In compliance with the Personal Data Protection Regulations and the Law on Information Society Services and Electronic Commerce, we inform you that the personal data you provide to us through the website www.toolprive.com will be treated confidentially and will become part of the data controller MEDITY PLATFORMS S.L. (hereinafter MEDITY PLATFORMS).

1. Data Controller

Company Name:  MEDITY PLATFORMS S.L.

Trade Name: TOOL PRIVE

Tax ID: B10574440

Address: Calle Isabeles, 2 – Ent, 37002, Salamanca

Email: protecciondedatos@toolprive.com 

Data Protection Officer: contacto@delegado-lopd.es

2. Personal Data Collected

TOOLPRIVE may collect a variety of personal data necessary for its operations, which may include:

• Personal identification data: First and last name, email address, phone number, and other data necessary for user identification.
• Contact data: Email address, phone number, and postal address (if applicable).
• Technical data: IP address, geolocation data, device type, browser used, and data related to user interaction with the application.
• Profile data: Preferences, interests, application usage history, participation in groups or forums, messages sent, etc.
• Media data: Images, videos, documents, and other files shared through the app.
• Communication data: Chat messages, participation in groups or forums, and data related to the use of the notification system.

This data collection will be carried out in accordance with the principles of lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, as well as proactive accountability, in compliance with the GDPR and the LOPDGDD.

3. Purposes and Legal Basis for Data Processing

The personal data collected will be used exclusively for the legitimate and specific purposes detailed below, which include:

a. Provision of contracted services: Managing and executing the contractual relationship with clients and users, which includes:

• • the offering and contracting of MEDITY PLATFORMS services (application development, platform functionalities, and additional services),
  • user registration, setup, and access,
  • the configuration, use, and maintenance of application functionalities (groups, messaging, communities, notifications, etc.),
  • the management of basic incidents related to service provision,
  • the implementation of technical and organizational measures necessary to guarantee service security, platform availability, and the prevention of unauthorized access or use.

Legal basis for processing: Performance of a contract (Art. 6.1.b of the GDPR). The processing of data is necessary to provide the services contracted by the user on the platform.

b. User support: To handle and manage technical support requests, questions, or issues reported by users regarding the use of the application.

Legal basis for processing: Performance of a contract (Art. 6.1.b of the GDPR). Processing data is necessary to provide technical assistance and resolve user issues.

c. Sending push notifications and internal communications: Sending push notifications to users’ mobile devices to keep them informed about news, activities, events, and updates related to the use of the app or community. Users can configure their preferences or disable these notifications at any time through the application settings or via the mechanisms provided for this purpose.

Legal basis: Legitimate interest (Art. 6.1.f GDPR) in keeping users informed and ensuring appropriate communication related to the service. In the case of commercial or promotional notifications, the basis will be the user’s explicit consent (Art. 6.1.a GDPR), which can be revoked at any time by following the instructions in section 6 of this Privacy Policy.

d. Maintenance and improvement of the user experience: Analyzing user interaction with the application and their behavior to improve service quality, personalize the user experience, and implement technical improvements.

Legal basis: Legitimate interest (Art. 6.1.f of the GDPR). The processing is necessary to improve and optimize the platform’s operation without affecting the user’s fundamental rights and freedoms.

e. Service improvements and usage analysis: Analyzing application usage and conducting statistical and analytical studies on user activity to improve functionality, efficiency, and service offerings.

Legal Basis: Legitimate interest (Art. 6.1.f of the GDPR). Usage analysis allows the company to improve the service offered, always respecting user privacy.

f. Sending commercial and marketing communications: Only if you expressly consent by checking the box provided for this purpose on the various forms on this website will your personal data be processed by MEDITY PLATFORMS to send you information about Marketing, Advertising, Communication, and Events by any means, including electronic means (email, SMS, phone calls).

Legal basis: Explicit consent (Art. 6.1.a of the GDPR). Commercial communications will only be sent if the user has given their consent, which may be withdrawn at any time.

g. Whistleblowing Channel Management: To offer and manage the whistleblowing channel for both contracted clients and internal MEDITY PLATFORMS use, guaranteeing the confidentiality of the information received and using it exclusively for the investigation and resolution of the reports.

Legal Basis: The management of the whistleblowing channel is based on compliance with legal obligations when the report is related to the Whistleblower Protection Act. Likewise, the legal basis is MEDITY PLATFORMS’ legitimate interest when the report concerns violations of internal procedures, policies, and regulations that are not directly covered by the Whistleblower Protection Act, with the aim of minimizing the negative impact of such conduct and reinforcing a culture of compliance. Individuals submitting a report through this channel must guarantee that the personal data provided is true, accurate, complete, and up-to-date.

h. Compliance with legal obligations: Processing personal data when necessary to comply with legal obligations applicable to MEDITY PLATFORMS as a result of our relationship with you as a client and the processing of your personal data in accordance with European Union law and/or applicable domestic law (legal obligations required by tax regulations, personal data protection regulations, commercial law, consumer protection regulations, regulations on information society services and electronic commerce, civil law, accounting regulations, etc.).

Legal basis for processing: Compliance with a legal obligation (Art. 6.1.c of the GDPR). Processing is necessary to comply with applicable laws.

If you do not provide us with your data, or if you provide it incorrectly or incompletely, we will not be able to process your request, making it impossible to provide you with the requested information or to contract the services.

4. Recipients

MEDITY PLATFORMS does not sell, transfer, or lease in any way the personal information or data of its Clients/Users to third parties, except when legally required or when acting as data processors (who have committed to complying with applicable data protection regulations).

In some cases, your data may be shared with MEDITY PLATFORMS’ partner organizations for the organization and management of events or activities related to our services.

5. Data Retention

The personal data you provide will be retained for as long as the business relationship is maintained or until you request its deletion or objection, and for the period during which legal liabilities may arise from the services provided. In the case of contact information for commercial and advertising use, it will be retained until you instruct us otherwise.

It will be retained as long as there is a mutual interest in maintaining the purpose of the processing. When it is no longer necessary for this purpose, it will be deleted with appropriate security measures to ensure the pseudonymization of the data or its complete destruction.

6. Data Subject Rights

You may request to exercise these rights by sending an email to protecciondedatos@toolprive.com, attaching a copy of your identity document and indicating your full name, an address for notifications, and the right you wish to exercise:

• Everyone has the right to obtain confirmation as to whether or not our company is processing personal data concerning them.
• Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Interested parties may request the restriction of the processing of their data while the accuracy of the data is being verified; when the processing is lawful but they object to the erasure of their data; if the controller no longer needs to process their data but the user needs it for the exercise or defense of legal claims; or when they have objected to the processing of their data for the purposes of the controller’s legitimate interest, while it is being verified whether the legitimate grounds for processing override their own; in which case we will only retain them for the exercise or defense of legal claims.
• In certain circumstances, and for reasons related to your particular situation, you may object to the processing of your data. Our company will cease processing your data, except for compelling legitimate grounds, or for the establishment, exercise, or defense of legal claims.
• You also have the right to data portability, where permitted by law.
• Please note that you may withdraw your consent for one or all of the purposes at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Please note that you may lodge a complaint with the competent Data Protection Supervisory Authority (e.g., the Spanish Data Protection Agency).

You can exercise these rights by contacting us at the address indicated above.

7. Use of Cookies

MEDITY PLATFORMS informs its users that it does not use cookies on its website.

8. Data Accuracy and Updating

The User guarantees that the Personal Data provided to MEDITY PLATFORMS is truthful and is responsible for communicating any changes to it. The user will be solely responsible for any damage or loss, direct or indirect, that may be caused to MEDITY PLATFORMS or any third party as a result of completing the forms with false, inaccurate, incomplete, or outdated data. The User must not include personal data of third parties without their prior informed consent, as established in this data protection policy, and will be solely responsible for its inclusion. All data requested through the website is mandatory, as it is necessary for providing optimal service. If all the data is not provided, we cannot guarantee that the information and services provided will be fully tailored to your needs. A minimum age of 14 years is required to provide your personal data.

9. Social Networks

MEDITY PLATFORMS S.L. will use social media as a means of communication and promotion of its services. Under no circumstances will we use data for unauthorized purposes. The Foundation is not responsible for the content, comments, opinions, or information, whether its own or from third parties, that users publish on our accounts created on Twitter, Facebook, Instagram, and LinkedIn. You may use our content for lawful purposes, provided you acknowledge its source or author. The purpose of the collected data is to create a database of users and contacts from the company’s social media accounts. Please note that the use of social media is subject to the privacy policies of each platform.

10. Confidentiality and security of your data

MEDITY PLATFORMS has adopted the necessary measures to prevent the alteration, loss, unauthorized processing, or access to personal data, taking into account the current state of technology. However, the User should be aware that internet security measures are not infallible.

Data obtained through the Website and/or any other means will be processed by the CONTROLLER with absolute confidentiality, and the CONTROLLER undertakes to maintain its secrecy.

In accordance with current regulations on Personal Data Protection, the CONTROLLER is complying with all provisions of the GDPR and the Spanish Data Protection Act (LOPDGDD) for the processing of personal data under its responsibility, and specifically with the principles described in Article 5 of the GDPR and Title II of the LOPDGDD, according to which data is processed lawfully, fairly, and transparently in relation to the data subject, and is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

The CONTROLLER guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of Users and has provided them with the necessary information to exercise those rights.

Data protection legislation may be modified, so we strongly recommend that you regularly consult our Data Protection Policy.

Please note that the MEDITY PLATFORMS website does not support encryption, and information sent over the internet without encryption can be viewed by others. By submitting our forms, you agree to the transmission of unencrypted information.

11. Changes to the Data Protection Policy

MEDITY PLATFORMS reserves the right to modify its data protection policy at its discretion, or due to legislative, jurisprudential, or business practice changes. If MEDITY PLATFORMS makes any modifications, the new text will be published on this same website, where the User can review MEDITY PLATFORMS‘ current data protection policy. In any case, the relationship with users will be governed by the regulations in effect at the time of access to the website.

12. Other Information

For any clarification or comments, you can contact MEDITY PLATFORMS S.L. by email at the address indicated above.