Version of 20 February 2022

TWINNY, registered trademark by Wason Digital S.L. («Twinny», «we») undertakes, within the framework of its activities and in accordance with the regulations in force, to protect, in particular, the privacy of its prospects and its customers (the «Users») , by ensuring the protection, confidentiality and security of the Personal Data collected.

We strive to be transparent about how we collect and process your Personal Data and what your rights are over such Personal Data. This policy on our privacy practices (the «Privacy Policy») describes in a clear, simple and precise manner how we treat the information that we collect or receive when you visit and use our website.

Twinny reserves the right, at its sole discretion, to modify this Privacy Policy at any time, in accordance with applicable regulations on the protection of personal data. Consequently, the user is invited to consult this Privacy Policy regularly in order to be informed of the latest changes.

Scope of this Privacy Policy

This Privacy Policy affects the management of the information we collect when you use or access our services. This Privacy Policy does not apply to the practices of third parties that we do not own and cannot control or manage, including, but not limited to, any third party website, service, application or business («Third Party Services»). While we try to work only with Third Party Services that share our respect for your privacy, we are not responsible for their content or their privacy policies. We recommend that you carefully read the privacy policies of any Third Party Services you access.

How do we obtain your personal data?

We collect your Personal Data on different occasions:

• Whenever you enter into a relationship with TWINNY, for example, via customer service, to request information about our products and services;
• When you purchase or contract a product or service directly with us, including technological services (website, application, and related services);
• During your relationship with TWINNY, whether you are a prospect or a client. In particular during the execution of contracts or legal obligations such as tax, audit, anti-fraud, etc… ;
• When, with your authorization, third-party companies or distributors provide us with the personal data in their possession;
• When managing the commercial relationship, particularly when processing complaints, or carrying out satisfaction surveys; etc.

We would appreciate it if you could help us keep your contact details up to date by notifying us of any changes to your contact details or preferences.

What types of Personal Data can we obtain about you?

Through the various services and contact channels described in this Privacy Policy, the following types of personal data concerning you may be collected under the conditions defined in this article III of the Privacy Policy («Personal Data»):

Identification data: Name, surname, e-mail, phone number, country and professional data

Email Communications: Occasionally, as part of the Services, We may send you email and other communications. Administrative communications related to your personal user area («Account») (for example, to recover or reset the Account password) are considered to be part of the services and of your Account, so you may not be able to cancel their reception. Please note that we will never send you an email asking for your password or any other Account information. If you receive it, please send it back to us.

Information relating to the use of the Services:

We collect information on how users use the services, including those with an Account. This type of information is collected in our log files whenever you interact with the services, for example to make a request. We have internal tools, as well as third-party applications and Services (such as Google Analytics) to collect and analyze this information. Some of this information could also be linked to the Internet Protocol address (“IP Address”) used to access the Services, or it could be collected and used only in aggregate form (such as statistical data that does not reveal any significance). In addition, your IP address is recorded every time you make a request from our website. This information about how you and others interact with the Services may be used for a variety of purposes, generally related to improving and protecting the Services, as well as the development of new Services.

The other purposes are as follows:

• provide personalized services to the user;
• improve our research results;
• prevent spam, malware and phishing, and keep our users and the community safe.

We may also use this information for legal or security reasons.

Web browser information:

We automatically receive and record information from your web browser when you interact with our products or services, such as browser type and version, type of device used, its operating system and version, the language set, the website or service from which you accessed our service, the date and time of each request made in our services, screen specifications and information about the cookies we have used in your web browser (as described in the «Cookies» page accessible at this link: https://www.twinny.es/cookies). Sometimes we also detect if you are using certain web browser extensions and store this information in association with your account. Information about the web browser is used for the provision of our services, as well as to improve them and maintain security.

Sales and customer service information:

Information on the purchase of our services, technical assistance, as well as complaints.

Special categories of personal data:

The special categories of personal data are data which reveal racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic personal data, biometric personal data for the purpose of identifying a natural person. Uniquely, personal data concerning health or personal data concerning the sex life or sexual orientation of a natural person.

These particular categories of personal data, which must be subject to special attention, are not processed by TWINNY, and in the event that their processing becomes necessary, TWINNY undertakes to process them under the conditions laid down by regulations relating to the protection of personal data.

It may happen that the data subject chooses to provide TWINNY with some of this information such as racial origin, sexual orientation or religious beliefs, in which case choosing to provide this information constitutes consent to their processing.

What is your Personal Data used for ?

We use your Personal Data for different purposes, which you will find detailed in Article IV of this Privacy Policy.

Customer service, promotions and advertising – to respond to inquiries and present offers

TWINNY collects your contact details, information about your preferences and information about the use of websites and communications.

TWINNY may share this information with advertising agencies to monitor your requests and present you with more specific offers. Likewise, TWINNY may use your Personal Data to develop individual customer profiles through statistical procedures. As a result of the profiling process, you may receive personalized communications based on your interests. Processing related to promotions and advertisements is carried out only when you have consented to it.

Compliance with legal and regulatory obligations – to comply with our legal obligations to fulfill information requirements issued by judicial bodies, regulatory and supervisory bodies, and state security forces and bodies

All those responsible for processing Personal Data are subject to the laws of the countries in which they operate, and are required to comply with them. These obligations include the communication, in certain circumstances, of some of the Personal Data to judicial bodies, regulatory or supervisory bodies, and State security forces and bodies. This processing of Personal Data is based on the existence for TWINNY of a legal obligation to collaborate with such organizations.

How do we protect your Personal Data?

To ensure the protection and maintain the security, integrity and availability of your Personal Data, we use various security measures. Although it is not possible to guarantee absolute protection against intrusions when transmitting Personal Data over the Internet or from a website, we, as well as our subcontractors and business partners, do everything possible to maintain physical, electronic and procedural protection measures in order to guarantee a level of protection of your Personal Data in accordance with the applicable legal requirements.

The measures used are as follows:

• limit access to your Personal Data to only people who should be aware of it in view of the tasks they perform;
• as a general rule, transfer the Personal Data collected in encrypted format;
• store the most sensitive Personal Data (such as passwords) only in an encrypted format;
• install perimeter protection systems for IT infrastructures (“firewalls”) to prevent unauthorized access, for example “hackers”;
• regularly monitor access to computer systems to detect and stop any misuse of Personal Data.

In cases we provided you (or you have chosen) a password which enables you to access certain parts of our websites or any other portal, application or service under our control, you are responsible for keeping it secrecy and to comply with any other security procedures that we advise you. You will not be able to share your password with anyone.

How long do we keep your Personal Data?

Your Personal Data will be kept for the time necessary to achieve the purpose for which they were collected. If your Personal Data is used for several purposes that require us to keep it for different periods of time, we will apply the longer retention period. In all cases, we limit access to your Personal Data only to people who need it for the performance of their duties. Our retention periods for Personal Data are based on the needs of the business, so with regard to Personal Data that is no longer required, access to it will be limited to compliance with strictly legal obligations or it will be safely destroyed.

Retention period of Personal Data collected for marketing purposes 

We will keep Personal Data collected for marketing purposes for three years from the date on which we last obtained your authorization to send you marketing communications, unless you ask us to exclude you by revoking consent given.

Retention period of Personal Data collected for the purpose of executing a contract

We keep Personal Data collected for the purpose of executing a contract for the purpose of managing any contractual obligation we have with you. We keep the Personal Data collected for this purpose for the duration of the contract and for the five years following the effective end of the contract, in order to be able to respond to any subsequent inquiries or complaints.

Retention period of Personal Data collected for purposes related to compliance with legal and regulatory obligations 

Certain Personal Data must be kept for the periods required by the specific applicable regulations (tax, commercial, anti-money laundering, etc.).

Who can we share your data with and how do we get it?

The Personal Data collected, as well as those which will be collected subsequently, are intended for TWINNY in its capacity as data controller. Certain Personal Data may be sent to third parties to meet legal, regulatory or contractual obligations or to legally empowered authorities. TWINNY may work with providers to provide the above products and services. We, as well as our subcontractors and business partners, make every effort to maintain the physical, electronic and procedural protection measures necessary to ensure the protection of your Personal Data in accordance with applicable data protection requirements. All of your Personal Data is stored on secure servers (or secure physical copies) owned by Us or our subcontractors or business partners, and to access and use it, our security criteria and policies (or other equivalents of our subcontractors or partners) apply.

Legal bases for the processing of Personal Data.

The use of your Personal Data under the conditions described above is authorized by European and national data protection regulations in accordance with the following legal bases:

• You have expressed your consent (a consent form has been presented to you to authorize the processing of your Personal Data for certain purposes; you can revoke the consent given at any time);
• he processing of your Personal Data is necessary for the management and maintenance of a contract signed with you;
• The processing of your Personal Data is necessary to comply with our legal obligations;
• We use your Personal Data to achieve a legitimate interest and our reasons for doing so outweigh any possible damage to your rights to the protection of your Personal Data;

There may be purposes that are permitted under other legal bases; in such cases, we will endeavor to identify the legal basis in question and will inform you as soon as possible as soon as we become aware of its existence.

How to contact us, what are your rights to protect your Personal Data and your right to lodge complaints with the data protection authority.

If you have any questions regarding our use of your information, the first thing you should do is contact our Personal Data Protection Officer («DPO») at the following email address privacy@twinny.es.

In addition, in accordance with the regulations concerning the processing of personal data, you have the rights listed below:

1. Right to information;
2. Right of access, rectification and right to erasure;
3. Right to data portability;
4. Right to limit and oppose data processing;
5. Right to revoke consent, in cases where data processing is conditional on consent, as well as for any direct marketing communication;
6. Right to object to any processing of your data – including profiling – which has a legitimate interest as a legal basis, unless our reasons for carrying out this processing outweigh any possible prejudice to your data protection rights;
7. Right to determine the fate of the data after death.

If you exercise one of these rights, we will check that you are really authorized to do so and we will respond to you within one month or within the maximum period provided for by national regulations, whichever is less.