We have strived for the wording to be clear, with information divided into sections to facilitate reading, but if you have any doubts, please do not hesitate to contact us.
Information related to an identified or identifiable natural person, directly or indirectly ("data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly through an identifier, such as a name, an identification number, location data, electronic identifiers, or one or more specific elements of the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Any operation or set of operations performed on personal data or sets of personal data, whether by automated or non-automated means. These operations include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, comparison or interconnection, limitation, erasure, or destruction.
LIMITATION OF PROCESSING
The insertion of a mark on personal data kept with the aim of limiting their future processing.
An individual or legal entity, a public authority, or another organization that processes personal data on behalf of the data controller.
CONSENT OF THE DATA SUBJECT
Consent of the data subject is a voluntary, specific, informed, and explicit expression of the data subject's will, by which they accept, through a declaration or unambiguous affirmative action, that their personal data pertaining to them will be processed.
1. Personal Data of Customers
The personal data of hitEcosystem's customers are processed because they are necessary for contract formation, service provision, the management of the system where data is stored and accessible, information security control, and compliance with legal requirements. Website registration will involve the creation of navigation profiles and the recording of order and purchase history for the purpose of providing customers with relevant information and promotions. The data is also processed to pursue legitimate interests of hitEcosystem, which may include various marketing and sales-related communications. However, the DATA SUBJECT can object to such processing, as described in section 5.
2. Personal Data of Non-Customers
Personal data provided in the context of inquiries about services, pre-contractual dealings, or direct subscription to communications are processed in good faith and in accordance with the purposes for which the DATA SUBJECT provided them to hitEcosystem. However, the DATA SUBJECT can object to such processing at any time, as described in section 5.
3. Data Processing Period
The personal data, whether of customers or non-customers, is retained for varying periods, depending on the nature of the DATA SUBJECT's relationship with hitEcosystem and the purpose for which the data was collected, always in compliance with legal requirements. Once the basis for collecting the data has ceased, they will be deleted unless there is a legal requirement to retain them.
4. Subcontractors and Other Entities with Access to the Data
Personal data can be accessed by subcontractors of hitEcosystem for purposes such as billing, order delivery, accounting, or legal support, among others, as specified to the DATA SUBJECT prior to processing and only with their conscious authorization. These entities are responsible for adopting measures to ensure the privacy and security of personal data and for preserving and upholding the rights of their DATA SUBJECTS. Data may also be accessed by government administrations and public bodies as required by fiscal, labor, judicial, or other applicable regulations.
5. Rights of the DATA SUBJECT Regarding Personal Data
The DATA SUBJECT has the right to access, amend, restrict processing, request data portability, and request the erasure of their personal data, all of which can be done through the customer area or by contacting hitEcosystem via email at firstname.lastname@example.org. hitEcosystem commits to promptly notify the DATA SUBJECT of any data security breaches or violations and to make every effort to resolve the situation diligently. Despite hitEcosystem's diligence, the DATA SUBJECT has the right to file a direct complaint with a supervisory authority.
5.1. Regarding the Right to Restrict Processing of Personal Data in Particular
The DATA SUBJECT can request the restriction of the processing of their personal data, including profiling, whenever they consider the processing to be unlawful or unnecessary. hitEcosystem has a duty to assess the situation and can only refuse to comply with the request if it is determined that its legitimate reasons outweigh those of the data subject.
5.2. Regarding the Right to Data Portability in Particular
The right to data portability is the DATA SUBJECT's right to receive the personal data being processed by hitEcosystem, or to have that data directly sent to another data controller at the DATA SUBJECT's request, in a structured, commonly used, and machine-readable format. Data portability does not entail the erasure of data from hitEcosystem's systems - this process must be requested separately, as described in section 5.3. Requests for data portability must be made through the customer area. An email link will then be sent to the DATA SUBJECT's email address for downloading the data file, available for 48 hours.
5.3. Regarding the Right to Erasure of Personal Data in Particular
The DATA SUBJECT can request the deletion of their personal data from hitEcosystem's systems, provided this does not contradict any legal obligations. The request should be made through the personal area or by contacting hitEcosystem via email at email@example.com.
6. Security Measures
hitEcosystem is committed to implementing technical and organizational measures within its reach to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorized access, disclosure, and against any other form of unlawful processing, particularly when data transmission is involved. Security procedures following best practices in terms of information security have been adopted, including the use of firewalls and intrusion detection systems, the existence of restricted physical and logical access, logging of operations, monitoring and auditing, and the secure collection and transmission of personal data.
- Microsoft Edge
8. Contact for Additional Questions
Any questions regarding the processing of personal data that have not been addressed in this document can be sent via email to the following address: firstname.lastname@example.org.