Privacy and Cookie Policy
PRIVACY AND COOKIES POLICY – MYINDIBA AND ONLINE SHOP
The following Privacy and Cookies Policy outlines our procedures and terms regarding the handling of your personal data and the use of cookies within the “MyIndiba” mobile application (“MyIndiba” or the “App“) and, where applicable, our online shop (the “Online Shop“). The term “Platform” in this document encompasses both the App and the Online Shop and is hereby interchangeable.
- Normative References
- “GDPR“: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
- “LOPDgdd“: Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights.
- “LSSI“: Spanish Law 34/2002, of 11 July, on information society services and electronic commerce.
- Data Controller and Contact Details
|
Company name |
INDIBA S.A.U. (“Indiba“) |
|
Address |
C/ Moianès, nº 13, Pol. Ind. Can Casablanques, 08192 – Sant Quirze del Vallès (Barcelona) |
|
VAT NUMBER |
A08788804 |
|
|
- Source and Categories of Data
- We will process the data you provide us through the “registration” form on the Platform, and other forms provided, for example, forms in the “support” section. Such data will consist, for example, of your name and surname, city of residence, country, profession, INDIBA device purchase point of sale, serial number of the device purchased, date of birth, gender, and profile picture. Mandatory data will be identified as such.
- In addition to such data, we may process other personal data that you provide to us, or that is generated in the course of our communications, including the provision of our services or the purchase of our products.
- Means of payment that are enabled or that will be enabled in the future on the Platform will be managed through a payment gateway that complies with market security standards.
- Finally, please note that by providing us with your data, you guarantee its truthfulness and/or accuracy. Consequently, you will be liable for any false or inaccurate statements you make, as well as for any damage caused to Indiba or third parties as a result of the data you have provided.
- Purpose and Legitimacy of Processing Data
|
Purpose |
Legal basis |
|
To provide you with services
To provide you with the services you request from the App, including support services, and to respond to your requests for information. |
Art. 6.1.(b) GDPR
There is a need to offer and provide you with such services or provide you with such information as you may request. Further information can be found in the Terms and Conditions of Use and Sale. |
|
To sell you our products
To carry out the commercial transactions that you request from us through the Online Store, as well as to attend to your requests for information in this regard, such as, for example, support. |
Art. 6.1.(b) GDPR
There is a need to offer you our products and the sales thereof, as well as to provide you with the information you request in this regard. Further information can be found in the Terms and Conditions of Use and Sale. |
|
Profiles
We will carry out User profiling to adapt the content of the Platform to the type of profession held by each User. Such profiling will in no case have a significant impact on the User. |
Art. 6.1.(f) GDPR
There is a legitimate interest in adapting our services and content to each customer insofar as these are based on each User’s profile. For example, a medical professional will be provided with different content than an aesthetic professional for reasons such as the medical professional’s need to apply medical procedures. |
|
Legal obligations
We will process your data to fulfill our legal obligations (tax, accounting, detection of money laundering, notification of medical incidents or adverse events, etc.), as well as to fulfill your rights. |
Art. 6.1. (c) GDPR
The need to fulfill our obligations and enable the exercise of the User’s rights. |
|
Marketing
To send you electronic commercial communications and newsletters. Please note that you may object at any time by sending an e-mail to [email protected] or by following the instructions contained in each communication. |
Art. 21 LSSI and/or Art. 6.1. (a) RGPD
If you are a customer, we will rely on Art. 21 LSSI to send you information by digital means about our services, products, and news. If you are not a customer, we will only send you this information if you give us your consent or request to register for our newsletter. |
- Data Retention
- We will retain your data for the duration of our relationship to manage it properly and send you marketing information of interest to you. However, if we notice a prolonged period of inactivity, we will delete your data to the extent that the processing is no longer adequate, relevant, and necessary for the purposes intended for the processing. This rule applies unless you expressly request us to delete or retain your data.
- Once the processing of your data is no longer adequate, relevant, and limited to what is necessary for the purposes for which it is processed, we will keep your data safe and properly blocked and use it only for the purpose of meeting potential liabilities, as required by law.
- Finally, we inform you that we will take all reasonable steps to ensure that your data is rectified or deleted when it is inaccurate.
- Automated Decisions
- We will not make individual decisions based solely on automated processing that produce legal effects on you or significantly affect you in a similar way.
- Addressees
- As a general rule, we will not disclose your data to third parties. However, in certain cases, we may need to disclose your data to the following:
- Group companies: Your professional data may be shared with other Indiba Group companies for internal administrative purposes (in your case, we would rely on legitimate interest).
- Suppliers: Access to your personal data will be granted to those suppliers who need such access to provide their services to us, such as data managers, IT or cloud providers or hosting providers, CRM providers, partners, telecommunications providers, data verification service providers, or customer service providers. These third parties will act as our (sub)processors and will have in place appropriate safeguards to protect your personal information, including the relevant data processing contract in accordance with Art. 28 GDPR.
- Other: We will share your personal data with third parties if we are required to do so by law, by an administrative or judicial authority or in the public interest, or for public order, for example, to comply with anti-money laundering and anti-terrorism regulations, tax obligations or social security obligations.
- In addition, please note that we may also share your information if we believe it is reasonably necessary to enforce our legal terms or to protect our operations or Users. Furthermore, in the event of a business restructuring, we may transfer all of your personal information to the third party resulting from such a transaction.
- International Transfers
- We do not carry out international data transfers. However, as is now commonplace, many IT providers have their servers outside the European Economic Area (EEA). It is, therefore, possible that some of our suppliers may be located outside the EEA. In this case, and only where strictly necessary to operate the Platform, we will make international transfers.
- In any case, we would like to inform you that, with all these suppliers, we have or will enter into such documents as may be necessary to ensure that they provide adequate safeguards equivalent to those in the EU for such international transfers.
- Rights
- What rights do you have?
As provided for in the GDPR and the LOPDgdd, we inform you that you have the following rights:
- Access: You have the right to access your data to find out what personal data we are processing that concerns you.
- Rectification or erasure: In certain circumstances, you have the right to rectify inaccurate personal data concerning you, which is processed by us or to ask us to erase it.
- Limitation: In certain circumstances, you will have the right to ask us to limit the processing of your data, in which case we inform you that we will only keep it for the exercise or defense of claims.
- Portability: In certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transfer it to another data controller.
- Objection: In certain circumstances and for reasons related to your particular situation, you will have the right to object to the processing of your data, in which case, we would stop processing them except for compelling legitimate reasons or for the exercise or defense of possible claims. You may object to receiving commercial communications at any time.
- How can you exercise your rights?
You may exercise your rights at any time by contacting Indiba as indicated in Section 2, indicating “Privacy” in the subject line. In order to verify your identity, we may require you to submit certain additional information or documentation to verify your identity if there is any doubt as to your identity.
The exercise of these rights is free of charge. However, please note that a fee may be charged when requests are unfounded, excessive, or repetitive.
- Do you have the right to withdraw your consent?
Yes, you may at any time withdraw your consent to the processing of your data for one, several, or all of the above purposes, which are based on your consent to their processing. Please note that, in certain cases, this may affect the normal provision of services and/or sale of products.
- Do you have the right to complain?
Yes, at any time you can complain to the competent control authority according to your place of residence. In the case of Spain, the Spanish Data Protection Agency (AEPD). You can consult the different control authorities by contacting us..
In any case, before initiating any complaint, please contact us by e-mail ([email protected]) in order to try to resolve any discrepancy or dispute amicably.
- How long will it take to get back to you?
We will respond to your requests as soon as possible and, in any case, within one month. If this is not the case, we apologize and ask you to contact us again so that we can attend to you and correct any technical errors that may have prevented us from responding within the deadline.
- Cookies
- The purpose of this policy is to inform you clearly and precisely about the cookies we use.
- A cookie is a small text file that is installed on the computer or mobile device of Users visiting a particular website, app, or similar platform.
- Cookies make it possible for a website, digital platform, or mobile application to remember the User’s actions and preferences (login ID, password, language, font size, and other display preferences) so that the User does not have to reconfigure them upon every visit. Cookies are differentiated between own and third-party cookies, as well as between technical cookies (allows the User to browse), preference or personalization cookies (allows information to be remembered), analysis or measurement cookies (allows monitoring and analysis), and behavioral advertising cookies (allows a specific profile to be developed to display advertising based on the same), as well as session cookies and persistent cookies depending on the length of time spent.
- We use the following cookies from the App, which vary depending on whether the App interacts with our website www.indiba.com:
|
APP COOKIES WHEN NOT INTERACTING WITH OUR WEBSITE |
|||
|
Cookie |
Own / From third parties |
Purpose |
Session / Persistent |
|
_ga_Y8PYL7K6BL |
Third party: Google Analytics |
User activity analysis: This cookie is used to distinguish users. |
Persistent: 24 months |
|
_ga_7N097RMFCW |
Third party: Google Analytics |
User activity analysis: This cookie is used to distinguish users. |
Persistent: 24 months |
|
_ga |
Google Analytics |
User activity analysis: This cookie is used to distinguish users. |
Persistent: 24 months |
|
auth-token |
Technical: This cookie is used as the authorization cookie for calls to access the back-end. |
Session |
|
|
auth-token |
Technical: This cookie is used to display user data in the profile section and show the App information. |
Session |
|
|
data-expired-date |
Technical: This cookie is used to refresh user data. |
Session |
|
|
APP COOKIES WHEN INTERACTING WITH OUR WEBSITE |
|||
|
Cookie |
Own / From third parties |
Purpose |
Session / Persistent |
|
wordpress_test_cookie |
Own |
This cookie is used to prove that your browser accepts cookies. |
Session |
|
wordpress_sec_{hash} |
Own |
This cookie is used to store authentication details for the WordPress administration area. |
Session |
|
wordpress_logged_in_{hash} |
Own |
This cookie is used as another authentication cookie for the WordPress administration area. |
Session |
|
wp-settings-1 |
Own |
This cookie is used to customize the interface and operation of the WordPress administration area. |
1 year |
|
wp-settings-time-1 |
Own |
This cookie is used to customize the interface and operation of the WordPress administration area. |
1 year |
|
PHPSESSID |
Own |
This cookie is used to identify a user’s session on the website. |
Session |
|
cf_clearance |
Third party / Cloudflare |
This cookie is used for human verification when accessing the WordPress administration area. |
1 year |
|
_ga |
Third party / Google Analytics |
This cookie is used to differentiate users. |
2 years |
|
_ga_HZP3TS93Q4 |
Third party / Google Analytics |
This cookie is used to maintain the status of the session. |
2 years |
|
_gid |
Third party / Google Analytics |
This cookie is used to store and count the pages viewed. |
1 day |
|
_gcl_au |
Third party / Google Adsense |
This cookie is used to store and track conversions. |
3 months |
|
_gat_{id} |
Third party / Google Analytics |
This cookie is used to read ad filter requests from bots. |
1 minute |
|
__hs_opt_out |
Third party / HubSpot |
This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again. |
6 months |
|
__hs_do_not_track |
Third party / HubSpot |
This cookie is used to set up a system to prevent the tracking code from sending information to HubSpot. |
6 months |
|
__hs_initial_opt_in |
Third party / HubSpot |
This cookie is used to prevent the banner from always being displayed when visitors are browsing in Strict Mode. |
7 days |
|
__hs_cookie_cat_pref |
Third party / HubSpot |
This cookie is used to record the categories to which a visitor has consented. |
6 months |
|
hs_ab_test |
Third party / HubSpot |
This cookie is used to offer visitors the same version of an A/B test page that they have seen before. |
Session |
|
{id}_key |
Third party / HubSpot |
This cookie is used when a user is visiting a password-protected page. This cookie is set so that future visits to the page from the same browser do not require logging in again. |
14 days |
|
hs-messages-is-open |
Third party / HubSpot |
This cookie is used to determine and store whether the chat widget is open for future visits. |
30 minutes |
|
hs-messages-hide- welcome-message |
Third party / HubSpot |
This cookie is used to prevent the chat widget welcome message from reappearing for a day after it has been dismissed. |
1 day |
|
__hsmem |
Third party / HubSpot |
This cookie is used to record when visitors log in to a site hosted by HubSpot. |
7 days |
|
hs-membership-csrf |
Third party / HubSpot |
This cookie is used to ensure that content membership logins cannot be forged. |
Session |
|
hs_langswitcher_choice |
Third party / HubSpot |
This cookie is used to store the language choice selected by a visitor when viewing pages in multiple languages. |
2 years |
|
__cfruid |
Third party / HubSpot |
This cookie is set by HubSpot’s CDN provider due to its rate- limiting policies. It expires at the end of the session. |
Session |
|
__cf_bm |
Third party / HubSpot |
This cookie is set by HubSpot’s CDN provider and is a necessary cookie for bot protection. |
30 minutes |
|
__hstc |
Third party / HubSpot |
This is the main cookie for visitor tracking. |
6 months |
|
hubspotutk |
Third party / HubSpot |
This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when de-duplicating contacts. |
6 months |
|
__hssc |
Third party / HubSpot |
This cookie keeps track of sessions. |
30 minutes |
|
__hssrc |
Third party / HubSpot |
This cookie is used each time HubSpot changes the session cookie; this cookie is also set to determine whether the visitor has restarted their browser. |
Session |
|
messagesUtk |
Third party / HubSpot |
This cookie is used to recognize visitors who chat with you through the chatflows tool. If the visitor leaves the site before being added as a contact, they will have this cookie associated with their browser. |
6 months |
|
_hjSessionUser_{id} |
From third parties / Hotjar |
This cookie is used to identify the user’s session on the website. |
1 year |
|
_hjFirstSeen |
From third parties / Hotjar |
This cookie identifies the first session of a new user. |
30 minutes |
|
_hjHasCachedUserAttributes |
From third parties / Hotjar |
This cookie allows Hotjar to know whether the dataset in the local storage element _hjUserAttributes is up to date or not. |
Session |
|
_hjUserAttributesHash |
From third parties / Hotjar |
This cookie allows Hotjar to know when a user attribute has changed and needs to be updated. |
2 minutes |
|
_hjSession_{id} |
From third parties / Hotjar |
This cookie contains the data of the current session. |
30 minutes |
|
_hjSessionTooLarge |
From third parties / Hotjar |
This cookie stops Hotjar from collecting data if a session becomes too long. |
Session |
|
_hjSessionResumed |
From third parties / Hotjar |
This cookie is set when a session/recording reconnects to the Hotjar servers after a connection break. |
Session |
|
_hjCookieTest |
From third parties / Hotjar |
This cookie checks if the Hotjar Tracking Code can be used. |
Session |
|
_hjLocalStorageTest |
From third parties / Hotjar |
This cookie checks if the Hotjar tracking code can be used for local storage. |
Session |
|
_hjSessionStorageTest |
From third parties / Hotjar |
This cookie checks if the Hotjar tracking code can be used in session storage. |
Session |
|
_hjIncludedInPageviewSample |
From third parties / Hotjar |
This cookie is configured to determine whether a user is included in the data sampling defined by the page view limit. |
2 minutes |
|
_hjIncludedInSessionSample_{id} |
From third parties / Hotjar |
This cookie is configured to determine whether a user is included in the data sampling defined by the daily session limit. |
2 minutes |
|
_hjAbsoluteSessionInProgress |
From third parties / Hotjar |
This cookie is used to detect a user’s first page visit session. |
30 minutes |
|
_hjTLDTest |
From third parties / Hotjar |
This cookie is used by Hotjar to store the _hjTLDTest cookie for different URL substring alternatives until it fails. |
Session |
|
_hjClosedSurveyInvites |
From third parties / Hotjar |
This cookie is set when a user interacts with a Link Survey invitation modal. |
1 year |
|
_hjDonePolls |
From third parties / Hotjar |
This cookie is established when a user completes an on-site survey. |
1 year |
|
_hjMinimizedPolls |
From third parties / Hotjar |
This cookie is established when a user minimizes an on-site survey. |
1 year |
|
_hjShpropiaFeedbackMessage |
From third parties / Hotjar |
This cookie is set when a user minimizes or completes a comment widget. |
1 year |
|
ln_or |
From third parties / LinkedIn |
This cookie is used to determine whether Oribi analysis can be carried out in a specific domain. |
1 year |
|
_fbp |
Third Party / Target |
This cookie is used with Facebook tracking pixel. |
3 months |
- Similarly, we will inform you about the cookies of the Online Shop when it is operational.
- You can accept, block, or delete the cookies installed on your device by configuring the options offered by your device. However, this may affect the operation of the Platform, making the user experience less satisfactory or even preventing the use of the Platform.
- Finally, you can find more information about cookies in this Guide https://www.aepd.es/es/documento/guia-cookies.pdf .
- Modification
- Indiba reserves the right to modify this Privacy Policy in accordance with the Terms and Conditions of Use and Sale.