1. COMMITMENT TO PRIVACY:
Scytl Election Technologies S.L.U. (hereinafter referred to as “SCYTL”), including its subsidiaries and affiliates (“SCYTL”), as the data controller, informs the visitors of Website (“Users”) of SCYTL’s collection of User data and of the User’s choices about how their data are collected and used.
2. HOW USER’S INFORMATION IS COLLECTED:
Users may visit and use this Website without disclosing their identity or completing a registration process. Personal data, such as name, postal address and e-mail address are only obtained when the User voluntarily submits them through the following means:
• Through contact forms.
• Through content download forms.
• Through sharing Users’ comments in the blog.
• Sending a CV to participate in any of SCYTL’s open recruitment processes.
• As part of an ongoing sales process
Web Serve Logs
For the management of this Website, User’s usage and navigation are tracked through web server logs. By collecting information such as IP addresses, connection data, location and data about the devices through which Users access and interact with the Website, web server logs provide information such as the types of browsers used for access, the pages of the Website that receive the highest volume of traffic and the times of day when the servers experience a significant traffic load. This data is processed in a pseudonymized and aggregated form and not on an individualized basis, to reduce the impact on Users’ privacy and limited to analytical purposes to improve the content and navigation features of the Website. The pseudonymized or aggregated data may be used to identify possible future functions and features to incorporate into the Website and improve the service to the User.
3. HOW USER’S INFORMATION IS PROCESSED:
The specific purposes, their legal basis and data retention period for these data processing operations are defined as follows:
- CONTACT: Users are requested to provide their identification data (name and surname), professional data (organization and position) and contact information (email), together with the content of the message, comments, suggestions, or questions from the Users. The purpose of the processing is limited to give an adequate response to such queries on the legal basis of Users’ consent and their interest in receiving information or clarification in relation to their query. These data will be kept as long as needed to attend and maintain the communication requested by the Users and, subsequently, they will be deleted after 1 year since the last communication, unless during the development of the communication between SCYTL and the Users, other reasons may arise that legitimize a further conservation, such as the defense of interests, attention to claims or the response to eventual legal responsibilities that may arise as a consequence of the contact.
- DOWNLOAD CONTENT: When Users access the contents of the Website and wish to download them, certain information may be requested to the Users, such as their identification data (name and surname), professional data (organization) and contact information (email). The purpose of this processing is to allow SCYTL to know a little about the Users interested in this type of content, under the legal basis of the User’s consent. Especially, when the requested information refers to the characteristics of the different products and services of SCYTL, it is possible that the data may be processed for statistical purposes and to obtain information about what kind of entities show more interest, or to offer additional information adapted to the Users’ needs, according to the kind of entity they work for. This secondary processing is based on SCYTL’s legitimate interest, and communications, if any, shall only be sent to the Users when it is really useful for them. These data will be kept for the time necessary to fulfill statistical purposes, using data aggregation methods and applying mechanisms that limit the possibility of directly identifying Users. In case that additional information is sent to Users under SCYTL’s legitimate interest, Users may object at any time and their personal data will be removed from the dissemination lists.
- CAREERS: Through the “Careers” section of the Website, SCYTL publishes job offers that allow Users to participate in the selection processes open at any time and published on the Website. Users may select the job offer they are interested in and apply, either through their professional profile on the Indeed platform or by completing the information requested in the form, such as identification data (name and surname), contact data (e-mail address, postal address and telephone number), academic and professional data or any other information that they may freely include in their CV or cover letter, such as, for example, the desired salary. The purpose of this processing is to assess the aptitudes of the Users who present their candidacy for the position of their interest and the correct development of the personnel selection processes. The legal basis of the processing resides in the consent of the Users. The personal data provided by the Users for such purposes will be kept for the time necessary to evaluate their application and subsequently for a period of one year for future job offers suitable to the professional profile of the candidate Users.
- NEWSLETTER (commercial communications): Through the forms of the Website, the Users have the possibility of requesting SCYTL the sending of commercial communications related to its products and services, as well as publications related to the activities and/or technologies applied to the electronic voting sector. The legal basis of this processing is the consent of the Users, which is collected through separate and independent boxes that allow to obtain a free, specific, unequivocal and informed consent, in accordance with the applicable regulations. Exceptionally, by virtue of the SCYTL’s legitimate interests recognized by the information society services regulations, information about SCYTL’s products and services, such as updates or improvements implemented in its technology, may be sent to consolidated clients with whom SCYTL has already had a previous contractual relationship, when such information is relevant for such clients according to their particular needs and circumstances. SCYTL shall send to the Users these commercial communications, including through electronic means such as e-mail, and shall keep the contact data provided by the Users, as long as they do not withdraw their consent to do so or, in the case of consolidated clients, when they exercise their right of opposition or when they make use of the advertising exclusion systems enabled in the SCYTL’s commercial e-mails.
In accordance with GDPR and LOPD, SCYTL informs Users that their personal data will be subject to automatized processing for which SCYTL is data controller. The automatized processing of personal data consists of data storage and secure communication between SCYTL’s systems, without any relevant impact on the rights and interests of the Users, nor automated decision making that limits their rights.
4. USER’S RIGHTS:
Users may exercise their access, rectification, erasure, restriction or object to the processing as well as the right to data portability to SCYTL by:
- Request sent by email to email@example.com
- or by post mail, addressing a signed letter to:
- Scytl Election Technologies S.L.U. – Data Protection Committee,
Travessera de Gràcia, 17-21, 7th floor, 08021-Barcelona (Spain).
- Scytl Election Technologies S.L.U. – Data Protection Committee,
The request shall contain the following details:
- User’s name and surname,
- address for notices,
- copy of the National ID Card or passport,
- and the specific petition with regard to exercise of Users’ rights.
SCYTL will respect the secrecy and legitimate processing of the Users’ personal data to prevent the alteration, loss or unauthorized access to such personal data. If Users consider that the processing of data is not adequate or does not comply with the applicable regulations, they may file a complaint before the competent supervisory authority (i.e. for Spain, the Spanish Data Protection Agency).
5. HOW USERS’ INFORMATION IS SHARED AND RECIPIENTS
SCYTL may share Users’ information with third party providers of technology services oriented to SCYTL’s Website, such as hosting services, email, integrated solutions, etc. Some of these providers may be located outside the European Economic Area, which entails international data transfers. In such cases, SCYTL has entered into appropriate data processing contracts, ensuring that appropriate safeguards are applied to such cross-border processing, as is detailed below:
- Microsoft (USA) for email services.
Users may check the data processing agreement under this link: https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=67
- Hireku, Inc. (USA) for JazzHR service used for recruitment processes and human resources management tasks
Users may check the data processing agreement under this link: https://www.jazzhr.com/data-processing-addendum/
- Medium Corporation (USA) for blog management.
- The Rocket Science Group LLC (USA) for Mailchimp service used for email marketing actions
Users may check the data processing agreement under this link: https://mailchimp.com/legal/data-processing-addendum/
- Subsidiaries and other SCYTL group companies by virtue of the legitimate interest in communicating personal data within the SCYTL group of companies for internal administrative and business management purposes.
- Cookie providers detailed in our Cookies Policy
6. SCYTL WORLDWIDE PRACTICES:
SCYTL is a global corporation with subsidiaries and business partners in many countries, and with technical systems that cross borders. SCYTL privacy practices are designed to protect Users personal information all over the world.
7. COMMITMENT TO DATA SECURITY:
SCYTL is concerned about the security of Users’ data. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, SCYTL has put in place reasonable physical, electronic, and managerial procedures to safeguard and secure information collected via the Internet. SCYTL implements encryption technology when collecting or transferring sensitive data.
8. CHANGES TO THIS POLICY:
9. HOW TO CONTACT SCYTL:
Scytl Election Technologies S.L.U.
Data Protection Committee,
Travessera de Gràcia, 17-21, 7th floor,
Last review: July 2021.