INDEX 

1. Objective of the Privacy Policy
2. Definitions
3. Identity of the Data Controller
4. Applicable laws and regulations
5. Principles applicable to the processing of personal data
6. Security measures
7. Purposes of processing
8. Legitimation of the treatment
9. Recipients of your data
10. Data processing activities carried out
11. Personal data of minors
12. Origin and types of data processed
13. Rights of data subjects
14. Acceptance 

1.-OBJECTIVE OF THE POLICY

The purpose of this “Privacy and Data Protection Policy” is to make known the conditions that govern the collection and processing of your personal data by Markennovy Personalized Care, SL to ensure fundamental rights, your honor and freedoms, all This is in compliance with current regulations that regulate the Protection of Personal Data according to the European Union and the Spanish Member State.

In accordance with these regulations, we need to have your authorization and consent for the collection and processing of your personal data, so below, we indicate all the details of your interest regarding how we carry out these processes, for what purposes, what other entities could have access to your data and what are your rights.

For all of the above, once our Data Protection Policy has been reviewed and read, it is essential that you accept it as proof of your agreement and consent.

2.- DEFINITIONS

• “Personal Data”: Any information about an identified or identifiable natural person (“the user of the Website”); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, psychological, economic, cultural or social of said person.
• “Processing”: any operation or set of operations performed on personal data or sets of personal data, whether by automated procedures or not, such as the collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of authorization of access, comparison or interconnection, limitation, deletion or destruction.
• “Limitation of processing”: the marking of the personal data stored in order to limit its processing in the future.
• “Profiling”: any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects relating to professional performance , economic situation, health, personal preferences, interests, reliability, behavior, location or movements of said natural person.
• “Pseudonymization”: the processing of personal data in such a way that it can no longer be attributed to a data subject without the use of additional information, provided that such additional information is listed separately and is subject to technical and organizational measures designed to ensure that personal data is not attributed to an identified or identifiable natural person.
• “File”: any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.
• “Data controller” or “controller”: the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of processing; if Union or Member State law determines the purposes and means of processing, the controller or the specific criteria for his appointment may be established by Union or Member State law.
• “Processor” or “processor”: the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.

1. “Recipient”: the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered recipients; The processing of such data by said public authorities will be in accordance with the data protection regulations applicable to the purposes of the processing.

• “Third Party”: a natural or legal person, public authority, service or body other than the data subject, the data controller, the data processor and the persons authorized to process personal data under the direct authority of the manager or manager.
• “Consent of the interested party”: any free, specific, informed and unequivocal expression of will by which the interested party accepts, either through a declaration or a clear affirmative action, the processing of personal data that concern you.
• “Breach of personal data security”: Any breach of security that results in the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized disclosure of or access to such data;
• “Genetic data”: personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about the physiology or health of that person, obtained in particular from the analysis of a biological sample from such a person.
• “Biometric data”: personal data obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or dactyloscopic data.
• “Health-related data”: personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about their state of health.
• ‘Main establishment’: a) in the case of a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken in another establishment of the controller in the Union and the latter establishment has the power to enforce such decisions, in which case the establishment that has taken such decisions shall be deemed main establishment; b) in the case of a processor with establishments in more than one Member State, the place of its central administration in the Union or, in the absence of such,
  
• “Representative”: natural or legal person established in the Union who, having been appointed in writing by the controller or processor pursuant to article 27 of the GDPR, represents the controller or processor in respect of their respective obligations under this Regulation.
• “Company”: a natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations that regularly carry out an economic activity.
• “Supervisory Authority”: the independent public authority established by a Member State in accordance with the provisions of Article 51 of the GDPR. In the case of Spain, it is the Spanish Data Protection Agency.

• Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be lawful and loyal, making it completely clear to the user when they are being collected, used, consulted or processed. the personal data concerning you. The information related to the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language. 
• Principle of purpose limitation: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a manner incompatible with the purposes for which they were collected.
• Principle of data minimization:The data collected will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed.
• Principle of accuracy: The data will be accurate and, if necessary, updated, adopting all reasonable measures so that personal data that is inaccurate with respect to the purposes is deleted or rectified without delay. for those who are treated.
• Principle of limitation of the conservation period: The data will be kept in such a way that the identification of the interested parties is allowed for no longer than necessary for the purposes of the processing of personal data. li>
• Principle of integrity and confidentiality: Data will be processed in a manner that guarantees adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss or damage , through the application of appropriate technical and organizational measures
• Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.

6.-SECURITY MEASURES

What do we do to guarantee the privacy of your data?

Markennovy has taken all the required measures  to protect personal data; Likewise, Markennovy has adopted the technical measures available to prevent data loss, unfair use, alteration, unauthorized access or theft of data. However, the user will be aware that Internet security measures are not completely indestructible.

Markennovy adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, prevent its alteration, loss, treatment or unauthorized access, depending on the state of technology, the nature of the data stored and the risks to which they are exposed.

Among others, the following measures stand out:

• Ensure:
  • Confidentiality: The information processed by Markennovy will be made available or disclosed exclusively to authorized persons at the time and by the established means. 
  • Integrity: The information processed by Markennovy will be complete, accurate and valid, and the content will be provided by the interested parties and will be subject to no manipulation of any kind.
  • Availability: The information processed by Markennovy will be accessible and usable by authorized persons at any given time, guaranteeing its persistence against any eventuality. 
• Restore availability and access to personal data quickly, in the event of a physical or technical incident.
• Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
• Pseudonymize and encrypt personal data, in case it is sensitive data.

Markennovy assumes the responsibility of supporting and encouraging the establishment of the organizational, technical and control measures necessary to comply with the above safety guidelines.

On the other hand, Markennovy manages information systems according to the following principles:

• Principle of regulatory compliance: All information systems will comply with the regulations of regulatory and sectoral legal application that affect the security of information, especially those related to the protection of personal data, systems security, data, communications and electronic services.

• Risk management principle: Risks will be minimized to acceptable levels and a balance between security controls and the nature of the information will be sought. Security objectives should be established, reviewed, and consistent with information security aspects.

• Principle of awareness and training: Training, awareness programs and awareness campaigns will be articulated for all users with access to information, in terms of information security.

• Principle of proportionality: The implementation of controls that mitigate the security risks of assets will be carried out seeking a balance between security measures, nature and information and risk.

• Principle of responsibility: All members of the Treatment Manager will be responsible for their conduct in terms of information security, complying with the established rules and controls.

• Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed on a recurring basis to increase the ability to adapt to the constant evolution of risk and technological environment.

7.- PURPOSES OF THE PROCESSING 

What do we want to process your data for?

Below we detail the intended uses and purposes: 

For how long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the expected conservation periods are:

8.- LEGITIMATION OF TREATMENT

Why do we process your data?

The collection and processing of your data is always legitimized by one or more legal bases, which are detailed below: 

9.- RECIPIENTS OF YOUR DATA

To whom do we share your data within the European Union?

Sometimes, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:

Do we carry out International Transfers of your data outside the European Union?

In the processes of processing your data carried out by our entity, we need to hire external services that could imply that your data is stored and/or processed by organizations that are established or operate from outside the European Union, which would imply that we make transfers international of your data.

10.- DATA PROCESSING ACTIVITIES

The data processing activities carried out through the website are detailed below, specifying each of the following sections:

• Activity: Name of the data processing activity
• Purposes: Each of the uses and treatments carried out with the data collected
• Legal basis: The legal basis that legitimizes the processing of data
• Data processed: Type of data processed
• Origin: Where the data is obtained from
• Preservation: Period during which the data is kept
• Recipients: Third parties or entities to whom the data is provided
• International transfers: Cross-border shipments of data outside the European Union

12.-ORIGIN AND TYPES OF DATA PROCESSED

Where did we get your data from?

What types of data do we collect and process about you?

 13- RIGHTS OF INTERESTED PARTIES

What are your rights?

The current data protection regulations protect you in a series of rights in relation to the use that we give to your data. Each and every one of your rights are personal and non-transferable, that is, they can only be carried out by the owner of the data, after verifying his identity.

Next, we indicate what are the rights that assist you:

• Right of access: It is the right of the Website user to obtain confirmation of whether or not the Data Controller is processing their personal data and, if so, to obtain information about your specific personal data and the treatment that the Data Controller has carried out or is carrying out, as well as, among other things, the information available on the origin of said data and the recipients of the communications made or planned therein.

• Right of rectification: It is the right that the user of the Website has to modify their personal data that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.

• Right of deletion: It is usually known as the “right to be forgotten”, and it is the right that the user of the Website has, provided that current legislation does not establish otherwise, to obtain the deletion of your personal data when they are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his consent to the treatment and this does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data has been unlawfully processed; the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller,

• Right to limit data: It is the right of the Website User to limit the processing of their personal data. The User of the Website has the right to obtain the limitation of the treatment when they challenge the accuracy of their personal data; the treatment is unlawful; the Data Controller no longer needs the personal data, but the User needs it to make claims; and when the User of the Website has opposed the treatment.

• Right to data portability: In those cases in which the treatment is carried out by automated means, the User of the Website will have the right to receive from the person in charge of the Treatment their personal data in a structured format, of common use and mechanical reading, and to transmit them to another data controller, whenever technically possible, the Data Controller will directly transmit the data to that other Data Controller.
• Right of opposition: It is the right of the User not to carry out the processing of their personal data or to cease their processing by the Data Controller.< /li>
• Right not to be subject to automated decisions and/or profiling: The right of the Website User not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, existing unless the current legislation establishes otherwise.

• Right to revoke consent: It is the right of the Website User to withdraw, at any time, the consent given for the processing of their data.
• Right to file a claim regarding data protection before the Control Authority: Spanish Agency for Data Protection

The interested party may exercisercer any of the aforementioned rights by contacting the Data Controller and prior identification of the User using the following contact information:

• Responsible party: Markennovy Personalized Care, SL
• Address: Ronda El Carralero nº 25 – . 28222, Majadahonda (Madrid), Spain
• Phone: 902111140
• E-mail: mkservices@markennovy.com
• Website: http://www.markennovy.com

You can also exercise your rights before the Data Protection Delegate:

Email: mdelapena@auratechlegal.es – Phone: 647633242

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so in the following way:

How can you file a claim?

In addition to your rights, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a claim with the Control Authority, whose contact information is indicated below:

• Spanish Data Protection Agency
  C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
  Email: info@aepd.es- Telephone: 912663517
  Web: https://www.aepd.es

• For Germany, contact Berliner Beauftragte für Datenschutz und Informationsfreiheit
• For Austria, contact Österreichische Datenschutzbehörde.
• For Belgium, contact Autorité de protection des données
  Gegevensbeschermingsautoriteit 
• For Bulgaria, contact Commission for Personal Data Protection.
• For Denmark you can contact Datatilsynet.
• For Slovakia, please contact https://dataprotection.gov.sk/uoou/ 
• For Slovenia, please contact https://www.ip-rs.si/.
• For Estonia you can contact https://www.aki.ee/et
• For Finland, contact the Office of the Data Protection Ombudsman,.
• In the case of France, you can contact Commission Nationale de l’Informatique et des Libertés
• In the case of Greece, you can contact the Hellenic Data Protection Authority
• For Hungary, contact Office of the Commissioner for Fundamental Rights of Hungary 
• For Ireland, contact the Data Protection Commission.
• In the case of Italy you can contact Garante per la Protezione dei Dati Personali 
• In the case of Latvia you can contact https://www.dvi.gov.lv/lv
• In the case of Lithuania you can contact State Data Protection Inspectorate
• In the case of Luxembourg, you can contact Commission Nationale pour la Protection des Données
• In the case of Malta you can contact the Information and Data Protection Commissioner
• For the Netherlands you can contact https://autoriteitpersoonsgegevens.nl/en 
• In the case of Poland you can go to https://archiwum.giodo.gov.pl/ 
• In the case of Portugal, you can contact Comissão Nacional de Proteção de Dados 
• In the case of the United Kingdom, you can contact the Information Commissioner’s Office
• In the case of Romania, you can contact Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal 
• For Sweden, contact Swedish Authority For Privacy Protection
• For the Czech Republic you can contact https://www.uoou.cz/ 
• For Cyprus, contact Office of the Commissioner for Personal Data Protection 

Data Protection Authorities (other European countries):

• In the case of Andorra, you can contact Andorran Agency for the Protection of Dades
• For Croatia, contact Croatian Personal Data Protection Agency 
• In the case of Iceland you can contact https://www.personuvernd.is/ 
• For Liechetenstein you can contact https://www.llv.li/ 
• For Macedonia you can contact https://dzlp.mk/ 
• In the case of Monaco  you can contact Commission de Contrôle des Informations Nominatives
• In the case of Norway  you can go to Datatilsynet 
• For Switzerland, please contact https://www.edoeb.admin.ch/edoeb /de/home.html  

14.-ACCEPTANCE

Accepting and making this document available to you indicates that you understand and accept all the clauses of our privacy policy, which is why you authorize the collection and processing of your personal data in these terms. This acceptance is made by activating the “Reading and Acceptance” checkbox of our Privacy Policy.

Markennovy reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Agency for Data Protection or the rest of the European control authorities mentioned in the previous point. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.< /span>

This policy  it will be maintained, updated and adapted to Markennovy’s needs and aligned with its strategic risk management principles. To that end, it will be reviewed at planned intervals or whenever significant changes arise to ensure its suitability and effectiveness. 

Last update: 04 April 2023