Privacy policy

This Privacy Policy describes KEYNEMA’s approach to Privacy and provides information on how KEYNEMA collects, uses, processes, and discloses personal information in accordance with the following Spanish legislation:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data (GDPR);
  • Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD);
  • Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE);
  • General Telecommunications Law and Intellectual Property Law.

If the User has any questions about this Privacy Policy or wishes to exercise any of their privacy rights, they may contact Customer Service at info@keynema.com.

What does this privacy policy cover?

This Privacy Policy describes how KEYNEMA uses personal information to provide the audiovisual project management service through its Website, software, and applications.

Who is responsible for processing personal data?

KEYNEMA is the data controller for the personal data collected by Keynema: KEYNEMA APPS, SL, with NIF: B44586477, and registered in the Commercial Registry of Barcelona with the following registry data: Volume 48611, Folio 56, Sheet 589996, whose representative is: Keynema (hereinafter referred to as the Data Controller). The contact details are as follows:

  • Address: CALLE DIPUTACION, 362, 5th Floor, Door 4, 08013, BARCELONA, BARCELONA, CATALONIA, SPAIN
  • Contact phone: 658971391
  • Contact email: info@keynema.com

The User’s personal data will not be shared with third parties. In any case, at the time personal data is obtained, the User will be informed about the recipients or categories of recipients of the personal data.

How will personal data be recorded?

In compliance with the provisions of the GDPR and LOPD-GDD, we inform you that the personal data collected by Keynema, through the forms on its pages, will be incorporated and processed in our file in order to facilitate, expedite, and fulfill the commitments established between Keynema and the User, or to maintain the relationship that is established in the forms they complete, or to respond to a request or inquiry. Additionally, in accordance with the GDPR and LOPD-GDD, unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities will be maintained, specifying, by their purposes, the processing activities carried out and other circumstances established in the GDPR.

What personal data is processed?

For the proper functioning of the website, the following categories of data, as well as the accesses that the User authorizes by consenting to these privacy and data protection policies, are detailed below:

  • Contact information: name, email address, phone number, and address.
  • Financial data: billing address, credit/debit card number, bank account details.
  • Identifiers and legal documents: passport, identity document, national identification number.
  • Personal characteristics: nationality, date of birth, gender.
  • Location data: GPS location, tracking data.
  • Communication data: instant messaging data.
  • Images and recordings: photos, videos, sounds.
  • Views and opinions: survey responses, testimonials, non-political, religious, or philosophical opinions.
  • Technical identifiers: IP address, MAC address, username, passwords.
  • Aggregated data: statistical or demographic data for any purpose. Aggregated Data could be derived from the User’s personal data, but the law does not consider them personal data because they do not reveal the User’s identity directly or indirectly. For example, Usage Data may be aggregated to calculate the percentage of Users who access a specific feature of the website. However, if Aggregated Data is combined or linked with the User’s personal data in a way that could identify them directly or indirectly, the combined data is treated as personal data and will be used in accordance with this privacy policy.

What is the legal basis for data processing?

  • Consent: The legal basis for processing personal data is consent. Keynema is committed to obtaining the User’s explicit and verifiable consent for the processing of their personal data for one or more specific purposes.

    The User has the right to withdraw their consent at any time. It will be as easy to withdraw consent as it is to give it.

    On occasions when the User must or may provide their data through forms to make inquiries, request information, or for reasons related to the Website’s content, they will be informed if completing any of them is mandatory because they are essential for the proper development of the operation carried out.

  • Legitimate interests: A legitimate interest arises when there is a commercial or business reason to use your information, provided it does not override your own rights and interests.
  • Legal obligations: Processing is necessary to comply with the law.

What are the purposes of processing personal data?

Personal data is collected and managed by Keynema to facilitate, expedite, and fulfill the commitments established between the Website and the User or to maintain the relationship established in the forms they complete, or to respond to a request or inquiry.

Additionally, the data may be used for commercial purposes, personalization, operational and statistical purposes, and activities related to Keynema’s business objectives, as well as for the extraction, storage of data, and marketing studies to tailor the Content offered to the User and improve the quality, functionality, and navigation of the Website.

At the time personal data is obtained, the User will be informed of the specific purpose or purposes for which the personal data will be used, that is, the use or uses that will be made of the information collected.

What are the retention periods for personal data?

Personal data will only be retained for as long as necessary for the purposes of their processing, unless the User requests their deletion.

Is it possible to process personal data of minors?

No, only those over 14 years old may give their consent for the lawful processing of their personal data by Keynema. If the person is under 14 years old, parental or guardian consent will be required for the processing, and this will only be considered lawful to the extent they have authorized it.

What are the rights derived from the processing of personal data?

The User has the right to Keynema and may, therefore, exercise before the Data Controller their rights of access, rectification, deletion, restriction of processing, data portability, opposition, and the right not to be subject to a decision based solely on automated processing.

The User may exercise their rights by sending a written communication to the Data Controller with the reference “GDPR-www.keynema.com,” specifying:

  • User’s first and last name and a copy of their ID. In cases where representation is accepted, the representative must also provide their identification through the same means and provide a document proving the representation. The photocopy of the ID may be replaced by any other legally valid means that certifies identity.
  • A request specifying the reasons for the request or the information to which access is sought.
  • Address for notification purposes.
  • Date and signature of the requester.
  • Any document supporting the request.

This request and any other accompanying documents may be sent to the following address and/or email:

Postal address: CALLE DIPUTACION, 362, 5th Floor, Door 4, 08013, BARCELONA, BARCELONA, CATALONIA, SPAIN
Email: info@keynema.com

The User has the right to file a complaint with the Spanish Data Protection Agency (AEPD) if they believe that the processing of their personal data does not comply with current regulations. For more information, you can visit the AEPD’s website at http://www.agpd.es.

Are International Data Transfers carried out?

As a general rule, data processed by Keynema is not shared with third-party recipients. However, Keynema may collaborate with other entities and share data with them:

  • Keynema may use CRM platforms, with which certain User data may be shared to optimize connection and organization, as well as to determine customized or similar audiences within their own environments for personalized commercial communications.
  • Payment service providers or collaborators that provide duly authorized and regulated banking services. For processing payment operations and depending on the payment method chosen by the User, these services may retain and process your data to complete payment operations as part of the essential execution of the contractual relationship with the collaborator. For managing bank accounts by third-party collaborators, using payment services, including payments via transfer or credit card, User data may need to be shared. This communication must be considered within the exclusive contractual relationship between the User and the third-party collaborator, and therefore the specific Terms and Conditions of that collaborator will apply.
  • To comply with certain legal obligations, your data may need to be communicated to law enforcement agencies, public bodies, courts, or competent authorities.
  • User data may be shared with potential buyers and other interested parties in case of a merger or corporate restructuring, such as an acquisition, joint venture, transfer, spin-off, or divestiture. In such a case, Keynema will ensure data protection measures are taken.

Furthermore, Keynema may collaborate with service providers, granting them access to User data but never for their own purposes. In selecting providers, Keynema seeks to choose those who provide sufficient guarantees for the adequate processing of data. The various categories of providers that Keynema may use include:

  • Marketing and advertising services (e.g., personalized mailing, survey management, event management).
  • Payment services.
  • Analytical services.
  • Platforms for managing contracts or agreements, including their signing.
  • CRM platform provision.
  • Cybersecurity services.
  • Services for determining commercial profiles and/or classifying our leads and organizational customers.
  • Financial, accounting, auditing, consulting, and tax and legal advisory services.

When Keynema processes data, it is hosted and processed within the territory of the EU. If international data transfers outside the European Economic Area (EEA) are carried out, the data collected by Keynema will be transferred to data processors in third countries, as defined in Article 44 of the GDPR. Primarily, such transfers will be based on a European Union adequacy decision pursuant to Article 45 of the GDPR. If there is no adequacy decision to transfer your data to the third country, other safeguards under Chapter V of the GDPR will be applied. Primarily, data will be transferred based on current standard contractual clauses. However, other GDPR measures may be used, provided they ensure adequate protection of the User’s data, which the User can consult upon request.

2.1. Confidentiality and Security of personal data

Keynema is committed to adopting the necessary technical and organizational measures according to the appropriate level of security for the risk of the data collected, ensuring the security of personal data and preventing the destruction, loss, or accidental or unlawful alteration of personal data transmitted, stored, or otherwise processed, or the unauthorized communication or access to such data.

However, since Keynema cannot guarantee the invulnerability of the internet or the absence of hackers or others who may fraudulently access personal data, the Data Controller is committed to notifying the User without undue delay if a personal data security breach is likely to result in a high risk to the rights and freedoms of natural persons. As established in Article 4 of the GDPR, a personal data security breach refers to any security breach that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Personal data will be treated as confidential by the Data Controller, who undertakes to inform and ensure by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom the information is made accessible.

Security Incident Response Policy: In the event of a personal data security breach, Keynema will notify affected users without undue delay and, in any case, no later than 72 hours after becoming aware of the breach. Additionally, the relevant supervisory authority will be notified according to GDPR requirements.

What security measures are in place?

Keynema has implemented state-of-the-art security standards to prevent unauthorized access, maintain data accuracy, and ensure the proper use of information. Organizational measures are also applied to protect your data.

These same standards or security norms are also applied when working in collaboration with business and technology partners. Only data processors and third-party providers who have adequate security measures and provide sufficient guarantees are selected, including technical and organizational measures, to ensure the proper protection of the data entrusted to them.

Additionally, internally, Keynema ensures that any member of its team who has access to User data has signed a non-disclosure agreement or clause and established internal measures and processes, such as continuous training and a set of policies that are frequently updated to ensure data security, as well as the confidentiality, availability, and resilience of Keynema’s systems and services. Among other measures, a management procedure and incident response plan are highlighted in case any vulnerability is detected in our systems/software that may affect your personal data.

2.2. Links to third-party websites

The Website may include hyperlinks or links that allow access to third-party websites other than Keynema and therefore are not operated by Keynema. The owners of such websites will have their own data protection policies, and they will be responsible for their own files and privacy practices.

2.3. Changes to this web privacy policy

It is necessary for the User to have read and agreed to the conditions regarding the protection of personal data contained in this Privacy Policy and to accept the processing of their personal data so that the Data Controller can proceed with such processing in the manner, within the timeframes, and for the purposes indicated. The use of the Website will imply acceptance of its Privacy Policy.

Keynema reserves the right to modify its Privacy Policy, at its discretion, or due to legislative, jurisprudential, or doctrinal changes by the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. It is recommended that the User periodically check this page to stay informed of the latest changes or updates.

Let me know if you need any adjustments or further translations!