- What is this document? It is a legal document that has been prepared to provide users of the DoGood App with detailed information about the processing of their personal data.
- What does it apply to? It applies both to DoGood App itself and to all its sections and functionalities, and to the personal information processed for its operation, both at the time of registration and during its use. For the purposes of this policy, “user” shall be understood as the natural person who makes use of the functionalities that DoGood offers through the DoGood App.
- How do i know if this document is the most up to date? We may modify this policy when necessary, and in that case we will communicate it through the web or by other means so that you can know and accept the new conditions. Your continued use of the DoGood App after you have been notified of the modifications will mean that you agree to the modifications, except for those cases where your express consent is required, where we will request it.
- On the basis of which law is this document drafted? This policy has been prepared in compliance with the provisions of the General Data Protection Regulation (GDPR), Organic Law 3/2018 of 5 december on the protection of personal data and the guarantee of digital rights, and law 34/2002 of 11 july on information society services and electronic commerce. (LOPDGDD) and the Consumer Privacy Rights Act of 2020 (CPRA). Providing information to users on personal data protection is one of the obligations that DoGood fulfills thanks to this document.
DATA CONTROLLER AND DATA PROCESSOR
The personal data processed in the DoGood App will be collected and processed by these two figures:
- DOGOOD PEOPLE, S.L., (or DoGood) with address at Calle Diego de León, 57 28006 Madrid, Spain, in its capacity as DATA PROCESSOR.
- The company (hereinafter, the Client) to which the user accessing the DoGood App belongs or for, or which he/she works or collaborates or maintains a professional, work or other relationship, as the DATA CONTROLLER.
DATA PROCESSED BY DOGOOD
DoGood obtains personal information and data from users of the DoGood App. The data processed by DoGood belong to the following categories:
- Identifying or contact data: For example: Name, surname, email, or in certain cases, telephone.
- Employment details: For example, profession or job position.
SOURCES FROM WHICH PERSONAL DATA ARE OBTAINED
The data comes from the user himself, who provides it by filling in the fields in the DoGood App or by any other means by which the user communicates with DoGood, or by the Client’s communication to DoGood.
In some cases, basic account creation data such as email, first and last name, may be obtained from Google, Apple, Microsoft or similar services when used by the user to register and access DoGood (known as Single Sign-On).
PURPOSES FOR DATA PROCESSING
DoGood processes users’ personal data for the following purposes:
- To register the user in the DoGood App and identify it as such.
- To track the user’s activity on the DoGood App.
- To manage the user’s participation in the functionalities and activities proposed through the DoGood App.
- To send e-mails to the user in relation to the DoGood App and the program he/she is carrying out.
- To manage the queries that could be made through the contact forms.
- To provide the service contracted by the Client to DoGood.
LEGITIMACY FOR DATA PROCESSING
COMMUNICATION OF DATA
DoGood may at any time share user data with third parties, always in the most anonymized and aggregated way, i.e., unless strictly necessary, no personal data such as Name, Surname, email, etc. will be shared and user activity data will never be shared alone,but will be part of a report with more users, so that it is impossible to reverse the process to identify the user.
The personal data may be communicated to the following recipients:
- Providers necessary for the operation of the DoGood App. When we hire a service provider to help us operate our App, we may allow access to personal information that is necessary for them to provide us with the service or to provide us with more information about it.
- Public bodies and competent administrations for compliance with applicable legal obligations.
- Other companies belonging to DoGood.
Within the framework of such communications, international transfers of data to third countries may be carried out. Such transfers will be made to countries where there is no adequacy decision by the European Commission only when they are essential for the fulfillment of the purposes indicated, through the adoption of appropriate legal guarantees, which may consist of the formalization with the recipient of the data of (i) Standard Contractual Clauses approved by the European Commission to legitimize the international transfer of data to third countries or (ii) another valid legal instrument that allows guaranteeing an adequate level of protection equivalent to that of the European Economic Area.
With respect to DoGood´s processing of Customer Personal Data in accordance with the CPRA, DoGood will not sell or share Customer Personal Data or retain, use or disclose Customer Personal Dataother than for the specific purpose of performing the Services.
DoGood will keep the data as long as the contractual relationship with the Client is maintained, or if applicable, when the Client ceases to be a user of the App DoGood, at which point we will proceed to block them until their definitive deletion in accordance with the legally established deadlines.
GUARANTEES PROVIDED BY THE USER ON THE DATA SUPPLIED
The user guarantees that the data provided are true, accurate, complete and up to date, and is responsible for any direct or indirect damage or harm that may be caused as a result of non-compliance with this obligation.
The User undertakes and undertakes to immediately notify DoGood of any relevant modification of his/her personal data so that the information contained in its files is at all times up to date and does not contain errors.
MEASURES TAKEN TO PROTECT YOUR DATA
DoGood has adopted the security levels required for data protection and has implemented the necessary technical and organisational security measures to guarantee the security of your personal data and prevent its alteration, loss, processing and/or unauthorised access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or from the physical or natural environment. In any case, you should bear in mind that security measures on the Internet are not impregnable.
To ensure proper management in the processing of your data, DoGood has designated a contact mailbox, to whom you can address any questions you may have and whom you can contact at the email address firstname.lastname@example.org
RIGHTS OVER YOUR PERSONAL DATA
Any user has the right to obtain confirmation as to whether DoGood is processing personal data as well as other rights as detailed below:
- Access your data to know what personal data DoGood is processing (Right to know under CPRA)
- Request the rectification or deletion of your data that are inaccurate or no longer necessary for the purposes for which they were collected. (Right to delete under CPRA)
- Request the limitation of the processing of your data, in which case we inform that we will only keep them for the exercise or defense of claims as provided by the General Data Protection Regulation.
- Request the portability of your data, receiving the personal data concerning you, and that you have provided us, in a structured, commonly used and machine-readable format, and to transmit them to another Data Controller.
- To object to the processing of your data, in which case DoGood will cease to process them unless further processing is necessary for legitimate reasons, or for the exercise or defense of possible claims.
- The right not to be subject to automated decisions, based solely on automated processing, including profiling, which produce legal effects concerning you or significantly affect you in a similar way.
- The right to withdraw consent at any time, with respect to those purposes for which it was given, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
EXERCISE OF RIGHTS
The user may contact DoGood by writing to the postal address indicated in the section or to email@example.com.
We will respond to your requests as soon as possible and, in any case, within one month of receiving your request. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests. In such a case, DoGood will inform the interested party of the extension within one month of the request.
DoGood informs you that you may lodge a complaint with the competent Data Protection Supervisory Authority, especially when you have not obtained satisfaction in the exercise of your rights, for which purpose you should contact the Spanish Data Protection Agency (www.aepd.es ). Prior to submitting said complaint to the Spanish Data Protection Agency, you may contact firstname.lastname@example.org.