Privacy Policy

Effective date: 23/06/2022

GRUPO M CONTIGO SL., a Spanish company with Tax Identification Number B37527900 located at Calle Concejo, 13, 2ºA, 13, 2º a, 37002, Salamanca and registered at the Salamanca Business Register, dated 20-08-2013, File 146, Volume 442, Book 0, Sheet SA-15157, (hereafter as “Controller” or “Grupo Mcontigo”), is committed to maintaining the trust and privacy of users who visit and use its website.

In This Privacy Policy we’ve provided information on when and why we collect your personal information, how we use it, the limited conditions under which we may disclose it to others and how we keep it secure.

As our company is based in Europe, we will collect, use and disclose personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”). In general, before we collect any personal data from you, we will notify you of the purposes for which your personal data may be collected, used and disclosed, as well as obtain consent for the intended purposes. However, the Brazilian General Data Protection Law (“LGPD”) may apply to those circumstances where Brazilian citizens are involved and the rights to them granted have been extended to all our users. The same applies to the processing that falls within the scope of the California Consumer Privacy Act (CCPA), whose effects are also extraterritorial. Other regulations may apply depending on your location.

We hope that we can satisfy queries you may have about the way we process your data. You can get in touch with our person responsible for Data Protection if you have any concerns or queries about how we process your data at [email protected]

1. What personal data do we collect and for which purposes?

The Controller may collect the following data:

  • Location.
  • IP address.
  • Date and time of access.
  • Browser, language settings, version of browser software operating system and surface.
  • Hardware data.
  • Information that you may share with the service providers or when you get in contact with us

The Controller may use the information for the following purposes:

  • To respond to your request for a demonstration, contact or additional information as a customer, supplier or end user.
  • Commercial use.
  • To communicate news and promotions about our services (including newsletters), as well as to provide, improve, test and monitor the effectiveness of our service.
  • Monitor performance indicators and enhance the functioning of the site.
  • Administering and managing your relationship as a user of the platform.
  • Respond to queries that may arise in the normal use of the platform.
  • For any other purpose indicated to you at the time you provide the information.
  • Complying with legal requirements.
  • Recruitment, evaluating applications and managing our contractual and/or employment relationship.
    • For drafting, negotiating, or entering into contracts or other agreements with you.
  • To secure and present our website or platform (registration files).

2. What is our legal basis for gathering and processing this personal data?

Our legal basis for collecting and using your personal data will depend on the personal data concerned and the specific context in which we collect it. Under the data protection regulations, we may lawfully process your personal data on one or more of the following lawful basis:

  • In the performance of a contract for the provision of goods or services.
  • In compliance with a legal obligation.
  • In the legitimate interest of the controllers.
  • Consent of the user.

If we collect and use your personal data in reliance on our legitimate interests (or those of any third party), you may request that we provide you information about what those legitimate interests are by contacting us at the email address(es) at the top of this privacy policy.

3. Who do we share your data with?

We will not share your personal information with a third party outside the Grupo M Contigo except in limited circumstances, including: if required by law or regulation, by a competent court or authority or if we believe that such action is necessary to prevent fraud or crime or to protect our Services or the rights, property or personal safety of any person.

The third-party data management platforms or advertising and analytics partners we work with are:

Crazy Egg: https://www.crazyegg.com/privacy

Facebook: https://www.facebook.com/policy.php

Google Ads: https://policies.google.com/privacy

Holded: https://www.holded.com/privacy

Hootsuite: https://www.hootsuite.com/legal/privacy

MailChimp: https://mailchimp.com/legal/

Paypal: https://www.paypal.com/us/webapps/mpp/ua/privacy-full

Shopify: https://www.shopify.com/legal/privacy

Stripe: https://stripe.com/de/privacy

Twilio: https://www.twilio.com/legal/privacy

WhatsApp: https://www.whatsapp.com/legal/privacy-policy-eea/?lang=en

WordPress: https://wordpress.org/about/privacy/

Google Cloud: https://cloud.google.com/terms/cloud-privacy-notice

Google Analytics: https://policies.google.com/privacy?hl=en-US

You may click on the names of these third parties to access their privacy policies. We respect your privacy and we will not sell your personal information to any third party. We may disclose data and aggregate statistics about users of our Services to prospective partners, advertisers, sponsors and other reputable third parties in order to describe our Services, deliver targeted advertisements or for other lawful purposes, but these data and statistics will not include information which can be used to identify you.

We do not sell, trade, or otherwise transfer to outside parties your personal information. We may share your personal information with trusted partners and suppliers only if they need such information to perform their specific obligations (e.g. to provide you with our service, to collect, store and process your personal information, to select and serve relevant adverts, and to improve and optimize our sites and applications), and we require them to do so based on our instructions and in compliance with this Privacy and Cookies Policy and any other appropriate confidentiality and security measures and applicable Regulations.

4. International transfers

We operate globally and may transfer your personal information to third parties in locations around the world for the purposes described in this privacy policy. Wherever your personal information is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information.

To those whom the GDPR applies to, we inform you that some of the above mentioned providers are located in territories outside the European Economic Area that do not offer a level of data protection comparable to that of the European Union. In such cases, we transfer your data with adequate safeguards and always keep your data safe, using the most convenient international data transfer tools, for example the Standard Contractual Clauses and any relevant supplementary measures. You may consult the content of such Standard Contractual Clauses through the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en

5. Your Rights as a Data Subject

You have various rights in relation to your personal information. In particular, you have the right to:

  • Obtain confirmation that we are processing your personal information and request a copy of the personal information we hold about you
  • Obtain a copy of your data in a machine-readable format
  • Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete
  • Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information
  • Object to our processing of your personal information for reasons of our own legitimate interest, public interest, or profiling, unless we are able to proof that compelling, warranted reasons superseding your interests, rights and freedom exist, or that such processing is done for purpose of the assertion, exercise or defense of legal claims
  • Wherever we rely on your consent, you will always be able to withdraw that consent

To exercise any of these rights, you can get in touch with us or our data protection responsible using the details set out in Section 14.

You have also the right to launch a complaint with the competent authority should you be of the opinion that we have not complied with applicable privacy obligations.

6. How do we protect and secure your Personal Data?

Protecting the information that we receive about you is our priority. We take appropriate security measures to protect your information from loss, misuse, and unauthorized access, alteration, disclosure, or destruction. We have taken measures to ensure the ongoing confidentiality, integrity, availability and resiliency of systems and services that process personal information and will restore the availability and access to information in the event of a physical or technical incident in a timely manner.

Grupo Mcontigo has adopted the Data Protection security levels legally required and contained in Royal Decree 1720/2007 of the PDPL Directive. However, it provides other additional means, such as state-of-the art firewalls, apart from technical measures such as software for the encryption of confidential information and control of access to personal information, restricted users, security policies, users and passwords that expire as required by the LOPD, and other systems aimed to prevent misuse, alteration, unauthorized access and theft of personal data provided to Grupo Mcontigo.

Grupo Mcontigo uses the SSL/TLS protocol to establish secure connections between users and our servers over the internet, ensuring that the information relayed is encrypted and unable to be read by an external third party, making your transaction on our website much more secure.

Unfortunately, no organization can guarantee the absolute security of information, especially information transmitted over the internet. However, if you have reason to believe that your interaction with us is no longer secure (for example, if your personal information might have been compromised), please contact us immediately at [email protected].

7. How long do we store Personal Data?

We will retain your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained.  The criteria used to determine our retention periods include:  (i) the length of time we have an ongoing relationship with you and provide the Service to you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations).

For further information about our retention period you can contact us via [email protected]

8. Responsibility for the accuracy and truthfulness of personal data

The user is solely responsible for the accuracy and correctness of the data provided through any of the forms on the web, exonerating Grupo Mcontigo from any responsibility in this regard. Users guarantee and respond, in any case, the accuracy, validity and authenticity of the personal data provided, and undertake to keep them updated. The user agrees to provide complete and correct information in the forms you fill out.

Grupo Mcontigo is not responsible for the veracity of the information that is not of its own elaboration and of which another source is indicated, so it does not assume any responsibility for hypothetical damages that may arise from the use of such information.

Grupo Mcontigo is exonerated from liability for any loss or damage that the user may suffer as a result of errors, defects or omissions in the information provided by Grupo Mcontigo provided that it comes from outside sources.

9. Data of minors

As a general rule, Grupo Mcontigo will not process data of minors for the realization of the treatment and services provided by Grupo Mcontigo. If a user provides data of children under 14 years (or under 16 for Californian Residents), the user guarantees the prior consent of their parents or guardians. If Grupo Mcontigo requires it, the user will have to prove having obtained such consent.

10. How do we use Cookies?

We use cookies to optimize and personalize your browsing experience. Cookies are physical information files that are stored in the user’s own computer or other browsing device. The information collected through cookies serves to facilitate the user’s navigation of the portal and to optimize the browsing experience. The data collected through cookies may be shared with the Controller, but in no case will the information obtained by them be associated with personal data or data that can identify the user. However, if the user does not wish to have cookies installed on his or her hard drive, he or she has the possibility of configuring the browser in such a way as to prevent the installation of these files. For more information, see our Cookie Policy.

11. Information for California Residents

This notice to California residents is provided under California law, including the California Online Privacy Protection Act (“CalOPPA”), and the California Consumer Act (“CCPA”), Cal. Civil Code 1798.100, et. seq. This notice supplements our privacy policy by explaining your California privacy rights if you are a California resident and provides certain mandated disclosures about our treatment of California residents’ information, both online and offline.

In the last 12 months, we collected the following categories of personal information: identifiers (such as name, contact information, and device identifiers), internet or other electronic network activity information (such as browsing behavior), approximate geolocation data, inferences (such as approximate location or product interests) and other personal information (such as payment method information, user credentials). The sources of personal information from whom we collected are directly from our users.

For more details about the personal information we collect, including the categories of information and sources, please see “What personal data do we collect and for which purposes?” section above. The business or commercial purposes of collecting personal information are described in more detail in “What personal data do we collect and for which purposes?” section above.

We share this information with the categories of third parties described in “With whom do we share your personal data with?” section above.

Subject to certain limitations and exceptions, the CCPA provides California consumers the right to request to know, up to two times each year, more details about the categories and specific pieces of personal information about you that we collect, use, disclose, and sell; the right to delete their personal information; the right to opt-out of any “sales” that may be occurring; and the right to not be discriminated against for exercising these rights.

We do not “sell” the personal information we collect or any personal information of known minors under 16 years of age. (and will not sell it in the future without providing a right to opt-out).

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time. As there is not a legal standard on the matter, we inform you we do not recognize or respond to “DNT” signals.

California consumers may make a rights request by emailing us at [email protected]. We will verify your request by asking you to provide information that matches information we have on file about you. Users can also designate an authorized agent to exercise these rights on their behalf, but we will require proof that the person is authorized to act on your behalf and may also still ask you to verify your identity with us directly.

12. Information for Brazilian Residents

This notice to Brazilian Residents is provided under Brazilian General Data Protection Law (LGPD). This notice supplements our privacy policy by explaining your Brazilian privacy rights if you are a Brazilian resident and provides certain mandated disclosures about our treatment of Brazilian residents’ information, both online and offline.

If you, a user residing in Brazil, visit one of our pages, or contract with Grupo Mcontigo your personal data is controlled by Grupo Mcontigo.

Your personal data is primarily used to provide you with the Grupo Mcontigo products or services you request. It may also be used to comply with legal obligations we are subject to or to fulfill our legitimate interests, such as to personalize your experience, develop and improve our services or to detect illegal activities. Grupo Mcontigo may also process personal data for purposes of complying with applicable local laws and regulations in the territory where our products and services are offered. With your prior consent or whenever there is a legitimate interest at stake, it may also be used to send you offers and promotions.

You have several rights set forth in Brazil’s data protection legislation including but not limited to the right to confirm the existence of the processing of your personal data, request access to, change, or remove your personal data, or to change your marketing preferences (including withdrawing your consent at any time) – please read our entire Privacy Policy to learn more about managing your marketing preferences or deleting your personal data.

13. Updates to this Privacy Policy

We reserve the right to modify or amend this Policy. For instance, we may need to change this Policy as new privacy legislation is introduced or as existing regulations are amended. Changes to this Policy will be posted on the website. The Controller will communicate relevant changes as far as possible.

14. Contact us

If you have any questions, complaints, or concerns about this Privacy Policy or you wish to exercise your data privacy rights, please reach out to us at the following addresses:

Grupo M CONTIGO SL

Address: Calle Concejo, 13, 2ºA, 37002 Salamanca

Email: [email protected]