PRIVACY POLICY

This policy (hereinafter “Privacy Policy”or “Policy”) is effective from August 5, 2019 (“Effective Date”).

The owner of the website https://arkeero.com (hereinafter, the “Website”) is Rock Internet, S.L. (hereinafter, “the Company”, “we” or “us”), a Spanish company, with VAT number B-86907953, and registered office at Calle Barquillo, 8 planta, 2ª izq., 28004 Madrid, Spain.

The Company is registered in the Mercantile Register of Madrid under Volume 31853, Sheet 1, Section 8, Page M-573205.

The Company carries out its activity in the permission-based e-mail marketing sector (advertising campaigns upon prior consent of the recipient). It is mainly dedicated to direct marketing, affiliate marketing and online advertising.

To contact us for any questions regarding this Privacy Policy, you may write us through the following channels:

• E-mail: dpd@arkeero.com
• Address: Rock Internet, S.L., with domicile at Calle Barquillo, 8 planta 2ª izq., 28004 Madrid, Spain.

The contents of this Privacy Policy are the following:

1. SCOPE OF APPLICATION AND RESPONSIBILITY
2. COMPANY SERVICES
3. TYPE OF DATA COLLECTED BY THE COMPANY
4. USE OF DATA COLLECTED BY THE COMPANY
5. PURPOSE OF DATA PROCESSING AND LEGAL BASIS
6. TYPE OF DATA PROCESSING
7. ACCESS TO YOUR PERSONAL DATA AND INTERNATIONAL DATA TRANSFERS
8. ELIGIBILITY FOR REGISTRATION AND ACCOUNT SECURITY
9. RIGHTS OF DATA SUBJECTS
10. COMMERCIAL COMUNICATIONS
11. DECLARATION OF GOOD PRACTICES
12. VALIDITY OF THE PRIVACY POLICY
13. CONTACT US

1. SCOPE OF APPLICATION AND RESPONSIBILITY

The Company is the data controller of the personal data (e.g. information that identifies a specific person, such as full name or e-mail address) we collect from and about you through our services. The personal data is processed in compliance with this Privacy Policy.

This Privacy Policy and our Cookies Policy apply to all users, including those who use the Company services without being registered or subscribed to a Company service and those who have registered or subscribed to a Company service.

For the avoidance of doubt, this Privacy Policy is not applicable to data collected by third parties though their websites, even if any of said websites contains links to the Company’s Website.

The Company is not responsible for any content within the privacy policy of third parties and does not give any warranty, explicit or implicit, in relation to the accuracy, legality, exactitude or validity of any website.

2. COMPANY SERVICES

The Website offers you the possibility to manage your user area, configure alerts, receive newsletters, information and advertising about the Company’s and/or third parties’ products and services. The newsletters, information and advertising previously mentioned shall be based on the areas of interest that you may have indicated to us according to criteria of the Website, as well as on your profile. If you wish, you may also join and participate in different promotions, contests and/or raffles.

To use the Company services, you shall register on the Website through the enabled registration form and give your freely and express consent to the processing of your data, as well as to this Privacy Policy and our Cookies Policy.

In this regard, you may select through certain check boxes at least three (3) fields of interest among the options provided by the Website. Furthermore, you may choose whether you accept the transfer of your anonymized data – to be anonymized through encryption and an electronic pseudonym – so that we can match it with other information and enrich the data. This procedure shall be carried out though technical means in a totally anonymous and not identifiable manner.

The data transfer aims to match the information with other sources and therefore increase the information on the centres of interest – which may have been defined directly, through browsing or other subscriptions – and refine the advertising campaigns. This is without prejudice to your privacy, which is warranted through the encryption and compartmentation of your data.

3. TYPE OF DATA COLLECTED BY THE COMPANY

The Company collects information to offer you services either directly, through the personal data provided directly to the Company, or indirectly through the use of the Website and the services provided by it (information related to the device, registration data and physical location).

In particular, the Company collects the following types of data from and about you:

a. Registration Data submitted to register for a Company service through subscription forms. Subscription forms request personal data through mandatory or optional fields to be filled in by you, such as your name, your telephone number and your e-mail address in order to manage the mailing list and send you personalized online advertising. The subscription to the mailing list is carried out through the Hermes and Perseo tools. The sending of e-mails is managed by the Company, which previously verifies your e-mail. For this purpose, you will receive an e-mail in your inbox from us with the subject “Successfully registered in our newsletter of exclusive offers” or similar. We will use the data provided to send you advertising of our clients. Registration Information may include, for example, name, surname, e-mail address, gender, country, postcode and birthday date, areas of interest, and academic/professional aspects. Please bear in mind that you are entitled to revoke your consent or inform us that you have not subscribed to any our services by the channels set forth in Section 14 of this Privacy Policy.

b. Data from Social Media. If you access or log-in to a Company service through a social media network or connect a Company service to a social media service, the data we collect may include authentication information required when you log-in, as well as any information or content you have permitted the social media network to share with us, such as your profile picture, e-mail address or friends lists, and any information you have made public in connection with that social media service.

Please bear in mind that these social media networks may collect plenty of information – such as the web pages you have visited and your IP address¬– and may set cookies to allow the correct functioning of the network’s features.

We are not responsible for the security or privacy of the information collected by these third parties. You should read and understand the policies applicable to the third-parties’ services you use or access before giving your consent to said third-parties. You shall also configure these services in accordance with your will.

When you access the Company services through social media services or when you connect a Company service to social media services, you are authorizing the Company to collect, store, and use such data and content in accordance with this Privacy Policy.

c. Information submitted to the Company through a contact form. There is a contact form on the Website for inquiries, suggestions and/or professional matters. If you contact us through this online form, we will use your e-mail address to reply you and send you the information requested by you, as the case may be.

d. Activity data. When you access and interact with the Company services, we may collect certain information about those visits. For example, in order to permit your connection to the Company services, our servers receive and record information about your computer, device, and browser, including potentially your IP address, browser type, and other software or hardware information. Cookies and other tracking technologies (such as browser cookies, pixels, beacons) may also be collected. These technologies may also be used to collect and store information about your usage of the Company services, such as pages you have visited, content you have viewed, search queries you have run and advertisements you have seen. For more information, please visit our Cookies Policy.

e. Information from other Sources. We may supplement the information we collect with information from other sources, such as publicly available information from social media services and commercially available sources.

Your personal data will be retained for two (2) years from the date on which you provided it to the Company. The Company shall use the data to fulfil the purposes we collected it for. However, the time of retention of your data will be always subject to your voluntary withdrawal to the mailing list or subscription to the blog, unless the Company needs it in case of compelling legitimate grounds, which override your interests, or for legal defence.

At the end of the retention period your personal data will be either cancelled, anonymized or aggregated.

4. USE OF DATA COLLECTED BY THE COMPANY

We use the personal data we collect from and about you to:

a) Provide the Company services and features to you;

b) Measure and improve those Company services and features;

c) Provide you with customer support and to respond to inquiries;

d) Protect the rights of the Company and others, such as Company affiliates or their employees, agents, contractors, licensors and suppliers; users of the Company services or members of the public; and Company suppliers;

e) Allow you the management of navigation and configuration of alerts;

f) Allow you to participate and subscribe, where appropriate, to various promotions, contests and/or draws;

g) Comply with the law or legal process or respond to requests from public and government authorities;

h) Complete a corporate transaction (e.g. merger, sale, joint venture, assignment, transfer of all or any portion of business, assets or stock regarding the Company, including in connection with any bankruptcy or similar proceedings, among others). If the Company is involved in a merger or transfer of all or a material part of its business, the Company may transfer your information to entity or entities involved in the transaction as part of said transaction.

i) Allow you to you log in the Company services through a social media network; and

j) Upon your prior consent, send you –via e-mail, SMS, telephone, multimedia messaging service, phone calls, chat and social media or any other means of communication– offers, promotions and other marketing communications regarding the Company’s (and subsidiary companies’) and/or third party’s services and products operating in the sectors that you may have indicated (if applicable), as well as other sectors of activity in which you may be interested (according to the criteria of the Website and/or the user profile and depending on your configuration of cookies in your browser). You can read

The sectors mentioned in the above paragraph are the following:

Sectors:

Financial
Financial
Editorial
Education
Automotive
NGO
Computing
Telecommunications
Consultancy
Energy
Medicine
Textile
Home
Hygiene
Health
Beauty products
and Personal Care
Furniture
Feeding
Collecting
Music
Videos
Hobbies
Office supplies
Computing
Technology
Travels
Toy store
Jewellery
Drugstore and Cleaning
Insurance

For the avoidance of doubt, the Company will perform permission-based e-mail marketing and direct marketing actions; develop profiles and segmentations on your data; and/or match files containing your data.

The Company only collects adequate data, which is pertinent and not excessive in relation to the scope and the purposes indicated in this Privacy Policy.

5. PURPOSE OF DATA PROCESSING AND LEGAL BASIS

Your data is collected and processed by the Company for the following purposes:

• The data processing in letters from a) to f) of Section 4 of this Privacy Policy is necessary for the provision of the Company services. This is mandatory since otherwise the services could not be provided.

• Letter g) of Section 4 of this Privacy Policy is mandatory as it is requested under applicable laws.

• Letter h) of Section 4 of this Privacy Policy is legally based on the legitimate interest of the Company and its counterparties to perform such economic activities. This data processing activity is not mandatory, and you can object at any time through as per Section 14 of this Privacy Policy.

• Letter i) of Section 4 of this Privacy Policy is discretionary. However, without your consent, it will not be possible to connect to social media services account with the Company service. In such case, you will have to log to the Company service using a different mean; and

• Letter j) of Section 4 of this Privacy Policy is discretionary, However, without your consent, it is impossible for the Company to provide you with generic marketing communications of the Company and third parties services and/or products or communications based on your interests and needs.

Should you wish to withdraw your consent, please contact us at the e-mail address or by post mail as per Section 14 or, in the case of letter i) of Section 4, please select the unsubscribe link contained in any marketing communication.

Please note that, by selecting the corresponding non-preselected checkbox, you are freely and expressly consenting to receiving advertising, the transfer of your data to third parties, as well as our Terms and Conditions, Privacy Policy and Cookies Policy.

The Company, for the purpose of developing direct marketing actions, will enter into agreements with third parties. These third parties are suitable service providers, which develop activities in the sectors listed in Section 4 of this Privacy Policy.

These service providers will process data following Company’s precise instructions and in strict compliance with legal regulations on personal data protection, information security and other applicable regulations. They shall mainly perform tasks of the Company regarding your interests in certain products or advertising campaigns, as well as to convert said campaigns in product purchases or service subscriptions. This will require providing your data to said third parties, so that they can carry out the direct marketing actions. This data processing is based on the existing contractual relationship between the Company and you, upon prior registration and consent to the data processing.

6. TYPE OF DATA PROCESSING

The data is processed through both electronic and manual means, and is protected through adequate security measures, considering the state of art, the costs of implementation and the nature, scope, context and purpose of processing.

In this regard, the Company uses appropriate administrative, technical, personnel and physical measures to safeguard personal data in its possession against loss, theft and unauthorized use, disclosure or modification.

Our information security policies and procedures are closely related to international standards that are widely accepted and regularly reviewed and updated when appropriate to meet the needs of our business, technological changes and regulatory requirements.

The Company has designed a disaster recovery and business continuity strategy to safeguard the continuity of our service for our clients and to protect our assets and our staff.

We apply adequate restrictions on access to personal information and implement the necessary measures and controls, including physical and supervisory measures, to store and transfer data in a secure manner.

Moreover, we require our employees and contractors to be continuously trained in the area of information security. However, please bear in mind that security measures on the Internet are not impregnable.

7. ACCESS TO YOUR PERSONAL DATA AND INTERNATIONAL DATA TRANSFERS

The Company may share your personal data to the following categories of recipients in compliance with the applicable legislation:

• Service providers entrusted with processing activities and duly appointed as data processors when required by applicable laws (e.g. cloud service providers, other entities of the group, companies that provide IT services, experts, consultants and lawyers, among others). You may request a list of the data processors at the addresses set forth in Section 14 of this Privacy Policy.

• Companies resulting from corporate transactions possible mergers, demergers, or other transformations.

• Business partners. With your prior consent the Company may share your personal data with business partners operating in the sectors indicated by you –mainly according to Sections 2 and 4 of this Privacy Policy – in order to send you marketing communications.

• Competent national authorities for the purpose of complying with applicable laws.

Your personal data may be transferred to countries within and outside the European Economic Area (“EEA”). Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. The full list of these countries is available at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place appropriate and suitable safeguards designed to protect your personal data and the transfer of your personal data in compliance with applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the EU General Data Protection Regulation 2016/679 (“GDPR”).

You have the right to request further information on your personal data by contacting the Company at the address indicated in Section 14 of this Privacy Policy.

8. ELIGIBILITY FOR REGISTRATION AND ACCOUNT SECURITY

The registration on the Web is limited to users aged eighteen (18) years and above. An authentication mechanism does not allow the registration of (a) those who do not enter their year of birth with valid characters, which must show that you are of legal age, and (b) those who do not expressly accept their majority of age. By registering yourself on the Website, you warrant that you are of legal age.

All registration information you submit to create an account must be true, accurate, complete and up to date. You acknowledge that you will be liable for any damages, direct or indirect, that may arise from any breach of such obligation. If data provided belong to a third party, you warrant that you have informed said third party of the aspects contained herein and obtained his/her consent to provide the data to the Company for the purposes specified in this Privacy Policy.

You are responsible for maintaining the confidentiality of your password and are responsible for all use of your account. It is therefore critical that you do not share your password with anyone. You agree not to use the account, username, e-mail address or password of another member or subscriber at any time. You agree to notify the Company immediately if you suspect any unauthorized use of, or access to, your account or password.

9. RIGHTS OF DATA SUBJECTS

You are hereby informed that you are entitled to exercise your rights, free of charge and when deemed appropriate, as established in the current regulations, in relation to:

• Access to your own personal data;

• Rectification of inaccurate or incomplete data;

• Erasure of personal data;

• Opposition to data processing;

• Obtain the restriction of the processing of your data when any of the conditions provided in the data protection regulations is met; and

• Data portability.

To exercise the above-mentioned rights, you may send your request by e-mail at dpd@arkeero.com or by written communication addressed to Rock Internet, S.L., Calle Barquillo, 8, 2ª izq., 28004 Madrid. Please attach a copy of your identity document for the purpose of proving you are the owner of the data.

If you consider that the Company has infringed, or may have infringed, your rights under the applicable data protection regulations, you may submit a complaint to the relevant Control Authority. In Spain, the Control Authority is the Spanish Data Protection Agency (www.aepd.es), which is located at Calle Jorge Juan, 6, 28001 Madrid (Spain).

10. COMMERCIAL COMMUNICATIONS

The content of the communications sent by electronic means of communication is in accordance with the GDPR, the Spanish Law 3/2018 on Personal Data Protection and Digital Rights, and the Spanish Law 34/2002 on information society services and ecommerce.

These e-mails include a link to unsubscribe from commercial communications, as well as our contact details in the case you wish to exercise your data protection rights, as per Section 9 of this Privacy Policy.

11. DECLARATION OF GOOD PRACTICES

The Company complies with current legislation, particularly with the provisions of the GDPR, the Spanish Law 3/2018 on Personal Data Protection and Digital Rights, and the Spanish Law 34/2002 on information society services and ecommerce.

The Company does not send commercial e-mails that have not been previously requested or authorized by the User under the above-mentioned legislation.

The Company will terminate agreements with advertising companies or members of the affiliate network that engage in practices contrary to the current legislation.

12. VALIDITY OF THE PRIVACY POLICY

The Company may modify or update this Privacy Policy for any reason (including, but not limited to, changes in applicable law and interpretations, decisions, opinions and orders relating to such applicable law). Please read the Effective Date at the top of this Privacy Policy to know when it was last updated. Any changes to this Privacy Policy will be notified in advance by posting the revised Privacy Policy on the Website. If we make material changes to this Privacy Policy that alter the nature or processing or expand our rights to use the personal data we have already collected from you, we will notify you in advance and provide you with a choice about our future use of the personal data, as may be required by applicable law.

13. CONTACT US

To contact us for any questions regarding this Privacy Policy, you may write us through the following channels:

• E-mail: dpd@arkeero.com

• Post: Rock Internet, S.L., with domicile at Calle Barquillo, 8 planta 2ª izq., 28004 Madrid, Spain.