Privacy Policy

DATA PROTECTION INFORMATION AND PRIVACY STATEMENT

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter GDPR), HIBUY and due to the application of the New European Regulation to protect customer privacy and the correct use of their data (GDPR) as of May 25, 2018, our data protection terms are changing and we are making this Policy available.

1 – DATA PROCESSING CONTROLLER

Owner: HIBUY, SC
NIF: J88345392
Registered office: Monasterio de Silos 80, Madrid
Email: rgpd@hibuymarket.com

2 – SCOPE OF APPLICATION

To those who visit the HIBUY website, www.hibuymarket.com (hereinafter, any reference to this website shall also include its language version). To those who voluntarily contact HIBUY via email or complete any of the data collection forms published on the HIBUY website.

To those who request information about HIBUY products and services. To those who formalize a contractual relationship with HIBUY by purchasing its products and services.

To those who use any other service on the website that involves the communication of data to HIBUY or access to data by HIBUY for the provision of its services. To any other party who, directly or indirectly, has given their express consent for their data to be processed by HIBUY for any of the purposes set forth in this Policy.

The use of HIBUY's products and services requires express acceptance of this Policy. The user and/or customer who provides personal data to HIBUY declares that they are of legal age, in accordance with Spanish law, and otherwise refrain from providing data to HIBUY. Any data provided about a minor will require the prior consent or authorization of their parents, guardians, or legal representatives, who will be considered responsible for the data provided by minors in their care.

We also advise that no user and/or customer may use another person's identity and disclose their personal data. Therefore, the data provided to HIBUY must be personal data that reflects their own identity and is appropriate, relevant, current, accurate, and truthful. In this regard, the user and/or customer will be solely responsible for any direct or indirect damages.

This Policy shall apply subsidiarily to any other conditions regarding personal data protection established specifically and communicated, without limitation, through registration forms, contracts and/or conditions of specific services. This Policy shall therefore be complementary to those mentioned above insofar as they are not expressly provided for therein.

3 - INFORMATION AND CONSENT

By accepting this Privacy Policy, the User is informed and gives his or her free, informed, specific, and unequivocal consent for his or her personal data to be processed by HIBUY.

4 - FOR WHAT PURPOSE WILL HIBUY PROCESS THE USER'S PERSONAL DATA?

The personal data provided by the User will be processed by HIBUY for the following purposes:

To provide the contracted services, maintain and monitor the contractual relationship, and conduct satisfaction surveys. To manage, process, and respond to User requests, applications, incidents, complaints, claims, or inquiries.

Manage the sending of commercial communications about products and services marketed by HIBUY by electronic and/or conventional means.

Also, to keep you up to date with the most innovative products, services, news, and updates, if you give us your consent.

Create a commercial profile, using our own sources to offer the User products and services in accordance with their interests.

In relation to the "cookies" that HIBUY uses when browsing its website (https://www.hibuymarket.com). All information about the cookies used is published in our Cookies Policy, available for consultation at https://www.hibuymarket.com/cookies.

If you send an email to HIBUY regarding job offers, your data will be processed to participate in the recruitment process. The primary purpose will be to maintain the contractual relationship established with the client.

For the maintenance of historical records of commercial relations during the legally established periods.

In those cases in which HIBUY must access and/or process personal data for which the client has the status of data controller or data processor, HIBUY will process said data as data processor in accordance with the provisions of Article 28 of the GDPR and as indicated in the section entitled "HIBUY as data processor" included in this Policy.

In compliance with the provisions of Law 25/2007, of October 18, on the conservation of data relating to electronic communications and public communications networks, HIBUY informs the user that certain traffic data generated during the development of communications will be retained and stored, as well as, where appropriate, said data will be communicated to the competent bodies provided that the legal circumstances provided for in said Law occur.

5 - FOR HOW LONG WILL WE PROCESS THE USER'S PERSONAL DATA?

User data related to the fulfillment of the contractual relationship will be retained for this purpose for the duration of the contract and, even afterward, for the duration required by applicable law and until any liabilities arising from the contract expire. HIBUY will process the User's data until the User objects.

6 - WHAT DATA WILL WE COLLECT ABOUT YOU?

The personal data we may use when providing our services to you may include identification and contact information, financial information, geolocation information, personal, professional, and business profile information, image, voice and call information we maintain with you, your IP address, browsing information on our websites or mobile applications, information we obtain through the use of terminals such as mobile devices, or through other legitimate means. We may also use other data necessary to carry out the tasks described below and that you have provided directly to us or to which we have had access as a result of your inquiry, request, or contracting of any service.

In the event that the User provides data from third parties, HIBUY declares that it has their consent and undertakes to provide them with the information contained in the Privacy Policy, exempting HIBUY from any liability in this regard. However, HIBUY may carry out periodic verifications to verify this fact, adopting the appropriate due diligence measures in accordance with data protection regulations.

7 - TO WHICH RECIPIENTS WILL THE USER DATA BE COMMUNICATED?

The recipients of the personal data collected by HIBUY will be the following:

  • HIBUY employees themselves in the performance of their duties.
  • HIBUY suppliers involved in the provision of services, if necessary for the provision of the services.
  • Judicial or administrative bodies, as well as State Security Forces and Corps, in the event that HIBUY is required under current legislation to provide information related to its clients and services.

8 - EXERCISE OF RIGHTS

Users may exercise the following rights recognized by the GDPR at any time:

  • Revoke the consents granted.
  • Obtain confirmation as to whether HIBUY is processing personal data concerning the User or not.
  • Access your personal data.
  • Right to have your personal data rectified.
  • Request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • Obtain from HIBUY the restriction of data processing when any of the conditions provided for in the data protection regulations are met.
  • Request portability of your data in a format that allows its transfer.
  • File a complaint with the Spanish Data Protection Agency at https://www.agpd.es if you believe that HIBUY has violated your rights under applicable data protection regulations.

Users may exercise these rights in the following ways:

  • Whether or not you are a HIBUY customer, you may exercise your rights by sending a request to HIBUY, accompanied by your ID or a legally valid document proving your identity, to HIBUY rgpd@hibuymarket.com, addressed to the Customer Service Department, specifying the right you wish to exercise.
  • In the case of requests that are manifestly unfounded or excessive due to their repetitive nature, HIBUY reserves the right to charge a fee for the resulting administrative costs or the right to refuse to act on them, in accordance with Article 12.5 of the GDPR.

9 - INTERNATIONAL DATA TRANSFERS

For those HIBUY products and services that require international transfers to enable their provision, this circumstance will be included in the Specific Conditions applicable to the corresponding product or service contracted by the customer and expressly accepted by the customer prior to such transfers.

10 - DATA PROCESSOR

Pursuant to Article 28 of the GDPR, HIBUY will process personal data for which the client is the controller or processor when necessary for the proper provision of the contracted services. In such cases, HIBUY will act as the data processor, in accordance with the terms set out below:

HIBUY will only process data in accordance with the instructions of the data controller or data processor, and will not use it for any purpose other than that set forth in this Data Protection Policy and/or the applicable contractual terms.

Once the services requiring the processing of personal data have been provided, the data will be destroyed, along with any media or documents containing personal data or any type of information generated during, for, and/or by the provision of the services covered by the corresponding Conditions.

HIBUY undertakes, in accordance with article 28 of the GDPR, to maintain due professional secrecy with respect to the personal data to which it must access and/or process in order to comply in each case with the purpose of the Conditions of Service that apply to it, both during and after the termination of the same, committing to use said information solely for the purpose intended in each case and to demand the same level of commitment from any person within our organization who participates in any phase of the processing of personal data for which the client is responsible.

In accordance with the GDPR, the following rules will apply regarding the form and methods of access to data for the provision of services: If HIBUY must access processing resources located on the Client's premises, the Client will be responsible for establishing and implementing the security policy and measures. When HIBUY remotely accesses data processing resources under the Client's responsibility, the Client must establish and implement the security policy and measures on its remote processing systems.

When the service is provided at HIBUY facilities, we will record in our Activity Log the circumstances relating to data processing in the terms required by the GDPR, including the security measures corresponding to such processing.

Access to and/or processing of data by HIBUY, without prejudice to any specific legal or regulatory provisions in force that may apply in each case or those adopted by HIBUY on its own initiative, will be subject to the necessary security measures to: Guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.

Restore availability and access to personal data quickly in the event of a physical or technical incident.

Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.

Pseudonymize and encrypt personal data, where appropriate.

The client authorizes HIBUY, in its capacity as data processor, to subcontract to third parties, on behalf of and for the client, the services of storage, backup storage, and security, as well as any other services necessary to enable the provision of the contracted services, while always respecting the obligations imposed by the GDPR and its implementing regulations. At any time, the client may contact HIBUY to learn the identity of the subcontracted entities for the provision of the indicated services. These entities will act in accordance with the terms set forth in this document and after formalizing a data processing contract with HIBUY in accordance with Article 28.4 of the GDPR.

The client authorizes HIBUY to perform the following actions, provided they are necessary for the execution of the provision of services:

  • To carry out the processing of personal data on portable devices only by the users or user profiles assigned to the provision of services.
  • To carry out the processing outside the premises of the client or HIBUY, only by the users or user profiles assigned to the provision of the services.
  • The entry and exit of media and documents containing personal data, including those contained in and/or attached to an email, outside the premises under the control of the client responsible for the processing.

The execution of data recovery procedures that HIBUY is obliged to perform.

HIBUY is not responsible for any breach of obligations arising from the GDPR or the corresponding data protection regulations by the user and/or client in relation to their activity and which is related to the execution of the contract or commercial relations that bind them to HIBUY. Each party must face the liability arising from its own breach of contractual obligations and the regulations themselves.

11 - SECURITY MEASURES

HIBUY will treat the User's data at all times in an absolutely confidential manner and will maintain the mandatory duty of secrecy regarding them, in accordance with the provisions of the applicable regulations, adopting the necessary technical and organizational measures to guarantee the security of your data and prevent its alteration, loss, processing or unauthorized access, taking into account the state of the technology, the nature of the stored data and the risks to which they are exposed.

12 - CHANGES

We reserve the right to revise our Privacy Policy at any time we deem appropriate to comply with applicable laws.