At Bounsel, we want to let you know exactly and clearly about how we gather and treat your personal data through our website www.bounsel.com and its subdomains (the Website), according to General Data Protection Regulation (GDPR) and Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD). So if you browse through the Website or use the Platform, you may want to know about this regulation as a User.
Bounsel S.L., with tax identification number B-40556524 and legal address at Avenida Blasco Ibáñez 134– 99, 46022, Valencia, Spain, is the data controller of your personal data, all collected from our Website. You can get in touch with us by sending an email to firstname.lastname@example.org.
When you access and browse through our Website
Article 6.1.a) GDPR: Express consent
IP Address, Location, Data regarding your behavior, Data of your device (digital fingerprint)
When you use the Bounsel Platform
To access our Service and improve it
Article 6.1.b) GDPR: Rendering of contractual services
IP Address, Location, Data regarding your behavior, Data of your device (digital fingerprint), Email, First Name and Last Name, Username (alias), Profile Picture (avatar), Vat Number, Language of Preference, Time zone, Biometric Signature
When you contact us through our Website
To deal with and answer your questions as well as have pre-contractual relationships
Article 6.1.a) and b) GDPR: Express consent and rendering of pre-contractual services
First Name and Last Name, Email, Company, Mobile number, LinkedIn profile
When you visit Bounsel social media profiles (LinkedIn, Instagram, Facebook, Twitter and YouTube)
To offer you information whenever you ask for it through social media, improve your user experience and carry out stats
Article 6.1. a) GDPR: Express consent
Username, IP Address, Data regarding your behavior, Data of your device (digital fingerprint)
When you contact us because you are interested in a job offer
To manage a selection process or interest enquiry to work with us
Article 6.1. a) GDPR: Express consent
We will keep the personal data that you have provided us just for the necessary time to fulfill each one of the provided by law purposes. In particular:
• Your User data of the Platform
We will keep your data for the time you use the Platform as a Guest or as long as your User account in Bounsel remains active. After one year, if you are a Guest and don’t use the Platform anymore, we will delete your data. If you decide not to use Bounsel in the future, we will get rid of your personal data permanently, except for the data we still have to preserve due to specific legal obligations.
• Your browsing data on the Website or social media
• Your contact data
We will keep your contact data only to answer your enquiries about our Services until you decide to become one of our Clients. If you finally don’t turn into a Bounsel Client, we will delete all the data you had previously given us.
• Your professional data
We will preserve the data collected through LinkedIn as long as we manage the open selection process.
You can keep calm. We don’t share your personal data with others, except for the suppliers we work with to provide you the Service and to comply with legal obligations and deal with judicial or administrative and Armed Forces requests, only if they ask us to. We don’t perform any international transfers to countries that aren’t part of the European Economic Area, whose level of protection may not be equivalent to the granted by GDPR.
As a User of Bounsel, you are entitled to:
• Ask for access to your personal data.
• Ask for the amendment or elimination of your personal data.
• Ask for the limitation of the treatment of your personal data.
• Oppose to the treatment of your personal data.
• Request the portability of your personal data.
• Revoke whenever you want the consent you gave us.
You can exercise your rights by sending us an email to email@example.com or a letter by mail to Bounsel with the subject “Exercise of rights”. You may also present a complaint to the Spanish Data Protection Agency on its website www.aepd.es.
The Client shall act as data Controller and Bounsel as data Processor according to the following obligations:
• Processor Obligations:
1. Process personal data following the instructions given by the Controller, complying with Data Protection rules in force, ensuring all necessary security measures.
2. Register in writing all the data processing categories made on behalf of the Controller.
3. Do not communicate personal data to third parties unless: they have the express authorization of the Controller, when it’s necessary for rendering the Services, for a legal obligation or public interest reasons.
4. Outsource only the services of the Contract that refer to the use of auxiliary services necessary for the operation of the commissioned Service. In this case, the subcontractor, who acts as the data Processor, is also obliged to comply with these obligations and the instructions issued by the Controller. The Processor will regulate the new relationship, so that the sub-processor is subject to the same conditions (instructions, obligations, security measures, etc.) and with the same formal requirements as him, with regard to the proper processing of personal data and the guarantee of the rights of the interested parties. In the event of breach by the sub-processor, the Processor will continue to respond directly to the Controller regarding compliance to the aforementioned obligations.
5. Maintain the confidentiality of personal data carried out by the Processor, even when the Contract is finished.
6. Guarantee that people authorized to process personal data undertake, expressly and in writing, to respect confidentiality and comply with the corresponding security measures, informing themselves appropriately, guaranteeing their necessary training in data protection matters.
7. Help Controller respond to the exercise of rights by interested parties. When interested parties exercise their rights before the Processor, he shall immediately notify the Controller.
8. Provide by the Controller information right when data is gathered.
9. Notify the Controller, within a maximum period of 24 hours, the known violations of the security of the personal data under his charge, with all the material information for the documentation and communication of the incident.
10. Offer the Controller sufficient and appropriate guarantees to correctly apply the technical and organizational measures that allow meeting the requirements of current Spanish regulations and GDPR, including the appropriate security measures.
11. Ensure that the processing of personal data will have the appropriate security measures that are relevant in each case in accordance with article 32 of GDPR.
12. Delete or return, at the option of the Controller, all personal data when the rendering of the data processing ends, and delete all existing copies unless they have to be kept by an imperative rule.
13. Guarantee that people authorized to process personal data undertake, expressly and in writing, to respect confidentiality and comply with the corresponding security measures, informing themselves appropriately, guaranteeing their necessary training in data protection matters.
• Controller Obligations:
1. Indicate to the Processor the technical and organizational security measures required to comply with the obligation set forth in number 11.
2. Collaborate with the Processor in those obligations that require such collaboration.
3. Inform the Processor about the impact assessment results carried out by the Controller in relation to the data processing.Do not communicate personal data to third parties unless: they have the express authorization of the Controller, when it’s necessary for rendering the Services, for a legal obligation or public interest reasons.