Privacy policy

Index:

 

DATA CONTROLLER

DIDACTALIA Educación S.L., with NIF number B26513101 and address in Logroño, calle Piqueras nº 31, 4º (La Rioja), owner of the website www.didactalia.net, hereinafter DIDACTALIA, informs that:

a) guarantees the protection of personal data voluntarily provided by the user when communicating with DIDACTALIA:

  • via email,
  • filling in data collection forms,
  • formalizing a contractual relationship or
  • using any other service on the website that involves data communication or access to data

b) treats the data it collects in accordance with the European Data Protection Regulation 679/2016, of April 27, hereinafter GDPR, and in accordance with the provisions of this policy, which is made public based on the principle of proactive responsibility and transparency in the information, and try to demonstrate the obtaining of the unequivocal consent of the interested party through it.

 

PURPOSE OF DATA PROCESSING

The personal data collected and processed by DIDACTALIA, through this website, fairs, contracts, conferences, newsletters, raffles, or other means, will be adequate, relevant and limited to those necessary in relation to the purposes for which they are processed.

  • The purpose of the treatment, for the data obtained from web forms or through other means of voluntary delivery of unspecified data (delivery of business cards, sending of mail, etc.), is to meet the specific request, sale of products, delivery of catalogs, response to inquiries, subscription and sending of newsletters, commercial contact, registration of conferences, sending documentation and information related to the services and, in any case, commercial and / or advertising communications.
  • The purpose of treatment when the data is obtained through the formalization of contracts is to establish and maintain the contractual relationship that may be established, in accordance with the nature and characteristics of the contracted service; to maintain historical records and carry out research and development in this field.

In all cases, personal data will be kept in a way that allows the identification of the interested parties only for the time necessary for the purposes of the treatment. These conservation periods will only be extended when the purposes are scientific, historical or statistical research. 

 

LEGITIMACY OF PROCESSING

The legal or legitimation basis of the data processing of DIDACTALIA depends on the different processing activities, the type of the holders of the personal data and its purposes, thus we have as a basis of legitimation:

  • Acceptance or express consent for the Interested Parties who contact DIDACTALIA to request information, make inquiries, subscribe to the sending of information and newsletters, training, etc. and that they voluntarily provide the requested personal data.
  • Contract for Clients who access DIDACTALIA's products and give their consent through the formalization of the contract.
  • Prevailing legitimate interests of DIDACTALIA or third parties to whom the data is communicated for when contact data is collected beyond the forms indicated in the purpose of treatment section (example: receipt of business cards, email inquiries).

The interested party will respond, in any case, to the veracity of the data provided, reserving DIDACTALIA the right to exclude all false or illicit data, without prejudice to other actions that proceed in Law.

DIDACTALIA warns that, except for the existence of a legally constituted representation, no interested party may use the identity of another person and communicate their personal data, so at all times they must bear in mind that they must communicate personal data corresponding to their own identity and that are adequate, relevant, current, accurate and true. For these purposes, the interested party will be solely responsible for any direct and / or indirect damage caused to third parties or to DIDACTALIA due to the use of another person's personal data, or their own personal data when they are false, erroneous, not current, inappropriate or impertinent. Likewise, the person who communicates the personal data of a third party, will respond to the latter for the information obligation established in the RGPD for when the personal data has not been collected from the interested party, and / or the consequences of not having informed him.

The use of the services offered by DIDACTALIA to minors must have been previously authorized by their parents, guardians or legal representatives since they are considered responsible for the acts carried out by the minors under their care.

 

ASSIGNAMENT OR TRANSFER

Assignments: DIDACTALIA only transfers personal data to third parties to meet their contractual or legal obligations of the service, with providers or public or private organizations. The owner consents in these cases to said assignments, and by exercising his rights, he can obtain information about them.

International Transfers: DIDACTALIA communicates that in the development of its activity it uses the services of providers to whom it communicates data (such as those in charge of treatment) with domicile outside the European Economic Area, carrying out an international transfer of data. Here are the providers and their privacy policies:

In addition, you are hereby informed that said providers participate in the EU-US Privacy Shield; please consult the guide on the EU-US Privacy Shield provided by the AEPD (Spanish Agency for Data Protection).

       

USERS’ RIGHTS

The user can at any time exercise the recognized rights over their personal data, as well as the revocation of consent for the aforementioned uses, through written communication with the request or right that they exercise addressed to the address of DID or electronically through the Email didactalia@didactalia.net including in both cases a photocopy of your ID or other similar identification document of identity. The recognized rights that you can exercise are the following:

  • Access. Request information about the data we process, the purpose of the treatment and its legitimacy.
  • Rectification. Request the modification of the data if they are incorrect.
  • Suppression. Request the deletion of data in legally established cases
  • Opposition. Stop processing the data, except for justified reasons.
  • Limitation of the treatment, they will only be kept by DIDACTALIA for the exercise or defense of claims.
  • Right to data portability: in case you want your data to be processed by another provider, DIDACTALIA will facilitate the portability of your data to the new manager.

For more information on the exercise of these rights, please consult la guía del ciudadano (Spanish) published by the AEPD.

If you believe the processing of your personal data breaches regulatory standards, you may file a claim:

 

SECURITY MEASURES

The personal information provided or collected from users and whose manager is DIDACTALIA is structured in files, automated or not, and DIDACTALIA makes a record of treatment activities in accordance with current regulations.

In addition, in each data processing, DIDACTALIA establishes the appropriate technical and organizational measures that guarantee the confidentiality, integrity, availability, and resilience of the data included in a treatment and that are necessary to guarantee its adequate security, including protection against unauthorized processing. or illicit and against loss, destruction or accidental damage, and that tend to:

  1. Pseudonymisation and encryption of personal data.
  2. The ability to guarantee the permanent confidentiality, integrity, availability and resilience of the treatment systems and services.
  3. The ability to restore availability and access to personal data quickly, in the event of a physical or technical incident.
  4. The process of regular verification, evaluation and assessment of the effectiveness of technical and organizational measures to guarantee the security of the treatment.

 

RESPONSIBILITIES OF THE DATA PROCESSOR

In those cases in which DIDACTALIA processes personal data whose responsibility and ownership belongs to its clients and acts as the person in charge of the treatment in accordance with the provisions of current regulations regulates such situation as follows:

PURPOSE OF THE ORDER is the management of the platform and the resources included in it. The purpose of the order of treatment, the category of data affected, category of users, types of treatment, legitimacy, security measures adopted and other provisions necessary for the proper order are specifically set out in an addendum below.

OBLIGATIONS OF THE PROCESSOR: The person in charge of the treatment undertakes to:

  1. Use the personal data to which you have access only for the purpose of this order. In no case may you use the data for your own purposes or other than those established in the addendum.
  2. Do not communicate, disclose or transfer the data to third parties, unless you have the express authorization of the person responsible for the treatment or in legally admissible cases.
  3. Maintain the duty of secrecy regarding the personal data to which you have had access by virtue of this order, even after the contract ends.
  4. Guarantee that the persons authorized to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be duly informed.
  5. Keep at the disposal of the person in charge the supporting documentation of the fulfillment of the obligation established in the previous section.
  6. Guarantee the necessary training in the protection of personal data of the persons authorized to process personal data.
  7. When the affected persons exercise the rights of access, rectification, deletion and portability of data and opposition and limitation of the treatment before the person in charge of the treatment, this must communicate it by email to the address indicated by the person in charge as soon as possible. It will assist the person in charge, whenever possible, so that he can comply with and respond to requests for the exercise of rights.
  8. Keep, in writing, a record of treatment activities, which contains all the sections established in the RGPD.
  9. The TREATMENT RESPONSIBLE will be notified, in the shortest possible time, of the security violations of the personal data in his charge of which he has knowledge, together with all the relevant information for the documentation and communication of the incident to the Control Authorities .
  10. Notification will not be necessary when it is unlikely that it involves a risk to the rights and freedoms of natural persons.
  11. The notification of a security breach will follow the procedure for that purpose by the current regulations on the matter and will contain at least the information established in said regulations.
  12. Make available to the person in charge all the information necessary to demonstrate compliance with his obligations, as well as to carry out the audits or inspections carried out by the person in charge or another auditor authorized by him, without impairing Didactalia's business secrecy.
  13. Subcontracting and International Data Transfers: it is specifically included in the addendum.

OBLIGATIONS OF THE DATA CONTROLLER: Corresponds to the data controller:

  1. Prepare the legal clause that complies with the duty to inform the interested party and obtain their consent for data processing, observing the requirements established for children under 14 years of age.
  2. Ensure, prior to and throughout the treatment, compliance with the RGPD.
  3. ADDENDUM: SPECIFIC INFORMATION OF THE TREATMENT ORDER

Responsible for the Treatment: the teacher with class in DIDACTALIA.

Responsible for the Treatment: DIDACTALIA Educación S.L., with NIF number B26513101 and address in Logroño, calle piqueras nº 31, 4º (La Rioja).

Purpose of the Treatment: consists of managing the computer application, its content and its maintenance, and for a continuous improvement of the usability of the platform, usage statistics, evolution graphs and use of artificial intelligence.

Legal Basis of the Treatment: execution of the contract, legitimate interest of the person in charge and consent of the interested party, although in these cases the responsibility for offering information to the user and obtaining the consent of it falls on the person responsible for the treatment.

Categories of interested parties: Students and father, mother, legal guardian of the student in case of being a minor.

Treatments to be carried out with the personal data collected: registration, organization and structuring, conservation and use.

Information Supply Channels: through the website or application

Data to be processed by the Manager:

  • Regarding student users:
    • Name and surname
    • Age and date of birth
    • Mail
  • Other information freely included by the teacher
  • Regarding parents / legal guardians:
    • Mail

Data conservation period: the data will be kept as long as the person in charge remains as a user within DIDACTALIA.

International Data Transfers: Didactalia, as an auxiliary to the management of its platform, uses services from providers that are outside the European Economic Area considered as international transfers; currently they are Google, Mailchimp, Sendinblue, Microsoft, all of them covered by the privacyshield.

Subcontracting: They do not occur. However, in the event that part of the entrusted services needs to be subcontracted, that established in current regulations will be taken into account and trying to ensure that the sub-manager meets at least the same requirements as the manager.

Assignment or communication of data by the Person in Charge of Treatment: The Person in Charge of Treatment transfers data to third parties, to the provider that provides hosting services for the service, having verified their security measures.

Security Measures: The Data Controller adopts the security measures (technical and organizational) that are indicated in the treatment of the data of the person in charge:

  • Record of treatment activities
  • Appointment of a Data Protection Delegate
  • Analysis and management of Risks in terms of data protection
  • Data protection reports by design and by default
  • Impact evaluation
  • Existence of policies on data protection
  • Password policies
  • Review and update of these policies
  • Profiling of users with different levels of privileges for each purpose
  • Management of changes, registrations and cancellations.
  • Updating the logical access credentials periodically.
  • Definition of the functions and obligations of the personnel
  • Training and awareness of users and staff
  • Procedure for the notification and communication of data security breaches
  • Procedure for attention to user rights.
  • Logical access controls
  • Backup and recovery procedures
  • Verification of the correct operation and application of the copying procedures
  • Antivirus for protection against malicious code
  • Equipment maintenance and software update management
  • Restrictions on software installation only to authorized personnel
  • Encrypted transmission over public or wireless communications
  • Security in connection to communication networks
  • Responsible selection of contracting cloud services
  • Registration and management of incidents
  • Equipment inventory.
  • Third party management (contracts, service level agreements, etc.)

POLICY CHANGES

DIDACTALIA is constantly changing, as are its texts and policies; for this reason, we will publish the changes that may be carried out during the development of the project. We will publish it in an easily locatable place, so that at all times you know what information we collect and use.

We recommend that you frequently review these documents. If we make any important changes to this policy, we will make them public here, either by sending an email to your contact account or, also, by means of a publication on the home page.

Do you want to access more educational content?

Sign in Join a class
Game help
Juegos de anatomía
Selecciona nivel educativo