In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and current data protection legislation, we hereby inform you that the Data Controller of your data is DIGITAL COLLECTIVE TOKENS, SL, holder of Tax Identification Number B04990115, whose headquarters is Calle Violetes, 32 (08197), Sant Cugat del Vallès (Barcelona) registered in the Commercial Register of Barcelona, Volume 47,777, Folio 183, Page B-561934 (hereinafter "frameit", "Company", "we" o "us") and e-mail i [email protected].

The purpose herein is to provide information on how frameit processes your personal data in accordance with current Personal Data Protection legislation, specifically Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of such Data (hereinafter, "GDPR") and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, "LGPDGDD").”).

I. Purposes of processing

Why do we process your data?

The Data Controller shall process your data, in a fair and transparent manner, whether by automated or non-automated means, for the following specified and explicit purposes:

To provide you with our services: We use your Personal Data to provide our Services to you in accordance with our Terms of Use.
To comply with legal and regulatory requirements: We process your personal data as required by applicable laws and regulations.
To detect and prevent fraud: We process your personal data to detect and prevent fraud on your account, which is of particular importance given the irreversible nature of cryptocurrency transactions.
To protect the security and integrity of our Services: We use your personal data, including data with regard to your device and your activity on frameit to safeguard the security of your account and the frameit platform.
To provide customer support: We process your personal data when you contact our support team with questions or problems you may be experiencing with your account.
Marketing our products: We may contact you with information about our Services. We will only do so with your permission, which may be revoked at any time.
Other commercial purposes: We may use your personal data for additional purposes if that purpose is disclosed to you prior to collecting the data and if we obtain your express consent.

II.- Legal basis

What is the legal basis for processing your data?

The legal basis is as follows:

Execution of an employment contract with employees and for business relations with customers and suppliers.
Application of pre-contractual measures for business relations with potential customers.
Express consent as part of the selection process of candidates applying for a job in the company, sending satisfaction surveys, newsletters and invitations to meetings, conventions, conferences as well as commercial and corporate events.
Legitimate interest of the Data Controller in responding to enquiries made through the Website enquiry form.
Compliance with legal obligations
Public interest to ensure the safety of persons, property and installations.

III. Recipients

Who may we disclose your data to?

Personal data may be transferred/communicated to the following recipients:

Competent public bodies, Tax and Social Security Agencies, Courts and Tribunals when so required by tax, labour, commercial, corporate, Social Security or any other applicable regulations.
Companies responsible for data processing, such as suppliers that provide services to the Data Controller (hosting companies, web platforms, payroll, occupational risk prevention, sending of communications, etc,).

Will your data be transferred internationally?

frameit operates systems outside Europe. As a result, we may transfer personal data from Europe to third countries outside Europe under the following conditions:

Contractual obligation: where transfers are necessary to meet our obligation to you pursuant to our Terms of Use, including to provide you with our Services and customer services, and to optimise and improve frameit;
Consent: where you have given us permission to transfer your personal data to a third country.

When you have given us your prior consent to transfer to a third country, you may withdraw your consent at any time. However, please be aware that our services may not be available if we are unable to transfer personal data to third countries.

When we transfer personal data to third countries, we strive to ensure that appropriate safeguards are put in place, for example, through the use of standard contractual clauses or Privacy Shield certification.

IV. Data retention period

How long do we keep your data?

In accordance with the principle of minimisation and limitation of the retention period, the personal data provided shall be kept for a period of time not longer than necessary to fulfill the specific purpose and/or purposes for which they are collected and for as long as the business or employment relationship is maintained.

Once the relationship has come to an end, the data shall be kept for the appropriate period of time in order to comply with the statute of limitations for possible data protection infringements, as well as the statute of limitations periods pursuant to other applicable legislation, although duly blocked before destruction.

The CVs you provide shall be destroyed if they do not match the profiles sought by the Data Controller, or shall be kept for a maximum of one year, in case the Data Controller deems that you may be of potential interest vis-à-vis future selection processes for the company or a client. In this case, you would be informed and consent would be requested at the appropriate time.

V. Rights of data subjects

What are your rights upon providing us with your data?

We hereby inform you that you have the following rights:

Right to request access to your personal data.
The right to request rectification if the data is inaccurate, or to complete data that is incomplete.
Right to request deletion of personal data
Right to request the restriction of the processing of your personal data.
Right to request the portability of your personal data.
Right to object to the processing of your personal data.
Right to request not to be subject to a decision based solely on automated processing of your personal data.
Right to withdraw consent.

You may exercise these rights at any time and free of charge by sending a written communication to the company “DIGITAL COLLECTIVE TOKENS, SL.”, holder of Tax Identification Number B04990115, whose headquarters is Calle Violetes, 32 (08197), Sant Cugat del Vallès (Barcelona) or by sending an e-mail to the following address: [email protected], in both cases including a photocopy of your ID card or other equivalent electronic identification document.

You may use the templates and forms on the rights referred to in the previous point on the official website of the Spanish Data Protection Agency (http://www.agpd.es/portalwebAGPD/CanalDelCiudadano/ejercicio_derechos/index-ides-idphp.php).

On the other hand, if you deem that the Data Controller has processed your personal data inappropriately, you may file a complaint before the Data Controller or the corresponding Supervisory Authority. In Spain, you should address your complaint to the Spanish Data Protection Agency.

VI. Links to other websites

There are links on the Website to other websites that we believe may be potentially useful and of interest to you. However, please be aware that we do not endorse the content or services of such websites and are not responsible for the privacy policies of such websites. We urge you to review the privacy policies of all websites you visit. Please note that this Privacy Policy only applies to data collected and/or processed by the Data Controller.

VII. Security measures

Taking into account the nature, scope, context and purposes of the processing as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures in order to ensure the integrity, confidentiality and availability and to be able to demonstrate that the processing is carried out in accordance with the GDPR and the LOPDGDD, as well as to prevent any security breach leading to the accidental or unlawful destruction, loss or alteration of, unauthorised disclosure of or access to, personal data transmitted, stored or otherwise processed.

However, you are hereby warned and informed that technical measures are neither infallible nor impregnable, and for this reason, the Data Controller cannot be held liable for such practices or the consequences thereof, in particular, for the presence of viruses or other elements or for damages that may derive from the presence of viruses, the connection or downloading of content from the Website that cause alterations in computer systems (hardware and software).

VIII. Information about cookies

Cookies are files that are downloaded to your computer or terminal when you access our website. Cookies allow us, among other things, to store and retrieve information about a user's browsing habits or their device and, depending on the information they contain and the way they use their device, they can be used to recognise the user.

IX. How we use cookies

DIGITAL COLLECTIVE TOKENS, SL may use first-party or third-party cookies on this website.

The cookies used by www.frameit.io, or the third party acting on its behalf, are only associated with an anonymous user and their computer, and do not provide us with the user's personal data.

By using cookies, the www.frameit.io server or that of any third-party acting on its behalf, may recognise the browser of the device used by the user in order to make browsing easier, allowing, for example, access to users who have previously registered, access to areas, services, promotions or competitions reserved exclusively for them without having to register every time the website is visited. They are also used to measure the audience and traffic parameters, monitor progress and number of people logging on.

Similarly, the www.frameit.io web servers will be able to automatically detect the IP address and domain name used by the user. All this information is recorded in a server activity file that allows the subsequent processing of the data in order to obtain statistical measurements that make it possible to ascertain the number of views, the number of visits made to the web services, etc. In any case, this file is subjected to dissociation processes that prevent the identification of the user's device.

X. Types of cookies we use

First-party cookies: These are cookies that we send to your computer or terminal from our website. We use them with a view to managing the sessions of logged-in users and to be able to carry out transactions in a secure and anonymous way in the purchase of trips.
Third-party cookies: These are cookies that are sent to your computer or terminal from a domain or website that is not managed by us, but by another entity that processes the data obtained through the cookies.
Session cookies: These are a type of cookie designed to collect and store data while you browse our website.
Technical cookies: These are strictly necessary for the use of the website and for the provision of the contracted service.
Persistent cookies: These are a type of cookie in which the data remains stored in the terminal and can be accessed and processed for a certain period of time, which can range from a few minutes to several years.
Analysis cookies: These are cookies that are either processed by us or by third parties and allow us to quantify the number of users and conduct the measurement and statistical analysis of how users use our website. To do this, we analyse browsing habits on our website with a view to improving the range of products or services we offer.
Personalisation cookies: These cookies allow the user to specify or customise some features of the general options of the website, for example, set the language, regional settings or browser type.
We use Google Analytics to collect information anonymously and report website trends without identifying individual users. In this way, our website remembers information that changes the way the website looks or behaves, such as your preferred language or the region you are in. Google is the provider of this cookie.
We use Heap to collect information anonymously and report website trends without identifying individual users. In this way, our website remembers information that changes the way the website looks or behaves, such as your preferred language or the region you are in. heap.io is the provider of this cookie.
We use Google Analytics to collect information anonymously and to draw up reports on the visits that come through advertising managed by Google without identifying individual users. In this way, our website sends information to Google to draw up reports on the marketing campaigns launched. The provider of this cookie is Google.
We use Hotjar and Microsoft Clarity to help us understand user behaviour while on our websites. All visitor information is kept anonymous. Hotjar and Microsoft Clarity do not track or record visitors which have cookies disabled.

XI. Cookie management

You can allow, block or delete the cookies installed on your computer by configuring your device's browser options.

For more information on the Chrome browser click here: https://support.google.com/chrome/bin/answer.py?hl=es&answer=95647
For more information on the Safari browser click here: https://support.apple.com/kb/ph5042
For more information about the Edge browser click here: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
For more information on the Opera browser click here: https://help.opera.com/Windows/12.00/esES/cookies.html
For more information about the Firefox browser click here https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

XII. Modifications and completeness of our privacy policy

We shall only use your personal data in accordance with the Privacy Policy in force at the time the personal data is collected. The Data Controller reserves the right to modify this Privacy Policy at any time by publishing such modifications on the Website, therefore, we urge you to visit it each time you access the Privacy Policy. If, at any time, we decide to use personal data in a manner different from that stated at the time it was collected, we shall notify you by e-mail, provided that we have it on file. At that time, you will be given the option to consent to other uses or dissemination of the personal data you provided to us prior to modifying our Privacy Policy.

In the event that any clause of this Privacy Policy is annulled or considered null and void, the rest of the conditions shall not be affected, and shall remain fully valid and in force, in accordance with the applicable legislation in force at any given time.