In compliance with the conditions laid down in the European Union General Data Protection Regulation (“GDPR”), below we provide you with detailed information regarding the processing of your personal data.
I. Data controller
Panda Security, S.L. (the “Society”), with VAT number B-48435218, registered in the Mercantile Register of Bilbao, Tome BI-59, Book 134, Sheet BI-767-B, 1st inscription, with registered offices at Santiago de Compostela, 12, 1st floor, 48003 Bilbao, Bizkaia (Spain), and contact email firstname.lastname@example.org
II. Data Protection Officer (DPO)
The Data Protection Officer (DPO) is the person responsible for ensuring that the Society processes personal data in compliance with the applicable data protection rules. You may contact the DPO at the following email address DPO@pandasecurity.com.
III. Purpose and legal basis for the processing
Your personal data will be processed for the following purposes:
- To manage the pre-contractual and/or contractual relationship with you, including, if appropriate, to monitor and actively manage your devices for the purpose of providing the service, manage complaints and improve customer service, provide technical support, and send you reminders when the software license you have purchased is about to expire.
In this respect, the fulfillment of the pre-contractual and/or contractual relationship with you constitutes the legal basis for the processing.
- If you do not consent to providing the mandatory and indispensable personal data requested, it will not be possible to fulfill the pre-contractual and/or contractual relationship with you, resulting in the product provision not being formalized.. In any event, you have the right to object to the processing of your personal data for the purpose and in the manner set out above.
- To enable the Society to send you offers or advertising and promotional communications by any means (including email) concerning other products or services offered by Panda Security, or to carry out other marketing activities such as sending newsletters to registered users. In this respect, your expressed consent constitutes the legal basis for the processing, should you have granted it. If you do not consent to the processing of your personal data for the purpose set out above, you will not receive any marketing communications from Panda Security.
- To retain your personal data in the event that the contractual relationship is not formalized, for the purpose of managing future requests you may make, and, if appropriate, sending you information improving the conditions of an offer you didn’t contract. In this respect, the Society's legitimate interest in managing and satisfying any future requests or queries you may have constitutes the legal basis for the processing. In any event, you have the right to object to the processing of your personal data if the contractual relationship is not formalized.
IV. Data retention period
The Society will store your personal data for as long as the contractual relationship with you is in force and, once it is terminated, for as long as the applicable fiscal, economic, civil and criminal regulations are in effect. In addition, in the event that the contractual relationship with you is finally not formalized, the data retention period will be six years.
V. Recipients of the personal data
We inform you that under no circumstances will your personal data be passed on to any third party, unless required by a legal obligation, and to the corresponding public bodies. Furthermore, we inform you that your personal data may be accessed, as data processors, by the following parties: (i) Technology service providers (such as software or hardware developers as well as developers of applications related to the software license) in order to effectively provide the computing services related to the software license granted to you, as well as optimizing it; (ii) marketing and advertising service providers involved in the launch of product offers and promotions; (iii) companies belonging to the Society's group in order to effectively fulfill the contractual relationship with you; and (iv) product distributors.
VI. International transfers of personal data
To allow the aforementioned third-party providers to access your personal data, said data may be shared with the following international data processors outside of the EU:
|Category of recipient||Enterprise
|Marketing service provider||The Rocket Science Group||USA||Ensures an adequate level of protection in compliance with the “EU/US Privacy Shield”.|
|Marketing service provider||USI Techonologies, Inc.||USA||Ensures an adequate level of protection by signing the standard contractual clauses set out in Decision 2002/16/EC of February 5, 2010.|
|Technology service provider||CYREN Ltd.||Israel||Ensures an adequate level of protection in compliance with the EU Directive 2011/61/EC of January 31, 2011.|
|Technology service provider||Clicktools Inc.||USA||Ensures an adequate level of protection in compliance with the “EU/US Privacy Shield”.|
You can obtain a copy of the aforementioned safeguards by contacting the Data Protection Officer at DPO@pandasecurity.com.
VII. Rights available to data subjects
We inform you that you are entitled to exercise the following rights:
(i) Right of access: Right to find out what kind of personal information is being processed, and the processing activities performed on said data;
(ii) Right of rectification: Right to ask for your information to be corrected;
(iii) Right to erasure: Right to have your personal information deleted;
(iv) Right to object: Right to object to the processing of your personal data, for reasons related to your personal situation;
(v) Right to withdraw your consent when your consent is the legal basis for the processing of your personal data;
(vi) Right to restriction of processing: Right to ask for your personal information to stop being processed in certain cases (e.g. If you believe that the personal information about you is incorrect, for a period enabling the controller to verify the accuracy of the personal data); and
(vii) Right to portability: Right to receive a copy of the information which you have provided to the Society in a structured, commonly used and machine-readable format, and right to transmit that data to another controller.
To exercise these rights, you must submit your request in writing to email@example.com, or to the Society's registered offices (indicated above.
Your request to exercise your rights must include your full name as well as the right to be exercised, along with a copy of your national ID card or equivalent personal identification document.
In addition, you are entitled to lodge a complaint with the Spanish Data Protection Agency, if you consider that you have not been satisfied when exercising your rights.
You may exercise any of these rights free of charge.