legal INFORMATION

Legal Notice

Site Owner

Company: CARFIG ENGINEERING, S.L. (hereinafter, VISENDUM® TECHNOLOGICAL WOOD)

Tax Identification Number (CIF): B25740531 registered in the Mercantile Registry of Zaragoza, volume 4405, folio 162, entries 1 and 2, sheet Z-65508.

Registered Office: Plataforma Logística PLAZA- C/ Caravís 40 50197 Zaragoza (Spain)

Contact: Email address: info@visendum.com

Websites and web pages:

Main Website: visendum.com

Social Profiles:

Facebook
Twitter
Instagram
LinkedIn
YouTube

Website Content

The literary content of the Website is offered under the license indicated in the footer. Excluded from this license are all non-literary content, those for which another applicable license is indicated, distinctive signs (trademarks, trade names, etc.), and the template, whose credits appear in our /humans.txt and whose authorship and usage license must be consulted on the website linked from there.

Responsibility for Website Content

The Website contains texts created for informational or educational purposes only, which may not reflect the current state of legislation or case law and which refer to general situations, so their content can never be applied by the user to specific cases. The opinions expressed therein do not necessarily reflect the views of VISENDUM® TECHNOLOGICAL WOOD. The content of the articles published on this Website can never be considered a substitute for legal advice. The user should not act on the basis of the information contained on this Website without first seeking the corresponding professional advice.

The external links contained on this Website lead to sites managed by third parties. VISENDUM® TECHNOLOGICAL WOOD is not responsible for the content or status of such sites. The use of external links also does not imply that VISENDUM® TECHNOLOGICAL WOOD recommends or approves the content of the destination pages.

Regulations and Conflict Resolution

These Terms of Use of the Website are governed in all respects by Spanish law. The language of drafting and interpretation of this legal notice is Spanish. This legal notice will not be individually archived for each user but will remain accessible via the Internet on this same Website.

Users who are consumers or users as defined by Spanish regulations and reside in the European Union, if they have a problem with an online purchase made from VISENDUM® TECHNOLOGICAL WOOD, to try to reach an out-of-court agreement, they can use the Online Dispute Resolution Platform, created by the European Union and developed by the European Commission under Regulation (EU) 524/2013.

Whenever the User is not a consumer or user, and when there is no rule that obliges otherwise, the parties agree to submit to the Courts and Tribunals of Madrid, as this is the place of conclusion of the contract, with express waiver of any other jurisdiction that may correspond to them.

Supplier Management

The responsible party has suppliers who provide services such as office rental, web hosting, and email services, among others.

1. Collective

The individuals whose data are processed are the sellers or service providers, or if they are companies, the contact persons.

2. Data Categories

The types of data processed for this activity are as follows:

Identifying information: Name and surname, ID number, address, telephone number, image, and signature.
Employment details: Entity or organization and position held.
Economic-financial data: Banking details.

3. Purposes of Processing

The purpose of the processing is the management and control of the relationship with suppliers.

4. Legal Basis

5. Third Parties with Access to Data

Third parties indicated in the cross-cutting treatments may access the data, as appropriate.

6. Recipient Category

The data may be communicated to financial entities and to the State Tax Administration Agency.

7. International Transfer

International transfers indicated in the records of cross-cutting treatment activities are made as long as the data subject provides data through the controller's website or social media profiles or sends a communication to the controller or receives one from the controller.

No other international transfers of data are planned.

8. Deletion Period

They will be kept for as long as necessary to fulfill the purpose for which they were collected and to determine any liabilities that may arise from said purpose and the processing of the data.

9. Data Protection Officer

A Data Protection Officer is not required for this treatment, considering the data processed and how the responsible party executes it, in accordance with the provisions of article 37 of the General Data Protection Regulation and article 34 of Organic Law 3/2018.

10. Impact Assessment

An Impact Assessment is not required for this treatment, considering the data processed and how the responsible party executes it, in accordance with the provisions of article 35 of the General Data Protection Regulation and article 28 of Organic Law 3/2018.

11. Risk Analysis

A risk analysis on data security has been conducted. The security measures are as described above. Periodically and whenever there is a change, the effectiveness of the implemented security measures is reviewed and evaluated. This evaluation is also performed whenever there is an update to the systems. For logical measures, the collaboration of an IT team is available.

Job Provision

In the event of hiring an applicant or granting an internship, the appropriate processing record would be prepared beforehand. For now, the only processing carried out in this regard is the reception of applications.

1. Collective

The individuals whose data are processed are applicants for internships or jobs.

2. Data Categories

The types of data processed for this activity are as follows:

Identifying information: Name and surname; ID, tax identification number, or identification document; social security number; address, signature, and telephone number.
Special categories of data: health data (disabilities).
Personal characteristics data: Gender, marital status, nationality, age, date and place of birth, and family data.
Academic and professional data: Degrees, education, and professional experience.
Job and career detail data.

3. Purposes of Processing

The purpose of the processing is personnel selection.

The controller will analyze the documents submitted by the candidate, all content that is directly accessible through search engines (Bing, Yandex, Google, Baidu, DuckDuckGo, etc.), profiles maintained on professional social networks (LinkedIn, Xing, Viadeo, etc.), data obtained in access tests, and information revealed in the job interview, with the aim of evaluating their candidacy and, if applicable, offering them a position. This analysis may be carried out to discover and evaluate candidates needed for certain positions or tasks.

4. Legal Basis

This data processing is justified by the fact that it is necessary for the performance of a contract in which the data subject is a party or for the application at the request of the data subject of pre-contractual measures (art. 6.1.b of the General Data Protection Regulation). When it is mandatory to check the background of the data subject, the processing will be based on compliance with a legal obligation applicable to the data controller (art. 6.1.c of the General Data Protection Regulation). The proactive search for candidates and details about them in third-party databases is based on the legitimate interest of discovering them to fill positions or to better understand if the position fits their profile (art. 6.1.f of the General Data Protection Regulation). Labor regulations, especially the Workers' Statute, will be taken into account in the processes.

5. Third Parties with Access to Data

Third parties indicated in cross-cutting treatments may access the data, as appropriate.

6. Recipient Category

No recipients are foreseen.

7. International Transfer

No other international transfers of data are planned.

8. Deletion Period

They will be kept for as long as necessary to fulfill the purpose for which they were collected and to determine any liabilities that may arise from said purpose and the processing of the data. If the candidate is not selected, the controller may keep their resume stored for a maximum of two years to include it in future calls, unless the candidate expresses otherwise or expresses a desire for it to be kept for longer.

9. Data Protection Officer

10. Impact Assessment

11. Risk Analysis

"The owner of the Website has prepared this legal notice on their own initiative based on the legal texts available under CC By License at www.pablofb.com."

Privacy policy

Protection of Personal Data

In compliance with the information duty established in Article 10 of Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce, the following information is provided: the company owning the website domain is CARFIG ENGINEERING S.L. (hereinafter VISENDUM® TECHNOLOGICAL WOOD), with address for these purposes at Plataforma Logística PLAZA- C/ Caravís 40 50197 Zaragoza (Spain), Tax Identification Number (CIF): B25740531 registered in the Mercantile Registry of Zaragoza volume 4405, sheet 162, entries 1 and 2, sheet Z-65508.

Contact email: info@visendum.com of the website.

How to exercise your rights: Users can send a written communication to the fiscal address of VISENDUM® TECHNOLOGICAL WOOD or to the email address indicated in the header of this legal notice, including in both cases a photocopy of their ID card or other similar identification document, to exercise their rights, which are as follows:

Right to request access to personal data: I will inform you if I am processing your data or not, and if so: what data, how I obtained them, for what purpose I process them, if I have communicated them, the storage period… Additionally, I will inform you about the other rights you have and the possibility of filing a complaint with the Spanish Data Protection Agency (AEPD).
Right to request rectification (if they are inaccurate) or deletion.
Right to request the limitation of their processing, in which case they will only be kept by VISENDUM® TECHNOLOGICAL WOOD for the exercise or defense of claims.
Right to object to the processing. VISENDUM® TECHNOLOGICAL WOOD will stop processing the data in the manner you indicate unless compelling legitimate reasons or the exercise or defense of possible claims require them to continue processing.
Right to data portability. If you want your data to be processed by a third party, VISENDUM® TECHNOLOGICAL WOOD will provide you with the portability of your data to the new controller.

Models, forms, and more information about the aforementioned rights: Official website of the Spanish Data Protection Agency.

Possibility to withdraw consent: In the event that consent has been given for a specific purpose, you have the right to withdraw consent at any time, without affecting the legality of the processing based on the consent given prior to its withdrawal.

How to complain to the Control Authority: If a user believes that there is a problem with the way VISENDUM® TECHNOLOGICAL WOOD is handling their data, they can direct their complaints to the corresponding data protection authority, with the Spanish Data Protection Agency being the appropriate one in the case of Spain.

Security measures applicable to all treatments

The processing of personal data is carried out by VISENDUM® TECHNOLOGICAL WOOD always after applying appropriate technical and organizational measures to guarantee a level of security adequate to the risk. With each of them, confidentiality, integrity, availability, and permanent resilience of the processing systems and services are ensured. Likewise, regular processes of verification, evaluation, and assessment of the effectiveness of the technical and organizational measures to guarantee the security of the processing are carried out. A complete audit is conducted annually.

The minimum measures that VISENDUM® TECHNOLOGICAL WOOD applies are as follows:

a) Physical:

Clean desk policy.
Minimal use of paper or similar media.
Own printer or one with a password if third parties have access to the output tray.
Own cross-cut shredder for documents.
Own fireproof cabinets with specific locks.
Documents classified and labeled.
Workplaces protected with security measures both own and contracted to third parties, with no access for unauthorized persons.

b) Logical:

Only and always original, updated, and officially licensed software. Automatic updates are enabled whenever the system allows it.
Terminals that are for dual use will have an exclusive profile for professional purposes.
Disk encryption and, additionally, file encryption.
Ability to restore availability and access to personal data quickly in case of physical or technical incidents through a specific service contracted to a trusted provider, which includes incremental backups for each change made and complete backups performed periodically both by the same provider and, monthly, by the data controller themselves.
Firewall and updated endpoint protection systems on all terminals.
VPN contracted to a trusted provider for all terminals.
Mobile anchoring, except on trusted networks.
Different passwords in each application, changed periodically and stored encrypted in an official password manager provided by a trusted provider and reinforced with its own private key.
2FA systems in applications and websites.
PGP signature available for info@visendum.com.
Common protection tools: user locked when not in use, privacy filter for screens, screensaver with password lock, and USB shield to prevent data synchronization, among others.

Security measures are periodically reviewed, both manually and through specific software.

The VISENDUM® TECHNOLOGICAL WOOD website has SSL TLS v.1.2 encryption and its own security systems as well as others contracted to third parties also trusted. The status of security measures is periodically reviewed manually and through specific solutions both installed and online (examples: SSL Labs, Sucuri o HTBridge, Security Headers, Cookie Checker).

c) Organizational:

VISENDUM® TECHNOLOGICAL WOOD processes data by itself and, where appropriate, through third parties duly authorized by the data subjects or with whom it maintains data processing contracts adapted to current regulations.

d) Training:

For professional reasons, training in data protection, cybersecurity, and related matters is continuous.

Criteria for the use of digital devices

Email and other data storage or communication instruments, as well as fixed or mobile terminals, are exclusively work tools provided by VISENDUM® TECHNOLOGICAL WOOD for the performance of work or commercial functions, according to the contract, and may not be used for personal, domestic, or professional purposes other than those agreed upon. VISENDUM® TECHNOLOGICAL WOOD may make backups and access the content derived from the use of these means solely for the purpose of monitoring compliance with labor, statutory, or contractual obligations and ensuring the integrity of such devices. In any case, access will be made in accordance with data protection regulations and ensuring the protection of the privacy of those affected.

Users may not allow third-party access to the accounts and devices entrusted to them by VISENDUM® TECHNOLOGICAL WOOD for reasons of their employment or commercial relationship. Once the reason for the delivery has ceased, the user's credentials will be withdrawn, and the content will be deleted, being blocked for the appropriate time. Messages received in those accounts will be redirected to an institutional (info@) or organizational (marketing@) account, not assigned to a particular person but controlled by VISENDUM® TECHNOLOGICAL WOOD or, until its cessation, the person designated by it.

Data deletion protocol and support destruction

Data in local, as well as backup copies of these on storage servers, are deleted in those intended for the provision of email services and in backup media located in places other than the workplace or habitual residence. Cases where the responsible party requests the return and when there is legal justification, which will be documented in each case, for maintaining or safeguarding the data beyond the provision of the service are excluded. Support destruction will be done physically ensuring the impossibility of extracting data.

Actions in the event of security breaches

When personal data security breaches occur, such as theft of documents or unauthorized access to personal data, the controller will notify the Spanish Data Protection Agency within 72 hours of such data security breaches, including all necessary information to clarify the facts that led to the unauthorized access to personal data. The notification will be made electronically through the electronic headquarters of the Spanish Data Protection Agency.

Web and Email Security Activity

The controller analyzes user behavior while browsing the website and various social profiles to prevent and block logical attacks.

1. Collective

Users accessing websites or social profiles managed by the controller.

2. Data Categories

The types of data processed for this activity are as follows:

IP addresses.
Browser user agent string.

3. Purposes of processing

To analyze user behavior while browsing the website and various social profiles in order to prevent and block logical attacks.

4.Legal basis

This data processing is justified by the necessity for the fulfillment of legitimate interests pursued by the data controller (Art. 6.1.f of the General Data Protection Regulation). In particular, these legitimate interests consist of preventing the destruction or alteration of data and systems, as well as preventing access blockage or unauthorized processing by third parties.

5. Third parties with data access

Automattic Inc.

Description:S. entity adhering to the Privacy Shield (see Google's profile on the Privacy Shield), with its own privacy policy.
Contact information: 60 29th Street #343, San Francisco, CA 94110, United States of America. Form.
International transfer:
Treatments through the controller's websites
- Akismet: When visitors leave comments on the website, data displayed in the comment form, along with the visitor's IP address and browser user agent string, are collected to aid in spam detection.

Google LLC

Description:S. entity adhering to the Privacy Shield (see Google's profile on the Privacy Shield), with its own privacy policy.
Contact information: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid. Form.
International transfer: Yes.
Treatments:
- Google Services (Gmail, YouTube, etc.): The U.S. company has implemented and maintains intrusion defense and anti-malware systems in the various services used by the controller.

Defiant Inc

Description:S. entity not adhering to the Privacy Shield, with its own privacy policy, with which the controller has signed this data processing contract.
Contact information: 800 5th Ave., Suite 4100, Seattle, WA 98104. Form.
International transfer:
Treatments:
- Wordfence: Security plugin for WordPress (CMS used by the controller) through which the U.S. company receives data from all users browsing and interacting with the main website.

Smart Human Capital SL

Description: Spanish entity with which the controller has signed a data processing contract.
Contact information: Calle del Jazmín 66, Floor 5, 28033 Madrid, Spain. Form.
International transfer:
Treatments:
- Cyber Hawks Team: Intrusion attempts are made periodically to try to find flaws in the system. A solution is planned and tested in case data is altered or deleted due to this activity.

6. Recipient category

No data communications are planned.

7. International transfer

International transfers to the U.S. companies indicated in the "Third parties with data access" section are planned.

The international transfers indicated in the records of cross-cutting processing activities are made as long as the data subject provides data through the controller's website or social profiles or sends a communication to or receives one from the controller.

No other international transfers of data are planned.

8. Deletion period

Data are deleted after the following retention periods have elapsed:

Automattic Inc: approximately 30 days (privacy policy).
Google LLC: approximately 26 months (privacy policy).
Defiant Inc: approximately 90 days (data processing contract).
Smart Human Capital SL: In case data is obtained, a copy of it will be delivered to the controller, deleting the original data immediately (data processing contract).

However, data may be retained for longer periods to address any liabilities that may arise from data processing or user activities.

9. Data protection officer

Not required for this processing, considering the data processed and how the controller executes it, as provided for in Article 37 of the General Data Protection Regulation and Article 34 of Organic Law 3/2018.

10. Impact assessment

Not required for this processing, considering the data processed and how the controller executes it, as provided for in Article 35 of the General Data Protection Regulation and Article 28 of Organic Law 3/2018.

11. Risk analysis

A risk analysis of data security has been conducted. The security measures are as described above. The effectiveness of implemented security measures is reviewed and evaluated periodically and whenever changes occur. This evaluation is also done whenever there is an update to the systems. For logical measures, the collaboration of an IT team is enlisted.

Attention to the Rights of Data Subjects

The processing consists of the necessary procedures related to the exercise of rights by third parties regarding their data included in files whose processing is the responsibility of the controller wholly or partially.

1. Data Subjects

The individuals whose data is processed are those, including representatives of legal persons, who submit a request to exercise their rights to VISENDUM® TECHNOLOGICAL WOOD.

2. Categories of Data

The types of data processed for this activity include:

Name and surname: ID, Tax ID or identifying document; physical address; email address, and signature.
Other data: Those included in the exercise or necessary due to the provision of the service, which may include special categories of data and data relating to criminal convictions and offenses.

3. Purpose of Processing

The purpose of the processing is the necessary procedures related to the exercise of rights by third parties regarding their data included in files whose processing corresponds to VISENDUM® TECHNOLOGICAL WOOD wholly or partially.

4. Legal Basis

The legal basis for this data processing is that it is necessary for compliance with a legal obligation applicable to the data controller, according to Article 6.1.c) of the General Data Protection Regulation.

5. Third Parties with Access to Data

Third parties indicated in cross-sectional treatments may access the data, as appropriate.

6. Recipient Category

No recipients are foreseen.

7. International Transfers

International transfers indicated in the records of cross-sectional treatment activities are made as long as the data subject provides data through the controller's website or social profiles or sends a communication to or receives it from the controller.

No other international transfers of data are planned.

8. Data Retention Period

Data will be retained for the time necessary to fulfill the purpose for which it was collected and to determine any liabilities that may arise from that purpose and the data processing.

9. Data Protection Officer

A Data Protection Officer is not required for this treatment, considering the data processed and as executed by its controller, in accordance with the provisions of Article 37 of the General Data Protection Regulation and Article 34 of Organic Law 3/2018.

10. Impact Assessment

An impact assessment has been carried out only for cases in which the affected data is part of a treatment that inherently requires it, in accordance with the provisions of Article 35 of the General Data Protection Regulation and Article 28 of Organic Law 3/2018. In these cases, it has been included as a separate section.

11. Risk Analysis

A risk analysis of data security has been prepared as an integral part of the impact assessment. The security measures are as referred to above. The effectiveness of the implemented security measures is reviewed and evaluated periodically and whenever there is any change. This evaluation is also carried out whenever there is an update to the system. For logical measures, the collaboration of an IT team is available.

Política de Cookies

Trackers

On this website, the controller uses trackers for technical purposes (for example, to mitigate risks related to security).

1.- What are fingerprinting, pixels, and cookies?

What is passive browser fingerprinting: The browser through which the user wishes to view a webpage provides the server with some data, which can be used for browsing statistics, including IP address, port, requested file type, language and character configuration, as well as the originating website and operating system.

What is active browser fingerprinting: Active browser fingerprinting allows the server to obtain additional data, in addition to that acquired through its passive version, such as screen size or the set of extensions installed by the user in their browser, enabling comprehensive analytics that facilitate user identification.

What are tracking pixels: The tracking pixel, web beacon, or transparent gif is an image embedded on the website that, when loaded in the user's browser, allows partial tracking of their browsing activity.

What are cookies: Cookies are files created in the user's browser to record part of their activity on the website.

2.- Types and purpose of fingerprinting, pixels, and cookies used on this website

Passive browser fingerprinting: The controller, through the server from which this website is offered, obtains some data related to the user's browsing, including IP address, port, requested file type, browser, and language and character configuration. This data acquisition is carried out solely for the purpose of serving the requested file or website, after which the data is immediately deleted. For more information on the data processing carried out, please refer to the security activity log on the website and in emails.

Tracking pixels: Through the website, tracking pixels could collect data about the user's browsing, such as links clicked or pages visited. This information is collected by the website owner through Automattic for security purposes (never for analytical or advertising purposes). For more information on the data processing carried out, please refer to the security activity log on the website and in emails.

Technical cybersecurity cookies: This website may use technical cookies for cybersecurity purposes (never for analytical or advertising purposes) to block attacks. For more information on the data processing carried out, please refer to the security activity log on the website and in emails.

3.- How to delete cookies or avoid being monitored by pixels or fingerprinting

How to delete cookies: You can configure your browser to block cookies (manuals: Firefox, Chrome, IE, Safari...) or use TOR.

How to avoid being monitored by tracking pixels (Do Not Track): This website is adapted to the Do Not Track standard in 'SuperClean' mode to try to ensure greater privacy for users who have activated this option in their browser. In addition, users who wish can install and configure Ghostery or other similar extensions in their browser to block pixels at no cost.

How to minimize monitoring by fingerprinting: Users are encouraged to use the TOR browser or a reliable VPN.

4.- Additional information:

Spam prevention analytical system: This website has implemented the reCAPTCHA API, which collects software and hardware information, such as application and device data, and sends it to Google for analysis. This information is used to improve the reCAPTCHA service and overall security. It will not be used to post personalized Google ads.

User identification: The fingerprinting, cookies, and tracking pixels used by the Controller do not allow them to identify users.

Shared responsibility on social networks: Regarding the processing related to the initial data collection of users, VISENDUM® TECHNOLOGICAL WOOD shares responsibility with the owners of the social networks indicated and linked on the website's tab "website owner." In relation to this processing, the owners of the social networks are the main responsible parties for receiving requests for the exercise of rights by data subjects. Once this data is collected, each of the owners of the social networks will process the data autonomously as indicated in their respective privacy policies.

Web and Social Media Analytical and Advertising Activities

Analyzing user navigation through the websites and social media profiles managed by the controller in order to improve communication activities and allow third parties to learn from the user and display personalized advertising for their own and the controller's economic benefit.

Joint Responsibility on Social Media: VISENDUM® TECHNOLOGICAL WOOD is jointly responsible, along with the owners of the social networks indicated and linked on the "website owner" tab, for the initial data acquisition of users. These owners are the main responsible parties for data management and receipt of requests for the exercise of rights by data subjects. Once this data is collected, each of the social media owners will independently process the data as indicated in their respective privacy policies.

1. Data Subjects

Users accessing websites or social media profiles are managed by the controller.

2. Categories of Data

The types of data processed for this activity include:

Browser user agent string and a list of IP addresses, along with graphs and total values on user navigation across each page of the website. This data is shown in a disaggregated manner, preventing the controller from identifying users.
Third parties entrusted with this treatment may have access to user identification data by connecting their browsing activities with other information they possess.

3. Purposes of Processing

Processing is carried out for two linked purposes:

Analytical purpose: Analyzing user navigation through websites and social media profiles managed by the controller to implement improvements in communication activities. It also allows third parties to understand this user activity.
Advertising purpose: Allowing third parties to learn from the user and display personalized advertising to the user for the economic benefit of the controller.

4. Legal Basis

The legal basis for this data processing is that it is necessary for the legitimate interests pursued by the data controller (Article 6.1.f of the General Data Protection Regulation). In particular, these legitimate interests consist of obtaining information to improve the controller's activities and generating income through the controller's and third-party advertising systems.

5. Third Parties with Access to Data

Google LLC:

Description: Google LLC is a US-based entity adhering to the Privacy Shield. It manages its own privacy policy.
Contact Information: Torre Picasso, Plaza Pablo Ruiz Picasso, 1, 28020 Madrid. It also provides a contact form.
International Transfer:
Treatments:
- FeedBurner: Provides analysis through the service of automatic updates or subscription via feed of the Website. This service is managed by FeedBurner, of Google LLC. Interested parties provide their email after explicitly giving their consent to the proposed transfer and being informed about the possible risks due to the absence of a decision of adequacy and adequate guarantees.
- YouTube: Offers analysis of video views through the Google Analytics service.

Twitter Inc:

Description: Twitter Inc is a US-based entity adhering to the Privacy Shield. It has its own privacy policy.
Contact Information: 1355 Market Street #900 San Francisco, California 94103. It offers a contact form.
International Transfer:
Treatments:
- Twitter Analytics: Provides an analytical service for each user interaction with the responsible party's publications on the Twitter social network. It generates a global interaction analysis report, which is made available to the responsible party.

ilertec.com

Description:com is a Spanish entity with its own privacy policy.
Contact Information: Carrer Riu Besòs 6 Altell 1, 25001 Lleida.
International Transfer: No.

6. Recipient Category

No data communications are planned.

7. International Transfers

International transfers to the US companies mentioned in the "Third Parties with Access to Data" section are planned.

8. Data Retention Period

Data is deleted after the following retention periods:

Google LLC: approximately 26 months (privacy policy).
Twitter: for as long as necessary (privacy policy).
Ilertec (privacy policy)

However, data may be retained for longer periods to address potential liabilities arising from data processing or user activities.

9. Data Protection Officer

10. Impact Assessment

An impact assessment is not required for this treatment, considering the data processed and as executed by its controller, in accordance with the provisions of Article 35 of the General Data Protection Regulation and Article 28 of the Organic Law 3/2018.

11. Risk Analysis

A risk analysis has been conducted on data security. The security measures are as referred to above. The effectiveness of the implemented security measures is reviewed and evaluated periodically and whenever there is any change. This evaluation is also carried out whenever there is an update to the system. For logical measures, collaboration with an IT team is available.