Privacy Policy

‍

‍

1. Data Controller information

Graphext Labs, S.L. is the personal data processing Controller in order to provide you the services identified in this website (the “Website”).

Graphext Labs, S.L. is a company with registered office at domiciled at Av. Andalucía, 2, 3ºA, 18014 (Granada), Spain and its NIF is B98724479. 

Graphext is committed to the fundamental right to the protection of your personal data and this privacy policy is intended to inform you of your rights.

We inform you that Graphext has a Data Protection Officer in accordance with the GDPR, who is at your disposal for any doubts or queries you may have in relation to this matter, and whom you may contact by sending an e-mail here: dpo@graphext.com 

‍

2. What information will we collect from you?

You should be aware that there are different ways to collect personal data: 

a) The data you provide directly to us 

We collect information about you when you contact us through the channels provided for this purpose, such as the register or contact form, or when you send us your CV to work with us. 

When you contact us through these channels, we will ask for your consent to obtain your email address, name and surname, our country of residence, date of birth, gender, NIF, and other information about your professional and academic profile in case you are applying to work with us.

All the fields marked with an asterisk (*) in the provided forms will be mandatory, the omission of any of them could lead to the impossibility of us being able to provide the services requested. You must not provide false information, and it is forbidden to impersonate anyone or to use an alias or anonymous name. 

You may not, when providing any information that may be requested from you, choose expressions that are offensive, coinciding with brands, tradenames, names or pseudonyms of public figures or celebrities for whose use you are not authorized. 

It is essential to keep your reference data, passwords and access codes generated. You will be the one responsible for the use of your personal account, and in this regard, you must use this information in a diligent way, not to make it available to third parties, and to inform us, without delay, of its loss or theft. 

In order to ensure that the information provided is always up to date and correct, you must notify Graphext as soon as possible of any modifications of your personal data by sending an e-mail here: dpo@graphext.com 

By clicking on the “I accept” (or equivalent) button incorporated in the mentioned forms, you declare that the information you have provided is accurate and truthful.

b) Data obtained indirectly 

When you visit our Website, different cookies and other tracking devices may be installed on your device. For more information, you can read our Cookies Policy.

‍

3. Where do we get your data?

We consider that all the data processed by Graphext has been provided to us freely. 

In the event that you provide us third person’s data, you guarantee you have previously obtained their authorisation for that communication, and that they have been informed of this Privacy Policy and of the purposes abovementioned. You also guarantee that the information provided is accurate and up to date, and you are responsible for any direct or indirect damage or harm that may be caused as a result of non-compliance with this obligation.

‍

4. How will we use your personal information and what services will we provide you?

Graphext acts as the data Controller for the following purposes: 

Based on the management of the contractual or precontractual relationship: 

‍

• To manage the provision of the products that we market on our Website, and to attend any incident or request related to them.
• To manage shipments and after-sales services. 
• To manage user’s registration on our website, as well as allow their access to their private area.
• To manage the services provision and to attend information requests.
• To manage the exercise of user’s rights.
• To evaluate CVs received and manage selection processes.

Based on the Graphext’s legitimate interest: 

‍

• To send commercial communications, such as promotions or discounts for future bookings or purchases.
• To keep you informed about the products and services provided by Graphext, as well as to send you news, events and other activities carried out in Graphext, related to these products or services that may be of your interest.
• To review our products and services and, if necessary, to contact the users if a possible fraud or identity theft is detected.

Based on the user’s consent: 

‍

• To do segmentation and profiling tasks according to user’s interests and through the analysis of the use of the offered services, such as browsing history or actions made through the website, in order to adapt the offers and promotions to each client. 
• To send commercial communications, such as promotions or discounts for future bookings or purchases.
• To keep you informed about the products and services provided by Graphext, as well as to send you news, events and other activities carried out in Graphext, related to these products or services that may be of your interest.
• To carry out periodic reviews of our services and carry out satisfaction surveys in order to evaluate and improve the quality of the service we provide. 

However, if you do not wish your data to be processed for any of these purposes, you may object at any time by contacting us at dpo@graphext.com, as indicated in the Rights Management section of this Privacy Policy. 

‍

5. Data transfers and international transfers.

We transfer your personal data only when it is necessary for the fulfilment of the abovementioned purposes, or in order to comply with a legal obligation:

‍

• To public administrations, judicial administration or to law enforcement agencies, in compliance with legal obligations applicable to us.
• To postal services providers, in order to deliver your purchased products or services. 
• To payment services providers (including financial institutions, banks, payment gateways, etc.), when necessary.
• To IT services, infrastructure or tools providers (hosting providers, CRMs, e-mailing services companies, etc.).

We sign specific contracts with all our services providers, as stablished by the applicable regulations.

Every data transfer is guaranteed to be secure, by adopting the necessary legal safeguards, either because data will be received in a country that offers an adequate level of data protection, either because other safeguards, such as European Commission’s Standard Contractual Clauses, have been adopted.

‍

6. Exercising your rights.

We inform you that you will be able to exercise the following rights:

the rights of access, rectification or erasure, restriction of processing, right to object, to data portability, to object and not to be subject to a decision based solely on the automated processing, as well as to withdraw the consent given.

‍

• Rights of access: the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and to the processing operations carried out with them.
• Right to rectification:  the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
• Right to erasure (“right to be forgotten”): the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. 
• Right to restriction of processing: right to obtain from the controller restriction of processing when the accuracy, lawfulness or necessity of the data processing is in doubt, in which case, we may retain the data for exercise or defence of claims.
• Right to data portability: the right to receive your personal data in a structured, commonly used and machine-readable format; and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
• Right to object: right to object processing of your personal data when the legal basis that enables us to process them is the legitimate interest, unless it is necessary for the establishment, exercise or defence of legal claims.
• Right not to be subject to a decision based solely on automated processing, including profiling.
• Right to withdraw the consent given to Graphext.

You can exercise your rights at any time and for free in the following ways: 

• By sending an e-mail to dpo@graphext.com, with your identification data and the indication about the concrete right you wish to exercise.
  

• By sending a written request to the address Av. Andalucía, 2, 3ºA, 18014 (Granada), Spain, with your identification data and the indication about the concrete right you wish to exercise.
  

• In addition, you can unsubscribe from our commercial communications system by clicking on the unsubscribe section that you will find in it.

In case that you consider that we are in any way in infringement of data protection regulations regarding the processing of your personal data, you have the right to lodge a complaint with the Spanish Supervisory Authority: www.aepd.es

Also, if you want to be excluded from any commercial communication system you can sign up for the “Robinson List” (www.listarobinson.es), the advertising exclusion system managed by the Spanish Association for the Digital economy (ADIGITAL), where you can avoid that your data is used for sending you any commercial communications.

‍

7. Retention periods and Cookies.

We will only keep your data for as long as necessary to provide you with our services. Any other information you provide us will be blocked as long as it is no longer necessary to manage our services and will only be available if there is a legal obligation to do so (derived from a request from the appropriate authorities) and when you exercise your rights by e-mailing dpo@graphext.com 

Regarding the personal data obtained by Cookies installation, you can have more information about its processing by visiting our Cookies Policy.

‍

8. Security and confidentiality.

In Graphext, we guarantee the security of your information. In order to avoid unauthorized access or unauthorized disclosure of personal data, we have undertaken appropriate technical and physical measures and management processes to safeguard and secure the information we collect from you.

‍

9. Minors

Minors under the age of 14 may not use the services available through the Website without the prior authorization of their parents, guardians or legal representatives, who shall be solely responsible for all acts performed through the Website by the minors in their care, including the filling of forms with the personal data and the marking of the boxes accompanying them. In this regard, and to the extent that Graphext is not able to control user’s age, it shall be the parents and guardians who shall enable the necessary mechanisms to prevent minors from accessing the Website and/or providing personal data without their supervision. For this reason, Graphext shall not accept any liability in this regard.

‍

10. Update of the privacy policy

We do our best to keep our privacy policy fully updated on a monthly basis. If we make changes, they will be clearly identifiable (for example: we may communicate changes to you by email). 

This privacy policy has been reviewed and published as of frebuary 1st, 2023. 

‍

‍

‍