PRIVACY POLICY

This privacy policy applies to the processing of personal data of customers and/or users of https://www.ironchip.com, hereinafter referred to as the WEBSITE, owned by the commercial entity IRONCHIP TELCO, S.L., hereinafter referred to as the DATA CONTROLLER.

Applicable regulations

Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR EU 2016/679, and, insofar as it does not contradict the aforementioned Regulation, by the provisions of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights, hereinafter LOPDGDD 3/2018.

By providing us with their data, the customer and/or user declares that they have read and understood this Privacy Policy, giving their unequivocal and express consent to the processing of their personal data in accordance with the purposes and terms expressed herein.

BASIC INFORMATION ON DATA PROTECTION
Controller	IRONCHIP TELCO, S.L..
Data Protection Officer (DPO)	Leasba Consulting S.L
Purpose	Service Provision: Technical support, free trials, product improvement, and development. Handling Requests and Inquiries: Responses through forms, email, or chatbot. Communication and Marketing: Sending newsletters, event invitations, and commercial communications with consent. Electronic Form Management: Processing requests and inquiries.
Legal Basis for Processing	Performance of a Contract: Management of contracted services and technical support. Legal Compliance: Tax, accounting, and regulatory obligations. Consent: Sending commercial communications and newsletters. Legitimate Interest: Security, fraud prevention, and internal analysis
Categories of Personal Data	Identification and Contact: Name, address, phone number, email. Interactions: Inquiries, requests, and data provided in forms. Browsing: Cookies, IP, and usage of electronic services.
Retention Period	General: While there is an active relationship or until a deletion request is made. Forms and Inquiries: Until the request is addressed. Newsletters: Until the individual requests to unsubscribe. Blocked Data: Retention during legal periods for liabilities.
Data Recipients	Service Providers: Technological services, communication, and support. Authorities: Compliance with legal obligations. International Transfers: To the U.S. via HubSpot Inc., covered by the EU-USA Adequacy Decision.
Data Subject Rights	Rights: Access, rectification, erasure, objection, restriction, and portability. Exercise: Email to security@ironchip.com with identification and details of the requested right. Response Time: 1 month (extendable to 2 months in complex cases).
Data Source	Direct: Web form, inquiries, or communications. Business Relationship: Data generated through traffic, browsing, or interactions.
Data Security	SSL Encryption: Data protection in electronic forms. ReCAPTCHA: Prevention of automated access. Secure Hosting: Amazon servers within the European range.
Use of Cookies	The site uses cookies for functionality, analytics, and personalization. More information can be found in the Cookie Policy.
Sending Commercial Communications	Communications are sent only with consent. Free opt-out via security@ironchip.com or dpo@leasba.com.
Policy Updates	Modifications to adapt to legal or technological changes. Updates will be notified on the website. Periodic review is recommended.
Social Media Policy	Profiles on LinkedIn, X, YouTube, and Instagram. Used to inform, share content, and handle inquiries. Privacy is respected according to each platform's regulations.

1. Identity and Contact Information

Data Controller:

• Identity: IRONCHIP TELCO, S.L.
• Tax ID: B-95880332
• Address: Calle Beurko Viejo, 17 - 48902 Barakaldo, Bizkaia (Spain)
• Phone: (+34) 944 075 954
• Email: security@ironchip.com

Data Protection Officer

IRONCHIP TELCO, S.L. has appointed a Data Protection Officer, who can be contacted for any inquiries or requests regarding personal data protection at:

• Email: dpo@leasba.com
• Address: Parque Tecnológico - Edificio de Usos Comunes, C/Julia Morros 1, Office 109 - 115 León - Spain 24009

2. Purposes and Legal Basis for Processing

The DATA CONTROLLER processes personal data provided by customers and/or users for the following purposes:

Service Provision, Technical Support, and Service Improvement and Development

• Provide technical support and assistance for products and/or services.
• Offer free trials of products and/or services upon user request.
• Conduct internal statistical and market research to develop new features and services.

Response to Requests and Inquiries

• Address information requests and inquiries submitted via the available contact channels, such as electronic forms, email, or chatbots.
• Contact individuals to respond to specific inquiries about products and/or services.

Communication and Marketing

• Send commercial communications related to products and/or services, provided the individual has given their consent.
• Manage invitations to events, seminars, and webinars related to the company’s activities.
• Facilitate newsletter subscriptions to inform users about updates, offers, and promotions.

Management of Electronic Forms

The DATA CONTROLLER provides various electronic forms on its website to facilitate interaction with customers and users. Personal data collected through these forms is processed for the following general purposes:

• Responding to Requests and Inquiries: Provide responses to users' inquiries and offer information about products and/or services, including sending commercial communications, provided the user has given their consent.
• Newsletter Subscriptions: Allow users to receive updates, offers, and promotions related to products and/or services via email newsletters.
• Free Product and Service Trials: Facilitate access to trial centers or free versions of products and/or services offered by the company.
• Technical Support Management: Create and manage user accounts to provide support related to the contracted products and services.
• Real-Time Communication: Provide a direct contact tool via chatbot to address user concerns or specific requests.

If any data requested in the forms is mandatory to fulfill the request, this will be clearly indicated at the time of collection. Failure to provide the required data may prevent the processing of the corresponding request or inquiry.

3. Legal Basis for Data Processing

The processing of personal data carried out by the DATA CONTROLLER is based on the following legal grounds, in accordance with the General Data Protection Regulation (GDPR):

• Execution of a contract or pre-contractual measures: Processing is necessary for the management and provision of the contracted services, technical support, and required assistance.
• Compliance with a legal obligation: Data processing is carried out to comply with applicable regulations, as well as to address requests from competent authorities.
• Consent of the data subject: Where necessary, the processing of personal data, such as sending commercial communications, subscribing to newsletters, or participating in free trials of products and/or services, will only take place when the data subject has given their consent, which they may withdraw at any time.
• Legitimate interest of the controller: Processing is based on the legitimate interest of the controller to ensure system security, prevent fraud, optimize services, and conduct statistical analyses or internal studies to develop new features and improve the products and services offered.

4. Categories of Personal Data Processed

The DATA CONTROLLER collects and processes the following categories of personal data in the course of its activities, depending on the purposes previously described:

Identifying and contact information:

1. Full name.
2. Postal address.
3. Contact telephone numbers.
4. Email address.
5. Identifiers on electronic communication platforms (e.g., WhatsApp, Telegram).

Data derived from interactions with the company:

Information collected through electronic forms, emails, phone calls, or chats, such as: user inquiries, requests for free trials of products or services, and information provided for subscribing to newsletters or commercial communications.

Browsing and usage data for electronic services:

Information automatically collected during the use of the website, applications, cookies, and other similar technologies, as detailed in the Cookie Policy.

5. Data Retention Period

The DATA CONTROLLER will retain the personal data provided by the data subjects during the following periods:

In general terms

The data will be retained as long as there is an active relationship between the data subject and the DATA CONTROLLER, unless the data subject requests its deletion.

Electronic forms and specific inquiries

Data collected through electronic forms on the website will be retained as long as necessary to address the data subject's request or as long as there is an active relationship, unless the data subject requests the deletion of their data or withdraws their consent.

In the case of data related to subscriptions to newsletters or commercial communications, they will be retained until the data subject requests to unsubscribe.

Data blocking and deletion

Once the relationship has ended and legal retention periods have been fulfilled, the data will be securely deleted.

If personal data are relevant to legal liabilities, they will be retained in a duly blocked state for the applicable statute of limitations. Blocked data will only be accessible to judicial authorities or competent public administrations and will not be used for other purposes.

6. Data Recipients

The DATA CONTROLLER may disclose the personal data of data subjects to third parties only when necessary to fulfill the purposes described in this privacy policy or as required by law. Specifically, the recipients of the data may include:

Service providers and data processors

Companies providing services to the DATA CONTROLLER, such as:

• Technological services, including cloud storage providers and technical support.
• Electronic communication services and newsletter management.

These third parties will process personal data solely under the instructions of the DATA CONTROLLER, pursuant to a contract that ensures the confidentiality and security of the data.

Competent authorities and legal compliance

• Public administrations, tax authorities, and regulatory bodies, when necessary to comply with legal obligations.
• Law enforcement agencies, judicial authorities, or regulatory bodies in the case of legal requirements or investigations related to unlawful activities.

International data transfers

The DATA CONTROLLER informs that, for managing the commercial relationship, international transfers of personal data outside the European Economic Area (EEA) are conducted to the United States through HubSpot Inc., a service provider we use to optimize our commercial and communication activities.

These transfers are carried out under appropriate safeguards in compliance with the General Data Protection Regulation (GDPR), specifically through the European Commission’s Adequacy Decision of July 10, 2023, known as the EU-U.S. Data Privacy Framework. This framework ensures that personal data transferred to the United States enjoys an adequate and equivalent level of protection as established under European regulations.

For greater transparency, you can access HubSpot Inc.’s Privacy Policy through the following link: HubSpot Privacy Policy.

The DATA CONTROLLER is committed to ensuring that these international data transfers are conducted in compliance with all necessary safeguards and security measures to protect your personal data, such as:

• European Commission adequacy decisions, where available.
• Standard contractual clauses approved by the European Commission, where required.
• Certification mechanisms or binding corporate rules, where applicable, to reinforce the protection of personal data.

For more information about this protection framework or the applied safeguards, you can consult the details on the European Commission's website or contact us through the means indicated in this privacy policy.

The DATA CONTROLLER is committed to ensuring that international data transfers comply with the principles of security, confidentiality, and data protection established under the GDPR.

7. Data Subject Rights and Their Exercise

In compliance with the provisions of the General Data Protection Regulation (GDPR) (Regulation EU 2016/679) and the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD), our company provides all data subjects with a clear, accessible, and sustainable procedure for exercising their rights regarding their personal data.

Rights Recognized by the GDPR

The following rights may be exercised by data subjects regarding the processing of their personal data:

• Right of Access: Allows obtaining confirmation about whether we are processing your personal data, accessing them, and receiving detailed information about their processing.
• Right to Rectification: Enables the correction or completion of inaccurate or incomplete personal data.
• Right to Erasure: Also known as the “right to be forgotten,” it allows requesting the deletion of personal data when they are no longer necessary for the purposes for which they were collected, among other scenarios.
• Right to Object: Permits opposition to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Restriction of Processing: Temporarily restricts the use of your data in certain cases, for example, while their accuracy is being verified or a claim is being resolved.
• Right to Data Portability: Allows receiving the personal data you have provided to us in a structured, commonly used, and machine-readable format, and transmitting them to another data controller.

How to Exercise Your Rights

To exercise any of your rights, our company offers an exclusively digital channel, in line with our Commitment to Environmental Policy, which prioritizes sustainability and reducing environmental impact. The available means are:

• Email: Send your request to security@ironchip.com, attaching the rights exercise form, which you can download here: Rights Exercise Form (PDF).

Information to Include in Your Request

To ensure proper management of your request, you must provide the following information:

Identification of the Applicant:

• Full name.
• A copy of an official document proving your identity (ID card, passport, NIE).

Clear Description of the Right You Wish to Exercise: Details of the requested right (access, rectification, erasure, objection, restriction, or portability) and any additional information necessary to manage your request.

Contact Details for Receiving the Response: Email address.

Additional Documentation: Any supporting documents or relevant information that facilitates the management of your request.

Sustainability and Accessibility

By adopting this digital mechanism, we contribute to reducing unnecessary paper usage and promoting responsible business practices. If you have difficulty using the digital channel, you can contact our customer service at (+34) 944 075 954, where you will receive personalized guidance to complete the process.

Response Deadlines

Once your request is received, we will analyze it and provide a response within a maximum of one month. In cases of complex or multiple requests, this period may be extended by up to two additional months, with prior notification to the data subject during the first month.

Responses to requests will be provided exclusively in digital format via the email address provided by the data subject. Exceptionally, if justified, the company may evaluate requests to receive the response in physical format on a case-by-case basis.

Procedure Cost

The exercise of your rights is free of charge. However, if requests are manifestly unfounded or excessive (e.g., repetitive), we reserve the right to charge a reasonable fee based on administrative costs or to refuse to process the request.

Complaints to the Supervisory Authority

If you believe we have not properly addressed your rights exercise request, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD) via their website at www.aepd.es, or by directly contacting them.

Contacting the Data Protection Officer

For inquiries related to data protection, you can also contact our Data Protection Officer (DPO): Email: dpo@leasba.com

8. Origin of Personal Data

The DATA CONTROLLER may collect personal data from the data subjects from various sources, detailed below:

a) Data provided directly by the client and/or user: Data voluntarily provided by the client or user, either:

• By completing electronic forms on the website or physical forms designed for the collection of personal data.
• During the contractual relationship, through communications such as information requests, inquiries, complaints, or data updates.

The client and/or user is responsible for ensuring the truthfulness and accuracy of the data provided.

b) Data generated by the commercial relationship: Data indirectly generated during the provision of the contracted services and the maintenance of the commercial relationship. These include, among others:

• Traffic and technical activity data, such as access logs or settings on platforms.
• Website navigation data, such as IP addresses or interactions within private areas of the website, as long as they comply with applicable regulations on cookies and similar technologies.

The DATA CONTROLLER ensures that all data collected, regardless of its origin, will be processed in accordance with current data protection regulations, applying appropriate measures for its security and confidentiality.

In the event of an update or modification of the data by the client or user, they must inform the DATA CONTROLLER to ensure that the data is accurate and up to date, in compliance with the principle of data quality established in the GDPR.

9. Obligation or Lack Thereof to Provide Personal Data

Providing personal data to the DATA CONTROLLER is generally voluntary. However, in some cases, the provision of certain data is necessary to fulfill specific processing purposes.

Mandatory Data

In electronic forms, fields marked as mandatory will be essential for:

• The provision of contracted services.
• Addressing requests or inquiries made by the client or user.
• Fulfilling legal or contractual obligations.

If the data subject does not provide the mandatory data requested, the DATA CONTROLLER will be unable to process the corresponding request or formalize the contractual relationship.

Optional Data

Data not marked as mandatory in forms or requests will be optional. Failure to provide such data will not impede the provision of services but may limit their customization or improvement.

Responsibility for the Data Provided

The data subject guarantees the truthfulness, accuracy, and timeliness of the personal data provided.

If the data is inaccurate, incomplete, or not updated, the data subject will be responsible for any potential damages caused to the DATA CONTROLLER or third parties.

Updating Personal Data

To ensure that the processed information is accurate and up to date, the data subject is encouraged to notify the DATA CONTROLLER of any changes to their personal data.

The DATA CONTROLLER commits to processing only the data necessary for the described purposes, ensuring compliance with the principle of data minimization established in the General Data Protection Regulation (GDPR).

10. Existence of Automated Decisions, Including Profiling

The DATA CONTROLLER informs that no automated decisions, including profiling, are made that produce legal effects on the data subjects or significantly affect them, in accordance with Article 22 of the General Data Protection Regulation (GDPR).

All decisions related to the processing of personal data are made with human intervention, ensuring individual and transparent evaluation in each case.

For any questions or inquiries related to the processing of your data, you may contact the DATA CONTROLLER through the channels indicated in this privacy policy.

11. Social Media Policy

The DATA CONTROLLER maintains active profiles on the following social media platforms:

• LinkedIn: https://www.linkedin.com/company/ironchip
• X (formerly Twitter): https://twitter.com/Ironchip_Telco
• YouTube: https://www.youtube.com/@ironchip7626
• Instagram: https://www.instagram.com/ironchip.telco

On these platforms, the DATA CONTROLLER acts as the data controller for the personal data of users who interact with its profiles, including followers, subscribers, fans, and anyone who comments, makes inquiries, or interacts through these social media platforms.

Use of Social Media by the DATA CONTROLLER

The DATA CONTROLLER uses its social media profiles to:

• Inform users about news, services, products, or updates related to the company’s activities.
• Share relevant or interesting content, such as current articles, third-party publications, or information deemed useful for its followers.
• Address inquiries or interactions from users on social media, within the limits of the functionalities of each platform.

Commitment to Privacy

Under no circumstances will users’ personal data be used for purposes other than those allowed by the social media platform itself without the explicit consent of the data subject.

The DATA CONTROLLER will not collect additional information about users beyond what is permitted by social media platforms unless the user explicitly provides their consent.

Interactions on Social Media

Users are responsible for the information they publish on these platforms, including mentions, comments, or inquiries, and must comply with the usage rules of each social media platform.

If sensitive or confidential information is received from users through social media, the DATA CONTROLLER commits to handling such information with the utmost discretion and may request, where necessary, the use of more secure communication channels.

External Links and Third-Party Content

Social media platforms may include links to external websites or third-party content not managed by the DATA CONTROLLER. The company is not responsible for the accuracy, legality, or privacy policies of such content.

User Rights

Users may exercise their rights of access, rectification, erasure, objection, restriction, and portability in accordance with the GDPR by contacting the DATA CONTROLLER directly through the means indicated in this privacy policy.

For more information on how these social media platforms handle personal data, users are advised to consult the privacy policies of each platform.

12. Information on the Use of Cookies

The DATA CONTROLLER informs users that this website uses cookies and similar technologies to ensure its proper functioning, enhance user experience, analyze web traffic, and, in some cases, personalize the content and services offered.

For detailed information on the use of cookies, the types of cookies employed, their specific purposes, and how to manage or disable them, we invite you to consult our Cookie Policy, accessible via the following link: Cookie Policy.

By continuing to browse our website, you agree to the use of cookies in accordance with the terms outlined in our Cookie Policy.

13. Security Measures

The DATA CONTROLLER ensures the implementation of appropriate technical and organizational measures in accordance with the General Data Protection Regulation (GDPR, EU 2016/679) and the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD, 3/2018), with the aim of protecting the personal data of clients and users, as well as their rights and freedoms.

Security measures applied on the website

• Data encryption (SSL): The website is equipped with an SSL certificate activated across the entire domain, ensuring the encrypted transmission of personal data provided by users through electronic forms. This protects information from unauthorized access during transmission over the Internet.
• Protection against automated traffic (reCAPTCHA): The reCAPTCHA system is used to detect and block traffic generated by bots or automated programs, ensuring that only real users can interact with electronic forms used to collect personal data.
• Secure hosting: The website is hosted on servers provided by Amazon.com, with an IP address assigned within the European range, complying with the security and data protection regulations applicable in the European Union.
• Confidentiality and protection against unauthorized access: All collected information is stored and managed under strict confidentiality policies, utilizing advanced security measures to prevent unauthorized access, misuse, manipulation, deterioration, or loss of personal data.

Limitations of Internet Security

Despite the measures implemented, the client and/or user should be aware that absolute security in computer systems and the transmission of data over the Internet cannot be guaranteed. There is a possibility, albeit remote, that the information provided may be intercepted and processed by unauthorized third parties.

Recommendations for the user

To contribute to information security, users are advised to:

• Use secure networks when sending personal information.
• Avoid sharing confidential data in public or unsecured environments.
• Keep their devices protected through software updates and the use of appropriate security tools.

The DATA CONTROLLER is committed to continuously monitoring the implemented security measures, adapting them to technological advancements and new risks, in line with the security principles established by the GDPR and the LOPDGDD.

For more information about our security policies, please contact us through the channels indicated in this privacy policy.

14. Sending Commercial Communications

In compliance with the provisions of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE), as well as the applicable complementary regulations, the DATA CONTROLLER ensures that all commercial communications made electronically will be clearly identifiable as such and will include the necessary information to identify the sender.

User consent

By completing the electronic forms available on the website and affirmatively ticking the consent boxes, the client and/or user:

1. Accepts the processing of their personal data for the purposes described in this privacy policy.
2. Grants their express, free, and unequivocal consent to receive commercial communications related to products and/or services offered by the DATA CONTROLLER through:
   • Email.
   • Phone.
   • SMS/MMS.
   • Instant messaging platforms such as WhatsApp or Telegram.
   • Other equivalent electronic communication methods.

Objection and withdrawal of consent

The client and/or user has the right to object to the processing of their data for promotional purposes or withdraw their consent to receive commercial communications at any time. This can be done through a simple and free procedure by sending an email to security@ironchip.com or dpo@leasba.com with the subject: “UNSUBSCRIBE” or “DO NOT SEND.”

Data retention

The personal data provided for the purpose of sending commercial communications will be retained:

• As long as the data subject does not revoke their consent or request to unsubscribe.
• For the time necessary to fulfill legal obligations, if applicable.

Commitment of the DATA CONTROLLER

The DATA CONTROLLER guarantees that:

• All commercial communications will comply with the principles of transparency and clarity established by applicable regulations.
• Necessary technical and organizational measures will be adopted to protect personal information processed for commercial purposes.

For any additional queries or clarifications related to the sending of commercial communications, the client and/or user may contact the DATA CONTROLLER through the channels indicated in this privacy policy.

15. Acceptance and Consent

The client and/or user declares that they have been duly informed about the conditions regarding the protection of their personal data, as established in this Privacy Policy. By providing their data through the electronic forms available on the website, or through other means of communication, the client and/or user explicitly accepts and consents to the processing of their data by the DATA CONTROLLER, in the ways and for the purposes detailed in this policy.

Furthermore, the client and/or user acknowledges that certain services offered on the website may be subject to specific conditions that include provisions on the protection of personal data. In such cases, these conditions will be clearly and accessibly communicated to the data subject before the collection or processing of their data.

Acceptance of this policy implies the client and/or user’s explicit consent to:

• The processing of their personal data for the purposes described.
• The use of electronic means for the communication of relevant and commercial information, provided the corresponding consent has been granted.

The client and/or user may withdraw their consent at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal. To do so, they may exercise their rights through the channels indicated in this privacy policy.

16. Updates to the Privacy Policy

The DATA CONTROLLER reserves the right to modify this Privacy Policy in order to adapt it to:

• Legislative or judicial changes.
• New interpretations or guidelines issued by the Spanish Data Protection Agency or other supervisory authorities.
• Industry practices or technological advancements that may affect how we process personal data.

Any changes to the privacy policy will be communicated to users through this website, and, where applicable, consent will be requested again in cases where the modification involves the processing of personal data based on this legal basis.

Additionally, this privacy policy may be supplemented with other documents, such as:

• Legal Notice.
• Cookie Policy.
• General Terms and Conditions, in cases where certain products and/or services include specific provisions on data protection.

Users are encouraged to periodically review this privacy policy to stay informed about how their personal information is protected and about potential updates. In case of any doubts, users may contact the DATA CONTROLLER through the means indicated in this policy.