JubiERP Privacy Policy

1. Introduction

JubiERP is a registered trademark by David Biescas Gaspar. We are committed to providing exceptional service through our ERP software products. An essential aspect of our service includes responsible handling of personal information. We understand the importance of privacy and are dedicated to safeguarding the personal data of our users, strictly complying with privacy laws and regulations.

 

2. Who is the Data Controller?

David Biescas Gaspar, with DNI 76920559A and registered address at Ramiro I de Aragón 22, 8ºB, ZIP 50017, Zaragoza, Spain, will be the controller (hereinafter, the "Data Controller") of your data in accordance with the information provided in this Privacy Policy:

  • Name: David Biescas Gaspar.

  • Address: Ramiro I de Aragón 22, 8ºB.

  • DNI: 76920559A.

  • Email: dbiescas@jubierp.com.

 

3. What data is processed, for what purpose, and why?

Depending on the data collection channel or the means by which you interact with the Data Controller, your data may be processed for the following purposes:

3.1. Responding to inquiries

Purpose – Processing purpose: The purpose of processing is to address and respond to inquiries made by website users.

Legal basis – Applicable legal basis: The legal basis for this purpose is the consent granted by voluntarily contacting us.

Data – Type of data: The data processed for this purpose includes your identifying, contact, and/or professional data, as well as any information contained in the inquiry, which is necessary for responding to you.

Source – Origin: The data processed for this purpose is obtained from you when you fill out contact forms on the website or send an email to the contact address provided.

Who it pertains to – Categories of data subjects: The data processed for this purpose pertains to website users submitting inquiries and any other affected parties whose data has been provided by the inquiry sender.

Duration – Retention period: The data processed for this purpose will be retained based on the general retention criteria detailed in the following section of this Policy. We collect and process a variety of personal data to provide our services, which includes managing user accounts, providing customer support, and enhancing the user experience. Data is collected through various channels, such as website forms, customer interactions, and service records.

3.2. Creating your first JubiERP store

Purpose – Processing purpose: The purpose of processing is to create a user account for our ERP for the customer.

Legal basis – Applicable legal basis: The legal basis for this purpose is the contractual relationship between the user and us.

Data – Type of data: The data processed for this purpose mainly includes identifying information, as follows:

Source – Origin: The data processed for this purpose is obtained from you when you complete the new store creation forms on the website.

Who it pertains to – Categories of data subjects: The data processed for this purpose pertains to website users completing the form to create the first store, as well as certain individuals related to the companies holding the JubiERP account.

Duration – Retention period: The data processed for this purpose will be retained based on the general retention criteria detailed in the following section of this Policy.

3.3. Maintenance and management of the website and JubiERP software owned by the Data Controller, its security, and user access

Purpose – Processing purpose: The purpose of processing is to keep our website and the JubiERP software active and technically managed, protect them from security incidents and malicious attacks, and generally enable free and continuous access to them by all internet users.

Legal basis – Applicable legal basis: The legal basis for this purpose is the legitimate interest of the Data Controller, as the owner, to ensure the availability and security of its web pages for all internet users who visit them, in accordance with relevant legal and usage notices.

Data – Type of data: The data processed for this purpose generally includes pseudonymized data obtained directly from the devices used by the user to access and browse the Data Controller's website, which is strictly necessary to fulfill the stated purpose.

Source – Origin: The data processed for this purpose is directly obtained from users who access and browse the website or software owned by the Data Controller.

Who it pertains to – Categories of data subjects: The data processed for this purpose pertains to users accessing and browsing the website and software owned by the Data Controller, as well as individuals related to them.

Duration – Retention period: The data processed for this purpose will be retained based on the general retention criteria detailed in the following section of this Policy.

3.4. Sending periodic newsletters or newsletters as well as promoting services.

Purpose – Processing purpose: The purpose of processing is to send periodic newsletters by email upon the data subject's request, about activities carried out by the Data Controller and content generated by it through its various areas.

Legal basis – Applicable legal basis: The legal basis for this purpose is the consent given upon subscribing to periodic newsletters.

Data – Type of data: The data processed for this purpose includes your identifying, professional, and contact information necessary to send you the newsletter.

Source – Origin: The data processed for this purpose is obtained from newsletter subscription forms included on the website.

Who it pertains to – Categories of data subjects: The data processed for this purpose pertains to website users subscribing to newsletters.

Duration – Retention period: The data processed for this purpose will be retained based on the general retention criteria detailed in the following section of this Policy.

 

4. How long is data retained?

In general, we will retain your data for the time necessary to fulfill each purpose described in each processing activity and to determine possible liabilities that may arise from that purpose.

In any case, your data will be retained according to the retention criteria or specific periods described in each processing activity of your data, and, if applicable, while you do not withdraw the consent granted and/or object to its processing.

 

5. Who are the data recipients? Are international data transfers made?

To execute the described processing purposes, we may use authorized subcontractors acting on behalf and in the name of the Data Controller, as data processors (e.g., internet service providers, data hosting and technical support providers, email providers, general service providers, and physical security providers, etc.) and contractually subject to our instructions, solely for the lawful purposes described and for the period strictly necessary.

Additionally, if there is a legal obligation or requirement that mandates it, we may disclose your data to competent public authorities in accordance with that obligation or legal requirement.

Generally, we do not make international transfers of your personal data. When authorized subcontractors acting on behalf and in the name of the Data Controller or the aforementioned recipients are located or process your data outside the European Economic Area, we will carry out an international transfer of your data in accordance with data protection regulations. Generally, we avoid making international transfers, and your data will be processed within the European Economic Area. However, if it becomes necessary, we will adopt organizational, technical, and contractual measures necessary to ensure data protection and security, such as signing with the authorized subcontractor or third-party recipient the European Commission's Standard Contractual Clauses, conducting impact assessments on the international transfer to evaluate risks and adopt mitigation measures, encrypting data in transit or at rest, pseudonymizing data subject to the international transfer, enabling the data subject to directly claim damages against the authorized subcontractor or third-party recipient, etc.

 

6. What rights do you have as a data subject?

As a data subject, data protection regulations grant you rights over your data that, as applicable, you may exercise against us. Below, we detail what these are and how you can exercise them. Additionally, you can find more information on the Spanish Data Protection Agency's website (www.aepd.es) and download templates to exercise each of them.

6.1. Right to withdraw consent

You have the right to withdraw your consent for the processing of your data for purposes based on that legal basis, at any time and in an easy way.

6.2. Right of access

You have the right to request details of the data we hold about you and how we process it, as well as to obtain a copy of it.

6.3. Right to rectification

You have the right to obtain the rectification of your inaccurate or erroneous data, as well as to complete any incomplete data.

6.4. Right to erasure

You have the right to request the deletion or erasure of your data and information under certain circumstances. However, please note that there are certain situations in which we are legally permitted to continue retaining and processing your data, for example, to fulfill a legal data retention obligation.

6.5. Right to restriction

You have the right to restrict or limit the processing of your data under certain circumstances. For example, if data erasure applies, but instead of deleting them, you prefer that we block them and process them solely for retention purposes, as you will need them later to file a claim. Again, please note that there may be occasions where we are legally authorized to deny your request for restriction.

6.6. Right to object

You have the right to object to our processing of your data for a specific purpose, in certain circumstances provided for in the regulations and related to your personal situation.

6.7. Right to data portability

You have the right to request that we provide your personal data in a structured, commonly used, machine-readable, and interoperable format so that you can transfer them to another data controller, provided that we process your data by automated means.

6.8. Right not to be subject to automated individual decisions

You have the right to request that, under certain circumstances, you are not subject to a decision based solely on automated processing of your data, including profiling, which produces legal effects on you or similarly significantly affects you.

In general, you can exercise them at any time and free of charge by contacting the Data Controller at dbiescas@jubierp.com. Likewise, generally, automated opt-out mechanisms for communications and other options for withdrawal of consent and opposition will be made available to the user.

For this, it is essential to note that when exercising a right, you will generally need to specify clearly which right you are exercising and provide a copy of a document proving your identity.

Any exercise of rights will be responded to within a maximum period of one month, which may be extended by two months if necessary, taking into account the complexity of the request and the number of requests.

Finally, if you do not agree with how the Data Controller processes your data, you have the right to file a complaint with the national supervisory authority, the Spanish Data Protection Agency, whose contact details are as follows:

Spanish Data Protection Agency

C/ Jorge Juan, 6 – 28001 Madrid

www.aepd.es

 

7. Further Data Processing and Changes to the Privacy Policy

The Data Controller reserves the right to update this Privacy Policy at any time. This update will be made public by the Data Controller, with the legally required notice before it takes effect. Additionally, it will be directly communicated to the data subject if it affects their rights or freedoms or when, for example, the inclusion of a new processing activity requires consent from the data subject or modifies the scope of the legitimate interest enabling processing.