Privacy policy

Identifying data of the person responsible for the treatment
  • Identity of the person responsible: Tokencrowd S.L.
  • CIF: B13807367
  • Registered address: C/ Cristobal Bordiu 22, 28003, Madrid
  • Contact email: hello@tokencrowd.io
  • Registration details: Registered in the Commercial Registry of Madrid, volume 45226, folio 70, page M-795777.
 
Information to users and consent

In accordance with the provisions of the European Data Protection Regulation (EU) 2016/679 and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, with the acceptance of this privacy policy through of the mechanisms provided on the website, users express their express, free, informed and unequivocal consent so that the personal data that they may provide to the entity through the forms and the means and means of contact that may be available or enabled in the website are incorporated into the entity’s files.

The data controller informs the interested parties that, as the current applicable regulations prescribe, the corresponding security measures have been applied to the personal data processing activities carried out by the entity for the development of its purposes. technical and organizational, which have been implemented after having carried out the pertinent risk analysis.

What personal data is collected?

Through the website we will only collect identification and contact data of the users and the data that is strictly necessary to be able to manage the queries, suggestions, complaints and requests made through the forms and other contact channels or means that may be available on the website, as well as the personal data that are necessary to carry out and manage the procedures related to the interactions of users with the entity and with the management and development of TokenCrowd’s own purposes and activities.

In no case will we collect or record through the website, and through the enabled means of contact, information with sensitive personal data or specially protected data. The personal data collected will be processed with the legitimacy bases specifically indicated in the corresponding section of this Privacy Policy.

What is the purpose for which we process the personal data collected?

The personal data collected by the entity through the contact means enabled on the website will be processed for specific purposes in each case and in accordance with what is indicated below.

Data obtained through the forms and enabled contact channels: there are means and contact channels enabled on the website to make queries, requests for information or documents, suggestions, claims, complaints, and/or in general to contact the entity. In this case, the telephone or email will be used to respond to the request and the purpose for which the data will be processed will be to respond to the requests received and send the information or documentation required by users through the website. and only the data strictly necessary to meet what is specifically requested by users will be requested and collected.

Data related to the efforts carried out by the entity in the exercise of its powers and functions: there are means and means of contact on the website so that users can use the services of the entity and that are related to the exercise of its powers and functions. In this case, the data will be processed for the purpose of managing the queries made, facilitating and managing the procedures to be carried out with the entity, enabling the modification of the data provided by users, making communications to users on matters of interest, including calls for events and acts, and in general with the purpose of managing and developing the functions and powers of TokenCrowd in accordance with what is indicated in the specific applicable regulations and in the statutes of the entity.

Data provided for the sending of commercial communications: in this case the data that has been provided by the users will be used to manage the sending of advertising, commercial or promotional communications and information related to the services and activities of the entity and that the users have expressly requested or whose sending they have expressly accepted in advance, as well as in order to facilitate users’ revocation of consent previously granted, or your opposition to the processing of your data for the purposes indicated above.

Due to the provision of the services offered by the entity through the website or events, events or initiatives developed or convened, personal data may be requested from users at some time through forms or other means or means of contact, in which case will always apply by default and generally what is indicated in this Privacy Policy with regard to the processing of information with personal data that could be carried out by TokenCrowd as the entity responsible for the treatment.

How long will we keep the personal data collected?

The personal data provided to TokenCrowd as the entity responsible for the website will be processed on a general basis as long as it is needed to respond and respond to the requests of the interested parties regarding queries, suggestions, complaints and requests for information. and during the specific legal prescription periods applicable in each case once the procedure is completed or the deletion of the data is requested by the interested parties, and as long as the deletion of the data is not requested or the consent previously granted is revoked in the cases in which the processing of user data was based on the same, and during the specific legal prescription periods applicable in each case, the conservation of user data indefinitely for historical and registration purposes and in accordance with as indicated in the applicable regulations and in the terms referred to in the reports and resolutions of the Spanish Data Protection Agency on the possibility of indefinite conservation of personal data for this type of purposes. During the specific legal prescription periods applicable in each case, the data will remain blocked and available only to the competent authorities and public administrations, and once the data has expired, the data will be deleted.

Regarding information with personal data associated with contracts, commercial agreements or agreements formalized by the entity, once the contractual or commercial relationship that may have been formalized has ended, the deletion of the data has been requested, or the consent that had previously been revoked granted, the specific prescription periods provided for by the applicable legislation will apply in each case, with a generic period of 5 years for personal actions without a special period, 6 years for invoices and accounting books of the entity and 10 years in in relation to the provisions of the Law on the Prevention of Money Laundering and Financing of Terrorism (art.25). During the indicated limitation periods, the data will remain blocked and available only to the competent authorities and public administrations, and once the expiration of the limitation periods the data will be deleted.

What is the legitimation basis that allows us to process the data collected?

The legal basis of legitimacy that allows us to process the personal data collected through the website is founded, with regard to the use of forms or contact means that may be enabled to make queries, claims, complaints, suggestions and requests for information or documents, making job applications and sending CVs, or contacting the entity through the means indicated on the website, in the express and informed consent of the interested parties or their representative collected and granted in accordance with the conditions indicated in art. 7 of the European Data Protection Regulation, according to which the interested parties will have the right to withdraw that consent at any time using the contact means indicated on the website.

The entity informs that the data requested through the forms that may be enabled or the means of contact indicated on the website will be those strictly necessary to address the query, claim, complaint, request or specific request made by the interested parties, and that minimization criteria will be applied by default.

The main basis of legitimacy in the case of user data provided by them through the means and contact methods indicated on the website and that were related to the development of the entity’s own purposes will be the fulfillment of obligations. applicable to TokenCrowd as data controller (art. 6.1 c) RGPD) and that the processing of data is necessary for the fulfillment of missions carried out in the public interest (art. 6.1. e) RGPD). The basis of legitimacy for the processing of data will be the express and informed consent of the users in relation to ion with services and activities that involve the processing of your personal data and that require your authorization, and mainly in relation to the sending and dissemination of commercial and promotional communications about services and activities that may be of interest to you.

In the case of personal data collected due to the formalization of agreements, contracts or commercial agreements in which the entity was an interested party, the basis of legitimacy will be based on the execution of a contract or commercial agreement between the parties and on the adoption of pre-contractual measures.

In the case of personal data collected due to the interaction of users through the official profiles that the entity may have on social networks and the comments made by them through them in relation to the activities and services of TokenCrowd , the basis of legitimation will be based on the express and informed consent of the interested parties.
In the case of sending commercial communications to users, the basis of legitimacy for the processing of their data will be based on the express and informed consent of the interested parties, collected and granted in accordance with the conditions indicated in art. 7 of the European Data Protection Regulation, according to which the interested parties will have the right to withdraw that previously granted consent at any time.

Quality of the data provided

The entity warns users that, unless there is a sufficiently accredited legal representation, no user can use the identity of another person and communicate personal data of third parties, so that users of the website must keep in mind that they can only communicate data own personal data and that they are adequate, relevant, accurate, up-to-date and true.

Users will be responsible for direct and indirect damages caused to third parties or the entity by the use of personal data of other users, or by the use of their own personal data if they are false, erroneous, inadequate, inappropriate or outdated.

Users who communicate third-party personal data to the entity must have informed consent from the third party and in accordance with this Privacy Policy, and will be liable for this towards the entity and the third party, exonerating TokenCrowd from all liability in this regard.

What are the rights that those who provide us with their data can exercise?

In accordance with the provisions of the European Data Protection Regulation (EU) 2016/679 and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, interested parties will have the right to obtain confirmation as to whether TokenCrowd We are processing personal data that may or may not concern you, as well as exercising the recognized rights regarding personal data.

Interested parties will specifically have the right to:

  • Request access to personal data that concerns you.
  • Request rectification or deletion of data.
  • Request the cancellation of data.
  • Request limitation of data processing
    Oppose the processing of data.
  • Request data portability.

In the event that the interested parties have given their consent for a specific purpose, they will have the right to withdraw the previously granted consent at any time, and without this affecting the legality of the treatments based on the consent granted prior to its withdrawal.

If the interested parties consider that we have not processed their personal data in accordance with the reference regulations indicated, and if they understand that we have not satisfied their request to exercise their rights, they may contact TrokenCrowd at hola@tokencrowd.io or submit directly, if you wish, a claim to the Spanish Data Protection Agency as the national control authority at its address at Calle Jorge Juan, 6 – 28001 – Madrid or on the roads contact details indicated on the institution’s website (www.aepd.es), including the electronic headquarters https://sedeagpd.gob.es/sede-electronica-web/

To exercise all the rights referred to above, interested parties may use the contact addresses indicated above to request the application form provided by the entity for this purpose in compliance with their legal obligations, a form that interested parties must accompany when it is presented or sent. a copy of your DNI or equivalent document proving your identity and that of your representative, if applicable. The exercise of the rights will be free, and the request may be delivered by hand to the entity’s staff, or sent by postal mail or by e-mail to the contact addresses indicated.

The data controller informs the interested parties that it has established and implemented specific protocols and measures for compliance with the data protection regulations of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) and of Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights.

User rights in relation to commercial communications

Users who have expressly and previously authorized the sending of commercial, advertising or promotional communications via e-mail, SMS or any other equivalent or similar means of electronic communication, will have the right to oppose the processing of their personal data for the purposes commercial or promotional, as well as the right to revoke the consent previously granted for this purpose, by simply notifying the entity in this regard and sending an email to hola@tokencrowd. io

To which recipients could the personal data collected be communicated?

The personal data provided by users of the website will only be processed on a general basis by the own workforce that may be hired at any given time and by the authorized members of the entities that make up the board of TokenCrowd, and who will be required to formalization of a confidentiality commitment and compliance with the duty of secrecy with respect to personal data to which they may have access in the performance of their duties for the entity.

Data transfers to third parties will only be carried out in general with the express authorization of the interested parties themselves, in cases of legal obligation and in the cases provided for in the statutes of the entity and related to the development of TokenCrowd’s own functions, as in the case of data transfers made to Public Authorities and Administrations in the exercise of their powers, to State Security Forces and Bodies, and to Courts and Tribunals.

Data transfers may also be made when necessary to enable the development of the entity’s own services and activities and/or services contracted to external providers, including banks and financial entities for the management of collections and payments, and the suppliers. who have the status of data processors, and always in this case within the framework provided for in the data processor contract formalized between TokenCrowd and the contracted data processors. The entity undertakes in all cases to inform the interested parties about the need to carry out extraordinary transfers of data to third parties to manage the development of the entity’s own purposes so that the interested parties can express their consent for the transfer of data. as a prerequisite for this to be carried out.

In the case of international data transfers derived from the use by the entity of tools, applications, programs or service providers, they will be carried out under the protection of the international agreements in force at all times, standard contractual clauses and the Binding corporate rules to ensure that North American and non-EU software companies comply with European data protection policies on privacy, secrecy and data security.

Secrecy and data security

The entity is committed to the appropriate use and processing of users’ personal data, respecting their confidentiality, and to use these in accordance with the specific purposes of said processing, as well as to comply with its obligation to store the data and adopt all security measures in place to prevent alteration, loss, unauthorized treatment or access, and in accordance with the provisions of current data protection regulations.

This website includes an SSL certificate, a security protocol that ensures that data travels completely and safely, that is, the transmission of data between a server and a user of the website, and in feedback, is completely encrypted or encrypted. .

The entity cannot guarantee the absolute impregnability of the Internet network and therefore the violation of data through fraudulent access to it by third parties.

Regarding the confidentiality of data processing, the entity will ensure that any person who is authorized by the entity to process user data, including staff, members of the entities that make up the board, and collaborators and suppliers of the entity who had the character of those in charge of treatment, are under the corresponding obligation of confidentiality, whether legal or contractual.

When a security incident occurs, once the entity is aware of it, it will notify the users without undue delay and will provide the appropriate information related to the security incident and in any case whenever the users request it in a reasonable manner. .

Accuracy and truthfulness of the data

Users are solely responsible for the veracity and correctness of the personal data they send and provide through the tokencrowd.io website, exonerating the entity from any responsibility in this regard. Users guarantee and are responsible, in any case, for the accuracy, veracity, validity and authenticity of the personal data provided, and undertake to keep it duly updated. Users agree to provide complete and correct information through the contact channels enabled on the website.

Changes to the privacy policy

The entity reserves the right to modify this privacy policy to adapt it to legislative or jurisprudential developments, as well as to industry practices. In these cases, the changes will be announced on the website in good time before they are put into practice.

Privacy Policy updated as of May 30, 2024