Portada » Privacy policy and Personal data protection

PRIVACY POLICY AND PERSONAL DATA PROTECTION

Privacy Statement With this privacy statement Seven Worlds Events & Congresses S.L. sets out its policy on the use of the information you have provided:

• What information is collected and for what purpose and through what technical means: Seven Worlds Events & Congresses S.L. only collects personal information to the extent necessary to achieve a specific purpose. The information will not be reused for a purpose incompatible with that described.
• Who discloses your data: Seven Worlds Events & Congresses S.L. It will only disclose the information to third parties if it is necessary for the fulfillment of the purpose stated above and only to the persons (or categories of persons) mentioned..
• How long your data is kept: Seven Worlds Events & Congresses S.L. It only keeps your data for the time necessary to fulfill the purpose of your business or for subsequent processing, blocked during the legally established periods.
• What are the security measures taken to safeguard your information against possible abuse or unauthorized access: Seven Worlds Events & Congresses S.L. has adopted the legally required personal data protection security levels, and has installed all the technical means and measures at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of the personal data provided to Seven Worlds Events & Congresses S.L.. The company will inform you of this, upon written request, signed by the petitioner and sent to Calle Espalter 6, 28014 Madrid.
• Who to contact if you have questions or complaints: You can contact the webmaster of the website, by non-anonymous email at the address info@7worlds.es
• The family of Internet sites on the www.7worlds.es site offers links to third-party sites. Since there is no control over these links, we suggest you carefully read their privacy practices.

USE OF OUR APP

The app is provided and maintained by «ANNOUNCE», a communication platform for convention management operated by our German provider Promptus, located at Tölzer Straße 17, 83677 Reichersbeuern, Germany.

The use of our APP can be done anonymously, without entering any personal data. ANNOUNCE stores only a user token (similar to a website cookie) to identify returning users and show you the app based on your own settings. Anonymous data is used to analyze user behavior and, based on it, improve the application.

The requests made from the app automatically generate entries in the web server’s log -of the same type as when a web page is opened- and, likewise, when external content from a third party is requested.

Because the entry in this registry (log) has a standard format, it always contains the same defined set of information about that user action, such as: date, time, referrer, client IP address, user agent, etc. The log file is stored on the Announce server. This information is generated during any data transfer to and from the internet. IP address anonymization is not yet possible as the server would not be able to return the required information without this address.

This set of information is used exclusively to ensure error-free execution of the application and is overwritten after a maximum of 180 days.

The app requests permission to send push notifications so that users can be informed about actions, offers, etc. during its time of use. The acceptance of this permission is completely voluntary and can be revoked at any time from the preferences of the operating system of the user’s terminal.

For certain features, the app requests permission to access the user’s location. Acceptance of this permission is voluntary. This location data is sent to the ANNOUNCE servers. This data is used anonymously to improve the experience of using the app. This information is not shared with third parties.

The permission for the use of the location data can be revoked at any time from the preferences of the operating system of the user’s terminal.

For more information on ANNOUNCE data protection, please visit the website http://announce-app.com/privacy

Firebase Analytics and App Incident Reporting The iOS and Android apps use Firebase Analytics, an analytics web service provided by Google Inc, (1600 Amphitheater Parkway Mountain View, CA 94043, USA, “Google”). The app uses a token, similar to a web cookie (Instance ID), to recognize the device within Firebase Analytics and to enable analysis of your use of the app. The token is unique within the app and is not preserved when the app is reinstalled or the mobile device is reset. We have disabled the collection of Ad IDs and Identifiers, so persistent recognition and/or tracking between apps or user devices is not possible. Information about the use of the app from this Instance ID is sent to Google servers in the USA. The IP address used during use is shortened before leaving the EU or EEA. Only in exceptional cases does this reduction take place in the USA. The IP address transmitted by the app is not linked to any other data at Google. Google will use this data to analyze the use of the app on behalf of ANNOUNCE and compile reports for ANNOUNCE (our Provider). These reports are anonymized. Therefore, they do not contain personal data and do not allow the identification of individual users. Instead, the data is aggregated on top of that collected from all users. These reports include, for example, the frequency of use, the place of use and the content viewed. With the help of these reports, ANNOUNCE will improve the quality of the product. This also explains or justifies ANNOUNCE’s legitimate interest in data processing. The legal basis for the use of Firebase Analytics is § 15 para. 3 TMG and Art. 6 para. 1 liter f GDPR. The collected data will be deleted after 2 months. For the reports of incidents of the app, we use «Firebase Crashlytics», which sends the aforementioned Instance ID during the use of the app. When an incident occurs, the App will also send reports to Google servers to help us improve the quality of the app by allowing us to analyze these incidents in detail within the app. The legal basis for the use of Firebase Crashlytics is § 15 para. 3 TMG and Art. 6 para. 1 liter f GDPR. The data collected will be deleted after 90 days. You can opt out of this data analysis at any time by deactivating the «Tracking» function in the app settings. This action prevents the future collection of your data and its transmission to Google. You will need to disable this setting on all devices where you use our app. Also if you delete and then reinstall the app on a device you must disable tracking again. More information about the current privacy policy of Google and Firebase can be seen at the addresses https://www.google.de/policies/privacy/ and https://firebase.google.com/support/privacy.

Reservations in the app

Within the app we can offer a reservation service within the conventions. The entry of the name and surname as well as the reservation number is mandatory in this case, in accordance with the legal requirements. If necessary, your personal data is requested for the reservation process. Under no circumstances is this information requested if it is not necessary to execute the reservation. The data entered is required for the proper functioning of both the reservation system at the convention and to prevent abuse in its use.

Anonymous booking data will also be used to analyze booking behavior to improve this functionality.

The data will be stored using the legal retention time and will be deleted once it has expired.

Personal data will only be sent to our technical provider and, if necessary, to external providers related to the reservation but will never be transferred to third parties.

“Pinboard” contact board functionality in the app

The app offers a contact board functionality between its users called «Pinboard» where they can exchange messages with each other. In order to use this functionality, an email address and a username (of free choice) as well as a profile picture (optional) are requested.

The email address is not publicly visible and is only used to send notifications about new messages to the user. Administrators will only see the email address in case of justified interest (for example, misuse of functionality).

Due to the free choice in the username and profile picture, all users have the possibility to use the pinboard anonymously, or with their real data if they wish.

The username and profile picture are displayed by other users who also participate in the pinboard functionality.

Additionally, users of the pinboard functionality can write messages and replies to existing ones. These are shown within the app to other users, being stored on the server together with the date of their sending and the data of their creator.

The username, profile picture and messages are used exclusively in the context of the pinboard functionality and are not passed on to third parties.

Users and messages can be reported by other users to the moderators/administrators of the pinboard functionality and could be deleted or blocked by them.

In the settings of the app, the participation of the pinboard functionality can be revoked by deleting the pinboard profile. Through this procedure, personal data, including posts, are removed from the pinboard. The data will remain on our servers within the legal retention periods for a maximum of 180 days to comply with legal requirements.

Protection of Personal Data Users or clients can exercise at any time, before the data controller (Seven Worlds Events and Congresses S.L.), the following rights:

• Right of access. You can obtain from the data controller (Seven Worlds Events and Congresses S.L.) confirmation of whether or not personal data concerning you is being processed.
• Right of rectification. You have the right to obtain from the data controller (Seven Worlds Events and Congresses S.L.) the rectification of inaccurate personal data concerning you.
• Right to be forgotten. When the requirements for this are met, you can request the data controller (Seven Worlds Events and Congresses S.L.) to delete your personal data.
• Right to revoke consent before the data controller (Seven Worlds Events and Congresses S.L.), when the necessary requirements for each case are met.
• Right to limitation in the use of data. This right is also exercised before the data controller (Seven Worlds Events and Congresses S.L.), when the necessary requirements of each case meet.
• Right to data portability: the user is allowed to receive a copy of the same from the person in charge to whom they delivered their data to deliver them to a different person in charge (for example, a service provider).
• Right to challenge any decision made on the user’s data based solely on computer processing (without human intervention) when the requirements for it are met. You can also appeal to the Spanish Data Protection Agency when you consider that any treatment or attention to your request regarding data processing has been contrary to law.

PERSONAL DATA PROTECTION POLICY

SEVEN WORLDS EVENTS AND CONGRESSES is deeply committed to information security, offering maximum guarantees of quality, security and integrity in all its services. SEVEN WORLDS EVENTS AND CONGRESSES treats all personal data in accordance with the Personal Data Protection laws and in accordance with Regulation 2016/679 of the European Parliament and of the Council, of April 27, 2016 (RGPD). SEVEN WORLDS EVENTS AND CONGRESSES acts as the controller of the personal data collected during the period in which the contractual or commercial relationship lasts or what, according to the relevant legislation, is mandatory to maintain. The personal data collected is intended to be used in the contractual management established with the client or potential clients (client) and is treated in accordance with the personal data protection policies in force and the General Conditions of Adhesion (for clients and users of the SEVEN WORLDS EVENTS AND CONGRESSES services), which are expressly and unequivocally accepted by them. The processing of personal data by SEVEN WORLDS EVENTS AND CONGRESSES (or by any subcontractor thereof) is aimed at identifying the users of the different platforms of SEVEN WORLDS EVENTS AND CONGRESSES, as well as the presentation of services, including technical support. , or carrying out marketing campaigns and notifications related to the disclosure, marketing and use of data by SEVEN WORLDS EVENTS AND CONGRESSES. The client has the possibility of choosing not to be the recipient of newsletters, emails and commercial campaigns, a power that can be exercised through the tools available in the email marketing tools used by SEVEN WORLDS EVENTS AND CONGRESSES, as well as, at any time, through by sending an email to the email address info@7worlds.es All customers are guaranteed the right to access, rectify, cancel and oppose the use of their personal data, as well as the possibility of requesting clarification through the email address info@7worlds.es, or to file a claim with a control authority in the country where SEVEN WORLDS EVENTS AND CONGRESSES operates. The client undertakes to keep the data updated and SEVEN WORLDS EVENTS AND CONGRESSES undertakes to fully comply with the obligations that correspond to it under the terms of the law in force regarding the protection of personal data and the rights that derive from it for their headlines. SEVEN WORLDS EVENTS AND CONGRESSES, to guarantee the security of personal data, implements all necessary physical and logical security measures, using audit and control mechanisms to ensure compliance with its security policies and personal data protection through ISO certification. 27001. The processing of data by SEVEN WORLDS EVENTS AND CONGRESSES includes the following companies: SEVEN WORLDS EVENTS AND CONGRESSES – with CIF B-86893617, as well as any subcontracted entity for this purpose through a written contract under the terms of article 28. of the GDPR. SEVEN WORLDS EVENTS AND CONGRESS SL may opt for a double Opt-In List system that will entail double validation. The Double Opt-In List procedure consists of the user registering or entering their data through the web form and immediately proceeding to confirm registration on the web page. Additionally, the entity will send a confirmation email in order to verify that the email entered in the web form is valid. Once the recipient receives said email, they must proceed to its validation and, as a consequence, the entity will have proof that the email entered is valid and exists. In the event that SEVEN WORLDS EVENTS AND CONGRESS SL makes commercial communications through email or equivalent means of communication, it must comply with and comply with the provisions of Law 34/2002, of July 11, on Services of the Information Society and of Electronic Commerce. If SEVEN WORLDS EVENTS AND CONGRESS SL has a web page and it contains data collection forms, so that users of the page can contact the entity or send their queries and suggestions, they must comply with the legal requirements regarding Data Protection. In this case, you can incorporate this clause at the bottom of the form: In accordance with current and applicable regulations on personal data protection, we inform you that your data will be incorporated into the treatment system owned by SEVEN WORLDS EVENTS AND CONGRESS SL with CIF B86893617 and registered office at JUAN HURTADO DE MENDOZA Nº 17, POSTERIOR. 1st. PLANTA 28036, MADRID, and which are listed below their resprospective purposes, retention periods and legitimating bases. For those treatments that require it, it is also informed of the possible elaboration of profiles and automated decisions, as well as the possible assignments and international transfers that SEVEN WORLDS EVENTS AND CONGRESS SL plans to carry out:

Purpose: Address your queries and/or requests and Installation of cookies
Conservation period: as long as the consent given is maintained.
Legitimate basis: The consent of the interested party.

In accordance with the rights conferred by current and applicable data protection regulations, you may exercise the rights of access, rectification, treatment limitation, deletion (“right to be forgotten”), portability and opposition to the processing of your personal data. as well as the revocation of the consent given for the treatment of the same, directing your request to the postal address JUAN HURTADO DE MENDOZA Nº 17, POSTERIOR. 1st. PLANTA 28036, MADRID or to the email ADMINISTRACION@7WORLDS.ES. You can go to the competent Control Authority to present the claim that you consider appropriate. The data identified with a mark (*) are understood as mandatory and required fields, consequently they will be understood as necessary to undertake the purposes mentioned above By sending the data collection form you accept the privacy policy of SEVEN WORLDS EVENTS AND CONGRESS SL. For any suggestion, doubt, request or clarification regarding issues related to the protection of personal data, or for the exercise of any right provided for in the national laws on the protection of personal data of the country where SEVEN WORLDS EVENTS AND CONGRESSES operates, as well as any other right provided for in the RGPD, we appreciate that you contact us through the email address info@7worlds.es. SEVEN WORLDS EVENTS AND CONGRESSES undertakes to respond as soon as possible.

COOKIES POLICY

A cookie is a small piece of information sent by a website and stored in the user’s browser, so that the website can consult the user’s previous activity. The following cookies are used on this website, which are detailed below:

• cookies strictly necessary for the provision of certain services expressly requested by the user: if these cookies are deactivated, you will not be able to correctly receive our content and services; and
• analytical cookies, which help provide statistical data on the use of the web to improve the content and service we offer.

DEACTIVATION OF COOKIES

The user may -at any time- choose which cookies they want to work on this website through the browser settings:

• Chrome, from http://support.google.com/chrome/bin/answer.py?hl=es&answer=95647
• Explorer, from http://windows.microsoft.com/es-es/windows7/how-to-manage-cookies-in-internet-explorer-9
• Firefox, from http://support.mozilla.org/es/kb/habilitar-y-deshabilitar-cookies-que-los-sitios-we
• Safari, from http://support.apple.com/kb/ph5042

Annex I. Information Security Policy

The purpose of this Information Security Policy is to protect the information assets involved in the services provided by 7Worlds. It is the policy of 7Worlds to ensure that:

• The information is protected against loss of availability, confidentiality and integrity.
• The information is protected against unauthorized access.
• If they comply with the applicable legal requirements.
• Business requirements regarding information security and information systems are met.
• The Security Committee values ​​the information assets that 7Worlds has, from which it will derive the risk analysis and subsequently the risk management, both the analysis and the risk management will be reviewed annually by the Management, which will decide if a new analysis and risk management. The risks to be treated will be reflected in the Security Plan.
• Security incidents are communicated and treated appropriately.
• Procedures are established to comply with the Security Policy.
• The Security Manager will be in charge of maintaining this policy, the management manual, the procedures and providing support in their implementation. In addition to supervising and verifying that the Security Plan corresponding to that year is complied with.
• Each employee is responsible for complying with this Policy and its procedures as applicable to their job.
• It is 7Worlds policy to implement, maintain and monitor the ISMS.

This policy has been approved by the 7Worlds Safety Committee and will be reviewed annually.