1. The Parties. Loozend, S.L. (hereinafter, Loozend), by virtue of the contracted service, acts as DATA CONTROLLER and customers are RESPONSIBLE FOR THE TREATMENT of their personal information.
    1. Type of data handled. Identification information including full name, e-mail address, fixed and/or mobile telephone number(s), postal address, fiscal identification code, IP, MAC; financial information including bank account; all information related to the data anonymously backed-up, which are included in the safeguarded device.
      1. Interested parties categories: Customers: the customers.
        1. Authorized data handling operations: Communications, preservation, encryption.
          1. The duration specified in the main contractual relationship derived from this agreement.
            1. Obligations of the controller: Those specified in the European General Data Protection Regulation (hereinafter GDPR).
              1. Purpose and instructions. Loozend will handle the information provided by its customers only to provide them with the services specified in the main existing contractual relationship. Loozend shall never use the information for its own purposes. If Loozend deemed that any of the instructions specified by the person Responsible for the Treatment of his or her information violate any stipulations of the European GDPR or any other EU or Member Country provision regarding data protection, the controller will immediately inform the customer.
                1. Activity Records. Loozend shall keep a written record of all data handling activities performed on behalf of its customers, in compliance with article 30 of the GDPR.
                  1. Information transfers to third parties. Loozend shall never transfer any information to third parties, except when customers expressly authorize Loozend or in legally admissible instances. If Loozend should ever be forced to transfer personal data to a third country or an international organization, due to any applicable obligation derived from EU regulations or any Member Country regulations, Loozend shall previously inform the person Responsible about that legally binding request, except when the relevant regulation forbids it due to important public interest reasons.
                    1. Subcontratación 
                        • Loozend is authorized to subcontract the ancillary services, which are necessary to maintain the company’s general structure such as, telecommunications services, hardware maintenance, tax compliance, accounting and social services; cleaning services, financial auditing and other similar services.
                        • The customer authorizes Loozend to subcontract the services of Microsoft Azure. Other direct services will be subject to the customer’s prior authorization, which Loozend shall request when necessary.
                        • If customers wish to know all subcontractors used by Loozend who supply us services directly related to the data handling of the service provided by Loozend, they may write to
                        • In any case, subcontractors belong to the category of Data Controllers and are thus obliged to comply with the clauses set forth in this contract, in the same terms, providing the same guarantees, under the same conditions and always complying with Loozend’s instructions. If there were any breaches by subcontractors, customers shall hold Loozend responsible for said breach
                      1. Secret: Loozend shall respect its secrecy duty regarding all personal data to which the company has access, even when the object of the present contract is no longer in force. Loozend will only handle personal data through those of its employees who directly provide the service specified in this contract and who cannot fulfill their jobs without accessing the said personal data. The customer may request the accreditation attesting to the fact that those employees are legally bound to maintain personal data confidentiality: are obliged to comply with the security measures in place and are trained to know all relevant requirements.
                        1. Loozend asistirá al cliente en el ejercicio por parte de terceros de los derechos de acceso, rectificación, supresión y oposición; limitación del tratamiento; a no ser objeto que dichos derechos sean objeto de decisiones individualizadas automatizadas.
                          1. Security breach. In case of a potential personal data security breach, Loozend shall proceed in accordance with the stipulations of article 33 of the GDPR
                            1. Information. Loozend shall provide customers, if they request it, with all the necessary information to prove that the company is indeed complying with its obligations. 
                              1. Security measures. Loozend Loozend commits itself to implement and comply with, at least, those measures that guarantee data confidentiality and the continuous system and data handling resilience; to restore system availability and personal data access as soon as possible, in case of a physical or technical incident; to regularly verify, evaluate and assess the effectiveness of technical and organizational measures implemented to ensure personal data handling security; to compress and cipher personal information, in all relevant instances. 
                                1. Destination of data when Loozend service is terminated. Loozend shall destroy all digital and/or analogue information, except when the customer responsible for his or her data treatment chooses to maintain the information through the configuration options provided in his or her customer administration menu.
                                  1. Personal data protection. Loozend Regarding your personal data, Loozend informs you that your personal information is handled only in order to fulfill the purpose of this contract; that the legitimacy for the handling of your data has its origin in this contract; that no information will be transferred to third parties, unless there is a legal requirement; that the owner of the information is entitled to the following rights: a) Obtain confirmation about whether or not his personal information has been processed; b) personal information may be rectified in those circumstances set out by law; c) request the deletion of personal information, when, among other circumstances, the said information is no longer necessary for the purposes it had been requested; d) request some limits on data processing under certain given circumstances, in which case the said data will only be kept to be used in potential claims; e) to oppose information processing under the specific circumstances set out by law. Customers may exercise their rights through a written request sent to, including a copy of their Identity Document or passport (when the request is made by other person on behalf of the customer, the said person must prove that he or she has been charged by the customer to do so); the customer’s request must specify the data impacted and the type of right(s) being exercised. The information shall be kept during the time necessary to provide the service and, dully blocked, even after the service has been terminated, unless the customer specifically requests the deletion of the information, which shall also be kept during the legally prescribed period, to be able to process any potential claim on the service provided.