The current document can be printed for reference using the print command in the configuration options of any browser.
Data Controller and Owner
Gabriele Maschio for Overbrain, SL
C/Galicia 41, 38660 Adeje, Santa Cruz de Tenerife (Spain)
Tel. +34 822 280 500
VAT: B76625250 – registered in the Commercial Registry of Santa Cruz de Tenerife, Volume: 3308, Folio: 28, Section: 8, Sheet: 52939, Registration: 1
Contact email of the Data Controller: firstname.lastname@example.org
Collected Data Types
Among the types of personal data that Overbrain SL (OVB Group) collects, either directly or through third parties, are: Cookies; Usage Data; email address; name; surname(s); company name; number of employees; phone number; Billing Information; various types of Data; payment information; billing address.
All data requested by Overbrain SL (OVB Group) is mandatory, and the refusal to provide them may make it impossible for Overbrain SL (OVB Group) to provide the service. In cases where Overbrain SL (OVB Group) specifically indicates that certain data are not mandatory, users are free not to communicate such data without any consequences for the availability or functioning of the service. Users who have doubts about which data are mandatory can contact the Data Controller.
Methods and Place of Data Processing
The Data Controller will process the users’ data appropriately and adopt the appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of the data.
Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the stated purposes. In addition to the Data Controller, in some cases, certain categories of authorized persons involved in the operation of Overbrain SL (OVB Group) (administration, sales, marketing, legal, and system administration departments) or external contractors providing services to the Data Controller (such as external technical service providers, courier companies, hosting companies, IT companies, communication agencies) may have access to the data. These individuals will be appointed as Data Processors by the Data Controller, if necessary. An up-to-date list of such individuals can be requested from the Data Controller at any time.
Legal Basis for Data Processing
The Data Controller may process the User’s Personal Data if one of the following conditions is met:
- When Users have given their consent for one or more specific purposes. Note: Under various regulations, the Data Controller may be authorized to process Personal Data until the User objects to it (“opt-out”), without the need for consent or any other legal basis. However, this does not apply when the processing of Personal Data is subject to European legislation on the protection of Personal Data;
- When the collection of Data is necessary for the performance of a contract between the User and/or any pre-contractual obligation thereof;
- When the processing is necessary for compliance with a legal obligation binding on the User;
- When the processing is related to a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- When the processing is necessary for the pursuit of a legitimate interest by the Data Controller or a third party.
In any case, the Data Controller is available to define the specific legal bases that apply to the processing, particularly if the collection of Personal Data is a contractual or statutory requirement or a requirement necessary to enter into a contract.
The Data is processed at the offices of the Data Controller, as well as any other location where the parties involved in the processing are located.
Depending on the User’s location, Data transfers may involve transferring the User’s Data to a country other than their own. For more information on the location of such transferred Data processing, Users may consult the section containing details on the processing of Personal Data.
Users also have the right to know the legal bases for Data transfers to another country outside the European Union or to any international organization governed by international public law or composed of two or more countries, such as the UN, and also to know the security measures taken by the Data Controller to safeguard their Data.
If such Data transfer takes place, Users can obtain more information by consulting the relevant sections of this document or by requesting it from the Data Controller through the contact information provided in the contact section.
Data Retention Period
Personal Data will be processed and retained for the time necessary and for the purpose for which it was collected.
- Personal Data collected for the performance of a contract between the Data Controller and the User must be retained as long as the contract is fully formalized.
- Personal Data collected in the legitimate interest of the Data Controller must be retained for the time necessary to fulfill that purpose. Users can find specific information related to the Data Controller’s legitimate interest by consulting the relevant sections of this document or by contacting the Data Controller.
- The Data Controller may retain Personal Data for an additional period when the User provides consent for such processing, as long as that consent is valid. Additionally, the Data Controller is obliged to retain Personal Data for an additional period whenever necessary to comply with a legal obligation or an order from an authority.
Once the retention period has expired, Personal Data must be deleted. Therefore, the rights of access, modification, rectification, and data portability cannot be exercised once this period has expired.
Purpose of the Collected Data Processing
The User’s data is collected to allow the Data Controller to provide its Service, fulfill its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as for the following purposes: Remarketing and behavioral targeting, Displaying content from external platforms, Statistics, Contacting the User, Interaction with live chat platforms, Interaction with data collection platforms and other third parties, Productivity management activities, User database management
, Data transfer outside the EU, Advertising, and Payment management.
Users can find specific information about the Personal Data used for each purpose in the “Detailed Information on the Processing of Personal Data” section.
Detailed Information on the Processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
- Productivity management activities
- Contacting the User
- User database management
- Payment management
- Interaction with live chat platforms
- Interaction with data collection platforms and other third parties
- Remarketing and behavioral targeting
- Data transfer outside the EU
- Displaying content from external platforms
Information about disabling interest-based advertising
Additional Information on the Processing of Personal Data
Online Sale of Goods and Services
Users have the right to exercise certain rights regarding the processing of their Data by the Data Controller.
In particular, Users have the right to:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. For further information, Users can refer to the relevant section below.
- Access their Data. Users have the right to know whether their Data is being processed by the Data Controller, obtain information about certain aspects of the processing, and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Data Controller will process their Data solely for storage purposes.
- Erase or delete Personal Data. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Data Controller.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract to which the User is a party, or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
When Personal Data is processed in the public interest, in the exercise of an official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users are reminded that if their Personal Data is processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To find out whether the Data Controller is processing Personal Data for direct marketing purposes, Users can refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Data Controller through the contact details provided in this document. These requests will be processed by the Data Controller free of charge as early as possible and always within one month.
Additional Information on Data Collection and Processing
User Personal Data may be used by the Data Controller for legal defense purposes in court or in the stages leading to possible legal action arising from the improper use of Overbrain SL (OVB Group) or related services by the User.
Users declare themselves to be aware that the Data Controller may be required to reveal Personal Data upon request of public authorities.
Additional Information about User’s Personal Data
System Logs and Maintenance
For operation and maintenance purposes, Overbrain SL (OVB Group) and any third-party services used by it may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.
Information Not Contained in this Policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” Requests Are Handled
Overbrain SL (OVB Group) does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
If the changes affect processing activities performed on the basis of the User’s consent, the Data Controller shall collect new consent from the User, where required.
Definitions and Legal References
Last revised: July 27, 2021