GDPR Notice

Last updated 21 September 2021 

This GDPR Notice will inform you of our legal bases for processing your Personal Data, onward transfers of your Personal Data and which additional rights you have regarding the processing of your Personal Data.

Checkealos processes Personal Data both as a Processor and as a Controller (as defined in the European Union’s General Data Protection Regulation (“GDPR”)) as follows:

    • Checkealos is the Controller of Customer Data and Participant Account Data, as well as Recording Data for Tests developed by Checkealos.
    • With respect to Recording Data collected during Customer’s utilization of the Platform and Services, the Customer is the Controller in accordance with GDPR and Checkealos is the Processor. As such, Checkealos collects Recording Data on behalf of the Customer and the Platform enables the Customer to view the Recording Data that is correlated with demographic information (such as age range, gender, country or state). Customer does not see the Recording Data as correlated to any other Participant Account Data.

Categories of Recipients of Personal Data

The categories of recipients of Personal Data with whom we may share your personal data are listed in the How we share your personal data section of the Checkealos Privacy Policy.

Purposes of Processing and Legal Bases

 

Checkealos uses your Personal Data for a number of different purposes, as explained in  the Checkealos Privacy Policy. Some are essential for us to provide the Services you use or to fulfill our legal obligations. Some help us run the Services efficiently and effectively and some enable us to provide you with more relevant and personalized offers and information. In all cases we must have a Legitimate Business Purpose and a legal ground for processing your Personal Data. Some of the most common legal grounds we rely on are briefly explained below:

    • Performance of a Contract: we may process your Personal Data for the purposes of a contract to which you are a party, in other words your ability to use the Services. For instance, if you want to be a Participant, we need to process your Personal Data, including your payment information, in order to enable you to do so and to pay you.
    • Legitimate Business Purposes: we may process Personal Data where it is necessary for our legitimate business interests as listed in the Checkealos Privacy Policy, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. When we rely on these legal bases, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under applicable data protection laws.
    • Consent: Checkealos may rely on consent where it is required, such as with respect to Recording Data being accessible to Customers and certain information collected via cookies and similar technologies (other than strictly necessary cookies), or when we are asking you to confirm your marketing preferences. When we rely on consent.

      Purpose of Processing for Customers

      Type of Personal Data Used for Purpose

      Legal Basis

      To provide you access to and use of the Services  registering as a Customer 

      Customer Data such as email address, name, phone number, company name. 

      Performance of a Contract

      To improve and enhance your experience with the Services, including the content and general administration of the Services.

      Account Data

      Customer Data

      Legitimate Business Purpose

      To retain records as may be required for tax, legal and financial purposes.

      Only such information as may be required

      Compliance with a Legal Obligation

      To understand how you access, use and interact with the Services in order to provide technical functionality, develop new products and services, and analyze your use of the Services.

      Visitor Data

      Customer Data

      Tracking Data 

      Legitimate Business Purpose

      To communicate with you.

       

      Customer Data

      Performance of a Contract

      Legitimate Business Purpose

      To provide you with customer support in connection with your use of the Services.

      Customer Data

      Performance of a Contract

      To detect fraud, illegal activities or security breaches.

      Only such information as may be required

      Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

      To receive payments.

      Customer Data

      Performance of a Contract

      To provide information to regulatory bodies when legally required, and only as outlined in this Privacy Policy.

      Only such information as may be required

      Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

       

       

       

      Purpose of Processing for Testers

      Type of Personal Data Used for Purpose

      Legal Basis

      To provide you access to and use of the Services, including registering as a Participant

      Participant Account Data 

      Performance of a Contract

      To improve and enhance your experience with the Services, including the content and general administration of the Services.

      Visitor Data

      Recording Data

      Participant Account Data

      Legitimate Business Purpose

      To retain records as may be required for tax, legal and financial purposes.

      Only such information as may be required

      Compliance with a Legal Obligation

      To understand how you access, use and interact with the Services in order to provide technical functionality, develop new products and services, and analyze your use of the Services.

      Visitor Data

      Recording Data

      Participant 

      Legitimate Business Purpose

      To communicate with you.

      Visitor Data

      Participant Account Data

      Performance of a Contract

      Legitimate Business Purpose

      To provide you with customer support in connection with your use of the Services.

       

      Participant Account Data

      Performance of a Contract

      To detect fraud, illegal activities or security breaches.

      Only such information as may be required

      Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

      To  make payments.

      Participant Account Data

      Performance of a Contract

      To provide information to regulatory bodies when legally required, and only as outlined in this Privacy Policy.

      Only such information as may be required

      Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

       

Staying in Control of Your Information: Your Rights

If the GDPR applies to you, you have certain rights in relation to your Personal Data:

    • The right to be informed – our obligation to inform you that we process your personal data (and that’s what we’re doing in this Privacy Policy);
    • The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’);
    • The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your account settings);
    • The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business purpose or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
    • The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data;
    • The right to data portability – your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
    • The right to object – your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
    • Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.

 

These rights are subject to certain rules around when you can exercise them. If you are located in the EU or European Economic Area (EEA) and wish to exercise any of the rights set out above, please contact us at [email protected].

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.

We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Please note that if we are unable to reasonably confirm your identity, we will not be able to honor certain requests.

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.

In addition, if you no longer wish to receive our marketing/promotional information you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.

If you are a user in the EU or EEA, you may also contact our representative in the European Union: User Experience SL at [email protected].

Updates

Under certain circumstances (for example with certain material changes) we will provide notice to you of these changes and, where required by applicable law, we will obtain your consent. Notice may be by email to you, by posting a notice of such changes on our apps and websites, or by other means consistent with applicable law.

Subprocessors

Checkealos engages the products and services of other vendors. As a step in ensuring GDPR compliance, Checkealos has reviewed and continues to assess vendors for compliance assurances. Customers can login to view current vendors and status here.

For more information on subprocessor data, click here.

 

Contact Us

If you have questions, comments, or concerns about Checkealos or this GDPR Notice, please email us at: [email protected].

User Experience SL B90117466

Address: C/ Imagen 6 6ºC 41003 Sevilla