In compliance with (EU) Regulation 2016/679, of the European Parliament and of the Council, dated 27 April 2016 (hereinafter “RGPD“), Brainsre, S.L. (hereinafter, “Brainsre”) presents this policy regarding the treatment and protection of personal data (hereinafter, the “Policy”).
Information about the entity responsible for the treatment
Brainsre S.L., with registered address on Calle Almagro 3, 4º derecha, 28010 Madrid (Spain);
Tax Identification Code (CIF or ‘Código Identificación Fiscal’): B88564364;
This Policy will be applicable
To those persons who visit the website https://brainsre.news/, owned by Brainsre.
- To those who, voluntarily, communicate with Brainsre or any of its Websites via email, chat or who complete any of its data collection forms.
- To those who request information about Brainsre’s products and services or any of its Websites or who request to participate in any of its commercial activities.
- To those who enter into a contractual relationship with Brainsre by contracting its products and services.
- To those who use any other Brainsre service or any of its Websites that involves the communication of or access to data for the provision of its services.
The use of Brainsre’s products and services or any of its Websites requires the express acceptance of this Policy
Except with legal representation, no user and/or client may use the identity of another person or communicate their personal data. The data that users and/or clients provide to Brainsre or any of its Websites must be personal, corresponding to their own identity, and must be current, accurate and true.
The user and/or client will be solely responsible for any direct or indirect damage caused to third parties or to Brainsre by the use of another person’s data or their own data when that data is false, erroneous, out of date, inadequate or not pertinent.
The user and/or client who communicates personal data to Brainsre declares to be of legal age, in accordance with the provisions of Spanish law. Any data provided about a minor will require the prior consent or authorization of their parents, guardians or legal representatives, who shall be held responsible for the data provided by any minors in their charge.
Purposes and legal basis of the collection and treatment of personal data
Brainsre informs users of the existence of various treatments and databases in which the communicated personal data is collected and stored.
The purposes of said collection and treatment of personal data are as follows:
- In relation to the “cookies” that Brainsre uses for browsing activity on its website and any of its Websites, these are stored on the user’s terminal equipment (computer or mobile device) and they collect information when said websites are visited for technical, analytical and behavioural purposes and, in particular, for the purpose of (i) improving its usability, (ii) knowing the browsing habits or needs of users in order to adapt to them, (iii) as well as obtaining information for statistical purposes.
In the event that users are already Brainsre’s customers, the information collected through cookies will also serve (iv) for their identification when accessing the different tools that Brainsre makes available to them for the management of the contracted services (for technical or functional purposes).
The legal basis for the treatment of personal data relating to cookies is the consent for analytical and behavioural purposes. Technical or functional cookies are strictly necessary and are excluded.
Users can configure their browser so that the receipt of some or all of the cookies is disabled or blocked. The fact that a user may not want to receive these cookies does not constitute an impediment for being able to access information from Brainsre or any of its Websites, although the use of some services may be limited.
If, once consent has been given to receive cookies, the user wishes to withdraw that consent, they must delete those cookies stored on their equipment, through the options available in the different browsers, or withdraw their consent through the panel provided in the Cookies Policy.
All of the information about the cookies used by Brainsre is published in its Cookies Policy, which is available for consultation at https://brainsre.news.com
- When the user sends an email to Brainsre or communicates personal data through any of its Websites or other means, such as a contact form, the purpose of the collection and treatment of said data by Brainsre is the resolution of the queries and requests for information that arise about its products and services.
The legal basis, in these cases, will be the consent granted when the query is sent or contact is made with Brainsre, as well as the legitimate interest in resolving the requests and queries.
- When the user sends their CV and contact information through an email to Brainsre or any of its Websites relating to job offers, said data will be processed to allow their participation in the personnel selection procedures.
The legal basis of the treatment is the candidate’s consent and the execution of pre-contractual measures
- When users fill out forms from Brainsre or any of its Websites to participate in any of its commercial activities, the purpose shall be to enable said participation, as well as the sending of commercial and advertising communications about Brainsre’s services and any of its Websites. This shall also apply to commercial communications from other group companies, when the interested party expresses their interest.
The legal basis of the treatment will be the consent of the user. The interested party may modify their decision at any time, as many times as they wish, through the means provided by Brainsre for that purpose.
- In contracting the services offered by Brainsre or any of its Websites, only those personal data that are necessary to establish the contractual relationship and enable the provision of the services and their remuneration by customers shall be collected. Such data shall be collected and treated for the following purposes:
- a. The main purpose shall be to maintain the contractual relationship established with the client, with Brainsre contacting the client by e-mail, telephone or other means indicated by the latter. The legal basis shall be the execution of the contract and the legitimate interest for the professional positioning of the client.
- b. For sending documentation and information relating to the contracted services, as well as for sending commercial and advertising communications about these services and other similar ones by Brainsre, via post, e-mail, telephone, SMS or other means indicated by the client, unless they expressly state their opposition when they agree to the contract. Commercial communications from other group companies may also be sent with the consent of the client.
The legal basis shall be the execution of the contract and the legitimate interest of Brainsre in sending commercial communications about similar products. To send commercial communications about the products of other companies in the group, the consent of the client shall be obtained. Regardless of whether the client has chosen to receive commercial information from Brainsre or not, the client may modify their decision at any time, as many times as they wish, through the specific section available for that purpose.
- c. For the maintenance of historical records about the commercial relationships for the legally established terms. The legitimate basis shall be our legitimate interest.
- d. In those cases in which Brainsre must access and/or process personal data in respect of which the client holds the condition of entity responsible (or manager) for the treatment, Brainsre shall treat said data as if it were the entity responsible (or deputy manager) for the treatment in accordance with the provisions of Article 28 of the RGPD and pursuant to the provisions indicated in the section entitled “Brainsre as the entity responsible for the treatment”, included in this Policy.
- e. In compliance with the provisions of Law 25/2007, dated 18 October, governing the conservation of data relating to electronic communications and public communication networks, Brainsre informs the user that it will proceed to retain and store certain traffic data generated during the development of communications, as well as, where appropriate, to communicate said data to the competent bodies, whenever the legal circumstances provided for in said Law concur. The legal basis of the treatment shall be the fulfilment of the legal obligations.
- f. For all those other purposes that are expressly included in the specific contracted conditions (hereinafter “Specific Conditions”) that are applicable to the corresponding product or service contracted by the client and expressly accepted by them.
Time limits for the storage of personal data
Brainsre will retain personal data for the time strictly necessary for the fulfilment of the aforementioned purposes and, once the fulfilment of the aforementioned purposes has ended, it may keep such data, duly blocked, for as long as it may have responsibilities as a result of its relationship with the client.
In the case of data subject to conservation pursuant to Law 25/2007, dated 18 October, governing the conservation of data relating to electronic communications and public communications networks, the period of conservation of the data shall be detailed in the regulations.
Recipients of personal data
The recipients of the personal data collected by Brainsre or any of its Websites shall be the following:
- a. Employees of Brainsre in the performance of their duties.
- b. Suppliers of Brainsre that intervene in the provision of services, if that is necessary for their provision.
- c. To the other companies that make up our group: Aura Ree S.L., Kata Beach S.L., Nettle Bay S.L., Aura AM S.L., Aura VBare S.L. for sending commercial communications, at the user’s request.
- d. The judicial and administrative bodies, as well as the State Security Forces and Bodies, in the event that Brainsre is required under current legislation to provide information relating to its clients and its services.
- e. Any other party that due to the nature of the service must access the data provided, as detailed in the Specific Conditions that are applicable to the corresponding product or service contracted by the client and expressly accepted by them.
Users’ rights and the exercise of them
Users may exercise the following rights recognised by the RGPD at any time:
- Right of access. Users have the right to obtain information from Brainsre about whether personal data concerning them is being processed, to access them and to obtain information about the treatment being carried out.
- Right to obtain a copy of their personal data.
- Right of rectification. Users have the right to require that Brainsre rectify their personal data in the event that said data are inaccurate or incomplete.
- Right of withdrawal. Users have the right to proceed with the deletion of data when those data are no longer necessary for the purpose for which they were provided or when the other circumstances provided by law concur.
- Right of limitation of treatment. Users have the right to request a limitation on the treatment of their personal data, so that the processing operations that ought to correspond in each case do not apply to them, in those cases provided for in Art. 18 of the GDPR.
- Right to portability. Users have the right to receive the personal data that concerns them in a structured format, as long as those data relate solely to the user and have been provided by them.
- Right of opposition. Users have the right to oppose the treatment of their personal data in the cases provided for by the applicable regulations.
Users may exercise these rights in the following ways:
- Regardless of whether they are Brainsre customers or not, users may exercise their rights by sending a communication to the email address firstname.lastname@example.org or by sending a request accompanied by their D.N.I. or valid document in law that proves their identity, addressed to BRAINSRE S.L., Calle Almagro 3, 4º derecha, 28010 Madrid (Spain), specifying the right they wish to exercise.
- In the case of any manifestly unfounded or excessive requests due to their repetitive nature, Brainsre reserves the right to charge a fee for the administrative costs that arise, as well as the right to refuse to act on them, in accordance with the provisions of the Art. 12.5 RGPD.
Users and/or clients may contact the appropriate local control authority if they consider that the treatment carried out with respect to their personal data has not been conducted in accordance with current legislation.
The control authority for the protection of data in Spain is the Spanish Agency for Data Protection, whose contact details are available on its website, specifically at https://www.aepd.es/es/la-agencia/donde-encontrarnos
International data transfers
For those products and services from Brainsre or any of its Websites where international transfers are required to enable their provision, said circumstance shall be included in the Specific Conditions that are applicable to the corresponding product or service contracted by the client and accepted expressly by them in advance. Furthermore, Brainsre shall not carry out any international transfer of personal data to a third country over which the European Commission has not issued an adequacy decision or, failing that, adopted the appropriate guarantees (usually model clauses).
Brainsre as the entity responsible for the treatment
In accordance with Article 28 GDPR and its concordant provisions, Brainsre shall process the personal data with respect to which the client holds the condition of entity responsible (or manager) for the treatment, when this is necessary for the adequate provision of the contracted services. In such cases, Brainsre shall act as if it were the entity responsible (or deputy manager, respectively) for the treatment, in accordance with the terms indicated below:
- Brainsre shall only process the data in accordance with the client’s instructions, and shall not use them for any purpose other than that contained in this Policy and/or in the Specific Conditions that are applicable.
- If at any time Brainsre considers that a client’s instruction violates the data protection regulations, then it shall notify them of it immediately.
- Once the provision of the services that motivate the treatment of the personal data has been fulfilled, they will be destroyed, as will any support or documents that contain any personal data or any type of information that has been generated during, for and/or for the provision of the services that form the subject of the corresponding Specific Conditions. Notwithstanding the above, Brainsre may keep the aforementioned data, duly blocked, for the period during which responsibilities may arise for it as a result of its relationship with the client.
- In the event that Brainsre uses the data for another purpose or communicates or uses them in breach of this Policy and/or the corresponding Specific Conditions, it shall also be considered responsible for the treatment.
- In accordance with Article 28 of the RGPD, Brainsre undertakes to maintain due professional secrecy regarding the personal data that must be accessed and/or processed in order to comply in each case with the purpose of the Specific Conditions that are applicable to it, both during and after its termination, agreeing to use this information only for the purpose intended in each case and to demand the same level of commitment from any person within its organization who participates in any phase of the treatment of personal data that are the responsibility of the client.
- In accordance with the provisions of the RGPD, the following rules shall apply in relation to the form and modalities of access to the data for the provision of services:
- a. In the event that Brainsre must access the treatment resources located at the client’s facilities, the latter shall be responsible for establishing and implementing the security policy and measures, as well as communicating them to Brainsre, who agrees to respect them and demand compliance by the people in its organization who participate in the provision of the services.
- b. When Brainsre remotely accesses the data processing resources for which the client is responsible, the latter must establish and implement the security policy and measures in its remote treatment systems, with Brainsre being responsible for establishing and implementing the security policy and measures in its own local systems.
- c. When the service is provided by Brainsre at its own premises, it will collect in its Activity Register the circumstances relating to the data processing in the terms required by the RGPD, including the security measures corresponding to said treatment.
- d. The access to and/or treatment of data by Brainsre, without prejudice to the specific legal and regulatory provisions in force that may be applicable in each case, or those that Brainsre adopts on its own initiative, will be subject to the necessary security measures in order to:
- Guarantee the permanent confidentiality, integrity, availability and resilience of the treatment systems and services.
- Restore the availability of and access to personal data quickly, in the event of a physical or technical incident.
- Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
- Pseudonymize and encrypt personal data, if applicable.
- e. The client expressly authorizes Brainsre, in its capacity as the entity responsible for the treatment, to subcontract with third parties, in the name of and on behalf of the client, the storage services, custody of backup copies of data and security, and other services that are necessary to enable the provision of the contracted services, respecting the obligations imposed by the RGPD and its implementing regulations in all cases. At any time, the client may contact Brainsre to find out the identity of the entities subcontracted for the provision of the indicated services, which will act in accordance with the terms set forth in this document and upon formalization with Brainsre of a data treatment contract pursuant to Art. 28.4 of the RGPD.
- Will assist and collaborate with the client, to the extent that it corresponds to the nature of the treatment entrusted to it, in handling the claims and notifications of interested parties in relation to the exercise of their rights.
- Will notify the client, without undue delay, of any breach of security of personal data of which it is aware, together with all the relevant information for the documentation and communication of the breach. If it is not possible to provide the information simultaneously, then the information shall be provided gradually without undue delay.
- Will keep available to the client all the information necessary to demonstrate compliance with the obligations contained in this contract and will allow the client, or other auditor authorized by the client, to carry out audits, with sufficient advance notice, which in no case shall be less than 15 working days, and interfering as little as possible in the normal performance of Brainsre’s business, to verify compliance with the commitments assumed in this contract.
The client authorizes Brainsre to carry out the actions indicated below, provided that they are necessary for the execution of the provision of the services. Said authorization is limited to the action(s) necessary for the provision of each service and with a maximum duration linked to the validity of the Specific Conditions:
- To carry out the processing of personal data on portable devices only by users or user profiles assigned for the provision of the services.
- To carry out the treatment outside of the client’s or Brainsre’s premises, only by the users or user profiles assigned for the provision of the services.
- The entry and exit of support and documents that contain personal data, including those included in and/or attached to an email, outside of the premises under the control of the client responsible for the treatment.
- The execution of the data recovery procedures that Brainsre is obliged to carry out.
Brainsre shall not be responsible for breaching the obligations resulting from the RGPD or the corresponding regulations on data protection by the user and/or the client as far as its activity corresponds and that is related to the execution of the contract or business relationships that unite them to Brainsre. Each party shall be responsible for the liability resulting from its own breach of the contractual obligations of this Policy and the Specific Conditions, as well as the applicable regulations.