1. Data controller.
The entity responsible for the processing of personal data provided through the Application is ICX, a Spanish company with registered office at Avda. Sabino Arana 37 – 12 DD, 48013 Bilbao (Bizkaia). You can contact us at [firstname.lastname@example.org] or through the contact channels that you will find on our website https://icx.group .
2. What information we process.
In order to enjoy the functionalities of the Application, it is necessary for you to create an account. In order to do so, we need to collect and process certain personal information. Sometimes this information is provided to us by you (when you register and create your account, when you contact us or when you activate certain features) and sometimes the information is collected automatically by the system itself when you use the Application. Below, we show you the type of data we process:
- Registration Data. This is the information you provide to us when you register on the App and includes identifying and contact information such as your name, e-mail, username and password.
- Inquiries and support. This is the information we collect when you contact us with a query or request support, such as your name, username, e-mail address and the content of your query or issue.
- Mobile device technical information. This information includes certain technical information about the mobile device on which you download and use the App, such as the model, operating system and version of the App you have installed.
- App usage information. This is information about how you interact with the App and how you use the various features and content available on the App, such as which features are most used when you log in to your user account.
- Location data. Only in case you activate and allow the use of location information on your mobile device, we can access this information on an ad hoc basis, for example, to locate your position at the time you check-in at a construction site (we do not store this information).
3. What we use the information for.
We use your personal data for the following purposes:
- To enable you to access the services available on the App and provide you with the best possible experience. For example, we use registration data to create and manage your account, including verifying your email address, registering you in our system and allowing you to access and use the App, as well as to send you important notifications about the App or your user account. We use your device’s technical information to tailor our App and its features to the characteristics of your device to improve your user experience.
- To send you information. We may also use your contact information to send you e-mail communications about new developments in our system or to keep you updated about our services and activities, unless you opt out at any time.
- To offer you support and answer your queries. We use the information you provide when you contact us to respond to your inquiries, provide support and help you resolve incidents appropriately.
- To prevent the security of our system, diagnose problems and perform maintenance. We may use the information we collect to ensure the security of our system, detect anomalous usage patterns that may compromise the security of our computer systems, resolve incidents, or troubleshoot and perform maintenance.
- To optimize the performance of our App and develop new features. We may use App usage information to analyze and understand how the App is used and, in this way, to detect bugs, identify potential improvements, optimize its operation and performance, develop new features and improve our services.
- To comply with our legal obligations and to exercise or defend claims. We may process and retain certain information to comply with the legal and contractual obligations to which we are subject in each case, as well as to maintain the necessary records in order to exercise or defend our rights against potential claims or requirements that we may receive.
4. What is the legal basis that legitimizes the treatment.
When we collect and process your personal information, we do so because there is a legal basis that justifies and legitimizes the processing of the data. Therefore, our processing of your information will be based on one of the following reasons.
- Because it is necessary to provide you with our services [art. 6.1.b) RGPD]. We need to collect and process the information as we have indicated in order to provide you with our services and to allow you to enjoy the functionalities of our App. Otherwise, we could not provide the service or manage the relationship we have with you, as a user of our App.
- Because we have obtained your consent to do so [art. 6.1.a) RGPD]. For example, the use of your location data may be necessary to provide you with our services provided that you have activated some functionality in the App that necessarily requires the use of such information. However, we will only use location data when you have given us permission for your mobile device to share this information with us and we will only have access to this information on an ad hoc basis (we do not store this information or geolocate the device on an ongoing basis). You may at any time prevent location data from being shared with us by configuring the appropriate settings on your mobile device.
- Because it is necessary to meet our legitimate interests [art. 6.1.f) GDPR]. Legitimate interest constitutes a legitimate basis, provided that such interest in processing the data is within reasonable expectations based on your relationship with ICX as a user of our App. We consider that our interests in preventing the security of our systems, detecting and preventing misuse, diagnosing failures, performing maintenance work and analyzing how our App is used to improve its performance and develop new features, are legitimate, because this will allow us to adapt to the needs of our users and improve their experience in using our services. Likewise, we have a legitimate interest in collecting and retaining certain information that allows us to exercise our rights in the event of potential claims or requests, as well as to keep you informed about news that we believe may be of interest to you.
- Because it is necessary to comply with legal obligations [art. 6.1.f) RGPD]. Sometimes the collection and processing of information may be justified because we need to do so in order to comply with legal obligations to which we are subject or to comply with certain regulations.
5. With whom and in what cases the information is shared.
In ICX in no case we sell the personal information of our users, nor do we commercialize with their personal data for advertising purposes. If we share information, we will do it with the due guarantees and in full compliance with the legislation.
As any other company, ICX needs to resort to external suppliers that provide us with computer hosting services or support to our customer service channels, which are necessary for our users to be able to enjoy the services. Our suppliers may have limited access to certain personal information of users under our instructions, but only for the purpose of providing us with their services and with the due guarantees of confidentiality. If we use providers that are located outside the European Economic Area, we take additional measures and use providers that have accreditations that demonstrate that they provide equivalent safeguards to those in the European Union (such as the US-EU Privacy Shield certificate of compliance that ensures that US providers treat data in accordance with the requirements of European law).
If we are required to do so, we may share certain information when necessary to comply with our legal obligations or in response to official requests from public authorities. Otherwise, we will only share your information with your consent or as necessary to provide you with our services and to run the App features you choose to use.
6. How we protect information.
We take reasonable technical and organizational measures in accordance with industry standards to provide for the protection and security of user information from loss, misuse, unauthorized access or alteration. These security measures include careful selection of our information storage providers, as well as a variety of other measures such as data encryption, firewalls and access controls. To store user information, we use the services of a leading technology provider: Amazon Web Services, a company that has various measures and controls to protect the information stored in its services, as well as various certifications of conformity that accredit it as a provider of guarantees in the protection and security of information.
Although we strive to maintain the security of our systems and services, given that no information system can be completely secure, users should be aware that no company can guarantee absolute security of their information on the Internet. The security and protection of your personal information also depends on you. It is the responsibility of each user to maintain the confidentiality and security of their passwords, account information and devices from unauthorized use by third parties.
7. Conservation period.
We will retain your information for as long as we need it to provide our services to you and you maintain an account with us, until you choose to close your account with us or request deletion of the information. After you close your account with us, we may retain, subject to appropriate legal safeguards, certain personal information for a reasonable period to maintain necessary records as long as we need to retain it to satisfy our legal obligations or to defend against potential claims.
We do not collect or store user location data on our systems. Only if the mobile device has been configured to share location data, we will use this information on a temporary basis only to provide the service or functionality that requires that information. Once the user modifies the configuration of the mobile device, our system will no longer have access to that information.
8. What are your rights.
Access and rectification: You have the right to access the personal information we have about you, as well as the right to rectify your data if it is inaccurate or outdated. In some cases, you may be able to do so from your own user account or, otherwise, by contacting us.
Deletion: You can ask us to delete your personal information, for example, when it is no longer needed for the purposes for which it was collected, unless there is a legal obligation to retain it or there are no other legitimate reasons that require its retention.
Object: Under certain circumstances, you may object to our processing of your personal information for certain purposes or processing activities, even if we rely on a legitimate interest in doing so.
Revoke your consent: When we use information on the basis of your consent, you may withdraw your consent at any time. For example, you can withdraw your consent to our use of your data for marketing purposes by clicking on the “unsubscribe” option found in all our marketing communications. From that moment, we will stop sending you commercial communications. The legality of the processing carried out up to that moment will not be affected.
Limitation: Under certain legally established circumstances, you may have the right to request that we limit the processing of your personal information, for example, when you question the accuracy of that information, in which case it may only be retained for the exercise or defense of claims.
Portability: You have the right to request the portability of your data for reuse. This right allows you to receive personal data in a structured, commonly used and machine-readable format and, if technically feasible, to transmit it directly to another data controller indicated by the user.
To exercise any of the above rights, users must contact ICX proving their identity by means of a photocopy of their ID card or equivalent official document and detailing their request, either through our postal address or through our contact email. If you believe that the processing of your personal information is in breach of data protection legislation, you also have the right to lodge a complaint with the data protection authority (in Spain, the Spanish Data Protection Agency, c/ Jorge Juan 6, 28001 Madrid, www.aepd.es). In any case, we would appreciate it if you would first give us the opportunity to resolve any questions or complaints you may have.