Privacy Policy
Last modified: 17 December 2024.
Thank you for visiting this website.
Please read carefully the Terms and Conditions set out in this document, as the use of this website implies the express and full acceptance thereof, in the version published at the time you access it. We recommend that you read this document carefully each time you access the website to check for changes to the terms of use, and leave if you do not agree with such changes. If we believe that certain modifications are significant, we will update the "Last modified" date at the top of this page. You are responsible for reviewing and familiarising yourself with any modifications made.
Laws incorporated in this Privacy Policy
This policy is adapted to the following regulations, currently in force in both Spain and Europe:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
- Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).
1. Identification
In compliance with the duty of information set out in Article 10 of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce, and with current data protection legislation, specifically Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), which fully implements Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Data Controller: DIVERGER THINKING S.L.U. (hereinafter THE COMPANY)
- Trade name: DIVERGER
- Tax ID (CIF): B56192578
2. Communication
To contact us regarding any matter related to the processing of personal data, we provide you with the following means of contact:
- Email: info@diverger.ai
- Registered office: Alcobendas (Madrid), Avda Europa, 24 Building A – Office D, 28108
- Website: diverger.ai
We understand that the privacy and security of your personal information are extremely important. This policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
Principles applicable to the processing of personal data
The processing of the User's personal data shall be subject to the following principles set out in Article 5 of the GDPR and in Articles 4 et seq. of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights:
- Principle of lawfulness, fairness and transparency: the User's consent shall be required at all times, with prior completely transparent information about the purposes for which personal data are collected.
- Principle of purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes.
- Principle of data minimisation: personal data collected shall be only those strictly necessary in relation to the purposes for which they are processed.
- Principle of accuracy: personal data must be accurate and kept up to date at all times.
- Principle of storage limitation: personal data shall only be maintained in a form that permits identification of the User for no longer than is necessary for the purposes of processing.
- Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures their security and confidentiality.
- Principle of accountability: the Data Controller shall be responsible for ensuring that the above principles are complied with.
What measures have we taken to ensure the confidentiality, integrity and security of your data?
- We only ask for the minimum amount of information necessary, collecting only what we believe is essential for doing business or for the specific transaction in question.
- We have established confidentiality agreements with all our suppliers, staff and collaborators.
- We have specialised advisory services that not only assist us on an ongoing basis but also carry out periodic checks to ensure proper compliance with these regulations.
- We have established IT security measures to protect us from potential external attacks.
- We have reviewed all our documentation to ensure it complies with the new regulation.
- We have assessed the impact that our procedures may have on the protection of your personal data.
- We have trained our staff so that we can all act diligently and ethically, complying with all the requirements set out in the new regulation.
Principles we apply to your personal information
In the processing of your personal data, we apply the following principles in accordance with the requirements of the new European data protection regulation:
- Principle of lawfulness, fairness and transparency: We will always require your consent for the processing of your personal data for one or more specific purposes that we will inform you of in advance with absolute transparency.
- Principle of data minimisation: We will only request data strictly necessary in relation to the purposes for which we require them. The minimum possible.
- Principle of storage limitation: data will be maintained for no longer than is necessary for the purposes of processing. Depending on the purpose, we will inform you of the corresponding retention period. In the case of subscriptions, we will periodically review our lists and delete those records that have been inactive for a considerable time.
- Principle of integrity and confidentiality: Your data will be processed in such a way as to ensure adequate security of personal data and to guarantee confidentiality. You should know that we take all necessary precautions to prevent unauthorised access or misuse of our users' data by third parties.
Legal bases for the collection and use of information
If you are an individual in the European Economic Area (EEA), our legal basis for the collection and use of information depends on the personal information in question and the context in which we collect it. Most of our information collection and processing activities are generally based on: 1) a contractual necessity; 2) one or more legitimate interests of THE COMPANY or a third party that are not overridden by your data protection interests; or 3) your consent. Sometimes we will have a legal obligation to collect your information or will need your personal information to protect your vital interests or those of another person.
Processing
We will explain below how we collect, use, disclose, transfer and store your information. This Privacy Policy applies to personal information collected through our website. It is important that you check this Privacy Policy frequently in case it has been updated.
All users who access our website will be able to view all its content without the need to provide any personal information. Your personal data will only be collected when you voluntarily complete our form(s). In this case, the user guarantees the authenticity, accuracy and truthfulness of the information provided, undertaking to keep personal data up to date so that it corresponds at all times to their actual situation. The user shall be solely responsible for any false or inaccurate statements and for any damages they may cause. Through this communication channel, you expressly accept to receive periodic communications solely from the entity, which will keep the personal data received from users through the website in total secrecy, guaranteeing their confidentiality, and will adopt the technical measures necessary to prevent any alteration, loss, misuse or unauthorised access to this data.
Furthermore, we inform you that all data provided through electronic forms and/or by email is strictly necessary for the correct identification of the sender. This information will be treated with strict confidentiality and for the sole purpose of managing information requests, contracting our services and products and other purposes specified below. You are informed and give your full express consent to use your data for activities related to the corporate purpose of the entity.
The consent given, both for the processing and for the transfer of the data of the interested parties, is revocable at any time by communicating this to the email address info@diverger.ai under the terms established in this Policy for the exercise of rights. This revocation shall in no case have retroactive effect.
How we use your data
We may use your personal data as follows: the information you provide may help us in decision-making, responding to requests, improving services, detecting new needs, generating promotions, understanding your expectations and providing you with a better service.
Customer Service
- Responding to any question or concern you may have about our services.
Service information messages
- We will contact you to keep you updated with information about the products and services you have with us.
Other purposes
- Specific reason: If you provide your personal data for a specific purpose, we will use them for matters related to the purpose for which they were provided. For example, if you contact us by email, we will use the personal data you provide to answer your question or solve the problem, and we will respond to the email address from which the message was sent.
- Internal purposes. We may use your personal data for internal purposes such as improving the content and functionality of the services, better understanding the needs of our clients, improving the services, protecting, identifying or addressing fraudulent activities, enforcing our terms of service, managing your account and providing you with customer service and, in general, managing the services and our business activities, among others.
- Commercial communications. Provided we have your express consent (which will be obtained through a dedicated checkbox present in our forms), we may use your personal data to contact you in the future for commercial purposes that may be of interest to you, always related to the products and/or services offered by the company. In any case, you will always have the option to "unsubscribe" from these electronic messages at the bottom of such messages or by notifying us by sending an email to: info@diverger.ai. However, you may continue to receive notices and emails where they are necessary and essential for the maintenance of our contractual transactions. In accordance with Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), THE COMPANY does not engage in SPAM practices and undertakes not to send commercial communications without properly identifying them.
Below, we explain in more detail what types of data are collected and processed and what their purposes are:
| Category | Legal basis |
|---|---|
| Visiting user | Consent given by accepting cookies or by continuing to browse our website. (GDPR Art. 6.1.a) |
| User who contacts us | Our legitimate interest in addressing the enquiries and requests of the interested party, justified by the interest shown in contacting us and receiving information, with minimal intrusion into their privacy and the use of limited data provided by the user themselves. (GDPR Art. 6.1.a) |
Data voluntarily provided by the data subject
| Category | Data collected |
|---|---|
| Visiting user | BASIC DATA: IP, browsing data. |
| User who contacts us | BASIC DATA: first name, surname, email address |
Possible consequences of not providing such data
| Category | Consequences |
|---|---|
| Visiting user | No consequences. |
| User who contacts us | If the user who contacts us does not provide their data, we will not be able to respond to their enquiry/enquiries adequately. |
Possible data transfers to third parties
| Category | Data transfers |
|---|---|
| Visiting user | No data is collected from visiting users. |
| User who contacts us | We will not disclose personal data relating to this type of user to third parties without their consent. |
International transfers
| Category | Transfers |
|---|---|
| Visiting user | No data is collected from visiting users. |
| User who contacts us | No personal data is transferred to a third country or international organisation. |
Retention periods
| Category | Retention |
|---|---|
| Visiting user | No data from visiting users is stored. |
| User who contacts us | Data will be retained for as long as necessary to fulfil the purpose for which it was collected. |
Other aspects related to the legal basis
We may process your data in accordance with one or more of the following legal bases:
CONSENT OF THE DATA SUBJECT: If you give us your consent, we will carry out the processing related to the scope of the consent and the purposes informed; PERFORMANCE OF A CONTRACT: We will process your data where this is necessary for the performance of a contract or for the application of pre-contractual measures, in order to supply you with our products and services and to fulfil the obligations established in the contract; LEGAL OBLIGATION: We may also process your personal data because a law requires us to do so; LEGITIMATE INTEREST: We may process your personal data where necessary for the satisfaction of legitimate interests for both parties; PUBLIC INTEREST: We will process your data for the fulfilment of a mission carried out in the public interest or for the exercise of public powers conferred upon us; VITAL INTERESTS: Exceptionally, we may process your personal data where necessary to protect your vital interests or those of another natural person.
Other aspects related to data transfers
As a general rule, the data you provide is not disclosed to third parties without your consent, except where required by law, for example: in the case of a court summons or a request from a governmental body, or if we believe in good faith that such action is necessary to a) comply with a legal obligation; b) protect or defend our rights, interests or property, or those of a third party; c) prevent or investigate potential unlawful acts in connection with the Services; d) act in urgent circumstances to protect your personal safety; or e) protect against legal liabilities.
Storage
We may store your data or transfer it to a third party that will store it in accordance with this Privacy Policy. We take measures that we consider reasonable to protect personal data against loss, misuse, unauthorised use, unauthorised access, involuntary disclosure, modification and destruction. However, no network, server, database or Internet or email transmission is completely secure or error-free. In the event of a breach of the security of data in our custody, we will take all necessary measures to mitigate its consequences and will notify this to the Supervisory Authority, together with all relevant information for the documentation and reporting of the incident.
Consent
The consent of the data subject, in accordance with data protection regulations, is a free communication by the data subject by which they accept that their data is processed for a specific purpose, under certain conditions, of which they must have been previously informed.
Can you modify or withdraw your consent at any time?
Absolutely. The information about the processing you have consented to will always be accessible. You may modify or withdraw it at any time through our email. You may also unsubscribe from our database at any time by sending us an email to: info@diverger.ai
Automated decisions
THE COMPANY does not make any decision based solely on the automated processing of your data.
Statistical studies
THE COMPANY does not carry out studies for scientific, historical or statistical purposes, in which case data dissociation for the purpose of the study will be sought to preserve confidentiality.
Personal data breach or security breach notice
A personal data breach constitutes a breach of the security of THE COMPANY's information systems that causes or may cause the destruction, alteration, loss, unauthorised disclosure or access, whether accidental or otherwise, to personal data transmitted, stored or processed in connection with the provision of our services. In the event that the personal data we store and/or process at THE COMPANY is compromised in any way, we will proceed to notify the affected parties in a timely manner, in accordance with the provisions of Article 33 of the GDPR.
Data protection rights
Users may send a written communication to the registered office of THE COMPANY or to the email address indicated at the top of this Legal Notice to request the exercise of the following rights:
- Right to rectification of personal data. You have the right to rectify information stored about you if it is inaccurate. If the information we store needs to be updated, or you believe it may be incorrect, you may update it whenever you see fit.
- Right of access to personal data. You have the right to request a copy of the personal data we hold about you.
- Right to data portability. You have the right to transfer the data you have provided to us in certain circumstances.
- Right to object to the use of personal data. You have the right to object to the processing of your personal information.
- Right to erasure. We strive to process and retain your data only for as long as we need. You also have the right to request the erasure of your personal data that we hold. Such data will be retained in a blocked state and accessible only to certain persons in the event that we need them to address a claim or fulfil our obligations.
- Right to restriction. You have the right to request the restriction of the processing of your data so that we may store your data but not use it.
In addition to the specific means established for each right, you may exercise your rights of access, rectification, erasure, objection, restriction and portability, as well as revoke consent given, by writing with the reference "Data Protection" to the postal or email address stated at the top of this Policy.
These rights are personal and shall be exercised by the data subject, with no limitations other than those provided for by applicable legislation. The legal representative of the interested user may act when the user is in a situation of incapacity or minority that prevents the personal exercise thereof. The exercise of your rights shall be made effective by the Data Controller within thirty days following receipt of the request. Should the Data Controller consider that it is not appropriate to comply with the request, this will be communicated with reasons and within the period indicated in this section. In cases where, although erasure of the data is appropriate, physical extinction is not possible, either for technical reasons or because of the computer medium used, we will proceed to block the data in order to prevent its use, until its complete elimination from the information systems.
Collection of data from minors
Our website is not intended for children under 16 years of age. We do not intentionally collect information (including Personal Data) about children or other persons who cannot legally use our services. If we become aware that we have collected personal data from a child under 16, we will delete it as soon as possible, unless we are legally obliged to retain such data. Contact us if you believe we have collected information from a person under 16 by mistake or unintentionally by sending us an email to: info@diverger.ai.
Processing of special categories of personal data and personal data relating to criminal convictions and offences
In the completion of free text fields, the introduction of personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, health-related data or data concerning a natural person's sex life or sexual orientation, as well as personal data relating to criminal convictions and offences, is not permitted. Should any information relating to the aforementioned aspects be entered in any of our forms or via email, it will be immediately deleted from our information systems without being able to address the enquiry, as such data is neither necessary nor relevant for the purposes determined in the processing activities of this Website.
Data Protection Officer
We have designated as Data Protection Officer, ELEONORA CARCERONI GARBAYO, lawyer registered under no. 4693 with the Provincial Bar Association of A Coruña, whose email address is: info@edora.es. As described in Art. 38.4 of the GDPR, data subjects may contact the Data Protection Officer with regard to all matters relating to the processing of their personal data and the exercise of their rights under this Regulation.
Complaint to the supervisory authority
Should you consider that your rights have not been properly addressed by our entity, you may file a complaint with the Spanish Data Protection Agency through any of the following means:
- Electronic office: www.agpd.es
- Postal address: Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid
- By phone: Tel. 901 100 099 / Tel. 91 266 35 17
Filing a complaint with the Spanish Data Protection Agency is free of charge and does not require legal representation.
DIVERGER THINKING S.L.U. has adapted this website to the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR), Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD), as well as Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE or LSSI).
© All rights reserved: DIVERGER THINKING S.L.U.