Privacy Policy

INDEX

• Purpose of the Privacy Policy
• Definitions
• Identity of the Data Controller
• Applicable laws and regulations
• Principles applicable to the processing of personal data
• Safety measures
• Processing purposes
• Legitimacy of the treatment
• Recipients of your data
• Data processing activities performed
• Personal data of minors
• Origin and types of data processed
• Rights of interested parties
• Acceptance

1.-POLICY OBJECTIVE

This “Privacy and Data Protection Policy” of Mio Consulting Inteligencia de Negocio SLU (hereinafter Mio Consulting Inteligencia de Negocio), is established for the purpose of informing you about our practices regarding the collection and processing of your personal data. This policy is firmly aligned with the respect for fundamental rights, honor and individual freedoms, in strict compliance with the current regulations of the European Union and the Spanish Member State regarding the protection of personal data.

Under these regulations, it is our duty to inform you clearly and in detail about how we collect and process your personal data, including the specific purposes of these processes, which other entities may have access to your data and what your rights are as a data subject.

Compliance with these regulations does not always require your explicit consent, since certain data processing may be legitimized by other legal grounds, such as the need for the performance of a contract, legal obligations, legitimate interests pursued by the data controller, among others.

It is essential for transparency and the effective exercise of your rights that you read and understand our Data Protection Policy. We recognize the importance of your privacy and are committed to treating your personal data responsibly and in accordance with applicable laws.

DEFINITIONS

• “Personal data”: Any information about an identified or identifiable natural person (“the Website user”); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
• «Treatment»: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• “Limitation of processing”: the marking of personal data retained for the purpose of limiting their processing in the future.
• “Profiling”: any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects relating to that natural person’s professional performance, financial situation, health, personal preferences, interests, reliability, behavior, location or movements.
• “Pseudonymization: the processing of personal data in such a way that it can no longer be attributed to a data subject without the use of additional information, provided that such additional information is separately identified and subject to technical and organizational measures designed to ensure that the personal data are not attributed to an identified or identifiable natural person.
• “File”: any structured set of personal data, accessible according to specified criteria, whether centralized, decentralized or distributed functionally or geographically.
• “Data controller” or “data controller”: the natural or legal person, public authority, service or other body which alone or jointly with others determines the purposes and means of processing; if Union or Member State law determines the purposes and means of processing, the controller or the specific criteria for its appointment may be laid down by Union or Member State law.
• “Data processor” or “processor” means the natural or legal person, public authority, service or other body processing personal data on behalf of the controller.
• “Addressee”: the natural or legal person, public authority, service or other body to whom personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by such public authorities shall be in accordance with the data protection rules applicable to the purposes of the processing.

• “Third party”: natural or legal person, public authority, service or body other than the data subject, the controller, the processor and the persons authorized to process personal data under the direct authority of the controller or the processor.
• “Consent of the data subject”: any freely given, specific, informed and unambiguous expression of will by which the data subject agrees, either by a statement or by a clear affirmative action, to the processing of personal data concerning him/her.
• “Personal data security breach”: any breach of security resulting in the destruction, loss or accidental or unlawful alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data;
• “Genetic data”: personal data relating to inherited or acquired genetic characteristics of a natural person that provide unique information about that person’s physiology or health, obtained in particular from the analysis of a biological sample from such person.
• “Biometric data”: personal data obtained from specific technical processing, relating to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of that person, such as facial images or dactyloscopic data.
• “Health-related data”: personal data concerning the physical or mental health of a natural person, including the provision of health care services, revealing information about his or her health status.
• “Principal Establishment”: a) as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken in another establishment of the controller in the Union and the latter establishment has the power to implement such decisions, in which case the establishment which has taken such decisions shall be considered the main establishment;b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union or, if there is no central administration in the Union, the establishment of the processor in the Union where the main processing activities are carried out in the context of the activities of an establishment of the processor in so far as the processor is subject to specific obligations under this Regulation.
• “Representative”: a natural or legal person established in the Union who, having been appointed in writing by the controller or processor pursuant to Article 27 of the GDPR, represents the controller or processor with regard to their respective obligations under this Regulation.
• “Enterprise”: natural or legal person engaged in an economic activity, regardless of its legal form, including companies or partnerships regularly carrying out an economic activity.
• Supervisory Authorities in the European Union and Other Countries for Personal Data Protection
  According to Article 51 of the General Data Protection Regulation (GDPR), it is established that each Member State must have an independent supervisory authority. This authority is responsible for ensuring compliance with the GDPR and for protecting the rights and freedoms of individuals in relation to the processing of their personal data. The corresponding authorities for each country are listed below:

• Spain: Spanish Data Protection Agency .
• Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit .
• Austria:Österreichische Datenschutzbehörde.
• Belgium: Autorité de protection des données / Gegevensbeschermingsautoriteit .
• Bulgaria: Commission for Personal Data Protection .
• Denmark: Datatilsynet .
• Slovakia: Dataprotection Authority .
• Slovenia: Information Commissioner .
• Estonia: Estonian Data Protection Inspectorate .
• Finland:Office of the Data Protection Ombudsman.
• France: Commission Nationale de l’Informatique et des Libertés .
• Greece: Hellenic Data Protection Authority .
• Hungary: Office of the Commissioner for Fundamental Rights of Hungary .
• Ireland: Data Protection Commission .
• Italy: Garante per la Protezione dei Dati Personali .
• Latvia: Data State Inspectorate .
• Lithuania:State Data Protection Inspectorate.
• Luxembourg:Commission Nationale pour la Protection des Données.
• Malta:Information and Data Protection Commissioner.
• Netherlands: Dutch Data Protection Authority .
• Poland:Polish Data Protection Authority.
• Portugal: Comissão Nacional de Proteção de Dados (National Commission for Data Protection) .
• Romania: Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal. .
• Sweden: Swedish Authority For Privacy Protection .
• Czechia: The Office for Personal Data Protection .
• Cyprus: Office of the Commissioner for Personal Data Protection .
• Data Protection Authorities (other European countries)
• United Kingdom: Information Commissioner’s Office .
• Andorra: Andorran Data Protection Agency .
• Croatia: Croatian Personal Data Protection Agency .
• Iceland: Icelandic Data Protection Authority .
• Liechtenstein: Data Protection Office .
• Macedonia: Macedonian Personal Data Protection Commission .
• Monaco: Commission de Contrôle des Informations Nominatives .
• Norway:Datatilsynet.
• Switzerland: Federal Data Protection and Information Commissioner.
• Other International Data Protection Authorities:
• Canada: Office of the Privacy Commissioner of Canada .
• Hong Kong: Office of the Privacy Commissioner for Personal Data, Hong Kong.
  
• “Cross-border treatment”: a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, if the controller or processor is established in more than one Member State, orb) the processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
• “Information society service” means any information society service, i.e., any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.

3.-IDENTITY OF THE DATA CONTROLLER

Who collects and processes your data?

The Data Controller is the entity that, either alone or jointly with others, determines the purposes and means of the processing of personal data, in accordance with the law of the European Union or of the Spanish Member State.

• Our identification as Data Controller is: Mio Consulting Inteligencia de Negocio SLU CIF B88546015

How can you contact us?

• Postal and office address: Alfonso XI, 3. 28014, Madrid (Madrid), Spain
• Registered office: Alfonso XI, 3. 28014, Madrid (Madrid), Spain
• Email: info@mioconsulting.es- Telephone: +34 911 93 88 87

Who can help you with our Data Protection Policy?

We have a person or entity specialized in data protection, which is responsible for ensuring proper compliance in our entity of the legislation and regulations in force. This person is called the Data Protection Officer (DPO) and, if needed, can be contacted as follows:

• Auratech Legal – CIF B87984621
• Email: dpo@mio.es- Phone: 911134963

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed based on the following data protection laws and regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter RGPD.
  
• Organic Law 3/2018of December 5 on Personal Data Protection and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
  
• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce. Hereinafter LSSICE.

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

Personal data collected and processed through this Web site will be treated in accordance with the following principles:

• Principle of legality, loyalty and transparency: Any processing of personal data carried out through this Website will be lawful and fair, and it will be completely clear to the user when personal data concerning him/her are being collected, used, consulted or processed. Information regarding the treatments performed shall be transmitted in advance, easily accessible and easy to understand, in simple and clear language.
  
• Purpose limitation principle: All data will be collected for specified, explicit and legitimate purposes and will not be further processed in a manner incompatible with the purposes for which they were collected.
• Data minimization principle:The data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  
• Principle of accuracy: The data will be accurate and, if necessary, updated, taking all reasonable steps to ensure that personal data that are inaccurate with respect to the purposes for which they are processed are deleted or rectified without delay.
  
• Principle of limitation of the storage period: Data will be kept in a form that permits identification of data subjects for no longer than necessary for the purposes of processing the personal data.
  
• Principle of integrity and confidentiality: Data shall be processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss or damage, through the implementation of appropriate technical and organizational measures.
  
• Principle of proactive responsibility: The entity owning the Website shall be responsible for compliance with the principles set forth in this paragraph and shall be able to demonstrate it.

6.-SAFETY MEASURES

What do we do to ensure the privacy of your data?

Mio Consulting Business Intelligence has implemented all necessary measures to protect personal data. In addition, Mio Consulting Business Intelligence has adopted technical measures to prevent data loss, misuse, alteration, unauthorized access or data theft. However, it is important to remember that no Internet security measure is foolproof.

applies essential organizational and technical measures to ensure the security and privacy of your data, preventing its alteration, loss, processing or unauthorized access. These measures are adapted to the current state of technology, the nature of the data stored and the risks to which they are exposed. They highlight measures to ensure:

• ConfidentialityConfidentiality: Information processed by will be disclosed only to authorized persons.
• IntegrityInformation processed will be complete, accurate and protected against tampering.
• AvailabilityAccess and use of the information by authorized persons at all times, guaranteeing its continuity in the event of any eventuality.
• Rapid restoration of availability and access to personal data in case of incidents.
• Continuous evaluation of the effectiveness of technical and organizational measures to ensure the security of the processing.
• Pseudonymization and encryption of personal data, especially sensitive data.

Mio Consulting Business Intelligence is committed to promote and support the establishment of the necessary organizational and technical measures to comply with the aforementioned security standards. In addition, it manages information systems based on the following principles:

• Regulatory complianceCompliance with applicable regulations on information security, personal data protection, systems security and electronic services.
• Risk managementRisk management: Minimization of risks to acceptable levels and balance between security controls and nature of information.
• Awareness and trainingTraining and awareness programs for users with access to information.
• ProportionalityBalance between security measures, nature of the information and risks.
• ResponsibilityAll members shall be responsible for their conduct with respect to information security.
• Continuous improvement: Periodic review of the effectiveness of security controls to adapt to evolving risks and technology.

7.- PURPOSE OF THE TREATMENT

Why do we want to process your data?

The following are the uses and purposes foreseen:

Web inquiries and contacts Management and contact with users Response to queries received through the electronic form on the website

Cookies, pixels and tracking Implement web analytics to understand how users search, access and navigate. In order to perform these analyses, personal data such as the user’s IP address, connection location, navigation software and navigation functions, etc. may be processed. Obtain statistical data on users’ browsing, identify problems and analyze their preferences. Retain user preferences during their stay on a website.

Management of communications received through the complaints channel.

Establishing an internal communication channel to facilitate the delivery of information regarding irregular practices for correction and the rectification of any damages they may have caused

Informing employees and third parties about the existence of anonymous information systems on actions or omissions that may go against the legal system.

Protecting citizens who report actions or omissions that violate legal regulations, affect financial interests, or impact the internal market

Adequately protect those persons who, by communicating irregularities of which they become aware in their work or professional environment, publicize them through the organization’s whistleblower channel, thus enabling the public authorities to act and put an end to the illicit activity detected when it affects the general interest.

Investigation of complaints received Creation of a procedure for managing incoming communications that identifies this channel, sending acknowledgement of receipt and informing the informant of actions or omissions carried out Management of the logbook of communications received and of the internal investigations to which they give rise Inform the person under investigation of his or her right to submit written allegations and of the processing of his or her personal data. Conducting the necessary investigations to respond to the informant’s inquiry

How long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the retention periods foreseen are as follows:

Web inquiries and contactsFor a period of 1 year from the last confirmation of interest. The personal data provided will be kept for as long as their deletion is not requested by the interested party and is appropriate, and for as long as they are necessary – including the need to keep them during the applicable statute of limitations – or relevant for the purpose for which they were collected or recorded.

Cookies, pixels and trackingYou should access our cookie policy to know the retention time of each cookie as well as the information collected.

Management of communications received through the complaints channel. For a period of 10 years from the last confirmation of interest. After 3 months the data will be deleted if the complaint is unsuccessful. If the complaint is successful, the maximum term may not exceed 10 years.

All data processed and collected during the investigation phase are deleted after 3 months. If the complaint is successful, the maximum term may not exceed 10 years.

8.- LEGITIMACY OF THE TREATMENT

Why do we process your data?

The collection and processing of your data is always legitimized by one or more legal bases, which are detailed below:

Web inquiries and contacts

• (Art. 6.1.a GDPR) Consent of the person concerned

• LSSICE. Law 34/2002, of July 11, 2002, on services of the information society and electronic commerce… Law 34/2002, of July 11, 2002, on information society services and electronic commerce.
• RGPD and LOPDGDD. Compliance with legal obligations: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). Compliance with legal obligations: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDYGDD).

Cookies, pixels and tracking

• (Art. 6.1.a GDPR) Consent of the person concerned

Management of communications received through the complaints channel.

• (Art. 6.1.c GDPR) Fulfillment of legal obligations of the Data Controller
• Law regulating the protection of persons who report regulatory violations and the fight against corruption. Law regulating the protection of persons reporting regulatory infringements and the fight against corruption transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of Union law.
• (Art. 6.1.e RGPD) Fulfillment of a public mission or exercise of public powers conferred to the Data Controller.
• RGPD and LOPDGDD. Compliance with legal obligations: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). Compliance with legal obligations: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDYGDD).
• Organic Law 7/2021, of 26 May, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal sanctions. Organic Law 7/2021, of 26 May, on the protection of personal data processed for the purposes of the prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal penalties.

Investigation of complaints received

• (Art. 6.1.c GDPR) Fulfillment of legal obligations of the Data Controller
• Law regulating the protection of persons who report regulatory violations and the fight against corruption. Law regulating the protection of persons reporting regulatory infringements and the fight against corruption transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of Union law.
• (Art. 6.1.e RGPD) Fulfillment of a public mission or exercise of public powers conferred to the Data Controller.
• Organic Law 7/2021, of 26 May, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal sanctions. Organic Law 7/2021, of 26 May, on the protection of personal data processed for the purposes of the prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal penalties.

9.- RECIPIENTS OF YOUR DATA

To whom do we disclose your data within the European Union?

Occasionally, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:

Cookies, pixels and tracking: Companies dedicated to advertising or direct marketing

Management of communications received through the complaints channel.Other public administration bodies . External channel managed by the Independent Authority for the Protection of Whistleblowers or similar independent regional authorities with competence. Data will also be communicated to the judicial authority, the Public Prosecutor’s Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.

Investigation of complaints receivedOther public administration bodies . External channel managed by the Independent Authority for the Protection of Whistleblowers or similar independent regional authorities with competence. Data will also be communicated to the judicial authority, the Public Prosecutor’s Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.

Do we make International Transfers of your data outside the European Union?

We do not make international transfers of your data

10.- DATA PROCESSING ACTIVITIES

The data processing activities carried out through https://mio.one/ are described below, specifying:

• ActivityName of the data processing activity.
• PurposesUses and treatments carried out with the collected data.
• Legal basisLegal basis that legitimizes the data processing.
• Data processedTypes of data processed.
• SourceSource of data.
• RetentionData retention period.
• RecipientsThird parties to whom the data is transferred.
• International transfers: Data transfers outside the European Union.

10.1 -Treatment activities

These are those data processing activities whose purposes are necessary for the provision of services.

MANAGEMENT OF COMMUNICATIONS RECEIVED THROUGH THE COMPLAINTS CHANNEL.
Legal basis	(Art. 6.1.c GDPR) Fulfillment of legal obligations of the Data Controller (Law regulating the protection of persons who report regulatory infringements and the fight against corruption); (Art. 6.1.e RGPD) Fulfillment of a public mission or exercise of public powers conferred to the Data Controller (RGPD and LOPDGDDD. Compliance with legal obligation: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDYGDD), Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation, and prosecution of criminal offenses and enforcement of criminal sanctions.)
Purposes	Create an internal communication channel to allow the delivery of information on irregular practices in order to correct them and repair any damage they may have caused; Inform employees and third parties about the existence of anonymous information systems on actions or omissions that may go against the legal system; Protect citizens who report actions or omissions that violate the legal system, affect financial interests or have an impact on the internal market.To protect citizens who report actions or omissions that violate the legal system, affect financial interests or affect the internal market; To adequately protect those persons who, reporting irregularities of which they become aware in their work or professional environment, publicize them through the organization’s whistleblower channel, thus enabling the public authorities to act and put an end to the illicit activity reported when it affects the general interest.
Data categories and groups	Informants internal complaints channel (Identification data; Criminal data; Other categories).Persons allegedly involved (Identifying data; Criminal data)
Data source	The data subject themselves or their legal representative; The data is communicated by the informant themselves through the organization’s whistleblowing channel; Other individuals besides the data subject or their representative; The data is provided by the informant or becomes known during the instruction and investigation process.
Category of recipients	Other bodies of public administration; External channel managed by the Independent Authority for the Protection of Whistleblowers or by similar autonomous regional independent authorities with jurisdiction. Data will also be communicated to the judicial authority, the Public Prosecutor’s Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.
International transfer	Not foreseen
Conservation period	For a period of 10 years from the last confirmation of interest. After 3 months the data will be deleted if the complaint is unsuccessful. If the complaint is successful, the maximum term may not exceed 10 years.
Safety measures	In order to safeguard the security of the personal data of the complaints channel, the organization undertakes to maintain the security and confidentiality of the data provided and, specifically, of the data of the Whistleblowers who make a communication through the internal complaints channel, preventing access to them by those who caused the communication due to the alleged commission of actions within the organization contrary to the Law or the Code of Conduct of the entity. The organization has adopted the legally required levels of security for the Protection of Personal Data and used the technical means at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the same. Likewise, the organization informs that all its staff, regardless of the processing phase in which they are involved, has adopted the commitment to treat your data with the utmost care and confidentiality.

INVESTIGATION OF THE COMPLAINTS RECEIVED
Legal basis	(Art. 6.1.c GDPR) Fulfillment of legal obligations of the Controller (Law regulating the protection of persons who report regulatory infringements and the fight against corruption); (Art. 6.1.e RGPD) Fulfillment of a public mission or exercise of public powers conferred to the Controller (Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal sanctions).
Purposes	Creation of a procedure for managing incoming communications that identifies this channel, sending acknowledgement of receipt and informing the informant of the actions or omissions carried out; Management of the logbook of incoming communications and the internal investigations to which they have given rise; Informing the person under investigation of his right to submit written allegations and the processing of his personal data; Carrying out the necessary investigations to respond to the informant
Data categories and groups	Informants internal complaints channel (Identification data; Criminal data; Other categories).Persons allegedly involved (Identifying data; Criminal data)
Data source	The data subject themselves or their legal representative; The data is communicated by the informant themselves through the organization’s whistleblowing channel; Other individuals besides the data subject or their representative; The data is provided by the informant or becomes known during the instruction and investigation process.
Category of recipients	Other bodies of public administration; External channel managed by the Independent Authority for the Protection of Whistleblowers or by similar autonomous regional independent authorities with jurisdiction. Data will also be communicated to the judicial authority, the Public Prosecutor’s Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.
International transfer	Not foreseen
Conservation period	All data processed and collected during the investigation phase are deleted after 3 months. If the complaint is successful, the maximum term may not exceed 10 years.
Safety measures	In order to safeguard the security of the personal data of the complaints channel, the organization undertakes to maintain the security and confidentiality of the data provided and, specifically, of the data of the Whistleblowers who make a communication through the internal complaints channel, preventing access to them by those who caused the communication due to the alleged commission of actions within the organization contrary to the Law or the Code of Conduct of the entity. The organization has adopted the legally required levels of security for the Protection of Personal Data and used the technical means at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the same. Likewise, the organization informs that all its staff, regardless of the processing phase in which they are involved, has adopted the commitment to treat your data with the utmost care and confidentiality.

 

WEB INQUIRIES AND CONTACTS
Legal basis	(Art. 6.1.a RGPD) Consent of the data subject (LSSICE. Law 34/2002, of July 11, 2002, on information society services and electronic commerce, RGPD and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD).
Purposes	Management and contact with users; Response to queries received through the electronic form of the web site.
Data categories and groups	Web users (Identification data)
Data source	The interested party or his legal representative
Category of recipients	Not foreseen
International transfer	Not foreseen
Conservation period	For a period of 1 year from the last confirmation of interest. The personal data provided will be kept for as long as their deletion is not requested by the interested party and is appropriate, and for as long as they are necessary – including the need to keep them during the applicable statute of limitations – or relevant for the purpose for which they were collected or recorded.

COOKIES, PIXELS AND TRACKING
Legal basis	(Art. 6.1.a GDPR) Consent of the person concerned
Purposes	Obtain statistical data on user navigation, identify problems and analyze their preferences; Retain user preferences during their stay on a website; Implement web analytics to understand how users search, access and navigate. To perform these analytics, personal data, such as the user’s IP address, connection location, navigation software and navigation functions, etc., may be processed.
Data categories and groups	Web users (Identifying data; Other categories)
Data source	The interested party or his legal representative
Category of recipients	Companies engaged in advertising or direct marketing
International transfer	Not foreseen
Conservation period	You should access our cookie policy to learn about the retention time of each cookie as well as the information collected.

11.- DATA OF MINORS

How do we handle the data of minors?

Children under 14 years of age may not use the services offered through our website without the prior authorization of their parents, guardians or legal representatives. They shall be solely responsible for all actions carried out through the website by minors in their care, including the completion of online forms with the personal data of minors and, where appropriate, the selection of the corresponding checkboxes.

In accordance with the provisions of Article 8 of the RGPD and Article 7 of the LOPD/GDD, only persons over 14 years of age may give their consent to the lawful processing of their personal data by Mio Consulting Inteligencia de Negocio.

12.-PROVENANCE AND TYPES OF DATA PROCESSED

Where did we obtain your data?

Web inquiries and contacts

• Users of the website: The interested party itself or its legal representative

Cookies, pixels and tracking

• Users of the website: The interested party itself or its legal representative

Management of communications received through the complaints channel.

• Informants internal complaints channelThe interested party or its legal representative . The data are reported by the informant himself through the organization’s whistleblower channel.
• Persons allegedly involvedOther persons other than the person concerned or his representative . The data are provided by the informant or are known in the process of investigation and investigation.

Investigation of complaints received

• Informants internal complaints channelThe interested party or its legal representative . The data are reported by the informant himself through the organization’s whistleblower channel.
• Persons allegedly involvedOther persons other than the person concerned or his representative . The data are provided by the informant or are known in the process of investigation and investigation.

What types of data do we collect and process about you?

Web inquiries and contacts

Web users

• Identification data (E-mail address; Name and Surname; Telephone number)

Cookies, pixels and tracking

Web users

• Identifying data (IP address)
• Other categories (ID generated by Pixel or Cookie)

Management of communications received through the complaints channel.

Informants internal complaints channel

• Identification data (E-mail address; Mailing address; Name and Surname; Telephone number)
• Criminal data (Administrative infractions; Criminal infractions)
• Other categories (Telephone conversation)

Persons allegedly involved

• Identification data (Name and Surname)
• Criminal data (Administrative infractions; Criminal infractions)

Investigation of complaints received

Informants internal complaints channel

• Identification data (E-mail address; Mailing address; Name and Surname; Telephone number)
• Criminal data (Administrative infractions; Criminal infractions)
• Other categories (Telephone conversation)

Persons allegedly involved

• Identification data (Name and Surname)
• Criminal data (Administrative infractions; Criminal infractions)

13- RIGHTS OF INTERESTED PARTIES

What are your rights regarding your data?

Data protection regulations give you a number of rights regarding our use of your data. All these rights are personal and non-transferable, which means that they can only be exercised by you as the data subject, after verifying your identity.

The following are your rights:

• Right of accessFor example, you may request confirmation as to whether Mio Consulting Business Intelligence is processing your personal data and, if so, access specific information about your data and its processing.
• Right of rectificationIf you find that your personal information is inaccurate or incomplete, you may request its correction.
• Right to erasure (“right to be forgotten”): You can request the deletion of your data when they are no longer needed or if you withdraw your consent to the processing.
• Right to limitation of processingYou may request the limitation of the processing of your data, for example, while the accuracy of your personal data is being verified.
• Right to data portabilityYou have the right to receive your personal data in a structured format and to transmit it to another data controller.
• Right of oppositionYou may object to the processing of your personal data.
• Right not to be subject to automated decisions and/or profiling.You may request not to be subject to decisions based solely on automated processing.
• Right to withdraw consentAt any time, you may withdraw your consent to the processing of your data.
• Right to file complaints before the Control Authority: Spanish Data Protection Agency info@aepd.es https://www.aepd.es

To exercise any of these rights, you may contact Mio Consulting Inteligencia de Negocio using the following contact information:

• Responsible: Mio Consulting Business Intelligence SLU

• Address: Alfonso XI, 3. 28014, Madrid (Madrid), Spain
• Phone: +34 911 93 88 87
• E-mail: info@mioconsulting.es
• Website: https://mio.one/

You can also exercise your rights with the Data Protection Officer:

Email: dpo@mio.es -Telephone: 34 91 1134963

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so by sending an email to these addresses: dpo@mio.es / info@mioconsulting.es or a postal mail to : Alfonso XI, 3. 28014, Madrid (Madrid), Spain

How can you file a complaint if you feel your rights are not being respected?

In addition to your rights, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a complaint with the relevant Supervisory Authority. Contact details are provided below:

• Spanish Data Protection Agency
  C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
  Email: info@aepd.es- Phone: 912663517
  Web: https://www.aepd.es

For example, if you live in Germany, you can contact Berliner Beauftragte für Datenschutz und Informationsfreiheit. In Austria, the Österreichische Datenschutzbehörde is the appropriate entity. For the competent authority in other countries, please refer to section 2 of this policy where all the control authorities are listed along with their links.

14.-ACCEPTANCE AND PRINCIPLE OF INFORMATION

This document, by being made available to you, indicates that you understand and agree to all of the terms of our privacy policy. However, acceptance is not always based exclusively on consent, but may be based on different legitimate grounds, such as the fulfillment of a contract, legitimate interests, legal obligations, among others. This is in line with the information principle pursuant to Article 13 of the GDPR.

Acceptance of our Privacy Policy is effected by checking the “Read and Accept” checkbox.

Mio Consulting Inteligencia de Negocio SLU reserves the right to modify this Privacy Policy, either on its own initiative or due to changes in legislation, jurisprudence or guidelines from the Spanish Data Protection Agency. Spanish Data Protection Agency or other European control authorities. Any change or update to this Policy that affects the purposes, retention periods, data transfers to third parties or international transfers, or any user rights, will be explicitly communicated.

This policy will be continuously maintained, updated and adapted to meet the needs of Mio Consulting Business Intelligence and its strategic risk management principles. It will be reviewed periodically or in the event of significant changes to ensure its adequacy and effectiveness.

Last update:January 25, 2024