way that the identification of the interested parties is allowed for no longer than necessary for the purposes of the processing of personal data. li>
  • Principle of integrity and confidentiality: Data will be processed in a manner that guarantees adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss or damage , through the application of appropriate technical and organizational measures
  • Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.

6.-SECURITY MEASURES

What do we do to guarantee the privacy of your data?

Markennovy has taken all the required measures  to protect personal data; Likewise, Markennovy has adopted the technical measures available to prevent data loss, unfair use, alteration, unauthorized access or theft of data. However, the user will be aware that Internet security measures are not completely indestructible.

Markennovy adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, prevent its alteration, loss, treatment or unauthorized access, depending on the state of technology, the nature of the data stored and the risks to which they are exposed.

Among others, the following measures stand out:

  • Ensure:
    • Confidentiality: The information processed by Markennovy will be made available or disclosed exclusively to authorized persons at the time and by the established means. 
    • Integrity: The information processed by Markennovy will be complete, accurate and valid, and the content will be provided by the interested parties and will be subject to no manipulation of any kind.
    • Availability: The information processed by Markennovy will be accessible and usable by authorized persons at any given time, guaranteeing its persistence against any eventuality. 
  • Restore availability and access to personal data quickly, in the event of a physical or technical incident.
  • Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
  • Pseudonymize and encrypt personal data, in case it is sensitive data.

Markennovy assumes the responsibility of supporting and encouraging the establishment of the organizational, technical and control measures necessary to comply with the above safety guidelines.

On the other hand, Markennovy manages information systems according to the following principles:

  • Principle of regulatory compliance: All information systems will comply with the regulations of regulatory and sectoral legal application that affect the security of information, especially those related to the protection of personal data, systems security, data, communications and electronic services.

  • Risk management principle: Risks will be minimized to acceptable levels and a balance between security controls and the nature of the information will be sought. Security objectives should be established, reviewed, and consistent with information security aspects.

  • Principle of awareness and training: Training, awareness programs and awareness campaigns will be articulated for all users with access to information, in terms of information security.

  • Principle of proportionality: The implementation of controls that mitigate the security risks of assets will be carried out seeking a balance between security measures, nature and information and risk.

  • Principle of responsibility: All members of the Treatment Manager will be responsible for their conduct in terms of information security, complying with the established rules and controls.

  • Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed on a recurring basis to increase the ability to adapt to the constant evolution of risk and technological environment.

7.- PURPOSES OF THE PROCESSING 

What do we want to process your data for?

Below we detail the intended uses and purposes: 

Attention to people’s rights

Respond to the requests of citizens in the exercise of the rights established by the General Regulation of Data Protection
Whatsapp Communications

WhatsApp instant messaging communications
Cookies, pixels and tracking

Implement web analytics to understand how users search, access and navigate. To carry out these analyzes, personal data may be processed, such as the user’s IP address, connection location, software functions and browsing navigation, etc.
Share information on social networks. “Fav”, “Like”, “+1” and similar buttons
Identify problems.
Obtain statistical data on user browsing.
Retain user preferences during their stay on a website.
Streaming video and third-party maps. A feature or plug-in provided by a third party establishes a direct connection between the user’s browser and Internet domains owned by the third party, allowing the feature to be downloaded and executed.
Compliance with GDPR obligations

Process your data in order to meet the requests in the exercise of the rights established by the General Data Protection Regulations (art 5 GDPR) and, where appropriate, for the notification of data security breaches data to the supervisory authority and interested parties (articles 33 and 34 of the GDPR)
Necessary steps to adapt and comply with data protection regulations
Data protection and information privacy
Courses taught by Markennovy through the Microsoft Teams platform

Dissemination of the content of the courses in RRSS, web and similar media.
Sending electronic communications about new formations and launching new products.
Management of the data of the teachers who teach the classes.
Survey forms on product improvement and participation in sweepstakes.

Commercial communications
Participation in events and webinars.
Participation in raffles.
Carry out surveys about our products, services and training.
CV management / Job bank

Recruitment
Management of communications received by the complaints channel.

Create an internal communication channel to allow the delivery of information on irregular practices in order to correct them and repair any damage they may have produced
Inform employees and third parties about the existence of anonymous information systems about actions or omissions that may go against the legal system.
Protect citizens who report actions or omissions that violate the legal system, affect financial interests or affect the internal market
Adequately protect those people who, reporting irregularities of which they are aware, in their work or professional environment, publicize them through the organization’s whistleblowing channel, thus allowing public authorities to act, being able to put an end to the illegal activity noticed when it affects the general interest
Subscriber management

Marketing, advertising and commercial prospecting
Instruction of complaints received

Creation of a management procedure for received communications that identifies the present channel, sending an acknowledgment of receipt and communication to the informant of the actions or omissions carried out
Management of the record book of the communications received and the internal investigations to which they have given rise
Inform the investigated person of the right they have to submit allegations in writing and of the processing of their personal data
Carrying out the necessary investigations to respond to the informant
Store Locator

Locate the users of our products to indicate the location of the nearest store.
Show markennovy customer opticians.
Markennovy Academy

Teach courses such as: myopia management expert, advanced contactology expert, contact lens fitting expert for presbyopic patients, markennovy contact lens expert and Marketing and sales expert applied to contactology. ..
Manage the training calendar
Provide continuous and free training on contactology for our clients and students in the sector
Social Networks

Sharing information on Social Networks
Share testimonials of our products through RRSS
Creation and management of information through social networks
Web users

Respond to requests through the website
Management of leads and contacts
Management and contact with users

For how long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the expected conservation periods are:

Attention to people’s rights

They will be kept for the time necessary to resolve the claims. The provisions of the archives and documentation regulations will apply.

Whatsapp Communications

: For a period of 6 years from the last confirmation of interest

Cookies, pixels and tracking

You must access our cookies policy to know the conservation time of each cookie as well as the information that has been collected.

Compliance with GDPR obligations

: As long as its deletion is not requested by the interested party. The personal data provided will be kept as long as its deletion is not requested by the interested party or when the data is no longer necessary -including the need to keep them during the applicable limitation periods- or pertinent to the purpose for which they were collected or registered.

Courses taught by Markennovy through the Microsoft Teams platform

: As long as its deletion is not requested by the interested party. The teacher’s data will be kept for future hiring. The recordings of the courses will be stored as long as they are necessary. The data of the attendees will be kept for future events and training until the attendee objects to their treatment.

Survey forms on product improvement and sweepstakes entry.

: As long as its deletion is not requested by the interested party. We will treat the information until the moment in which the client opposes or ceases to be so.

CV management / Job bank

: During a period of 1 year from the last confirmation of interest. The personal data provided will be kept as long as its deletion is not requested by the interested party and it proceeds, and as long as they are necessary -including the need to keep them during the applicable limitation periods- or pertinent to the purpose for which they were collected or registered. If you do not update the curriculum or do not carry out any job search management for a period of one year, your data will be deleted, implying the blocking of the same.

Management of communications received by the complaints channel.

: For a period of 10 years from the last confirmation of interest. After 3 months the data will be deleted if the complaint is unsuccessful. If the complaint is successful, the maximum term may not exceed 10 years.

Subscriber management

: As long as its deletion is not requested by the interested party

Instruction of complaints received

All the data processed and captured in the investigation phase are eliminated after 3 months. If the complaint is successful, the maximum term may not exceed 10 years.

Store Locator

: As long as its deletion is not requested by the interested party. The data of the opticians will be deleted when they request it.
Customer location data is deleted when you log out.

Markennovy Academy

: As long as its deletion is not requested by the interested party. No minimum or maximum retention periods have been established; If the interested party opposes the data processing, they are unsubscribed depending on the channel of interaction or request for opposition to the processing of the data.

Social Networks

: As long as its deletion is not requested by the interested party. The personal data provided will be kept as long as they are necessary or pertinent for the purpose for which they were collected or registered. We are obliged to block the data when it is deleted. The blocking of the data consists of the identification and reservation of the same, adopting technical and organizational measures, to prevent its treatment, including its visualization, except for the provision of the data to the judges and courts, the Public Prosecutor’s Office or the Competent Public Administrations, in particular the data protection authorities, for the requirement of possible responsibilities derived from the treatment and for three years, the limitation period thereof.

Web users

: For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as its deletion is not requested by the interested party and it proceeds, and as long as they are necessary -including the need to keep them during the applicable limitation periods- or pertinent for the purpose for which they were collected or registered.

8.- LEGITIMATION OF TREATMENT

Why do we process your data?

The collection and processing of your data is always legitimized by one or more legal bases, which are detailed below: 

Attention to people’s rights
  • Legal obligation of the Data Controller

    General Data Protection Regulation (EU) 2018/679
    Whatsapp Communications
    • Explicit consent of the interested party

      Cookies, pixels and tracking
      • (Art. 6.1.a GDPR) Consent of the interested party

        Compliance with GDPR obligations
        • Legal obligation for historical, statistical or scientific research purposes

          • GDPR: 6.1.c) Processing necessary to comply with a legal obligation applicable to the controller..
          • Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations.
            Common Administrative Procedure Law
          • General Data Protection Regulation.
            REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the free circulation of these data and which repeals the Directive 95/46/CE (General Data Protection Regulation
        Courses taught by Markennovy through the Microsoft Teams platform
        • (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract

          • (Art. 6.1.c GDPR) Compliance with legal obligations of the Treatment Manager

            • (Art. 9.2.b GDPR) Compliance with obligations and exercise of rights in the field of Labor Law and social security and protection

              • (Art. 6.1.a GDPR) Consent of the interested party

                Survey forms on product improvement and sweepstakes entry.
                • Explicit consent of the interested party

                  • GDPR: 6.1.a) Consent of the interested party. .
                    The legal basis for sending information related to professional practice or professional interest and for the provision of voluntary services is the consent you give, which you can withdraw at any time.
                • (Art. 9.2.j GDPR) Public interest for purposes of historical, statistical or scientific research

                  CV management / Job bank
                  • Explicit consent of the interested party

                    • GDPR: 6.1.a) Consent of the interested party. .
                      The legal basis for sending information related to professional practice or professional interest and for the provision of voluntary services is the consent you give, which you can withdraw at any time.
                  Management of communications received by the complaints channel.
                  • (Art. 6.1.c GDPR) Compliance with legal obligations of the Treatment Manager

                    • Law regulating the protection of people who report violations of regulations and the fight against corruption.
                      Law regulating the protection of people who report on regulatory violations and the fight against corruption transposing Directive (EU) 2019/1937 of the European Parliament and of the Council, of October 23, 2019, regarding the protection of people who report infringements of Union Law.
                  • (Art. 6.1.e GDPR) Fulfillment of a public mission or exercise of public powers conferred on the Data Controller

                    • GDPR and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDYGDD).
                      Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDYGDD)
                    • Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and execution of criminal sanctions.
                      Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and execution of criminal sanctions.
                  Subscriber Management
                  • Explicit consent of the interested party

                    Instruction of complaints received
                    • (Art. 6.1.c GDPR) Compliance with legal obligations of the Treatment Manager

                      • Law regulating the protection of people who report violations of regulations and the fight against corruption.
                        Law regulating the protection of people who report on regulatory violations and the fight against corruption transposing Directive (EU) 2019/1937 of the European Parliament and of the Council, of October 23, 2019, regarding the protection of people who report infringements of Union Law.
                    • (Art. 6.1.e GDPR) Fulfillment of a public mission or exercise of public powers conferred on the Data Controller

                      • Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and execution of criminal sanctions.
                        Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and execution of criminal sanctions.
                    Store Locator
                    • (Art. 6.1.a GDPR) Consent of the interested party

                      • (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract

                        Markennovy Academy
                        • (Art. 6.1.a GDPR) Consent of the interested party

                          Social Networks
                          • Explicit consent of the interested party

                            Web users
                            • Explicit consent of the interested party

                              • GDPR: 6.1.a) Consent of the interested party. .
                                The legal basis for sending information related to professional practice or professional interest and for the provision of voluntary services is the consent you give, which you can withdraw at any time.

                            9.- RECIPIENTS OF YOUR DATA

                            To whom do we share your data within the European Union?

                            Sometimes, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:

                            Attention to the rights of people: Entities of the business group
                            . Companies of the Euclid Vision group
                            Whatsapp Communications: Telecommunications service providers
                            . Entities that own instant messaging applications
                            Cookies, pixels and tracking : Companies dedicated to advertising or direct marketing
                            ; Business group entities
                            . Companies of the Euclid Vision group
                            Compliance with GDPR obligations: Public administration with competence in the matter
                            ; Business group entities
                            . In the case of notification of security breaches: Spanish Agency for Data Protection.
                            Companies of the Euclid Vision group
                            Courses taught by Markennovy through the Microsoft Teams platform: Business group entities
                            . Your data will be processed by Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone: +353 1 706 3117 You can access their privacy policy https://privacy.microsoft.com/es-es/privacystatement
                            Survey forms on product improvement and participation in sweepstakes.: Business group entities
                            Curriculum management / Job bank : Organizations or people directly related to the person in charge
                            ; Business group entities
                            . As a consequence of the management of the authorized purposes, your data may be communicated to group companies that may be interested in your profile. It can also be managed through the social network LinkedIn, Euclid Vision group companies
                            Management of communications received by the complaints channel.: Other public administration bodies
                            . External channel managed by the Independent Informant Protection Authority or by similar independent regional authorities with competence. Data will also be communicated to the Judicial Authority, the Public Prosecutor or the competent administrative authority in the framework of a criminal, disciplinary or sanctioning investigation.
                            Instruction of complaints received : Other public administration bodies
                            . External channel managed by the Independent Informant Protection Authority or by similar independent regional authorities with competence. Data will also be communicated to the Judicial Authority, the Public Prosecutor or the competent administrative authority in the framework of a criminal, disciplinary or sanctioning investigation.
                            Store locator: Business group entities
                            Markennovy Academy: Business group entities
                            Social Networks: Business group entities
                            . Entities that provide social networking services
                            Web users: Business group entities
                            . Companies of the Euclid Vision group
                            Courses taught by Markennovy through the Microsoft Teams platform

                            Microsoft Ireland Operations Limited
                            (Videoconferencing platform:

                            Identifying data)
                            CV management / Job bank

                            LINKEDIN SPAIN SL
                            (Social network used to search for candidates:

                            Identifying data; Academic and professionals; Employment Details)

                            Do we carry out International Transfers of your data outside the European Union?

                            In the processes of processing your data carried out by our entity, we need to hire external services that could imply that your data is stored and/or processed by organizations that are established or operate from outside the European Union, which would imply that we make transfers international of your data.

                            10.- DATA PROCESSING ACTIVITIES

                            The data processing activities carried out through the website are detailed below, specifying each of the following sections:

                            • Activity: Name of the data processing activity
                            • Purposes: Each of the uses and treatments carried out with the data collected
                            • Legal basis: The legal basis that legitimizes the processing of data
                            • Data processed: Type of data processed
                            • Origin: Where the data is obtained from
                            • Preservation: Period during which the data is kept
                            • Recipients: Third parties or entities to whom the data is provided
                            • International transfers: Cross-border shipments of data outside the European Union

                            10.1 -Treatment activities

                            They are those data processing activities whose purposes are necessary  for the provision of services.

                            Attention to people’s rights
                            Legal bases Legal obligation of the Data Controller; General Data Protection Regulation (EU) 2018/679
                            Purposes Respond to the requests of citizens in the exercise of the rights established by the General Regulation of Data Protection
                            Categories of data and groups Individuals who complain to the organization
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Entities of the business group; Companies of the Euclid Vision group
                            International transfer Not planned
                            Term of conservation They will be kept for the time necessary to resolve the claims. The provisions of the file and documentation regulations shall apply
                            Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:

                            1. The ability to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
                            2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
                            3. A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
                            4. Pseudonymization and encryption of personal data.
                            Compliance with GDPR obligations
                            Legal bases Legal obligation for purposes of historical, statistical or scientific research (GDPR: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment, Law 39/2015, of October 1, on Administrative Procedure Common for Public Administrations, General Data Protection Regulation)
                            Purposes Necessary procedures for the adequacy and compliance with the data protection regulations; Data Protection and information privacy; Process your data in order to meet the requests in the exercise of the rights established by the General Data Protection Regulations (art 5 GDPR) and, where appropriate, for the notification of breaches of personal data security to the control authority and interested parties (articles 33 and 34 of the GDPR)
                            Categories of data and groups Customers, opticians
                            (Identifying data). Employees
                            (Identifying data; Employment details)
                            Data source The interested party or his legal representative
                            Category of recipients Public administration with competence in the matter; Business group entities; In the case of notification of security breaches: Spanish Agency for Data Protection.
                            Companies of the Euclid Vision group
                            International transfer Not planned
                            Term of conservation As long as its deletion is not requested by the interested party. The personal data provided will be kept as long as its deletion is not requested by the interested party or when the data is no longer necessary -including the need to keep them during the applicable limitation periods- or pertinent to the purpose for which they were collected or registered< /td>
                            Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:

                            1. The ability to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
                            2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
                            3. A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
                            4. Pseudonymization and encryption of personal data.
                            Management of communications received by the complaints channel.
                            Legal bases (Art. 6.1.c GDPR) Compliance with legal obligations of the Data Controller (Law regulating the protection of people who report on regulatory violations and the fight against corruption); (Art. 6.1.e GDPR) Fulfillment of a public mission or exercise of public powers conferred on the Data Controller (RGPD and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of 5 of December, Protection of Personal Data and guarantee of digital rights (LOPDYGDD), Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and execution of criminal sanctions.)
                            Purposes Create an internal communication channel to allow the delivery of information on irregular practices in order to correct them and repair any damage they may have produced; Inform employees and third parties about the existence of anonymous information systems on actions or omissions that may go against the legal system; Protect citizens who report actions or omissions that violate the legal system, affect financial interests or affect the internal market; Adequately protect those people who, reporting irregularities of which they are aware, in their work or professional environment, publicize them through the organization’s whistleblowing channel, thus allowing public authorities to act,
                            Categories of data and groups Informants internal complaints channel
                            (Identifying data; Criminal data; Other categories). Persons allegedly involved
                            (Identifying data; Criminal data)
                            Data source The interested party or his legal representative; The data is communicated by the informant himself through the organization’s complaints channel; Other persons other than the interested party or her representative; The data is provided by the informant or is known in the investigation and investigation process.
                            Category of recipients Other public administration bodies; External channel managed by the Independent Informant Protection Authority or by similar independent regional authorities with competence. Data will also be communicated to the Judicial Authority, the Public Prosecutor or the competent administrative authority in the framework of a criminal, disciplinary or sanctioning investigation.
                            International transfer Not planned
                            Term of conservation For a period of 10 years from the last confirmation of interest. After 3 months the data will be deleted if the complaint is unsuccessful. If the complaint is successful, the maximum term may not exceed 10 years
                            Security measures

                            In order to safeguard the security of the personal data of the complaints channel, the organization  undertakes to maintain the security and confidentiality of the data provided and, specifically, of the data of the Informants who carry out a communication through the internal complaints channel, preventing access to them by those who caused the communication due to the alleged commission of actions within the organization contrary to the Law or the Code of Conduct of the entity. The organization has adopted the security levels legally required for the Protection of Personal Data and used the technical means at its disposal to avoid loss, misuse, alteration,

                            Likewise, the organization informs that all its staff, whatever the phase of the treatment in which they intervene, has adopted the commitment to treat your data with the utmost care and confidentiality.

                            Instruction of complaints received
                            Legal bases (Art. 6.1.c GDPR) Compliance with legal obligations of the Data Controller (Law regulating the protection of people who report on regulatory violations and the fight against corruption); (Art. 6.1.e GDPR) Fulfillment of a public mission or exercise of public powers conferred on the Data Controller (Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and execution of criminal sanctions.)
                            Purposes Creation of a management procedure for received communications that identifies the present channel, sending an acknowledgment of receipt and communication to the informant of the actions or omissions carried out; Management of the book-registration of the communications received and of the internal investigations to which they have given rise; Inform the investigated person of the right they have to present allegations in writing and of the processing of their personal data; Carrying out the necessary investigations to respond to the informant
                            Categories of data and groups Informants internal complaints channel
                            (Identifying data; Criminal data; Other categories). Persons allegedly involved
                            (Identifying data; Criminal data)
                            Data source The interested party or his legal representative; The data is communicated by the informant himself through the organization’s complaints channel; Other persons other than the interested party or her representative; The data is provided by the informant or is known in the investigation and investigation process.
                            Category of recipients Other public administration bodies; External channel managed by the Independent Informant Protection Authority or by similar independent regional authorities with competence. Data will also be communicated to the Judicial Authority, the Public Prosecutor or the competent administrative authority in the framework of a criminal, disciplinary or sanctioning investigation.
                            International transfer Not planned
                            Term of conservation All the data processed and captured in the investigation phase are eliminated after 3 months. If the complaint is successful, the maximum term may not exceed 10 years
                            Security measures

                            In order to safeguard the security of the personal data of the complaints channel, the organization  undertakes to maintain the security and confidentiality of the data provided and, specifically, of the data of the Informants who carry out a communication through the internal complaints channel, preventing access to them by those who caused the communication due to the alleged commission of actions within the organization contrary to the Law or the Code of Conduct of the entity. The organization has adopted the security levels legally required for the Protection of Personal Data and used the technical means at its disposal to avoid loss, misuse, alteration,

                            Likewise, the organization informs that all its staff, whatever the phase of the treatment in which they intervene, has adopted the commitment to treat your data with the utmost care and confidentiality.

                            Whatsapp Communications
                            Legal bases Explicit consent of the interested party
                            Purposes WhatsApp instant messaging communications
                            Categories of data and groups Customers, opticians
                            (Identifying data). Employees
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Telecommunication service providers; Entities that own instant messaging applications
                            International transfer Not planned
                            Term of conservation For a period of 6 years from the last confirmation of interest
                            Cookies, pixels and tracking
                            Legal bases (Art. 6.1.a GDPR) Consent of the interested party
                            Purposes Share information on social networks. “Fav”, “Like”, “+1” and similar buttons; Identify problems.; Obtain statistical data on user navigation.; Retain user preferences during their stay on a website; Streaming video and third-party maps. A feature or plug-in provided by a third party establishes a direct connection between the user’s browser and Internet domains owned by the third party, allowing the feature to be downloaded and executed; Implement web analytics to understand how users search, access and navigate. To carry out these analyzes, personal data may be processed, such as the user’s IP address, connection location, software functions and browsing navigation, etc.
                            Categories of data and groups Web users
                            (Identifying data; Other categories)
                            Data source The interested party or his legal representative
                            Category of recipients Companies engaged in advertising or direct marketing; Business group entities; Companies of the Euclid Vision group
                            International transfer Not planned
                            Term of conservation You must access our cookies policy to know the conservation time of each cookie as well as the information that has been collected.
                            Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:

                            1. The ability to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
                            2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
                            3. A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
                            4. Pseudonymization and encryption of personal data.
                            Courses taught by Markennovy through the Microsoft Teams platform
                            Legal bases (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party by means of a contract or pre-contract; (Art. 6.1.c GDPR) Compliance with legal obligations of the Treatment Manager; (Art. 9.2.b GDPR) Compliance with obligations and exercise of rights in the field of Labor Law and social security and protection; (Art. 6.1.a GDPR) Consent of the interested party
                            Purposes Dissemination of course content on RRSS, web and similar media. ; Sending electronic communications about new formations and launching of new products; Management of the data of the teachers who teach the classes.
                            Categories of data and groups External professors who teach our courses
                            (Identifying data; Academic and professional; Personal characteristics). Training attendees
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Entities of the business group; Your data will be processed by Microsoft Ireland Operations Limited, Attn: Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Telephone: +353 1 706 3117 You can access its privacy policy https://privacy.microsoft.com/es-es/privacystatement

                            Microsoft Ireland Operations Limited
                            (CIF:
                            N0071290A);

                            International transfer Not planned
                            Term of conservation As long as its deletion is not requested by the interested party. The teacher’s data will be kept for future hiring. The recordings of the courses will be stored as long as they are necessary. The data of the attendees will be kept for future events and training until the attendee objects to their treatment.
                            Survey forms on product improvement and participation in sweepstakes.
                            Legal bases Explicit consent of the interested party (RGPD: 6.1.a) Consent of the interested party. ); (Art. 9.2.j GDPR) Public interest for purposes of historical, statistical or scientific research
                            Purposes Commercial communications; Participation in events and webinars; Participation in raffles.; Carry out surveys about our products, services and training.
                            Categories of data and groups Web users
                            (Identifying data). Customers
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Entities of the business group
                            International transfer Not planned
                            Term of conservation As long as its deletion is not requested by the interested party. We will process the information until the client objects or ceases to be so.
                            Curriculum management / Job bank
                            Legal bases Explicit consent of the interested party (RGPD: 6.1.a) Consent of the interested party. )
                            Purposes Recruitment
                            Categories of data and groups Employees
                            (Identifying data; Academic and professional). Job candidates
                            (Identifying data; Academic and professional; Employment details)
                            Data source The interested party or his legal representative
                            Category of recipients Organizations or persons directly related to the controller; Business group entities; As a consequence of the management of the authorized purposes, your data may be communicated to group companies that may be interested in your profile. It can also be managed through the social network LinkedIn, Euclid Vision group companies

                            LINKEDIN SPAIN SL
                            (CIF:
                            B86198611);

                            International transfer Not planned
                            Term of conservation For a period of 1 year from the last confirmation of interest. The personal data provided will be kept as long as its deletion is not requested by the interested party and it proceeds, and as long as they are necessary -including the need to keep them during the applicable limitation periods- or pertinent to the purpose for which they were collected or registered. If you do not update the curriculum or do not carry out any job search management for a period of one year, your data will be deleted, implying their blocking.
                            Subscriber Management
                            Legal bases Explicit consent of the interested party
                            Purposes Marketing, advertising and commercial prospecting
                            Categories of data and groups Subscribers
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Not planned
                            International transfer Not planned
                            Term of conservation As long as its deletion is not requested by the interested party
                            Store Locator
                            Legal bases (Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract
                            Purposes Locate the users of our products to indicate the location of the nearest store; Show markennovy customer opticians.
                            Categories of data and groups Customers, opticians
                            (Identifying data). Web users
                            (Other categories)
                            Data source The interested party or his legal representative
                            Category of recipients Entities of the business group
                            International transfer Not planned
                            Term of conservation As long as its deletion is not requested by the interested party. The data of the opticians will be deleted upon request.
                            Customer location data is deleted when you log out.
                            Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:

                            1. The ability to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
                            2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
                            3. A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
                            4. Pseudonymization and encryption of personal data.
                            Markennovy Academy
                            Legal bases (Art. 6.1.a GDPR) Consent of the interested party
                            Purposes Manage the training calendar; Provide continuous and free training on contactology for our clients and students in the sector; Give courses such as the following: expert in myopia management, expert in advanced contactology, expert in fitting contact lenses for presbyopic patients, expert in markennovy contact lenses and expert in Marketing and sales applied to contactology…< /td>
                            Categories of data and groups Web users
                            (Identifying data). Students
                            (Identifying data). Training attendees
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Entities of the business group
                            International transfer Not planned
                            Term of conservation As long as its deletion is not requested by the interested party. No minimum or maximum retention periods have been established; If the interested party opposes the data processing, they are unsubscribed depending on the channel of interaction or request for opposition to the processing of the data
                            Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:

                            1. The ability to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
                            2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
                            3. A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
                            4. Pseudonymization and encryption of personal data.
                            Social Networks
                            Legal bases Explicit consent of the interested party
                            Purposes Share information on Social Networks; Share testimonials of our products through RRSS; Creation and management of information through social networks
                            Categories of data and groups Followers
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Entities of the business group; Entities that provide social networking services
                            International transfer Not planned
                            Term of conservation As long as its deletion is not requested by the interested party. The personal data provided will be kept as long as they are necessary or pertinent for the purpose for which they were collected or registered. We are obliged to block the data when it is deleted. The blocking of the data consists of the identification and reservation of the same, adopting technical and organizational measures, to prevent its treatment, including its visualization, except for the provision of the data to the judges and courts, the Public Prosecutor’s Office or the Competent Public Administrations, in particular the data protection authorities, for the requirement of possible responsibilities derived from the treatment and for three years, the limitation period thereof.
                            Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:

                            1. The ability to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
                            2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
                            3. A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
                            4. Pseudonymization and encryption of personal data.
                            Web users
                            Legal bases Explicit consent of the interested party (RGPD: 6.1.a) Consent of the interested party. )
                            Purposes Respond to requests through the website; Management of leads and contacts; Management and contact with users
                            Categories of data and groups Web users
                            (Identifying data)
                            Data source The interested party or his legal representative
                            Category of recipients Entities of the business group; Companies of the Euclid Vision group
                            International transfer Not planned
                            Term of conservation For a period of 5 years from the last confirmation of interest. The personal data provided will be kept as long as its deletion is not requested by the interested party and it proceeds, and as long as they are necessary -including the need to keep them during the applicable limitation periods- or pertinent for the purpose for which they were collected or registered.
                            Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:

                            1. The ability to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services.
                            2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
                            3. A process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to ensure the safety of processing.
                            4. Pseudonymization and encryption of personal data.

                            11.- DATA OF MINORS

                            Minors under 14 years of age may not use the services available through the Website without the prior authorization of their parents, guardians or legal representatives , who will be solely responsible for all acts performed through the Website by the minors in their care, including the completion of the electronic forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them.

                            In compliance with the provisions of article 8 of the GDPR and article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent for the processing of their personal data lawfully by Markennovy .

                            12.-ORIGIN AND TYPES OF DATA PROCESSED

                            Where did we get your data from?

                            Attention to people’s rights
                            • Individuals who complain to the organization: The interested party or their legal representative
                            Whatsapp Communications
                            • Clients, opticians: The interested party or their legal representative
                            • Employees: The interested party or his legal representative
                            Cookies, pixels and tracking
                            • Web users: The interested party or their legal representative
                            Compliance with GDPR obligations
                            • Clients, opticians: The interested party or their legal representative
                            • Employees: The interested party or his legal representative
                            Courses taught by Markennovy through the Microsoft Teams platform
                            • External professors who teach our courses: The interested party himself or his legal representative
                            • Training attendees: The interested party or their legal representative
                            Product improvement and sweepstakes entry survey forms.
                            • Web users: The interested party or their legal representative
                            • Clients: The interested party or his legal representative
                            CV management / Job bank
                            • Employees: The interested party or his legal representative
                            • Job candidates: The interested party or their legal representative
                            Management of communications received by the complaints channel.
                            • Informants of the internal complaints channel: The interested party or their legal representative
                              . The data is communicated by the informant himself through the organization’s complaints channel.
                            • Persons allegedly involved: People other than the interested party or their representative
                              . The data is provided by the informant or is known in the investigation and investigation process.
                            Subscriber management
                            • Subscribers: The interested party or his legal representative
                            Instruction of complaints received
                            • Informants of the internal complaints channel: The interested party or their legal representative
                              . The data is communicated by the informant himself through the organization’s complaints channel.
                            • Persons allegedly involved: People other than the interested party or their representative
                              . The data is provided by the informant or is known in the investigation and investigation process.
                            Store Locator
                            • Clients, opticians: The interested party or their legal representative
                            • Web users: The interested party or their legal representative
                            Markennovy Academy
                            • Web users: The interested party or their legal representative
                            • Students: The interested party or their legal representative
                            • Training attendees: The interested party or their legal representative
                            Social Networks
                            • Followers: The interested party or their legal representative
                            Web users
                            • Web users: The interested party or their legal representative

                            What types of data do we collect and process about you?

                            Attention to people’s rights
                            Individuals who complain to the organization

                            • Identifying data
                              (Email address; Postal address; Handwritten signature; Name and Surname; Telephone)
                            Whatsapp Communications
                            Clients, opticians

                            • Identifying data
                              (Phone)
                            Employees

                            • Identifying data
                              (Telephone; Image; Name and Surname)
                            Cookies, pixels and tracking
                            Web users

                            • Identifying data
                              (IP address)
                            • Other categories
                              (ID generated by the Pixel or Cookie)
                            Compliance with GDPR obligations
                            Clients, opticians

                            • Identifying data
                              (Name and Surname; Postal address; NIF / NIE / Passport; Email address; Telephone)
                            Employees

                            • Identifying data
                              (Name and Surname; Postal address; NIF / NIE / Passport; E-mail address; Fingerprint; Telephone)
                            • Employment Details
                              (Jobs)
                            Courses taught by Markennovy through the Microsoft Teams platform
                            External professors who teach our courses

                            • Identifying data
                              (Telephone; Email address; Video; Postal address; DNI / NIF / NIE / Passport; Handwritten signature; Image; Name and Surname)
                            • Academic and professionals
                              (Curriculum Vitae; Qualifications; Professional experience)
                            • Personal characteristics
                              (Language; Place of birth; Nationality; Sex)
                            Training attendees

                            • Identifying data
                              (Email address; Name and Surname; Username)
                            Product improvement and sweepstakes entry survey forms.
                            Web users

                            • Identifying data
                              (Email address; Name and Surname; Telephone)
                            Customers

                            • Identifying data
                              (Name and Surname; E-mail address; Telephone)
                            CV management / Job bank
                            Employees

                            • Identifying data
                              (Name and Surname; Mailing address)
                            • Academic and professionals
                              (Professional experience)
                            Job Candidates

                            • Identifying data
                              (Name and Surname; Postal address; Email address; Telephone)
                            • Academic and professionals
                              (Curriculum Vitae; Degrees)
                            • Employment Details
                              (Worker History)
                            Management of communications received by the complaints channel.
                            Informants of the internal complaints channel

                            • Identifying data
                              (Email address; Postal address; Name and Surname; Telephone)
                            • Criminal data
                              (Administrative Offenses; Criminal Offenses)
                            • Other categories
                              (Phone conversation)
                            Persons allegedly involved

                            • Identifying data
                              (Name and Surname)
                            • Criminal data
                              (Administrative Offenses; Criminal Offenses)
                            Subscriber management
                            Subscribers

                            • Identifying data
                              (Name and Surname; E-mail address; Telephone)
                            Instruction of complaints received
                            Informants of the internal complaints channel

                            • Identifying data
                              (Email address; Postal address; Name and Surname; Telephone)
                            • Criminal data
                              (Administrative Offenses; Criminal Offenses)
                            • Other categories
                              (Phone conversation)
                            Persons allegedly involved

                            • Identifying data
                              (Name and Surname)
                            • Criminal data
                              (Administrative Offenses; Criminal Offenses)
                            Store Locator
                            Clients, opticians

                            • Identifying data
                              (Postal address; Email address; Username; Telephone)
                            Web users

                            • Other categories
                              (Location)
                            Markennovy Academy
                            Web users

                            • Identifying data
                              (Email address; Name and Surname; Telephone)
                            Students

                            • Identifying data
                              (Email address; Name and Surname; Telephone; Image)
                            Training attendees

                            • Identifying data
                              (Email address; Name and Surname; Username)
                            Social Networks
                            Followers

                            • Identifying data
                              (Name and Surname; E-mail address)
                            Web users
                            Web users

                            • Identifying data
                              (Email address; Name and Surname; Telephone)

                             13- RIGHTS OF INTERESTED PARTIES

                            What are your rights?

                            The current data protection regulations protect you in a series of rights in relation to the use that we give to your data. Each and every one of your rights are personal and non-transferable, that is, they can only be carried out by the owner of the data, after verifying his identity.

                            Next, we indicate what are the rights that assist you:

                            • Right of access: It is the right of the Website user to obtain confirmation of whether or not the Data Controller is processing their personal data and, if so, to obtain information about your specific personal data and the treatment that the Data Controller has carried out or is carrying out, as well as, among other things, the information available on the origin of said data and the recipients of the communications made or planned therein.

                            • Right of rectification: It is the right that the user of the Website has to modify their personal data that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.

                            • Right of deletion: It is usually known as the “right to be forgotten”, and it is the right that the user of the Website has, provided that current legislation does not establish otherwise, to obtain the deletion of your personal data when they are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his consent to the treatment and this does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data has been unlawfully processed; the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller,

                            • Right to limit data: It is the right of the Website User to limit the processing of their personal data. The User of the Website has the right to obtain the limitation of the treatment when they challenge the accuracy of their personal data; the treatment is unlawful; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User of the Website has opposed the treatment.

                            • Right to data portability: In those cases in which the treatment is carried out by automated means, the User of the Website will have the right to receive from the person in charge of the Treatment their personal data in a structured format, of common use and mechanical reading, and to transmit them to another data controller, whenever technically possible, the Data Controller will directly transmit the data to that other Data Controller.
                            • Right of opposition: It is the right of the User not to carry out the processing of their personal data or to cease their processing by the Data Controller.< /li>
                            • Right not to be subject to automated decisions and/or profiling: The right of the Website User not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, existing unless the current legislation establishes otherwise.

                            • Right to revoke consent: It is the right of the Website User to withdraw, at any time, the consent given for the processing of their data.
                            • Right to file a claim regarding data protection before the Control Authority: Spanish Agency for Data Protection

                            The interested party may exercisercer any of the aforementioned rights by contacting the Data Controller and prior identification of the User using the following contact information:

                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com

                            You can also exercise your rights before the Data Protection Delegate:

                            Email: mdelapena@auratechlegal.es – Phone: 647633242

                            How can you exercise your rights in relation to your data?

                            To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so in the following way:

                            Attention to people’s rights
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Whatsapp Communications
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Cookies, pixels and tracking
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Compliance with GDPR obligations
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Courses taught by Markennovy through the Microsoft Teams platform
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Product improvement and sweepstakes entry survey forms.
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            CV management / Job bank
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Management of communications received by the complaints channel.
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Subscriber management
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Instruction of complaints received
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Store Locator
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Markennovy Academy
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Social Networks
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com
                            Web users
                            • Responsible party: Markennovy Personalized Care, SL
                            • Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
                            • Phone: 902111140
                            • E-mail: mkservices@markennovy.com
                            • Website: http://www.markennovy.com

                            How can you file a claim?

                            In addition to your rights, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a claim with the Control Authority, whose contact information is indicated below:

                            • Spanish Data Protection Agency
                              C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
                              Email: info@aepd.es- Telephone: 912663517
                              Web: https://www.aepd.es

                            Data Protection Authorities (other European countries):

                            14.-ACCEPTANCE

                            Accepting and making this document available to you indicates that you understand and accept all the clauses of our privacy policy, which is why you authorize the collection and processing of your personal data in these terms. This acceptance is made by activating the “Reading and Acceptance” checkbox of our Privacy Policy.

                            Markennovy reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Agency for Data Protection or the rest of the European control authorities mentioned in the previous point. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.< /span>

                            This policy  it will be maintained, updated and adapted to Markennovy’s needs and aligned with its strategic risk management principles. To that end, it will be reviewed at planned intervals or whenever significant changes arise to ensure its suitability and effectiveness. 

                            Last update: 04 April 2023