Privacy Policy

Responsible for data processing: Identity: ARTIFICIAL INTELLIGENCE GLEAM - NIF: B90352808 Postal address: 25 REPUBLICA ARGENTINA AVE FLOOR 9, SEVILLE, SPAIN E-mail: hello@gleam.ai.

On behalf of the company, we treat the information you provide us in order to provide the requested service, billing and, in general, any task or action need to keep the service or the comercial relationship with you. The data provided will be kept as long as the commercial relationship is maintained or during the years necessary to comply with the legal obligations. The data will not be transferred to third parties except in cases where there is a legal obligation. You have the right to obtain a confirmation on whether GLEAM ARTIFICIAL INTELLIGENCE treat your personal data therefore you have the right to access your personal data, correct inaccurate data or request its deletion when the data is no longer necessary.

Identification of the affected information

For the execution of the benefits derived from the fulfillment of the object of this assignment, the entity GLEAM ARTIFICIAL INTELLIGENCE as responsible for the treatment, makes available to the CSF CONSULTING ABOGADOS Y ECONOMISTAS SL entity. the identification data of the potential and actual customers, contacts and, in general, all the personal data that Gleam Artifical Intelligence process.

Data processor responsible obligations

The person in charge of the treatment and all his personnel is obliged to:
-Use personal data subject to treatment, or those collected for inclusion, only for the purpose of this assignment. In no case may you use the data for your own purposes.
-Treat the data according to the instructions of the data processor responsible.
-Keep, in writing, a record of all categories of treatment activities carried out on behalf of the person in charge, which contains:
1) The name and contact information of the person in charge or those in charge and of each person responsible for which the person in charge acts and, where appropriate, the representative of the person in charge or the person in charge and the delegate of data protection.
2) The treatment categories carried out by the responsible party.
3) A general description of the appropriate technical and organizational safety measures that you are applying.
-Not communicate the data to third parties, unless you have the express authorization of the data processor responsible, in the legally admissible cases. If the manager wants to outsource, he has to inform the person in charge and request his prior authorization.
-Maintain the duty of secrecy regarding the personal data to which you have had access under this order, even after the contract ends.
-Guarantee that the persons authorized to process personal data commit themselves, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed accordingly.
-Maintain at the disposition of the responsible party the documentation proving compliance with the obligation established in the previous section.
-Guarantee the necessary training in terms of protection of personal data of the persons authorized to process personal data.
-When the affected persons exercise the rights of access, rectification, suppression and opposition, limitation of the treatment and portability of data before the person in charge of the treatment, this one must communicate it by email to the address indicated by the person in charge. The communication must be made immediately and in no case beyond the working day following the reception of the request, together with, where appropriate, other information that may be relevant to resolve the request.
-Notification of data security violations
The person in charge of the treatment will notify the person responsible for the treatment, without undue delay and through the e-mail address indicated by the person responsible, for any breach of the security of the personal data in his charge that he or she has knowledge of, together with all the information relevant for the documentation and communication of the incident.

At least the following information will be provided:
a)Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and approximate number of personal data records affected.
b)Contact person data to obtain more information.
c)Description of the possible consequences of the violation of the security of personal data. Description of the measures adopted or proposed to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
CSF CONSULTING LAWYERS AND ECONOMISTS SL, at the request of the responsible, will communicate in the shortest possible time the data security breaches to the interested parties, when it is probable that the violation supposes a high risk for the rights and freedoms of the people physical The communication must be done in a clear and simple language and must include the elements indicated in each case by the person responsible, at least:
a)The nature of the data breach.
b)Data from the point of contact of the person in charge or the manager where more information can be obtained.
c)Describe the possible consequences of the violation of the security of personal data. Describe the measures adopted or proposed by the data processor responsible to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
-Provide the responsible party with all the information necessary to demonstrate compliance with their obligations, as well as for the performance of audits or inspections carried out by the person in charge or by another auditor authorized by him.
-Implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the treatment systems and services.
-Destination of the data.
Return to the person responsible for the processing the personal data and, if applicable, the supports where they are recorded, once the service has been completed.
The return must involve the total erasure of the existing data in the computer equipment used by the person in charge.
However, the person in charge may keep a copy, with the data duly blocked, as long as responsibilities for the execution of the provision can be derived.

Obligations of the data processor responsible

Responsible for the treatment:
a)Deliver to the manager the necessary data so that he can provide the service.
b)Ensure, prior to and throughout the treatment, compliance with the GDPR by the person in charge.
c)Supervise the treatment.

Candidate data treatments

On behalf of the company we treat the information you provide us with in order to keep you informed of the different vacancies to a job that occur in our organization. The data provided will be kept until the award of a job or until you exercise your right of cancellation, therefore you have the right to access your personal data, correct inaccurate data or request its deletion when the data is no longer necessary. The data will not be transferred to third parties. "

Service companies

1. Purpose of the treatment request

By means of the present clauses, GOOGLE IRELAND LIMITED, as the processor in charge, is authorized to deal on behalf of GLEAM ARTIFICIAL INTELLIGENCE, as data processor responsible, with the personal data necessary to provide the service specified below. The treatment will consist of cloud hosting, email ...

2. Identification of the affected information

For the execution of the benefits derived from the fulfillment of the object of this assignment, the entity GLEAM ARTIFICIAL INTELLIGENCE as responsible for the treatment, makes available to the entity GOOGLE IRELAND LIMITED the information available in the computer equipment that supports the data processing performed by the person in charge.

3. Duration

Once the present contract ends, the person in charge of the treatment must return the person responsible for the personal data, and delete any copy that he keeps in his possession. However, you can keep the data blocked to address possible administrative or jurisdictional responsibilities.

4. Obligations of the treatment manager

The person in charge of the treatment and all his personnel is obliged to:
-Use the personal data to which you have access only for the purpose of this assignment. In no case may you use the data for your own purposes.
-Treat the data according to the instructions of the data processor responsible.
-If the data processor responsible considers that any of the instructions violates the GDPR or any other provision in terms of data protection, the person in charge will immediately inform the person responsible.
-Not communicate the data to third parties, unless you have the express authorization of the data processor responsible, in the legally admissible cases.
-Maintain the duty of secrecy regarding the personal data to which you have had access under this order, even after the contract ends.
-Guarantee that the persons authorized to process personal data commit themselves, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed accordingly.
-Maintain at the disposition of the responsible party the documentation proving compliance with the obligation established in the previous section.
-Guarantee the necessary training in terms of protection of personal data of the persons authorized to process personal data.
-Notification of data security violations.
The person in charge of the treatment will notify the person responsible for the treatment, without undue delay and through the e-mail address indicated by the person responsible, for any breach of the security of the personal data in his charge that he or she has knowledge of, together with all the information relevant for the documentation and communication of the incident.
At least the following information will be provided:
a)Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and approximate number of personal data records affected.
b)Contact person data to obtain more information.
c)Description of the possible consequences of the violation of the security of personal data. Description of the measures adopted or proposed to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
-Provide the responsible party with all the information necessary to demonstrate compliance with their obligations, as well as for the performance of audits or inspections carried out by the person in charge or by another auditor authorized by him.
-Assist the treatment manager to implement the necessary security measures to:
a) Guarantee the permanent confidentiality, integrity, availability and resilience of the treatment systems and services.
b) Restore the availability and access to personal data quickly, in case of physical or technical incident.
c) To verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
-Destination of the data
The data processor responsible will not keep personal data related to the manager's treatment unless it is strictly necessary for the provision of the service, and only for the time strictly necessary for its provision.

5. Obligations of the data processor responsible

Responsible for the treatment:
-Provide the manager with access to the equipment in order to provide the contracted service.
-Ensure, prior to and throughout the treatment, compliance with the GDPR by the person in charge.
-Supervise the treatment.

Registration of treatment activities

-Treatment: Clients
Purpose of the treatment:Management of the relationship with customers
Description of customer categories and personal data categories:
Customers:People with whom a business relationship is maintained as clients
Categories of personal data:
Those necessary for the maintenance of the commercial relationship. Send postal or email advertising, after-sales service and loyalty
Identification: name and surnames, NIF, postal address, telephone numbers, e-mail
Bank details: for direct debit payments
The categories of recipients to whom the personal data was communicated or communicated:
Tax administration
When possible, the deadlines set for the deletion of the different categories of data:
Those foreseen by the tax legislation regarding the prescription of responsibilities
-Treatment: Potential Customers
Purpose of the treatment:Management of the relationship with potential clients
-Description of the categories of potential customers and categories of personal data:
Potential customers:People with whom you want to maintain a commercial relationship as clients
-Categories of personal data:
Those necessary for the commercial promotion of the company
Identification: name and postal address, telephone, e-mail
-The categories of recipients to whom the personal data was communicated or communicated:
It is not contemplated
When possible, the deadlines set for the deletion of the different categories of data:
One year from the first contact
-Treatment: Employees
Purpose of the treatment:Management of the employment relationship with employees
-Description of employee categories and personal data categories:
-Employees:People who work for the person responsible for the treatment
-Categories of personal data:
Those necessary for the maintenance of the commercial relationship. Manage payroll, training
Identification: name, surnames, Social Security number, postal address, telephone numbers, e-mail
Personal characteristics: marital status, date and place of birth, age, sex, nationality and percentage of disability
Academic data
Professional data
Bank details, for direct payment of payroll
The categories of recipients to whom the personal data was communicated or communicated:
Labor management
When possible, the deadlines set for the deletion of the different categories of data:
Those foreseen by the fiscal and labor legislation regarding the prescription of responsibilities
-Treatment: Candidates
Purpose of the treatment:Management of the relationship with candidates for a job in the company
Description of the categories of candidates and categories of personal data:
Candidates:People who want to work for the person responsible for the treatment
Categories of personal data:
The necessary to manage the curriculum of possible future employees
Identification: name, surnames, postal address, telephone numbers, e-mail
Personal characteristics: marital status, date and place of birth, age, sex, nationality and others excluding data on race, health or union affiliation
Academic data
Professional data
The categories of recipients to whom the personal data was communicated or communicated:
It is not contemplated
When possible, the deadlines set for the deletion of the different categories of data:
One year since the presentation of the candidacy

Information of general interest

This document has been designed for the treatment of low risk personal data from which it can be inferred that it can not be used for the processing of personal data that includes personal data related to ethnic or racial origin, religious or philosophical political ideology, union affiliation, data genetic and biometric, health data, and data on sexual orientation of people as well as any other data treatment that entails high risk for the rights and freedoms of individuals.
Article 5.1.f of the General Data Protection Regulation (GDPR) determines the need to establish adequate security guarantees against unauthorized or illegal treatment, against the loss of personal data, destruction or accidental damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility (Article 5.2) to demonstrate that these measures have been implemented (proactive responsibility).

Organizational measures

All personnel with access to personal data must be aware of their obligations in relation to the processing of personal data and will be informed about these obligations. The minimum information that will be known by all the staff will be the following:
DUTY OF CONFIDENTIALITY AND SECRET
The access of unauthorized persons to personal data should be avoided, for this purpose it will be avoided: leaving personal data exposed to third parties (unattended electronic screens, paper documents in areas of public access, supports with personal data, etc.), this consideration includes the screens that are used for the visualization of images of the video-surveillance system. When you are absent from the workplace, the screen will be blocked or the session closed.
Paper documents and electronic media will be stored in a secure place (cupboards or restricted access rooms) 24 hours a day.
Documents or electronic media (cd, pen drives, hard drives, etc.) will not be discarded with personal data without guaranteeing their destruction.
Personal data or any personal information will not be communicated to third parties, special attention will be given in not divulging protected personal data during telephone consultations, emails, etc.
The duty of secrecy and confidentiality persists even when the worker's employment relationship with the company ends.
RIGHTS OF THE DATA HOLDERS
All workers will be informed about the procedure to address the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, reference to the Delegate of Data Protection if there is one, postal address, etc.). ) taking into account the following:
Upon presentation of their national identity document or passport, the holders of personal data (interested) may exercise their rights of access, rectification, deletion, opposition and portability. The person responsible for the treatment must respond to the interested parties without undue delay.
For the right of access, the interested parties will be provided with a list of the personal data they have available, along with the purpose for which they were collected, the identity of the recipients of the data, the conservation periods, and the identity of the person responsible. which can request the rectification suppression and opposition to the processing of the data.
For the rectification right will proceed to modify the data of the interested parties that were inaccurate or incomplete attending to the purposes of the treatment.
For the right of suppression the data of the interested parties will be suppressed when the interested ones express their refusal or opposition to the consent for the treatment of their data and there is no legal duty that prevents it.
For the portability right, the interested parties must communicate their decision and inform the person responsible, as the case may be, about the identity of the new responsible person to whom they provide their personal data.
The person responsible for the treatment must inform all persons with access to personal data about the terms of compliance to meet the rights of the interested parties, the manner and procedure in which said rights will be met.
SECURITY VIOLATIONS OF PERSONAL DATA
When security breaches occur PERSONAL DATA, such as theft or improper access to personal data will be notified to the Spanish Agency for Data Protection within 72 hours about these security violations, including all the information necessary for the clarification of the facts that would have given rise to improper access to personal data. The notification will be made by electronic means through the electronic headquarters of the Spanish Agency for Data Protection at the address: https://sedeagpd.gob.es .

Cookie policy

What is a cookie?

A cookie is a small text file that a website places on your PC, phone or any other device, with information about your browsing on that site. Cookies are necessary to facilitate navigation and make it more friendly, and do not damage your computer. Although the general term of cookie is used in this policy because it is the main method of information storage used by this website, the "Local Storage" space of the browser is also used for the same purposes as cookies. In this sense, all the information included in this section is equally applicable to this "Local storage".

Why are cookies used on this website?

Cookies are an essential part of how our website works. The main objective of our cookies is to improve your browsing experience. For example, to remember your preferences (language, country, etc.) during navigation and in future visits. The information collected in cookies also allows us to improve the website, through estimates of numbers and usage patterns, the adaptation of the website to the individual interests of users, the acceleration of searches, etc. Sometimes, if we have obtained your prior informed consent, we may use cookies, tags or other similar devices to obtain information that allows us to show you from our website, those of third parties, or any other means, advertising based on the analysis of your habits. Navigation.

Why are cookies NOT used on this website?

We do not store sensitive personal identification information such as your address, your password, etc., in the cookies we use.

Who uses the information stored in cookies?

The information stored in the cookies of our website is used exclusively by us, except for those identified below as "third-party cookies", which are used and managed by external entities to provide services requested by us to improve our services and the User experience when browsing our website. The main services for which these "third-party cookies" are used are the obtaining of access statistics and guaranteeing the payment transactions made.

How can I avoid the use of cookies on this website?

If you prefer to avoid the use of cookies on this page, taking into account the above limitations, you must first disable the use of cookies in your browser and, secondly, delete the cookies stored in your browser associated with this website. This possibility of avoiding the use of cookies can be carried out by you at any time. What specific cookies does this website use and for what purposes? Below is a table with the cookies used by this website together with the purpose of each of them. These cookies obtain generic information about the accesses of the users to the website (not to the content of the same) to provide us later with aggregate information of said accesses for statistical purposes.

TITLE OF COOKIES PURPOSE DURATION MANAGEMENT
Identification of the session Identify the user's http session. It is common in all web applications to identify requests from a user in a session. Session Own
Acceptance of the use of cookies Identify if the user has accepted the use of cookies on the web. Persistent Own
Google Analytics (third-party cookie) They allow you to track the website using the Google Analytics tool, which is a service provided by Google to obtain information on user access to websites. Some of the data saved for further analysis are: number of times a user visits the web, dates of the user's first and last visits, duration of visits, from which page the user accessed the web, which search engine used the user to get to the web or what link he clicked, from where the user accessed the site, etc. The configuration of these cookies is predetermined by the service offered by Google, so we suggest that you consult the privacy page of Google Analytics, http://www.google.com/intl/es/analytics/privacyoverview.html, to obtain more information about the cookies used and how to disable them (in the understanding that we are not responsible for the content or the veracity of third-party websites). Persistent Third-party

*NOTE: This information table will be updated as quickly as possible as the services offered on this website change. However, during this update, it could happen that the information box will no longer include any cookie, tag or other similar devices, although devices with purposes identical to those in this table will always be treated.