Privacy Policy
INDEX
- Purpose of the Privacy Policy
- Definitions
- Identity of the Data Controller
- Applicable laws and regulations
- Principles applicable to the processing of personal data
- Security measures
- Purposes of processing
- Legitimation of the treatment
- Recipients of your data
- Data Processing Activities Performed
- Personal data of minors
- Origin and types of data processed
- Rights of interested parties
- Acceptance
1.- OBJECTIVE OF THE POLICY
This "Privacy and Data Protection Policy" of Sintonai Avatar SL (hereinafter Sintonai) is established to inform you about our practices regarding the collection and processing of your personal data. This policy is firmly aligned with respect for fundamental rights, honor, and individual freedoms, strictly complying with current regulations of the European Union and the Spanish Member State regarding the protection of personal data.
Under these regulations, it is our duty to inform you clearly and in detail about how we collect and process your personal data, including the specific purposes of these processes, what other entities may have access to your data, and what your rights are as a data subject.
Compliance with these regulations does not always require your explicit consent, as certain data processing may be justified by other legal grounds, such as the need for the execution of a contract, legal obligations, legitimate interests pursued by the data controller, among others.
For transparency and the effective exercise of your rights, it is essential that you read and understand our Data Protection Policy. We recognize the importance of your privacy and are committed to treating your personal data responsibly and in accordance with applicable legal provisions.
2.- DEFINITIONS
"Personal data": Any information relating to an identified or identifiable natural person ("the Website user"). An identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Restriction of processing": the marking of stored personal data with the aim of limiting their processing in the future.
'Profiling' means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, ability, behaviour, location or movements.
'Pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is provided separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
"File": any structured set of personal data, accessible according to specific criteria, whether centralized, decentralized, or distributed functionally or geographically.
"Controller" or "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
"Data processor" or "processor": the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- "Recipient": the natural or legal person, public authority, service or other body to which personal data are communicated,
- Whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall be in compliance with the data protection rules applicable to the purposes of the processing.
"Third party": a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorised to process personal data.
"Consent of the data subject": any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, accepts the processing of personal data relating to him or her.
"Personal data breach" means any breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
"Genetic data": personal data relating to the inherited or acquired genetic characteristics of a natural person, which provide unique information about that person's physiology or health, obtained in particular from the analysis of a biological sample from that person.
"Biometric data": personal data obtained from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person which allow for or confirm the unique identification of that natural person, such as facial images or fingerprint data.
"Health data": personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about their health status.
‘principal establishment’ means (a) in relation to a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken at another establishment of the controller in the Union and that latter establishment has the power to enforce those decisions, in which case the establishment which has taken those decisions shall be considered to be the principal establishment; (b) in relation to a processor with establishments in more than one Member State, the place of its central administration in the Union or, if there is no such place, the establishment of the processor in the Union where the main processing activities are carried out in the context of the activities of an establishment of the processor to the extent that the processor is subject to specific obligations under this Regulation.
‘Representative’ means a natural or legal person established in the Union who, designated in writing by the controller or processor pursuant to Article 27 of the GDPR, represents the controller or processor with regard to their respective obligations under this Regulation.
"Enterprise": a natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations regularly carrying out an economic activity.
Supervisory Authorities in the European Union and Other Countries for the Protection of Personal Data
According to Article 51 of the General Data Protection Regulation (GDPR), each Member State must have an independent supervisory authority. This authority is responsible for ensuring compliance with the GDPR and protecting the rights and freedoms of individuals with regard to the processing of their personal data. The corresponding authorities for each country are listed below:
Spain: Spanish Data Protection Agency.
Germany: Berliner Beauftragte für Datenschutz und Informationsfreiheit.
Austria: Österreichische Datenschutzbehörde.
Belgium: Autorité de protection des données / Gegevensbeschermingsautoriteit.
Bulgaria: Commission for Personal Data Protection.
Denmark: Datatilsynet.
Slovakia: Data Protection Authority.
Slovenia: Information Commissioner.
Estonia: Estonian Data Protection Inspectorate.
Finland: Office of the Data Protection Ombudsman.
France: Commission Nationale de l'Informatique et des Libertés.
Greece: Hellenic Data Protection Authority.
Hungary: O ce of the Commissioner for Fundamental Rights of Hungary.
Ireland: Data Protection Commission.
Italy: Guarantor for the Protection of Personal Data.
Latvia: Data State Inspectorate.
Lithuania: State Data Protection Inspectorate.
Luxembourg: Commission Nationale pour la Protection des Données.
Malta: Information and Data Protection Commissioner.
Netherlands: Dutch Data Protection Authority.
Poland: Polish Data Protection Authority.
Portugal: National Data Protection Commission.
Romania: National Authorization of Supraveghere a Prelucrării Datelor cu Character Personal.
Sweden: Swedish Authority For Privacy Protection.
Czech Republic: The Office for Personal Data Protection.
Cyprus: Office of the Commissioner for Personal Data Protection.
Data Protection Authorities (other European countries)
United Kingdom: Information Commissioner's Office.
Andorra: Andorran Dades Protection Agency.
Croatia: Croatian Personal Data Protection Agency.
Iceland: Icelandic Data Protection Authority.
Liechtenstein: Data Protection Office.
Macedonia: Macedonian Personal Data Protection Commission.
Monaco: Commission de Control des Informations Nominatives.
Norway: Datatilsynet.
Swiss: Federal Data Protection and Information Commissioner.
Other International Data Protection Authorities:
Canada: O ce of the Privacy Commissioner of Canada.
Hong Kong: O ce of the Privacy Commissioner for Personal Data, Hong Kong.
‘Cross-border processing’ means (a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, if the controller or processor is established in more than one Member State; or (b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
"Information society service": any information society service, that is, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a service recipient.
3.-IDENTITY OF THE DATA CONTROLLER
Who collects and processes your data?
The Data Controller is the entity that, either alone or jointly with others, determines the purposes and means of processing personal data, in accordance with the law of the European Union or the Spanish Member State.
Our identification as Data Controller is:
Sintonai Avatar SL CIF B10840312
How can you contact us?
Postal address and our offices: Plaza de los Luceros No. 17 5/3. 03004, Alicante (Alicante), Spain Registered office: Plaza de los Luceros No. 17 5/3. 03004, Alicante (Alicante), Spain
E-mail: Manuel@sintonai.com- Telephone: +34 687 43 78 59
Who can help you with our Data Protection Policy?
We have a person or entity specialized in data protection, who is responsible for ensuring our organization complies with current laws and regulations. This person is called the Data Protection Officer (DPO). If necessary, you can contact them as follows:
Auratech Legal – NIF B87984621
E-mail: rgpd@auratechlegal.es- Telephone: 911134963
4.- APPLICABLE LAWS AND REGULATIONS
This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter GDPR.
Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights. Hereinafter LOPD/GDD.
Law 34/2002, of July 11, on Information Society Services and Electronic Commerce. Hereinafter LSSICE.
5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
Personal data collected and processed through this website will be processed in accordance with the following principles:
Principle of legality, fairness, and transparency: All processing of personal data carried out through this Website will be lawful and fair, and the user will be fully aware of when their personal data is being collected, used, consulted, or processed. Information regarding the processing carried out will be provided in advance, in an easily accessible and understandable manner, in simple and clear language.
Principle of purpose limitation: All data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with the purposes for which they were collected.
Data minimization principle: The data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy principle: Data will be accurate and, if necessary, updated, taking all reasonable measures to ensure that personal data that are inaccurate with respect to the purposes for which they are processed are deleted or rectified without delay.
Principle of limitation of the conservation period: The data will be maintained in a way that allows the identification of the interested parties for no longer than necessary for the purposes of processing the personal data.
Principle of integrity and confidentiality: The data will be treated in a way that guarantees adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss or damage, through the application of appropriate technical and organizational measures.
Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate this.
6.-SECURITY MEASURES
What do we do to ensure the privacy of your data?
Sintonai has implemented all necessary measures to protect personal data. Furthermore, Sintonai has adopted technical measures to prevent data loss, misuse, alteration, unauthorized access, or theft. However, it is important to remember that no Internet security measures are foolproof.
[Client Name] implements essential organizational and technical measures to ensure the security and privacy of your data, preventing its alteration, loss, unauthorized processing, or access. These measures are tailored to the current state of technology, the nature of the data stored, and the risks to which it is exposed. Highlighted measures include:
Confidentiality: Information processed by [Client Name] will be disclosed only to authorized persons. Integrity: Processed information will be complete, accurate, and protected against tampering.
Availability: Access and use of information by authorized persons at all times, ensuring its continuity in the event of any eventuality.
Rapid restoration of availability and access to personal data in the event of an incident.
Continuous evaluation of the effectiveness of technical and organizational measures to ensure the security of processing. Pseudonymization and encryption of personal data, especially if they are sensitive data.
Sintonai is committed to promoting and supporting the establishment of the organizational and technical measures necessary to comply with the aforementioned security standards. Furthermore, it manages its information systems based on the following principles:
Regulatory compliance: Compliance with applicable regulations on information security, personal data protection, system security, and electronic services.
Risk management: Minimizing risks to acceptable levels and balancing security controls with the nature of the information.
Awareness and training: Training and awareness programs for users with access to information. Proportionality: Balance between security measures, nature of the information, and risks.
Responsibility: All members will be responsible for their conduct regarding information security.
Continuous improvement: Periodic review of the effectiveness of security controls to adapt to evolving risks and technology.
7.- PURPOSES OF THE TREATMENT
Why do we want to process your data?
Below we detail the intended uses and purposes:
Attention to people's rights
Respond to citizens' requests regarding the exercise of their rights under the General Data Protection Regulation and compliance with our various legal obligations.
Website Consultations
Manage and respond to user queries
Maintain a record of communications between Sintonai and users to improve customer service
Creating Custom Avatars (Face, Voice, and Preferences)
Create personalized avatars based on the physical characteristics and preferences provided by the user
Facilitate the personalization of customer service through an avatar that reflects the image and voice of the customer or representative. Improve interaction with users through visually representative avatars adjusted to their preferences.
Query Management and Support via Email
Facilitate communication between the client and the Sintonai support team. Manage queries and doubts from clients and users.
Maintain a record of communications to improve the quality of service. Resolve incidents related to products or services.
Managing Cookies on the Web Improve website functionality
Personalize the user experience according to their browsing preferences. Perform analysis on page traffic and user interaction.
Social Media Management (Meta, YouTube, Instagram) Managing your community of followers on social media
Interacting with users to improve brand visibility and engagement
Promotion of products and services through digital marketing campaigns
Gathering statistics and analyzing interactions to optimize marketing strategies
Management of the Subscription Form and Electronic Purchase of Electronic Commerce Products
Sharing information on social networks
Facilitate the management of user accounts and their preferences. Manage the monthly subscription to Sintonai services. Manage clients/suppliers, accounting, tax and administrative matters. Marketing, advertising and commercial prospecting.
Process recurring payments and issue invoices Provide access to contracted services
Track transactions and user activity
Automated Chatbot Processing for Scheduling or Decisions
Automate decision-making on reservations, orders, or recommendations based on user preferences. Facilitate appointment scheduling and meeting management.
Optimize user experience through personalized suggestions and decisions
Technical Support and Incident Resolution
Follow up on reported issues and their resolution Improve products and services based on reported incidents Provide technical support to Sintonai customers and users Resolve technical incidents related to products or services
Customer Data Processing in the Chatbot for Customer Service: Manage inquiries about products, company policies, and complaints. Maintain a support history to improve service quality. Provide customer service and resolve incidents automatically.
Customer Data Processing in the Chatbot for E-commerce
Assist customers in completing and tracking orders
Manage purchases, payments, returns, and claims related to e-commerce. Provide real-time information on products, prices, and stock availability.
Processing of User Data in the Chatbot
Analyze interactions with the chatbot to improve service and optimize system functionality. Offer recommendations or assistance based on user questions or comments.
Personalize chatbot responses to improve user experience
Data Processing in the Evaluation and Improvement of Products/Services (Surveys, Feedback) Develop new functionalities or products based on the feedback received
Evaluate customer satisfaction and identify areas for improvement
Collect user opinions and suggestions to improve products and services
Data Processing in Customized Projects for Clients
Configuration and integration of specific tools for projects contracted by the client Development and adaptation of customized solutions for clients
Management of contractual relationships and delivery of personalized services requested by the client
Use of Clients' Images on Social Media
Share visual testimonials or customer success stories on public platforms Promote Sintonai products and services through social media posts
How long do we keep your data?
We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the expected retention periods are:
Attention to the rights of individuals. Records will be kept for the time necessary to resolve claims. The provisions of the archives and documentation regulations will apply.
Website Inquiries: For a period of 1 year from the last confirmation of interest. Data will be retained for a period of 1 year from the last interaction with the user, unless the interested party requests its deletion earlier.
Creation of Personalized Avatars (Face, Voice, and Preferences): For a period of 1 year from the last confirmation of interest. The data used to create the avatars will be retained as long as the user maintains their relationship with the service or requests its deletion. After the service ends, the data will be retained for 1 year to allow for modifications or reactivation.
unless the user requests its immediate deletion
Email Support and Inquiry Management: For a period of 6 years from the last confirmation of interest. Data related to email interactions will be retained for 6 years from the last confirmation of interest or until the data subject requests its deletion.
Cookie Management on the Website You must access our cookie policy to find out how long each cookie is stored and what information has been collected.
Social Media Management (Meta, YouTube, Instagram): As long as the data subject does not request its deletion. The personal data provided will be retained as long as necessary or relevant for the purpose for which it was collected or recorded. We are required to block the data when it is necessary to delete it. Blocking data consists of identifying and reserving the data, adopting technical and organizational measures to prevent its processing, including its viewing, except for making the data available to judges and courts, the Public Prosecutor's Office, or the competent Public Administrations, in particular data protection authorities, to enforce potential liability arising from the processing and for three years, the statute of limitations for such claims. Blocked data may not be processed for any purpose other than that indicated.
Management of the Subscription Form and Electronic Purchase of Products: For a period of 5 years from the last confirmation of interest. Billing and transaction data will be retained for 5 years in compliance with the obligations
Tax and tax authorities. Subscription-related data will be retained for as long as the account is active, and for up to 1 year after cancellation of the subscription.
Automated Chatbot Processing for Scheduling or Decisions: For a period of 1 year from the last confirmation of interest. Data will be retained for 1 year from the last interaction, or until the user requests its deletion, unless there is a legal obligation to retain data further.
Technical Support and Incident Resolution: For a period of 1 year from the last confirmation of interest. Data related to support and incident resolution requests will be retained for 1 year from the last interaction, unless required to retain it longer for legal or contractual reasons.
Customer Data Processing in the Chatbot for Customer Service: For a period of 1 year from the last confirmation of interest. Customer service-related data will be retained for 1 year from the last interaction, unless the customer requests its deletion.
Customer Data Processing in the E-commerce Chatbot: For a period of 5 years from the last confirmation of interest. Data related to purchases and transactions will be retained for 5 years for tax and legal reasons. Chatbot interaction data will be retained for 1 year from the last interaction or until the customer requests its deletion.
Processing of User Data in the Chatbot: For a period of 1 year from the last confirmation of interest. The data provided by the user will be kept for a period of 1 year from the last interaction, or until the user requests its deletion.
Data Processing for the Evaluation and Improvement of Products/Services (Surveys, Feedback) Data collected through surveys and feedback will be retained for 2 years or until they are no longer relevant to the purposes of the processing or the data subject requests their deletion.
Data Processing for Customized Client Projects: For a period of 5 years from the last confirmation of interest. The data will be retained for the duration of the contractual relationship and the project remains active. Subsequently, it will be retained for 5 years for tax and legal reasons or until the client requests its deletion.
Use of Client Images on Social Media: For a period of 1 year from the last confirmation of interest. Data and images will be retained on social media according to the privacy policies of each platform. Sintonai will retain the originals for 1 year or until the client withdraws their consent.
8.- LEGITIMATION OF THE TREATMENT
Why do we process your data?
The collection and processing of your data is always legitimized by one or more legal bases, which are detailed below:
Attention to people's rights
Legal obligation of the Data Controller
General Law for the Defense of Consumers and Users. Law 3/2014, of March 27, amending Legislative Royal Decree 1/2007, of November 16, approving the Consolidated Text of the General Law for the Defense of Consumers and Users and other complementary laws.
LSSICE. Law 34/2002, of July 11, on information society services and electronic commerce. Law 34/2002, of July 11, on information society services and electronic commerce
(Art. 6.1.c GDPR) Compliance with legal obligations of the Data Controller
LOPDGDD. Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights. GDPR. Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Website Consultations
Explicit consent of the interested party
(Art. 6.1.a GDPR) Consent of the data subject
Creating Custom Avatars (Face, Voice, and Preferences)
(Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through a contract or pre-contract. Management of Queries and Support via Email.
Legitimate interest of the Data Controller or third parties in Cookie Management on the Website
(Art. 6.1.a GDPR) Consent of the data subject
(Art. 6.1.f GDPR) Legitimate interest of the Data Controller or third parties: Management of Social Networks (Meta, YouTube, Instagram)
Explicit consent of the interested party
GDPR: 6.1.a) Consent of the data subject. The legal basis for sending information related to your professional practice or professional interest and for providing voluntary services is your consent, which you may withdraw at any time.
(Art. 6.1.a GDPR) Consent of the data subject
(Art. 6.1.f GDPR) Legitimate interest of the Data Controller or third parties: Management of the Subscription Form and Electronic Purchase of Products
(Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract (Art. 6.1.c GDPR) Compliance with legal obligations of the Data Controller
Automated Chatbot Processing for Scheduling or Decisions
(Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through a contract or pre-contract Technical Support and Incident Resolution
(Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract Processing of Customer Data in the Chatbot for Customer Service
(Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract Processing of Customer Data in the Chatbot for E-commerce
(Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through a contract or pre-contract Processing of User Data in the Chatbot
(Art. 6.1.a GDPR) Consent of the data subject
(Art. 6.1.f GDPR) Legitimate interest of the Data Controller or third parties
Data Processing in the Evaluation and Improvement of Products/Services (Surveys, Feedback) (Art. 6.1.a GDPR) Consent of the interested party
(Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through a contract or pre-contract Data Processing in Customized Projects for Clients
Existence of a contractual relationship with the interested party through a contract or pre-contract
GDPR: 6.1b) processing is necessary for the performance of a contract. b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Use of Clients' Images on Social Media
(Art. 6.1.a GDPR) Consent of the data subject
9.- RECIPIENTS OF YOUR DATA
To whom do we share your data within the European Union?
Occasionally, in order to comply with our legal obligations and our contractual commitment to you, we are obliged and need to transfer some of your data to certain categories of recipients, which we specify below:
Attention to people's rights: Public administrations with jurisdiction in the matter. -Regional consumer protection agencies. -Spanish Data Protection Agency.
Cookie Management on the Web: Companies dedicated to advertising or direct marketing
Social Media Management (Meta, YouTube, Instagram). Social media service providers
Managing the Subscription Form and Electronic Purchase of Products: Tax Administration; Banks, savings banks, and rural savings banks
Data Processing in Customized Projects for Clients: Tax Administration; Banks, Savings Banks, and Rural Banks
; Public administration with jurisdiction in the matter
Use of Client Images on Social Media. Data will be shared with Facebook and Instagram.
Do we make international transfers of your data outside the European Union?
As part of our data processing processes, we may use external services that involve the storage and/or processing of your data by organizations outside the European Union. This entails international transfers of your data.
10.- DATA PROCESSING ACTIVITIES
The data processing activities carried out through https://sintonai.com/ are described below, specifying: Activity: Name of the data processing activity.
Purposes: Uses and processing of the data collected. Legal basis: Legal basis that legitimizes data processing. Data processed: Types of data processed.
Origin: Source of data.
Conservation: Data retention period.
Recipients: Third parties to whom the data is transferred.
International transfers: Data transfers outside the European Union.
10.1 - Processing activities
These are data processing activities whose purposes are necessary for the provision of services.
| ATTENTION TO THE RIGHTS OF PEOPLE | |
Legal bases | Legal obligations of the Data Controller (General Law for the Defense of Consumers and Users, LSSICE; Law 34/2002, of July 11, on information society services and electronic commerce); (Art. 6.1.c GDPR) Compliance with legal obligations of the Data Controller (LOPDGDD, GDPR) |
| Purposes | Respond to citizens' requests regarding the exercise of their rights under the General Data Protection Regulation; and comply with our various legal obligations. |
| Data categories and groups | Individuals who make claims to the organization (Identification data) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Public administrations with jurisdiction in the matter; -Regional consumer protection agencies. -Spanish Data Protection Agency. |
| International transfer | Noare planned |
| Storage period | They will be kept for the time necessary to resolve claims. The provisions of the archives and documentation regulations will apply. |
Security measures | Appropriate security measures have been implemented to mitigate the existing risk. In any case, the security measures of Article 32 of the GDPR will apply: The ability to guarantee the permanent confidentiality, integrity, availability, and resilience of processing systems and services. The ability to restore the availability of and access to personal data quickly in the event of a physical or technical incident. A process of regular verification, evaluation, and assessment of the effectiveness of technical and organizational measures to ensure the security of processing. The pseudonymization and encryption of personal data. |
| CUSTOM AVATAR CREATION (FACE, VOICE AND PREFERENCES) | |
| Legal bases | (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract |
Purposes | Create personalized avatars based on the user's physical characteristics and preferences; Facilitate customer service customization through an avatar that reflects the image and voice of the customer or representative; Improve user interaction through visually representative avatars tailored to their preferences. |
| Data categories and groups | People for Avatar Creation (Identifying Data; Special Categories of Data) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
Storage period | For a period of 1 year from the last confirmation of interest. The data used to create avatars will be retained as long as the user maintains their relationship with the service or requests its deletion. After the service ends, the data will be retained for 1 year to allow for modifications or reactivation, unless the user requests its immediate deletion. |
Security measures | SSL/TLS encryption for the transmission of images, biometric data, and voice recordings. Restricted access to data used to create avatars, limiting access to authorized personnel and data processors (if applicable). Pseudonymization and anonymization of data whenever possible, reducing the possibility of direct identification. Encryption of biometric data during storage to protect the integrity of sensitive data. Periodic audits to ensure the proper management and protection of data used to create avatars. |
| MANAGING QUERIES AND SUPPORT VIA EMAIL | |
| Legal bases | Legitimate interest of the Data Controller or third parties |
Purposes | Facilitate communication between the customer and the Sintonai support team; Manage customer and user queries and concerns; Maintain a record of communications to improve service quality; Resolve product or service-related issues |
Data categories and groups | Website users (Identification data). Clients (Identification data). Suppliers (Identification data). Job applicants (Identification data). Individuals making claims to the organization (Identification data). People creating avatars (Identification data). |
| Data origin | The interested party or his legal representative |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
Storage period | For a period of 6 years from the last confirmation of interest. Data related to email interactions will be retained for 6 years from the last confirmation of interest or until the data subject requests its deletion. |
Security measures | SSL/TLS encryption for email transmissions to protect information sent by users. Restricted access to email accounts and support systems, ensuring that only authorized personnel have access to communications. Periodic audits to review the security and correct handling of communications. Secure and encrypted email backups to ensure data availability and protection. |
| MANAGEMENT OF THE SUBSCRIPTION FORM AND ELECTRONIC PURCHASE OF PRODUCTS | |
| Legal bases | (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract; (Art. 6.1.c GDPR) Compliance with legal obligations of the Data Controller |
Purposes | E-commerce; Sharing information on social media; Facilitating the management of user accounts and preferences; Managing monthly subscriptions to Sintonai services; Managing clients/suppliers, accounting, tax, and administrative tasks; Marketing, advertising, and commercial prospecting; Processing recurring payments and issuing invoices; Providing access to contracted services; Tracking user transactions and activity |
| Data categories and groups | Website users (Identification data). Customers (Identification data; Economic, financial, and insurance data; Transactions involving goods and services) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Tax Administration; Banks, savings banks, and rural banks |
| International transfer | Noare planned |
Storage period | For a period of 5 years from the last confirmation of interest. Billing and transaction data will be retained for 5 years to comply with tax and fiscal obligations. Subscription-related data will be retained while the account is active, and for 1 year after cancellation of the subscription. |
Security measures | SSL encryption for the secure transmission of sensitive data (payment and personal information). Two-factor authentication (2FA) for user account access. PCI-DSS-compliant payment information encryption for the protection of banking data. Access monitoring and account activity logging to detect unauthorized access. Regular backups and encrypted copies of transactional information. |
| AUTOMATED CHATBOT PROCESSING FOR SCHEDULING OR DECISIONS | |
| Legal bases | (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract |
| Purposes | Automate decision-making regarding reservations, orders, or recommendations based on user preferences; Facilitate appointment scheduling and meeting management; Optimize the user experience through personalized suggestions and decisions |
| Data categories and groups | Customer Chatbot Users (Identification Data; Commercial Information) |
| Data origin | The interested party or their legal representative; the information is collected through the chat installed on our clients' websites or systems. |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
| Storage period | For a period of 1 year from the last confirmation of interest. Data will be retained for 1 year from the last interaction, or until the user requests its deletion, unless there is a legal obligation to retain it further. |
Security measures | SSL/TLS encryption for secure data transmission between the chatbot and calendar, booking management, or decision-making systems. Restricted access control to automated processing functions, ensuring only authorized personnel can monitor or modify processes. Audit of automated decisions to ensure the chatbot operates in compliance with transparency regulations and does not make decisions that significantly affect users without human oversight when necessary. Data protection impact assessments (DPIAs) in cases where the chatbot may make automated decisions with a significant impact on user rights. |
| TECHNICAL SUPPORT AND INCIDENT RESOLUTION | |
| Legal bases | (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract |
Purposes | Follow up on reported issues and their resolution; Improve products and services based on reported incidents; Provide technical support to Sintonai customers and users; Resolve technical incidents related to products or services |
| Data categories and groups | Website users (Identification data). Customers (Identification data). Customer chatbot users (Identification data). |
| Data origin | The interested party or their legal representative; the information is collected through the chat installed on our clients' websites or systems. |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
Storage period | For a period of 1 year from the last confirmation of interest. Data related to support requests and incident resolution will be retained for 1 year from the last interaction, unless required to retain it longer for legal or contractual reasons. |
Security measures | SSL/TLS encryption for the transmission of sensitive data between the customer and the technical support team. Access to technical support information is limited to authorized incident resolution personnel only. Activity logging and monitoring ensure all support requests are handled securely and efficiently. Regular, encrypted backups ensure support data is not lost and can be recovered in the event of a failure. Periodic audits of support systems to assess and improve the security and effectiveness of the service. |
| CUSTOMER DATA PROCESSING IN THE CHATBOT FOR CUSTOMER SERVICE | |
| Legal bases | (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract |
| Purposes | Manage product inquiries, company policies, and complaints; Maintain a support history to improve service quality; Provide customer support and resolve incidents automatically |
| Data categories and groups | Customer Chatbot Users (Identification Data; Commercial Information) |
| Data origin | The interested party or their legal representative; the information is collected through the chat installed on our clients' websites or systems. |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
| Storage period | For a period of 1 year from the last confirmation of interest. Customer service data will be retained for 1 year from the last interaction, unless the customer requests its deletion. |
Security measures | SSL/TLS encryption to ensure the protection of personal data transmitted during interaction with the chatbot. Access to support queries and history is restricted to authorized personnel only. Activity logging and monitoring to detect unauthorized access and ensure the protection of sensitive data. Data anonymization when direct customer identification is not necessary. |
| CUSTOMER DATA PROCESSING IN THE E-COMMERCE CHATBOT | |
| Legal bases | (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract |
| Purposes | Assist customers with order fulfillment and tracking; manage purchases, payments, returns, and e-commerce-related complaints; provide real-time information on products, prices, and stock availability |
| Data categories and groups | Customer Chatbot Users (Identification Data; Commercial Information) |
| Data origin | The interested party or their legal representative; the information is collected through the chat installed on our clients' websites or systems. |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
Storage period | For a period of 5 years from the last confirmation of interest. Purchase and transaction data will be retained for 5 years for tax and legal reasons. Chatbot interaction data will be retained for 1 year from the last interaction or until the customer requests its deletion. |
Security measures | SSL/TLS encryption to protect data transmission between the customer and the chatbot, as well as between the chatbot and inventory management systems. Limited access to inventory and pricing systems is restricted to authorized personnel and users interacting with the chatbot. Pseudonymization of personal data whenever possible to protect the customer's identity when the chatbot accesses product information. Logging of activity and access to the inventory management system to detect possible unauthorized access. Encrypted backups and secure storage of data related to inquiries and transactions. |
| DATA PROCESSING IN CUSTOMIZED PROJECTS FOR CLIENTS | |
| Legal bases | Existence of a contractual relationship with the data subject through a contract or pre-contract (GDPR: 6.1b) processing is necessary for the execution of a contract) |
Purposes | Configuration and integration of specific tools for projects contracted by the client; Development and adaptation of customized solutions for clients; Management of contractual relationships and delivery of customized services requested by the client |
| Data categories and groups | Clients (Identification data; Economic, financial and insurance data; Transactions of goods and services) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Tax Administration; Banks, savings banks, and rural savings banks; Public administration with jurisdiction in the matter |
| International transfer | Noare planned |
Storage period | For a period of 5 years from the last confirmation of interest. The data will be retained for the duration of the contractual relationship and the project remains active. Subsequently, it will be retained for 5 years for tax and legal reasons or until the client requests its deletion. |
Security measures | SSL/TLS encryption for secure data transmission between Sintonai and clients. Two-factor authentication (2FA) for access to custom projects and associated information. Role-based access control (RBAC) to ensure only authorized personnel have access to client data on custom projects. Data pseudonymization and anonymization where possible to minimize the exposure of personal data. Regular security and access control audits are conducted throughout the project lifecycle. |
| WEBSITE CONSULTATIONS | |
| Legal bases | Explicit consent of the data subject; (Art. 6.1.a GDPR) Consent of the data subject |
| Purposes | Manage and respond to user inquiries; maintain a record of communications between Sintonai and users to improve customer service. |
| Data categories and groups | Website users (Identification data; Other categories) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
| Storage period | For a period of 1 year from the last confirmation of interest. Data will be retained for a period of 1 year from the last interaction with the user, unless the data subject requests its deletion earlier. |
Security measures | Authentication and Access Control: Only authorized personnel have access to the data collected through the form. SSL encryption is used to protect data transmission from the user's browser to Sintonai's servers. Access monitoring and regular security audits are conducted to prevent unauthorized access. Regular backups of stored information are implemented to ensure data integrity. |
| COOKIE MANAGEMENT ON THE WEBSITE | |
| Legal bases | (Art. 6.1.a GDPR) Consent of the data subject; (Art. 6.1.f GDPR) Legitimate interest of the Controller or third parties |
| Purposes | Improve website functionality; Personalize the user experience based on their browsing preferences; Conduct analysis of page traffic and user interaction |
| Data categories and groups | Website users (Identification data; Other categories) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Companies dedicated to advertising or direct marketing |
| International transfer | Noare planned |
| Storage period | You must access our cookie policy to find out how long each cookie is retained and what information has been collected. |
Security measures | Restricted access control for cookie configuration and management (authorized personnel only). Prior and revocable consent: Explicit consent is requested before installing non-essential cookies via a banner or pop-up, in compliance with GDPR regulations. Data minimization: Only data necessary for the specified purposes is collected and stored (e.g., functional cookies, anonymous statistics). Encryption of sensitive data that may be collected through third-party cookies (if applicable). Periodic audit to verify compliance with data protection regulations. |
| SOCIAL MEDIA MANAGEMENT (META, YOUTUBE, INSTAGRAM) | |
| Legal bases | Explicit consent of the data subject (GDPR: 6.1.a) Consent of the data subject. ); (Art. 6.1.a GDPR) Consent of the data subject; (Art. 6.1.f GDPR) Legitimate interest of the Controller or third parties |
Purposes | Managing social media followers; Interacting with users to improve brand visibility and engagement; Promoting products and services through digital marketing campaigns; Gathering statistics and analyzing interactions to optimize marketing strategies |
| Data categories and groups | Followers (Identification data) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Entities providing social network services |
| International transfer | Noare planned |
Storage period | Unless the data subject requests its deletion. The personal data provided will be retained as long as they are necessary or relevant for the purpose for which they were collected or recorded. We are required to block the data when their deletion is required. Data blocking consists of identifying and reserving the data, adopting technical and organizational measures to prevent its processing, including its viewing, except for making the data available to judges and courts, the Public Prosecutor's Office, or the competent Public Administrations, in particular data protection authorities, to enforce potential liability arising from the processing and for three years, the statute of limitations for such claims. Blocked data may not be processed for any purpose other than that indicated. |
Security measures | Restricted access control to social media profiles and accounts managed by Sintonai, ensuring that only authorized personnel can interact with user data. Strong passwords and two-factor authentication (2FA) are used to protect access to social media accounts. Data encryption is provided when managed from external platforms (social media management tools). A privacy policy is tailored to each platform, ensuring compliance with social media data processing regulations. |
| USER DATA PROCESSING IN THE CHATBOT | |
| Legal bases | (Art. 6.1.a GDPR) Consent of the data subject; (Art. 6.1.f GDPR) Legitimate interest of the Controller or third parties |
| Purposes | Analyze chatbot interactions to improve service and optimize system functionality; Offer recommendations or assistance based on user questions or comments; Personalize chatbot responses to enhance the user experience |
| Data categories and groups | Customer Chatbot Users (Identification Data; Commercial Information) |
| Data origin | The interested party or their legal representative; the information is collected through the chat installed on our clients' websites or systems. |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
| Storage period | For a period of 1 year from the last confirmation of interest. The data provided by the user will be retained for a period of 1 year from the last interaction, or until the user requests its deletion. |
Security measures | SSL/TLS encryption to protect communications between the user and the chatbot. Restricted access to user data, ensuring that only authorized personnel can access chat logs. Data anonymization and pseudonymization where possible, minimizing the risk of direct identification. Activity monitoring and logging to prevent unauthorized access to user data. Periodic security assessments to review data processing and ensure regulatory compliance. |
| DATA PROCESSING IN THE EVALUATION AND IMPROVEMENT OF PRODUCTS/SERVICES (SURVEYS, FEEDBACK) | |
| Legal bases | (Art. 6.1.a GDPR) Consent of the data subject; (Art. 6.1.b GDPR) Existence of a contractual relationship with the data subject through a contract or pre-contract |
| Purposes | Develop new features or products based on feedback; Evaluate customer satisfaction and identify areas for improvement; Gather user opinions and suggestions to improve products and services |
| Data categories and groups | Website users (identification data). Customers (identification data) |
| Data origin | The interested party or his legal representative |
| Category of recipients | Noare planned |
| International transfer | Noare planned |
| Storage period | Data collected through surveys and feedback will be retained for two years or until it is no longer relevant to the processing purposes or the data subject requests its deletion. |
Security measures | Anonymization of responses whenever possible, especially when it is not necessary to directly identify the user. SSL/TLS encryption is used for the transmission of data collected through surveys or online forms. Restricted access to survey results and opinions, limiting access to authorized personnel involved in product or service improvement. Secure storage of responses on systems protected against unauthorized access and data loss. |
| USE OF CLIENT IMAGE ON SOCIAL NETWORKS | |
| Legal bases | (Art. 6.1.a GDPR) Consent of the data subject |
| Purposes | Share visual testimonials or customer success stories on public platforms; Promote Sintonai products and services through social media posts. |
| Data categories and groups | People for Avatar Creation (Identifying Data; Special Categories of Data) |
| Data origin | The interested party or his legal representative |
| Category of recipients | The data will be transferred to the social networks Facebook and Instagram |
| International transfer | Noare planned |
Storage period | For a period of one year from the last confirmation of interest. Data and images will be retained on social media platforms according to each platform's privacy policies. Sintonai will retain the originals for one year or until the client withdraws their consent.<br /> |
Security measures | Explicit consent from the client for the use of their image on social media, ensuring that the data subject is informed in advance about the processing and purposes. Restricted access control to images and videos, allowing their use only to authorized marketing and social media personnel. Data encryption in internal storage before publication to protect the integrity of clients' images. Review of the privacy policies of social platforms to ensure that processing complies with regulations on international data transfers. |
11.- DATA OF MINORS
How do we handle data of minors?
Children under 14 years of age may not use the services offered through our website without the prior authorization of their parents, guardians, or legal representatives. They will be solely responsible for all actions taken through the website by minors in their care, including the completion of online forms with their personal information and, where applicable, the selection of the corresponding boxes.
In accordance with Article 8 of the GDPR and Article 7 of the LOPD/GDD, only individuals over the age of 14 may give their consent for Sintonai to lawfully process their personal data.
12.-ORIGIN AND TYPES OF DATA PROCESSED
Where did we get your data from?
Attention to people's rights
Individuals who make claims to the organization: The interested party or their legal representative. Website Consultations
Website Users: The interested party or their legal representative. Creation of Personalized Avatars (Face, Voice and Preferences).
People for Avatar Creation: The interested party or their legal representative. Management of Queries and Support via Email.
Website users: The interested party or their legal representative. Clients: The interested party or their legal representative.
Suppliers: The interested party or his legal representative
Job candidates: The interested party or his/her legal representative
Individuals who make claims to the organization: The interested party or their legal representative. People for Avatar Creation: The interested party or their legal representative.
Cookie Management on the Web
Website users: The interested party or their legal representative. Social Media Management (Meta, YouTube, Instagram).
Followers: The interested party or his/her legal representative
Managing the Subscription Form and Electronic Purchase of Products
Website users: The interested party or their legal representative. Clients: The interested party or their legal representative.
Automated Chatbot Processing for Scheduling or Decisions
Client Chatbot Users: The data subject or their legal representative. The information is collected through the chat installed on our clients' websites or systems.
Technical Support and Incident Resolution Web users: The interested party or their legal representative
Clients: The interested party or his legal representative
Client Chatbot Users: The data subject or their legal representative. The information is collected through the chat installed on our clients' websites or systems.
Processing Customer Data in the Chatbot for Customer Service
Client Chatbot Users: The data subject or their legal representative. The information is collected through the chat installed on our clients' websites or systems.
Customer Data Processing in the Chatbot for E-commerce
Client Chatbot Users: The data subject or their legal representative. The information is collected through the chat installed on our clients' websites or systems.
Processing of User Data in the Chatbot
Client Chatbot Users: The data subject or their legal representative. The information is collected through the chat installed on our clients' websites or systems.
Data Processing in the Evaluation and Improvement of Products/Services (Surveys, Feedback)
Website users: The interested party or their legal representative. Clients: The interested party or their legal representative.
Data Processing in Customized Projects for Clients
Clients: The interested party or his legal representative
Use of Clients' Images on Social Media
People for Avatar Creation: The interested party or their legal representative
What types of your data have we collected and processed?
Attention to people's rights
Individuals who file complaints with the organization
Identification data (Email address; Postal address; Handwritten signature; Name and surname; Telephone)
Website Queries Web Users
Identification data (Email address; Name and surname; Telephone) Other categories (Message; Web)
Creating Custom Avatars (Face, Voice, and Preferences) Personas for Avatar Creation
Identification data (Image; Name and surname; Voice; Email address) Special categories of data (Biometric data)
Managing Queries and Support via Email for Web Users
Identification data (Electronic address)
Customers
Identification data (Electronic address)
Suppliers
Identification data (Electronic address)
Job candidates
Identification data (Electronic address)
Individuals who make a claim to the organization Identification data (Electronic address)
People for Avatar Creation
Identification data (Email address)
Cookie Management on the Web Web Users
Identification data (IP address)
Other categories (ID generated by the Pixel or Cookie)
Social Media Management (Meta, YouTube, Instagram) Followers
Identification data (Name and surname; Email address)
Managing the Subscription Form and Electronic Purchase of Products
Web users
Identification data (Email address; Name and surname; Telephone)
Customers
Identification data (Email address; Postal address; NIF / NIE / Passport; Name and surname; Telephone; WhatsApp profile (Telephone number, name, nickname, image))
Economic, financial and insurance (Bank details; Payment methods)
Goods and services transactions (Purchase history; Preferences for contracted services; Billing details)
Automated Chatbot Processing for Scheduling or Decision-Making Chatbot Users of Customers
Identification data (IP address; Username)
Commercial information (Data related to the interaction with the chatbot: During the conversation with the chatbot, browsing data (dates, times, messages, click history and queries within the website), transactional data (order status, prices, availability and product features) and product or service preferences based on previous interactions are collected, which allows for personalized responses and automatic recommendations based on the user's behavior and purchase history.)
Technical Support and Incident Resolution for Web Users
Identification data (Email address; Name and surname; Telephone)
Customers
Identification data (Email address; Postal address; NIF / NIE / Passport; Name and surname; Telephone; WhatsApp profile (Telephone number, name, nickname, image))
Customer Chatbot Users
Identification data (Username)
Processing of Customer Data in the Chatbot for Customer Service Customer Chatbot Users
Identification data (IP address; Username)
Commercial information (Data related to the interaction with the chatbot: During the conversation with the chatbot, browsing data (dates, times, messages, click history and queries within the website), transactional data (order status, prices, availability and product features) and product or service preferences based on previous interactions are collected, which allows for personalized responses and automatic recommendations based on the user's behavior and purchase history.)
Processing of Customer Data in the Chatbot for E-commerce Customer Chatbot Users
Identification data (IP address; Username)
Commercial information (Data related to the interaction with the chatbot: During the conversation with the chatbot, browsing data (dates, times, messages, click history and queries within the website), transactional data (order status, prices, availability and product features) and product or service preferences based on previous interactions are collected, which allows for personalized responses and automatic recommendations based on the user's behavior and purchase history.)
Processing of User Data in the Chatbot Client Chatbot Users
Identification data (IP address; Username)
Commercial information (Data related to the interaction with the chatbot: During the conversation with the chatbot, browsing data (dates, times, messages, click history and queries within the website), transactional data (order status, prices, availability and product features) and product or service preferences based on previous interactions are collected, which allows for personalized responses and automatic recommendations based on the user's behavior and purchase history.)
Data Processing in the Evaluation and Improvement of Products/Services (Surveys, Feedback) Web Users
Identification data (Email address; Name and surname; Telephone)
Customers
Identification data (Email address; Postal address; Name and surname; Telephone)
Data Processing in Customized Projects for Clients
Identification data (Email address; Postal address; NIF / NIE / Passport; Name and surname; Telephone; WhatsApp profile (Telephone number, name, nickname, image))
Economic, financial and insurance (Bank details; Payment methods)
Goods and services transactions (Purchase history; Preferences for contracted services; Billing details)
Use of Clients' Images on Social Media
People for Avatar Creation
Identification data (Image; Name and surname; Voice; Email address) Special categories of data (Biometric data)
13- RIGHTS OF INTERESTED PARTIES
What are your rights regarding your data?
Data protection regulations grant you a series of rights regarding our use of your data. All of these rights are personal and non-transferable, meaning they can only be exercised by you as the data subject, after verifying your identity.
Below we detail your rights:
Right of access: For example, you can request confirmation as to whether Sintonai is processing your personal data and, if so, access specific information about your data and its processing.
Right to rectification: If you find that your personal data is inaccurate or incomplete, you can request its correction.
Right to erasure ("right to be forgotten"): You can request the deletion of your data when it is no longer necessary or if you withdraw your consent to processing.
Right to restriction of processing: You can request that the processing of your data be restricted, for example, while the accuracy of your personal data is being verified.
Right to data portability: You have the right to receive your personal data in a structured format and transmit it to another data controller.
Right to object: You may object to the processing of your personal data.
Right not to be subject to automated decisions and/or profiling: You may request not to be subject to decisions based solely on automated processing.
Right to revoke consent: At any time, you may withdraw your consent to the processing of your data.
Right to lodge complaints with the Supervisory Authority: Spanish Data Protection Agency info@aepd.es https://www.aepd.es
To exercise any of these rights, you can contact Sintonai using the following contact information: Responsible: Sintonai Avatar SL
Address: Plaza de los Luceros No. 17 5/3. 03004, Alicante (Alicante), Spain
Telephone: +34 687 43 78 59
E-mail: Manuel@sintonai.com
Website: https://sintonai.com/
You can also exercise your rights before the Data Protection Officer:
E-mail: rgpd@auratechlegal.es – Telephone: 911134963
How can you exercise your rights regarding your data?
To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so by sending an email to these addresses: rgpd@auratechlegal.es / Manuel@sintonai.com or by post to: Plaza de los Luceros No. 17 5/3. 03004, Alicante (Alicante), Spain
How can you file a complaint if you feel your rights are not being respected?
In addition to your rights, if you believe your data is not being collected or processed in accordance with current data protection regulations, you may file a complaint with the relevant supervisory authority. The contact details are listed below:
Spanish Data Protection Agency
C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain Email: info@aepd.es- Telephone: 912663517
Web: https://www.aepd.es
For example, if you live in Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berliner Beauftragte für Datenschutz und Informationsfreiheit). In Austria, the Österreichische Datenschutzbehörde (Austrian Data Protection Authority) is the appropriate entity. To find the competent authority in other countries, please refer to section 2 of this policy, which lists all supervisory authorities along with their links.
14.- ACCEPTANCE AND PRINCIPLE OF INFORMATION
This document, by being made available to you, indicates that you understand and accept all the clauses of our privacy policy. However, acceptance is not always based exclusively on consent, but may be based on various legitimate grounds, such as the performance of a contract, legitimate interests, legal obligations, among others. This is in line with the information principle pursuant to Article 13 of the GDPR.
Acceptance of our Privacy Policy is made by activating the "Read and Accept" checkbox.
Sintonai Avatar S.L. reserves the right to modify this Privacy Policy, either on its own initiative or due to legislative, jurisprudential changes or guidelines from the Spanish Data Protection Agency or other European supervisory authorities. Any changes or updates to this Policy that affect the purposes, retention periods, data transfers to third parties or internationally, or any user rights will be explicitly communicated.
For more information about data protection practices, please visit www.auratechlegal.es, the law firm responsible for drafting this policy for Sintonai Avatar SL. This policy will be maintained, updated, and continually adapted to meet Sintonai's needs and its strategic risk management principles. It will be reviewed periodically or in the event of significant changes to ensure its suitability and effectiveness.
Last updated: October 11, 2025