Privacy Policy

Privacy Policy of the Website

 

  1. Content and acceptance

The purpose of this Personal Data Processing document is to publicize the way the personal data is collected, processed and protected through the Website, so that Users can determine freely and voluntarily if they wish to facilitate their personal data through this Website.

The access and use of the Website implies full acceptance by the User of this Personal Data Processing document and the compliance with the terms and conditions contained in it. Therefore, the User must carefully read this Personal Data Processing document in each of the occasions in which he/she intends to use the Website, as it may be modified.

The present document of Personal Data Processing will be valid only for the personal data obtained in the Website, not being applicable for that information gathered by third parties in other web pages, even if these are linked by the Website.

 

  1. The identity of the Person Responsible for the Treatment and Processing of Personal Data

In compliance with the provisions of 2016/679 Regulation (EU), of the European Parliament and of the Council of 27th April 2016 concerning the protection of natural persons with regard to the processing of personal data and the free movement of these Data (GDPR), the User is informed that the data collected through the Website and/or any data collection forms of the Website will be incorporated into the personal data files owned by Goal Systems S.L. with registered office in Madrid, C/ Juan Hurtado de Mendoza, 4 – 28036, to manage the navigation of the User through the Website, if applicable; as well as for the purposes indicated in each of the forms included in the Website.

The Company guarantees the confidentiality of the personal data provided and the compliance with all applicable regulations.

So that the information provided is always up-to-date and does not contain errors, the User must communicate, as soon as possible, the modifications and rectifications of their personal data that may occur.

Likewise, by clicking on the “Send” button (or equivalent) incorporated in the aforementioned forms, the User declares that the information and data provided in them is accurate and true.

The Company informs its Users that it is responsible for the treatments carried out on this Website, unless otherwise specifically determined for the purpose in the treatment in question.

Through this Privacy Policy, the Company informs the Users of the Website, describes what data it collects, how it uses them and the options of the Users in relation to those data, including how to access and update them.

The User expressly and fully accepts the conditions that are expressed in this Privacy Policy for the use of the Company’s Website and any of the Services incorporated therein.

 

  1. The Data Protection Officer (DPO)

The Data Protection Officer (DPD or DPO for its acronym in English) is responsible for ensuring compliance with the data protection regulations to which the Company is subject, and consequently, this Website. The User can contact the DPO designated by the data controller using the following contact information: dpo@goalsystems.com.

 

  1. Legal basis for the personal data processing

The legal basis for the processing of personal data is the consent of the owner of the data. The Company undertakes to obtain the express and verifiable consent of the User for the processing of their personal data, for one or more specific purposes.

 

When a User completes any of the forms with the requested personal data, under the GDPR, they must grant an unequivocal and explicit consent, with a revocable nature, and without retroactive effects.

The User shall have the right to withdraw his/her consent at any time. It will be as easy to withdraw the consent as it is to give it. As a general rule, the withdrawal of consent will not condition the use of the Website.

On those occasions when the Users must provide their data through forms to make inquiries, to request information or for reasons related to the Content of the Website, they will be informed in case that the completion of any of them is mandatory due to that they are essential for the correct development of the operation performed.

 

  1. The collection of data and the duty to inform

The purpose of this document is to establish and to regulate the rules of use as well as the safeguarding of the data on the Website www.goalsystems.com (hereinafter, the “Website”), with the Website understood as all the pages and Content owned by the Company (hereinafter, “the Company”) which is accessed through the domain www.goalsystems.com.

Likewise, the Company, owner of the Website www.goalsystems.com, informs the Users thereof that it is responsible for the treatments carried out on this Website, unless otherwise reported in the treatment in question.

The Company respects the current legislation on the protection of personal data, the privacy of the Users and the secrecy and security of personal data, in accordance with the provisions of the applicable legislation on data protection, in particular, the 2016/679 Regulation of the European Parliament and of the Council of April 27th, 2016; adopting for it the technical and organizational measures necessary to avoid the loss, misuse, alteration, unauthorized access and theft of the personal data provided, taking into account the state of technology, the nature of the data and the risks to which they are exposed.

Specifically, Users of the Website are informed that their personal data can only be obtained for processing when they are appropriate, relevant and not excessive in relation to the scope and the specific, explicit and legitimate purposes for which they were obtained.

The User will be solely responsible for the completion of the information with false, inaccurate, incomplete or outdated information.

The Company is not responsible for the treatment of the personal data of the Website to which the User can access through the various links contained on our website.

The User guarantees that the Personal Data provided is true, accurate, complete and updated, and undertakes to notify any change or modification thereof. In the event that Personal Data of third parties are contributed, the User is responsible for having informed and having obtained the consent of the third parties to be provided, with the purposes indicated in the corresponding sections of this Privacy Policy.

In the event of any loss or damage caused to the Website or to the person responsible for it or to any other third party, by communicating erroneous, inaccurate or incomplete information, through the inserted forms of the Website and specifically through the section relating to Registration, the responsibilities arising from such act will be imputed exclusively to the User.

 

  1. Principles applicable to the processing of personal data

The treatment of the personal data of the User will be subject to the following principles contained in article 5 of the GDPR, which are the following:

  1. a) Principle of legality, loyalty and transparency: the consent of the User will be required, at all times, prior to completely transparent information of the purposes for which the personal data is collected.
  2. b) Principle of limitation of the purpose: the collected personal data will be for certain, explicit and legitimate purposes.
  3. c) Principle of minimization of data: the personal data collected will be only those strictly necessary in relation to the purposes for which they are treated.
  4. d) Principle of accuracy of personal data: such data must be accurate and always updated.
  5. e) Principle of limitation of the term of conservation: the personal data will only be maintained in a way that allows the identification of the User during the time necessary for the purposes of their treatment.
  6. f) Principle of integrity and confidentiality: personal data will be treated in a manner that guarantees its security and confidentiality.

 

  1. Categories of personal data

The Company may collect information about personal data of its customers or Users, which may vary due to technological facilities, or the nature of the Service, among others.

The categories of data that are processed by the Company through this Website are only identification and management data, in any case they are special categories of personal data treated in the sense envisaged in article 9 of the GDPR.

 

  1. Purposes of the treatment

The personal data is collected and managed by the Company in order to facilitate, expedite, and comply with the commitments established between the Website and the User, or the maintenance of the relationship that establishes the forms that the latter completes, or, in your case, to attend an application or consultation.

Likewise, the data may be used for the commercial, personalization, operational and statistical purposes, and activities of the Company’s corporate purpose, as well as for the extraction, storage of data, and marketing studies to adapt the Content offered to the User, as well as to improve the quality, operation, and navigation of the Website.

The data requested are adequate and necessary for the purpose for which they are collected, they will not be used for a purpose different from the one for which they have been granted, and, in no case, will they be transferred to third parties without the owner’s consent.

The User is not obliged to provide their personal data; however, they are necessary to carry out the Services offered by the Company.

When the personal data are obtained, the User will be informed about the purpose or specific purposes of the treatment to which the personal data will be assigned; that is, the use or uses that will be given to the information collected.

In no case, the following actions will be carried out in relation to the personal data that are provided by the Users:

– International transfers to other States, without obtaining prior consent from the affected party.

– You will not rent or sell personal information, nor will you share your personal information with any advertiser or advertising ad networks without explicit permission.

– Assignment to third parties, both natural and legal persons, without obtaining the prior consent of the person affected by the treatment.

Unless specifically stated otherwise, it will be considered necessary to fill in all the fields of each form, for which the User will have to provide the true, exact, complete and updated information.

The User expressly declares that the data provided through the forms of the Website are true, accurate, and that he/she himself/herself has sufficient capacity to be able to dispose of them.

Therefore, the User will be solely responsible for any direct or indirect damage caused to the Company or any third party, by completing the forms with false, inaccurate, incomplete, outdated or third-party data.

The Company reserves the right to decide whether or not to incorporate the personal data of these people into its files.

The User who makes a false declaration of data, impersonates the personality of third parties, or carries out any other unlawful action analogous to the previous ones may be prosecuted.

 

  1. Periods of retention of personal data

The personal data will only be retained for the minimum time necessary for the purposes of its treatment and, in any case, only during the period corresponding to the prescription of the actions of the underlying legal business from which the obtaining of the personal data subject to treatment originates.

The time of conservation of the personal data of the Users is subject to the criterion of the prescription of the actions derived from the underlying legal business, from which the data of the users who are the object of treatment have been obtained.

 

  1. Minors’ personal data

Respecting the provisions of articles 8 of the GDPR and 13 of the RDLOPD, only those over 14 years of age may grant their consent for the processing of their personal data in a lawful manner by the Company.

If the child is under 14 years of age, the consent of the parents or guardians will be necessary for the treatment, and this consent will only be considered lawful in the authorized cases. For this purpose, parents or guardians will be able to address to the email address dpo@goalsystems.com.

However, this, and in general, the Company will not treat personal information, with reliable knowledge, of children under 14 years of age.

In the event that the Company, carrying out any control activity, discovers the involuntary collection of information regarding children under 14 years of age, it will carry out all the necessary measures that, as a provider and host of Contents, it is required to undertake in order to suppress such information as soon as possible, except in those cases in which, due to applicable legislation, it is necessary to keep or mediate the consent of the parents, guardians or legal representative of the minor, as it has been indicated.

 

  1. Secret and confidentiality of personal data

The data collected in all private communications between the Company and the Users will be treated with absolute confidentiality, the Company committing itself to the obligation of secrecy of the personal data, to its duty to keep them and to adopt all the necessary measures to prevent its alteration, loss and treatment or unauthorized access, in accordance with the new European regulations on the protection of personal data, the applicable legislation for the collection and processing of personal data is as follows, with the application of Regulation 2016/679 of the European Parliament and the Council of April 27, 2016 (GDPR), and its implementing regulations.

In addition, any type of information exchanged among the parties, or that has been agreed to have such status, or that is related to the Content of such information, will also have the status of confidential.

The visualization of data through Internet will not suppose the direct access to them, except for express consent of the holder for each occasion. The Company will not be responsible for any leakage of information that may occur due to mismanagement of the information by the User.

Likewise, the Company guarantees to the User the compliance with the duty of professional secrecy with respect to the User’s personal data and the duty to keep them. Users can access the Website’s Privacy Policy at any time, as well as configure their profile to guarantee their privacy.

The User is advised not to furnish his/her identification, password or reference numbers that the Company could provide to any third party. Likewise, to ensure that the protection of professional secrecy between the Company and the User is preserved in all communications, the User must not disclose confidential information to third parties.

 

  1. Integrity and security of personal data

The Company undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, to guarantee the security of personal data and to prevent destruction, loss or accidental alteration or illicit of personal data transmitted, preserved or otherwise processed, or unauthorized communication or access to the mentioned data.

However, because the Company cannot guarantee the impregnability of the Internet, nor the total absence of hackers or others who fraudulently access personal data, the controller undertakes to notify the User without undue delay, when it occurs a violation of the security of personal data, which is likely to entail a high risk for the rights and freedoms of natural persons.

Following the provisions of article 4 of the GDPR, violation of the security of personal data is understood to be any breach of security resulting from the destruction, loss or accidental or unlawful alteration of personal data transmitted, conserved or otherwise processed, or the communication or unauthorized access of said data.

Personal data will be treated as confidential by the controller, who undertakes to inform and guarantee through a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom the information is made accessible.

The Company respects the current legislation on the protection of personal data, the privacy of Users and the secrecy and security of personal data, in accordance with the provisions of the applicable legislation on data protection, specifically the 2016/679 Regulation of the European Parliament and of the Council of April 27th, 2016, adopting the necessary technical and organizational measures to avoid the loss, misuse, alteration, unauthorized access and theft of the personal data provided, taking into account the state of the technology, the nature of the data and the risks to which it is exposed, whether they come from human action or from the physical or natural environment and that will only register personal data in files that meet the conditions that are determined in the aforementioned Regulation with respect to its integrity and safety and those of the treatment centers, premises, equipment, systems and programs.

 

  1. Rights derived from the processing of personal data

The User may exercise in front of the controller the following rights recognized in the GDPR:

  1. a) Right of access: it is the right of the User to obtain confirmation of whether the Company is treating his/her personal data or not, and, if so, to obtain information about his/her personal data and the treatment that the Company has carried out, as, among others, of the available information on the origin of said data and the recipients of the communications made or anticipated thereof.
  2. b) Right of rectification: it is the right of the User to modify his/her personal data that prove to be inaccurate or, taking into account the purposes of the treatment, incomplete.
  3. c) Right of withdrawal (“the right to be forgotten”): it is the User’s right, unless the current legislation does not establish otherwise, to delete their personal data when these are no longer necessary for the purposes for which they were collected or treated; the User has withdrawn his/her consent to the treatment, and this does not have another legal basis; the User who opposes the treatment and there is no other legitimate reason to continue with it; the personal data have been treated unlawfully; personal data should be deleted in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of Information Society Services to a child under 14 years of age. In addition, the technology available and the cost of its application must take reasonable measures to inform those who are responsible for the processing of the personal data of the request of the interested party to delete any link to such personal data.
  4. d) Right to the limitation of the treatment: it is the User’s right to limit the processing of his/her personal data. The User has the right to obtain the limitation of the treatment when it challenges the inaccuracy of his/her personal data; the treatment is illegal; the person in charge of the treatment no longer needs the personal data, but the User needs it to make any claim; and when the User has opposed the treatment.
  5. e) Right to data portability: in case the processing is carried out by automated means, the User will have the right to receive the personal data in a structured, commonly used, and machine-readable format from the data controller, and transmit them to another responsible for the treatment. Whenever technically possible, the controller will transmit the data directly to that other person in charge.
  6. f) Right of opposition: it is the right of the User to not carrying out the processing of their personal data.
  7. g) Right not to be the subject of a decision based solely on automated processing, including profiling: it is the right of the User not to be the subject of an individualized decision based solely on the automated processing of his/her personal data, including the preparation of profiles, except that the current legislation establishes the opposite.

Therefore, the User may exercise their rights by means of a communication addressed to the DPD/DPO of the person responsible for the processing whose e-mail address is: dpo@goalsystems.com, in which the User has to specify the following data:

– Name, surname of the User and copy of the ID. In the cases in which the representation is admitted, the identification by the person representing User will also be necessary, as well as the document certifying the indicated representation. The photocopy of the ID may be substituted by any other lawful means that certifies the identity.

– Request with the specific reasons for the request or information to which you want to access.

– Address or email address for notification purposes.

– Date and signature of the applicant.

– Any document that certifies the request that is formulated.

This application, and any other attached document, should be sent to the following address and/or email:

Mailing address: C/ Juan Hurtado de Mendoza, 4, Madrid

Email: dpo@goalsystems.com

 

  1. Data cession

The Company will not communicate the personal data of the User to third companies without obtaining their prior consent, unless the cession of their data is necessary for the maintenance of the relationship with the User; in this case, the User will be previously informed of the cession.

In any case, when the cession is not necessary for the maintenance of the relationship with the User, in the data collection forms, the Company will inform the User of the purpose of the treatment and of the identity or activity sectors of the possible assignees of personal data, previously offering the User the possibility of accepting or not the cession, according to the purpose.

 

  1. Commercial communications

The treatment of your personal data has, for greater than the purposes described, the object of being able to send electronic communications with information that the Company may consider of interest or relevant to Users.

The User is informed that, through the data collection forms, the Company may obtain your consent to send you commercial communications.

Give your consent, through the box that will appear in the data collection forms, as shown below:

 Commercial communications

The Company may contact the User by ordinary mail, email, SMS, WhatsApp or any other equivalent electronic communication means, to send commercial communications about its products and/or services or; to send you commercial communications about products and/or Services of third parties identified, or belonging to the sectors indicated in the corresponding box. Likewise, the Company may send commercial communications through social networks such as Facebook, Twitter, Instagram, among others with similar characteristics.

 

Any communication that is made based on the above described will be sent only and exclusively to the Users who have accepted the remission of them, through the box inserted for such purposes and that, therefore, it is understood that the User has granted his consent expressly.

In any case, the User is not obliged to receive the aforementioned advertising and information, either by dialing or not dialing, as appropriate, the corresponding boxes of the form; or through subsequent communication. If at any time the User does not wish to continue receiving this kind of communications, he/she may revoke the consent by requesting the cancellation of the Service by sending a communication to the following address dpo@goalsystems.com, providing a copy of a document that allows him/her to prove your identity, or using the link enabled for this purpose in the commercial communications received.

 

  1. Data hosting

For technical reasons and quality of Services, the web www.goalsystems.com is hosted on the servers of the company Posizionate.com located within the European Union scope.

This company only provides Hosting services, maintenance of databases and/or data processing for the development of the activity by the Company.

 

  1. Data availability

The data availability on the Internet can be limited by many external factors which cannot be controlled or foreseen, the Company will not be responsible for any damage that these could cause trying to provide the Services via alternative routes to the Internet.

The Company will maintain the highest security standards to ensure its confidentiality, integrity and availability.

 

  1. Claims before the control authority

In the event that the User considers that there is a problem or infringement of the current regulations in the form in which their personal data are being processed, they will have the right to effective judicial protection and to file a claim with a control authority, in particular, in the state where he/she have your habitual residence, place of work or place of the alleged infringement in the case of Spain, the control authority is the Spanish Agency for Data Protection (http://www.aepd.es).

 

  1. Acceptance and changes in this Privacy Policy

It is necessary that the User has read and is satisfied with the conditions on the protection of personal data contained in this Privacy Policy, as well as that the treatment of his/her personal data so that the data controller can proceed to the same in the form, during the deadlines and for the indicated purposes.

The use of the website will imply the acceptance of the privacy policy of the same.

The Company reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the control authority (Spanish Data Protection Agency).

Changes or updates to this Privacy Policy will be explicitly notified to the User.

This Privacy Policy is adapted to the 2016/679 Regulation (EU) of the European Parliament and of the Council, of April 27th, 2016, regarding the protection of natural persons with regard to the processing of personal data and free movement of this data (GDPR).