Checkealos GDPR Notice

Checkealos GDPR

This GDPR Notice will inform you of our legal bases for processing your Personal Data, onward transfers of your Personal Data and which additional rights you have regarding the processing of your Personal Data. Checkealos processes Personal Data both as a Processor and as a Controller (as defined in the European Union’s General Data Protection Regulation (“GDPR”)) as follows:

  –  Checkealos is the Controller of Customer Data and Participant Account Data, as well as Recording Data for Tests developed by Checkealos.

  –  With respect to Recording Data collected during Customer’s utilization of the Platform and Services, the Customer is the Controller in accordance with GDPR and Checkealos is the Processor. As such, Checkealos collects Recording Data on behalf of the Customer and the Platform enables the Customer to view the Recording Data that is correlated with demographic information (such as age range, gender, country or state). Customer does not see the Recording Data as correlated to any other Participant Account Data.

Categories of Recipients of Personal Data

The categories of recipients of Personal Data with whom we may share your personal data are listed in the How we share your personal data section of the Checkealos Privacy Policy.

Purposes of Procession and Legal Bases

Legal Basis

Checkealos uses your Personal Data for a number of different purposes, as explained in Section 2 of the Checkealos Privacy Policy. Some are essential for us to provide the Services you use or to fulfill our legal obligations. Some help us run the Services efficiently and effectively and some enable us to provide you with more relevant and personalized offers and information. In all cases we must have a Legitimate Business Purpose and a legal ground for processing your Personal Data. Some of the most common legal grounds we rely on are briefly explained below:

  –  Performance of a Contract: we may process your Personal Data for the purposes of a contract to which you are a party, in other words your ability to use the Services. For instance, if you want to be a Participant, we need to process your Personal Data, including your payment information, in order to enable you to do so and to pay you.

  –  Legitimate Business Purposes: we may process Personal Data where it is necessary for our legitimate business interests as listed in the Checkealos Privacy Policy, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. When we rely on these legal bases, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under applicable data protection laws.

  –  Consent: Checkealos may rely on consent where it is required, such as with respect to Recording Data being accessible to Customers and certain information collected via cookies and similar technologies (other than strictly necessary cookies), or when we are asking you to confirm your marketing preferences. When we rely on consent, you’ll be asked to confirm that you give your permission to Checkealos to process your Personal Data. Details of the processing, such as why Checkealos would like to process your data, how it will be used and if your Personal Data will be shared, will be provided at the time of asking you for your consent. You have the right to withdraw your consent at any time if you no longer wish to have Checkealos process your Personal Data.

  –  Legal Obligation: Checkealos will on occasion be under a legal obligation to obtain and disclose your Personal Data. Where possible, we will notify you when processing your data due to a legal obligation, however this may not always be possible. For instance, Checkealos may need to provide your data in order to prevent criminal activity or help to detect criminal activity, in which case we may share information with law enforcement. This is done in a safe and secure manner. It’s essential that Checkealos complies with its legal, regulatory and contractual requirements, so if you object to this processing, Checkealos will not be able to provide its Services to you.

Purpose of Processing 1.
To provide you access to and user of the Services, including registering Participant

  • Type of Personal Data Used for Purpose
    • Participant Account Data
    • Customer Data
  • Legal Basis
    • Performance of a Contract

Purpose of Processing 2.
To improve and enhance your experience with the Services, including the content and general administration of the Services.

  • Type of Personal Data Used for Purpose
    • Visitor Data 
    • Recording Data 
    • Participant Account Data 
    • Customer Data
  • Legal Basis
    • Legitimate Business Purpose

 

Purpose of Processing 3
To retain records as may be required for tax, legal and financial purposes.

  • Type of Personal Data Used for Purpose
    • Only such information as may be required
  • Legal Basis
    • Compliance with a Legal Obligation

Purpose of Processing 4
To understand how you access, use and interact with the Services in order to provide technical functionality, develop new products and services, and analyze your use of the Services.

  • Type of Personal Data Used for Purpose
    • Visitor Data
    • Recording Data
    • Participant Account Data
    • Customer Data
    • Tracking Data
  • Legal Basis
    • Legitimate Business Purpose

Purpose of Processing 5
To communicate with you.

  • Type of Personal Data Used for Purpose
    • Visitor Data
    • Participant Account Data
    • Customer Data
    • Information from Third Parties
    • Customer Data
    • Tracking Data
  •  Legal Basis
    • Performance of a Contract
    • Legitimate Business Purpose

Purpose of Processing 6
To provide you with customer support in connection with your use of the Services.

  • Type of Personal Data Used for Purpose
    • Customer Data
    • Participant Account Data
  • Legal Basis
    • Performance of a Contract

Purpose of Processing 7
To detect fraud, illegal activities or security breaches.

  • Type of Personal Data Used for Purpose
    • Only such information as may be required
  • Legal Basis
    • Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

Purpose of Processing 8
To receive and make payments.

  • Type of Personal Data Used for Purpose
    • Participant Account Data
    • Customer Data
  • Legal Basis
    • Performance of a Contract

Purpose of Processing 9
To provide information to regulatory bodies when legally required, and only as outlined in this Privacy Policy.

  • Type of Personal Data Used for Purpose
    • Only such information as may be required
  • Legal Basis
    • Legitimate Business Purpose, but in some cases the processing may be required for Compliance with a Legal Obligation

Staying in Control of Your Information: Your Rights

If the GDPR applies to you, you have certain rights in relation to your Personal Data:

  • The right to be informed – our obligation to inform you that we process your personal data (and that’s what we’re doing in this Privacy Policy);
  • The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’);
  • The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your account settings);
  • The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business purpose or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you);
  • The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data;
  • The right to data portability – your right to ask us for a copy of your personal data in a common format (for example, a .csv file);
  • The right to object – your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing); and
  • Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.

These rights are subject to certain rules around when you can exercise them. If you are located in the EU or European Economic Area (EEA) and wish to exercise any of the rights set out above, please contact us at info@checkealos.com.

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances. We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Please note that if we are unable to reasonably confirm your identity, we will not be able to honor certain requests.

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.

In addition, if you no longer wish to receive our marketing/promotional information you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.

Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.

If you are a user in the EU or EEA, you may also contact our representative in the European Union: User Experience SL at info@checkealos.com.

 

Updates

Under certain circumstances (for example with certain material changes) we will provide notice to you of these changes and, where required by applicable law, we will obtain your consent. Notice may be by email to you, by posting a notice of such changes on our apps and websites, or by other means consistent with applicable law.

Subprocessors
Checkealos engages the products and services of other vendors. As a step in ensuring GDPR compliance, Checkealos has reviewed and continues to assess vendors for compliance assurances. Customers can login to view current vendors and status here. 

  • Amazon Web Services – Datacenter service provider
  • Auth0 – Service provider used for Single Sign-On integrations
  • Google – Use of tracking technologies to improve the website user’s experience (Google Analytics)
  • ZOHO- Customer relationship management (CRM) platform
  • ZOHO – Marketing tool used to send commercial emails
  • Zoom – Video communications infrastructure used in moderated studies

 

Contact Us If you have questions, comments, or concerns about Checkealos or this GDPR Notice, please email us at: info@checkealos.com.

User Experience SL
Address:C/ Imagen 6 6ºC
41003
Sevilla
Last updates: 31 December 2020