Privacy Policy

Introduction

As experts in business digital transformation, we are aware that one of the biggest challenges that digitalisation poses is privacy.

At O2O we offer our clients a wide variety of services and products that range from designing a digital strategy to developing websites, applications and software. As part of this activity, we carry out personal data handling, where, on some occasions, responsibility for processing rests with us while, on others, we are in charge of processing data for which our clients are responsible.

Through this privacy policy we would like to inform the persons concerned, with full transparency, who is responsible for handling their data, which personal information we process, the purpose of each data processing activity we carry out, the lawful basis, the storage period for data, as well as the rights of the data subject and how the latter can exercise such rights.

Who is responsible for processing your data

ONE2ONE DIGITAL STRATEGY, S.L. (“O2O”), with Tax Code (N.I.F.) B-84.325.935 and whose address is Madrid (28.036), Avda. de Burgos, 8-A, Planta 15 is responsible for processing your personal data.

If you have any queries regarding the handling of your data, you can contact us by post, or email at privacidad@mo2o.com or by phone on (0034) 910 609 514.

O2O also has a data protection officer who can be contacted at the following email address: dpo@mo2o.com

Which processing activities do we implement

Contact list

Purpose: Contact interested parties to inform them of the products, services and activities that O2O organizes or takes part in either directly or indirectly, including by electronic means.

Lawful basis: Our data processing is based on the consent given by the persons concerned or, otherwise, on our legitimate interest.

Data categories: Identification data, contact data and professional data.

Disclosure and transfer of data: Data are not disclosed to third parties.

Storage: Data will be stored for as long as contact is maintained with the interested parties and will be erased within a maximum period of six (6) years dating from the last contact.

Clients, Providers and Collaborators

Purpose: The purpose of this data processing is to manage our pre-contractual and contractual relationship with our clients, providers and with other persons and entities with which we reach collaboration agreements.

Lawful basis: The legal grounds for data processing for this activity is based on the contract, on the complementary consent of the persons concerned where appropriate and our legitimate interest in maintaining the business relationship.

Data categories: We process identification and contact data, financial and bank data, commercial information, data on transactions of goods and services and professional data.

Disclosure and transfer of data: Tax authorities, banks and data processors that provide their services to O2O.

Storage: We store the data that we use for this activity for a maximum period of six (6) years after the termination of the corresponding contracts and collaboration agreements.

Human Resources

Purpose: In our human resources activity we use the data for the purposes of personnel selection, management and training, processing social benefits, promotion and management of employment and workplace monitoring.

Lawful basis: The legal grounds for the data processing for this activity are based on the work contract, on employment law and Social Security regulations, on the complementary consent of the persons concerned whenever the data provided are not strictly necessary to maintain the labour relationship and, finally, on our legitimate interest in issues of regulatory compliance and internal monitoring.

Data categories: We process identification and contact data, financial and bank data, commercial information, data on transactions of goods and services, professional data and data on training and employment.

Disclosure and transfer of data: Social Security Bodies, Mutual Provident Societies, Tax Authorities, Insurance companies, banks and any entities responsible for processing that provide services to O2O.

Storage: We store any data we use for this activity for a maximum period of five (5) years after the termination of the work contracts. CVs of candidates are destroyed after the respective selection process, unless the candidate is hired by O2O.

Video surveillance

Purpose: We have a video surveillance system that we use for security and monitoring purposes.

Lawful basis: This is based on our legitimate security and monitoring interests.

Data categories: Identification data (image and voice)

Disclosure and transfer of data: Data transfers are not provided for, except where appropriate to State security bodies and forces, the Public Prosecutor’s Office and the Courts and Tribunals of Justice.

Storage: We store the recordings for a maximum period of one (1) month.

O2O Images

Purpose: Publication on the webpage of the company, in O2O’s advertising and promotional material and/or dissemination on social media, including newspapers, magazines, television and Internet.

Lawful basis: This is based on the consent given by the persons concerned.

Data categories: Identification data.

Disclosure and transfer of data: Public dissemination.

Storage: The images will be stored for an indefinite period.

Ethical channel

Purpose: Management of internal queries and reports system on the alleged committal of unlawful acts inside the company or against the same and alleged violations of our ethical code and other internal regulations.

Lawful basis: This is based on our legitimate interest for internal monitoring.

Data categories: We process identification and contact data, and the data used to formulate the corresponding queries and internal reports.

Disclosure and transfer of data: The data processed in the ethical channel may be disclosed to the State security bodies and forces, the Public Prosecutor’s Office and the Courts and Tribunals of Justice.

Storage: The data from the ethical channel will be stored for a maximum period of three (3) months.

We protect your data

At O2O we use the appropriate technologies and procedures to protect your data from accidental loss and unauthorised access, use, destruction or publication. We perform data backup in order to be able to recover information if an incident occurs. And we also implement the appropriate physical and technological measures to store and transfer your data securely.

What rights do the persons concerned hold and how can they exercise them

Apart from the right to be informed in a transparent way, via this privacy policy, you have the following rights:

• Right to request access to your data in order to find out which personal data we process, for what purpose, where we have obtained it from and if we disclose or if we have disclosed said data to third parties.
• Right to request rectification of any inaccurate personal data concerning you as an individual. Taking into account the purposes of the processing, you are also entitled to complete any personal data that is incomplete.
• Right to request erasure of any data concerning you as an individual, for example when they are no longer necessary for the purposes for which they were collected or when a legal obligation stipulates the same.
• Right to request restriction on processing, for example when the accuracy of your data is in doubt or when the data are not necessary for the original purpose but cannot be deleted for legal reasons.
• Right to oppose processing for reasons associated with a specific situation and being subject to automated individual decisions, including drawing up profiles.
• Right to revoke fully or partially the consent given.

If you wish to exercise any of your rights, please write to us at privacidad@mo2o.com or by post to the company address given above. In either case, we will need a copy of your National Identity Card (D.N.I.) or Passport so that we can verify your identity and we undertake to reply in the maximum period of one (1) month.

We would like to inform you that we have a Data Protection Officer, who you can contact by email regarding any incident relating to your data at the following address: dpo@mo2o.com

We also inform you that you are entitled to lodge, where appropriate, a complaint to the State Agency for Data Protection (Agencia Estatal de Protección de Datos), with head offices in Madrid (28.001), in C/ Jorge Juan, núm. 6.

For more detailed information on your rights, we recommend you visit the webpage of the Spanish Agency of Data Protection or contact the same on its citizen service phone line 901.100.099.