PRIVACY POLICY
Through this privacy policy, BIOINFILE SL wishes to inform all individuals who browse and access the website https://www.bioinfile.com about the processing of personal data carried out. Access to the website does not require prior registration. Before submitting any information request through the contact form on this website, the user must accept the privacy policy in order to provide explicit and informed consent for the processing of data for the indicated purposes. BIOINFILE SL, in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as with Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, in the capacity of Data Controller of the provided personal data, provides you with the following information:
1. Data Controller
Controller: BIOINFILE SL – hereinafter referred to as BIOINFILE.
VAT ID: ESB56305949.
Email: admin@bioinfile.com.
2. DATA ENTRY FormS
On our website, there ARE a contact form , A SIGN-UP FORM AND OCCASIONALLY A DISPLAY PROMOTIONAL form. tHEY can be used to contact us electronically AND TO REGISTER FOR EMAIL UPDATES. we will receive and store the data entered on the input screen: Name and Email.
Purpose of processing
Manage the use of the functionalities made available through the Website, including responding to requests and/or inquiries made.
Legitimacy
The basis that legitimizes the processing of personal data, in the case of being a client, is the execution of a contract, pursuant to article 6.1.b) of the GDPR. The basis that legitimizes the processing of personal data is the consent granted by the interested party through the checkbox enabled for this purpose, pursuant to article 6.1.a) of the GDPR.
Retention period
Data will not be kept for longer than necessary for the purposes for which they were collected, except if there is a legal obligation.
Data communication
They will not be communicated to other third parties, except for legal obligation or with the express consent of the data subject.
International data transfers
No International Data Transfers are made to third countries outside the European Union.
3. Rights of the data Subject
When your personal data is processed, you will have the status of data subject within the meaning of the GDPR and, as such, you have the following rights vis-à-vis the data controller:
Right of access
You can ask the controller to confirm whether your personal data is being processed by them. If your data is being processed, you can ask the controller for information about: the purpose of the processing of personal data; the categories of personal data that will be processed; the recipients or categories of recipients to whom your personal data has been or will be disclosed; the period for which the personal data will be stored or, if that is not possible, the criteria used to determine this period; the existence of the right to rectify or erase personal data concerning you, the right to restrict the processing by the controller, or the right to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; all available information on the source of the data when personal data has not been obtained from the data subject; the existence of automated decision-making, including profiling, in accordance with Art. 22, paragraphs 1 and 4, of the GDPR, and at least in such cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether your personal data has been transferred to a third country or to an international organization. In this context, you can request to be informed under Article 46 of the GDPR regarding data transfers.
Right to rectification
If the personal data concerning you is inaccurate or incomplete, you have the right to have it rectified or completed by the data controller. The data controller shall carry out the rectification without undue delay. Right to restriction of processing The User may request the restriction of the processing of their personal data when one of the following conditions is met: If they contest the accuracy of their personal data for a period enabling the controller to verify the accuracy of the data; If the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead; If the controller no longer needs the personal data for the purposes of the processing, but the User requires them for the establishment, exercise, or defense of legal claims; If the User has objected to processing pursuant to Art. 21(1) of the GDPR, pending the verification whether the legitimate grounds of the controller override those of the User.
When the processing of personal data has been restricted, except for storage, such data shall only be processed with the User's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State. If processing has been restricted in accordance with the above conditions, the data subject shall be informed by the controller before the restriction is lifted.
Right to erasure
You can request the data controller to immediately erase your personal data, and they shall be obliged to erase such data without undue delay when one of the following circumstances applies: The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed. If the User withdraws consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR, and where there is no other legal ground for the processing. If the User objects to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the User objects to the processing pursuant to Art. 21(2) of the GDPR. The personal data has been unlawfully processed. The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. The personal data has been collected in relation to the offer of information society services referred to in Art. 8(1) of the GDPR.
If the data controller has made the personal data public and is obliged to erase it in accordance with Art. 17(1) of the GDPR, they shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the User has requested the erasure of any links to, or copy or replication of, those personal data. The right to erasure shall not apply to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) of the GDPR, insofar as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or for the establishment, exercise, or defense of legal claims.
Right to information
If you have exercised your right to rectification, erasure, or restriction of processing with the controller, they shall be obliged to inform all recipients to whom the personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. The User has the right to be informed about these recipients by the controller.
Right to data portability You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. Furthermore, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR or on a contract pursuant to Art. 6(1)(b) of the GDPR, and the processing is carried out by automated means.
In exercising this right, the User also has the right to have the personal data transmitted directly from one controller to another, where technically feasible. This must not adversely affect the freedoms and rights of others. This right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
The User has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them under Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The data controller shall cease processing the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the User or for the establishment, exercise, or defense of legal claims. If the processing of your personal data is carried out for direct marketing purposes, the User shall have the right to object at any time to the processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing. If the User objects to the processing for direct marketing purposes, their personal data shall no longer be processed for such purposes. The User has the option to exercise their right to object by automated means using technical specifications in relation to the use of information society services, notwithstanding Directive 2002/58/EC.
Right to withdraw consent regarding data protection
The User has the right to withdraw their consent regarding data protection at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision: is necessary for entering into or performance of a contract between the User and the data controller; is authorized by Union or Member State law to which the data controller is subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or is based on your explicit consent.
However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless Article 9(2)(a) or (b) of the GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place. With regard to the cases mentioned in points 1 and 3, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express your point of view, and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
4. Where can the User exercise the Rights?
The User can exercise their rights by sending an email to admin@bioinfile.com.
5. Is it mandatory to provide all the information requested in the contact section?
With regards to the forms on the Website, the User must complete those marked as 'required'. Failure to complete the required personal data, or doing so partially, may result in BIOINFILE being unable to fulfill their requests, and consequently, BIOINFILE shall be exempt from any liability for the non-provision or incomplete provision of the requested services. The personal data provided by the User to BIOINFILE must be current so that the information in the records is up-to-date and error-free. The User shall be responsible for the accuracy of the data provided.
6. What security measures has the company implemented?
BIOINFILE informs that the processing of personal data is carried out at all times in compliance with the applicable regulations on data protection and information society services.
BIOINFILE has implemented the necessary technical and organizational security measures to guarantee the security of the User's personal data and to prevent their alteration, loss, processing, and/or unauthorized access, in accordance with the state of the technology, the nature of the stored data, and the risks to which they are exposed, whether from human action or the physical or natural environment, in accordance with the provisions of current regulations.