top of page

PRIVACY POLICY

The purpose of this "Privacy and Data Protection Policy" is to disclose the conditions governing the collection and processing of personal data by TIKITUP, making every effort to ensure the fundamental rights, honour and freedoms of persons whose personal data is processed in compliance with the regulations and laws governing the Protection of personal data according to the European Union and the Spanish Member State and, specifically, those expressed in the section "Processing Activities" of this Privacy Policy.

Therefore, in this Privacy and Data Protection Policy, users of the TIKITUP application are informed of all the details of interest regarding how these processes are carried out, for what purposes, which other entities may have access to their data and what are the rights of users.

1. PURPOSE OF THE PRIVACY POLICY

The purpose of this "Privacy and Data Protection Policy" is to disclose the conditions governing the collection and processing of personal data by TIKITUP, making every effort to ensure the fundamental rights, honour and freedoms of persons whose personal data is processed in compliance with the regulations and laws governing the Protection of personal data according to the European Union and the Spanish Member State and, specifically, those expressed in the section "Processing Activities" of this Privacy Policy.

Therefore, in this Privacy and Data Protection Policy, users of the TIKITUP application are informed of all the details of interest regarding how these processes are carried out, for what purposes, which other entities may have access to their data and what are the rights of users.

2. DEFINITIONS

"Personal data": any information about an identified or identifiable natural person ("the application user"); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of that person's physical, physiological, genetic, mental, economic, cultural, or social identity.

"Processing": any operation or set of operations performed on personal data or sets of personal data, whether or not by automated procedures, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination, or any other form of enabling access, matching or interconnection, restriction, erasure or destruction.

"Limitation of processing": the marking of personal data retained for the purpose of limiting their processing in the future.

"Profiling": any form of automated processing of personal data consisting in using personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects relating to that natural person's professional performance, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

"Pseudonymization" means the processing of personal data in such a way that they can no longer be attributed to a data subject without the use of additional information, provided that such additional information is listed separately and is subject to technical and organizational measures designed to ensure that the personal data are not attributed to an identified or identifiable natural person.

"File": any structured set of personal data, accessible according to specified criteria, whether centralized, decentralized or distributed in a functional or geographical manner.

"Manager in charge of the treatment” or "manager": the natural or legal person, public authority, service, or other body which alone or jointly with others determines the purposes and means of processing; if Union or Member State law determines the purposes and means of processing, the manager or the specific criteria for its appointment may be laid down by Union or Member State law.

"Processor" or "processor": the natural or legal person, public authority, service, or other body processing personal data on behalf of the controller.

"Recipient": means the natural or legal person, public authority, department, or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by such public authorities shall be in accordance with the data protection rules applicable to the purposes of the processing.

"Third party": any natural or legal person, public authority, service, or body other than the data subject, the controller, the processor, and the persons authorized to process personal data under the direct authority of the manager or the processor.

"Consent of the data subject": any freely given, specific, informed, and unambiguous expression of will by which the data subject agrees, either by a statement or by a clear affirmative action, to the processing of personal data concerning him or her.

"Breach of security of personal data": any breach of security resulting in the accidental or unlawful destruction, loss, or alteration of, or unauthorized communication or access to, personal data transmitted, stored, or otherwise processed.

"Genetic data": personal data relating to inherited or acquired genetic characteristics of a natural person that provide unique information about that person's physiology or health, obtained in particular from the analysis of a biological sample from such person.

"Biometric data": personal data obtained from specific technical processing, relating to the physical, physiological, or behavioural characteristics of a natural person which enable or confirm the unique identification of that person, such as facial images or dactyloscopic data.

"Health-related data": personal data relating to the physical or mental health of a natural person, including the provision of health care services, revealing information about his or her health status.

"Principal establishment": (a) as regards a manager with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken in another establishment of the manager in the Union and the latter establishment has the power to implement such decisions, in which case the establishment which has taken such decisions shall be considered as the main establishment; (b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union or, if there is no central administration, the establishment of the processor in the Union where the main processing activities are carried out in the context of the activities of an establishment of the processor in so far as the processor is subject to specific obligations under this Regulation.

"Representative": natural or legal person established in the Union who, having been appointed in writing by the manager or processor pursuant to Article 27 of the GDPR, represents the controller or processor with regard to their respective obligations under this Regulation.

"Company": means a natural or legal person engaged in an economic activity, regardless of its legal form, including companies or partnerships regularly carrying out an economic activity.

"Supervisory authority": the independent public authority established by a Member State in accordance with the provisions of Article 51 of the GDPR. In the case of Spain, it is the Spanish Data Protection Agency.

"Transborder processing": a) processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, if the controller or processor is established in more than one Member State, or b) processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

"Information society service": means any information society service, i.e., any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.

3. IDENTITY OF THE DATA CONTROLLER

The Data Controller is that natural or legal person, of a public or private nature, or administrative body, which alone or jointly with others determines the purposes and means of the processing of personal data; in the event that the purposes and means of the processing are determined by the Law of the European Union or of the Spanish Member State.

 

In the aspects expressed in this Data Protection Policy, the identity and contact details of the Data Controller are:

ONIRIA STUDIOS S.L. - CIF B10697316

Calle Santa Teresa de Jesús 3. 50006, Zaragoza (Zaragoza), Spain

Email: dpo@oniriastudios.com

Telephone: 666 38 81 08

Version of August 11, 2022

bottom of page