Last Updated 06/05/2022
– Our “Web sites”
- Situm Dashboard web panel (https://dashboard.situm.es).
- Situm Developers web (https://developers.situm.com)
– Our “APPs”:
- Situm Mapping Tool
- Situm Mapping Tool
- Situm Mapping Tool – No gyro
- Situm Industrial Mapping Tool
- Situm SOS
- Situm Maps PRE
- Situm MRM
- Situm MRM Mapping Tool
- APIs REST
- SDKs móviles
- Budgets and commercial information.
CONTROLLER OF THE DATA PROCESSING:
SITUM TECHNOLOGIES, S.L. (hereinafter “SITUM”, or “Data Controller”), with registered address at Emprendia Building, Campus Vida, Floor -1, 15782 (Santiago de Compostela) and Tax Identification Number B70401229, is responsible for processing the data provided by users through the Web.
You can contact SITUM by postal mail at the above address, by e-mail at firstname.lastname@example.org, or by telephone at +34 881 97 70 59.
DATA UNDERGOING PROCESSING:
a) Our APPS, SDKs y APIs Rest will have access to the following data from your device:
- Anonymized unique device identifier
- Detailed device model information
- Operating system, battery level
- Information about nearby items, included Wi-Fi and BLE signal data
- Information about the mobile network.
- Location Data.
- Identifying information of the App: name, version and package.
- Identifying information of Situm SDK, including application version number.
- Generated alarms.
b) Our Web sites will access to the following data from the Web panel:
- Email address and password.
- Operating system.
- Browser type and settings.
- Cookies, according to cookies policy of Data Processor (https://situm.es/es/cookies)
- Contact information provided by the user: name, encrypted password, surname, email, mobile number.
c) Our Web sites and SDKs will could also access to:
- Buildings cartography, included the location, dimensions, floor plans, points of interest, events and navigation routes.
- Information about user interactions with Situm Services, including device IP, accessed URLs, bug reports, system activity and exact time of access.
- Logos, styles, visual themes.
d) In case the user registers in Situm Dashboard and activates the module ”Workforce Tracking”, as if describes in our Master Sub scription Agreement (https://situm.com/assets/docs/situm-masteragreement.pdf).
- Name and surname of the Users created under the module.
- Historical relationship of devices to which each User has been associated and name assigned to each device.
- Organization to which each User belongs and role of the User as specified in the Platform.
- Start and end time of work shifts.
- Work patrols and compliance analytics
- Alarms generated by the Users, directly or indirectly.
PURPOSE OF DATA PROCESSING:
a) APPS USERS, WEBS, WEBs AND EMAIL CONTACTS:
The Data Controller will process the identification and contact data that the User provides through the contact form, registration forms and User accounts of the Websites or APPs, or when contacting the Data Controller via email, as well as other data abovementioned that the User includes when contacting for the following purposes:
- Sign in, access and use of the APP.
- Answer queries or requests.
- Manage the requested service, answer requests, or process requests.
- Inform by electronic means, concerning an application.
- Provide information to the Users about improvements and updates of Situm Services.
- Carry out analysis and improvements on the Webs about SITUM’s products and services.
- Improve the business strategy.
- Analyze user experience and troubleshoot incidents at our Website
- Proactive contact with SITUM in order to provide technical and commercial support.
SITUM will use the following processors for this treatment
– SITUM will use “Mailchimp” and “Office365” to send to the Users the communications related to the purposes above described. In this case, the User accepts: 1)the treatment carried out by Mailchimp as described in: https://mailchimp.com/legal/privacy/ ; and also 2) the treatment carried out by “Office 365” as described in: https://privacy.microsoft.com/es-es/privacystatement .
– “Leadfeeder” in order to provide a better service and experience to the user of our Web Site. In this case, the User accepts: 1) the treatment carried out by Leadfeeder as described at: https://www.leadfeeder.com/privacy/; 2) The Leadfeeder cookies policy, as described at https://www.leadfeeder.com/cookies-and-tracking.
Also, you are informed that LEADFEEDER’s data centres are located in Ireland for EU citizens. In the cases in which it is necessary to transfer personal data to the US, Leadfeeder will apply at their Data Processing Agreement the Standard Contractual Clauses (SCC) approved by the European Commission for data transfers between EU and non-EU countries.
In addition, SITUM can process the User contact data in order to provide technical support and commercial advice. In this case, the treatment is based on the rightful interests pursued by the Data Controller in order to engage in a commercial relationships or provide a satisfying experience to the users who have difficulties operating with the platform.
b) SDKs Y APIs REST
The User can access to SDKs and APIs REST functionalities that allow to download the platform information, the historic data of the localization or the cartographic information. We inform you by accessing to this functionality implies your give the consent of the processing with the purpose of fulfil the user requests.
Also SITUM provides SDKs and APIs REST that allows third parties to build their own apps. In this case, SITUM acts as Data Processor when a third part integrates at their app a Situm software module. In this case, SITUM is exempt from any kind of liability arising from the noncompliance of the current personal data protection regulations attributable to the Data Controller.
c) SOCIAL NETWORKS CONTACTS
The personal data available in the Social Networks profiles, as well as those that the User provides to the Data Controller when contacting him/her through this channel, will be treated with the purpose of:
- Answer the queries or requests.
- Manage service, reply to the request, or process a request.
- Establish a user-Data Controller relationship, and create a community of followers.
In this case, the processing is based on the acceptance of a contractual relationship in the social network environment that applies, and in accordance with its privacy policies, so SITUM recommend you the prior consultation.
SITUM will only be able to consult or cancel the data in a restricted way as it has a specific profile. These data will be treated as long as the user allows it through the different interactions that each social network allows. The User must make any rectification of the data or restriction of information or publications through the configuration of his/her profile in the social network.
d) JOB SEEKERS / INTERNSHIPS
In the “CAREER” section, SITUM provides the user with the e-mail address email@example.com created to manage recruitment processes. The Data Controller treats the received data, both identification and contact data, as well as those that are contained in the CV provided by the applicant, for the following purposes:
- Organization of recruitment processes for the hiring of new employees.
- Appointment for job interviews and evaluation of applications.
The legal basis for such treatment is the consent of the candidate by submitting the CV. Situm will process to safe destruction after one year from the receipt. Once this period has elapsed, the applicant who continues interested shall forward the updated CV.
SITUM grants the possibility to subscribe to the SITUM Newsletter. The purpose of the treatment is to send the Newsletter. The User that selects the checkbox and indicates an email, gives its consent for the processing by receiving the related information. The express consent of the User is the legal basis for the processing, keeping this data as long as the interested party remain subscribed to SITUM newsletter. The User can unsubscribe and stop receiving our emails at any time and also exercise the rights recognized at GDPR and described at the following clauses.
F) WEBINARS AND ONLINE EVENTS:
Rights of the User:
The GDPR recognizes that the User has several rights, which SITUM as Data Controller is obliged to guarantee the following rigths:
- Information: to know if your data is being processed or not.
- Access: to access the personal data object of the treatment.
- Rectification: request a rectification of the data if it is are inaccurate.
- Withdraw consent: request the deletion of the data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent granted.
- Restrict Processing: request the limitation of the data processing, in some cases, in which case it will only be conserved in accordance with current regulations.
- Portability: the portability of the data, which will be provided in a structured, commonly used or machine-readable format; or they may be sent to the new designated Responsible. It is only valid under certain circumstances.
- Complain: File a claim with the Spanish Data Protection Agency or competent control authority.
In order to facilitate the process, and comply with the principle of accuracy of the data, if any data is modified, the Data Controller appreciates the User communicates that modification.
In order to exercise the aforementioned rights, the User can request a form at firstname.lastname@example.org, or use those provided by the Spanish Data Protection Agency or an authorized third party. These forms must be signed electronically and accompanied by a copy of ID card or passport in force. The user could send these forms by mail to email@example.com or postal mail at the address of the Data Controller indicated at the beginning of this text.
Depending on the exercised right, SITUM will take a maximum of one month from the date of receipt the request to reply, and two months if the subject is very complex, in which case the User will be previously notified. In any event, SITUM will adopt the necessary measures to preserve the rightful interests of the User.
Processing of third party data
As a general rule, the Data Controller will only process the data provided by its owners. In the event of receiving data from third parties, such Users must first be informed and asked for their consent. SITUM will be exempt from any liability for incompliances with this requirement.
Data of Minors
SITUM will not process data from minors under 14 years of age. Therefore, the User must refrain from providing them if he or she is under that age or, if applicable, from providing data from third parties under that age. SITUM denies any liability due to failure to comply with this requirement by the User.
Commercial communications by electronic means
If you give your express consent by checking the appropriate checkbox, SITUM will send commercial communications to the email address provided by the User. The Data Controller will store the email in the database, and will send emails until the User requests the cancellation, an option that will be available in any communication. The purposes of this particular processing are as follows:
- Management the requested service.
- Information by electronic means related to the application.
- Commercial or events information.
- Perform analysis and improvements in the delivery of emails, in order to improve commercial strategy.
Security measures we apply
SITUM has adopted an optimal level of information security, adopting the appropriate technical and organizational measures according to the state of technology to avoid the loss, misuse, alteration, unauthorized access or subtraction of Personal Data.
Communication to third parties
SITUM don’t disclosure your personal data to third parties, except in the cases stated below:
- Legal obligation.
- Court injunction
- Public authorities, banks and financial entities for the collection of the service provided or product purchased; – Data Processors or Subprocessors in the extent necessary for the provision of the service, whom will have signed a contract for the provision of services that requires them to maintain the same level of privacy as the Data Controller in compliance with the GDPR. You can find a list of the Subprocessors used by SITUM in the Annex II of our Master Sub scription Agreement (https://situm.es/assets/docs/situm-masteragreement.pdf).
We inform you that your data may be processed by the Treatment Managers listed in Annex D of our MSA.
International Transfer of Personal Data.
Personal data about you may be transferred and processed on severs or computers located outside of the European Unión/European Economic Area. Safeguards measures under the GDPR are applied to the transfer.
Conservation of personal data
Personal data will be kept at the SITUM systems while the User are willing to use the services provide by SITUM. Once the User decide to withdraw his/her consent, the data processed for each purpose will be maintained anonymized during the legally stipulated deadlines, including the period in which judicial authorities may request them, taking into account the limitation period for legal actions.
The data processed will be maintained as long as the aforementioned legal deadlines do not expire, if there is a legal maintenance obligation, or if the legal term does not exist, until the interested party requests their suppression or revocation of the consent granted.
SITUM will keep all the information and communications related to the provision of the service, while the guarantees of the products or services last, to attend to possible claims.
Situm informs you that, as a service provider of data hosting and in accordance to 34/2002 Law, from 11th july, of Information Society Services and E-commerce (LSSI), will retain for a maximum period of 12 months the essential information to identify the origin of the storage data and the starting date of the service provided. This retention aims to compliance with legal obligations which may arisen from the relationship with the User.
Modification and updated