Privacy Policy

Managing your personal data and everything related to your privacy is of maximum importance to us. Before explaining how we go about doing it and what our privacy policy consists of, we want to tell you about some of our commitments to you which govern our conduct:

 1.- Legality, transparency and clear language

In addition to scrupulously complying with the law, we are also committed to being transparent with you and explaining what data we need and what we will be using it for, in simple and comprehensible terms. If at, any time, there is a significant change to our privacy policy, we will inform you and, if that change affects how we process your data or its purpose, we will ask for your consent again before we do anything. In addition, we will only ask you for the data that we really need in order to deal with your request.

2.- Privacy by design and by default

We take the privacy of the users into account from the initial design phase of all our products, services and administrative processes which are likely to require or make use of personal information.

3.- Your data, protected for its entire life cycle

We test the robustness of our systems and security measures along the value chain to ensure that they meet all of our commitments, we train our team on this matter and, periodically, we voluntarily submit to an external privacy and security audit.

4.- DPO

We have voluntarily appointed a Data Protection Officer who, together with their team, will lead and oversee the deployment and implementation of these principles and the regulatory compliance. This Privacy Policy constitutes our referential framework in relation to managing your personal data and it applies to all websites managed by us (BLUE REGENERATION, S.L.) and to all of our interactions with you (such as, for example, when you acquire one of our devices or you contact our customer service). It is possible that certain products or services may require a greater level of detail than that which is offered by our privacy policy. In such case, we will use annexes and other legal and informative documents to make your aware of the specific privacy conditions that apply, to manage your consent and to determine your preferences.

Definitions of key terms

It is important that you understand some of the key terms mentioned throughout our privacy policy.

  • Data of a personal nature: any information relating to identifiable natural persons or enabling their identification.

  • User: the owner of the data.

  • Data controller: the person who determines the purposes and means of processing the user’s data before obtaining their consent and who assumes the responsibility for compliance with the General Data Protection Regulation (GDPR).

  • Interactions: some examples of interactions are when you purchase a product from our store, when you visit our website, when you use our mobile app, when you request a service from our technical support service (SAT) or when you request telephone support. These interactions could result in data of a personal nature being processed.

  • Personal data processing: the operations or technical procedures whether automated or otherwise, which enable the collection, recording, storage, use, production, modification, restriction or cancellation, transfer or communication of data.

  • Consent: any freely given, unambiguous, specific and informed indication of the user’s wishes, by which they consent to the processing of their data.

  • Third parties: any natural or legal person who is external to Blue Regeneration and other than the user.

  • Data processor: the legal person, public authority, service or other body which provides a service to the controller and processes personal data on their behalf.

  • Transfer or communication of data: any revelation of data made to a third party.

  • Restriction: he identification and storage of personal data for the purposes of preventing its processing, except by the Public Administrations, Judges and Courts in order to attend to potential liabilities arising from the processing during the limitation period of said liabilities. The cancellation of the data will lead to its restriction and erasure.

  • Erasure: the physical elimination of the restricted personal data once the period of limitation (retention period) has ended.

Data controller

All personal data processed by Blue Regeneration in relation to this Privacy Policy is the responsibility of Blue Regeneration, S.L. (hereinafter BR) with offices at C/ Estrasburgo, 8, nave 13, 28232, Las Rozas de Madrid (Spain), and corporate tax ID B88560073, which assumes the role of “Data controller” as set out by (EU) Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR).

What information we may collect from you and for what purpose

The personal data collected will depend on the type of interaction you have with us. In general, it will be data which you have voluntarily provided and which is characterised by having:

  1. A limited nature (we won’t ask you for more information than is strictly necessary for the purpose indicated).
  2. A specific purpose for which they are to be processed.
  3. A lawful basis that allows for such processing, which may consist of:
    • Your express and freely given consent, which can be revoked at any time.
    • The execution of a contract between yourself and BR.
    • The legitimate interest of BR that may consist of:
      • Producing statistics to better understand your needs and provide you with a better service, as well as to adapt our products, applications or website (among other things) to them.
      • Enabling the functioning of our website using technical and functional cookies.
      • Complying with the obligations and legal requirements involving the processing of personal data.

We may also collect information which is not necessarily of a personal nature using technology such as cookies on our website (see Use of tools for automatic data collection), or other dissociated technologies which do not permit your identification (such as the serial number of your device).

Finally, we will process your data on occasion as a consequence of a request from a third party acting as data controller (for example, if you have purchased a BQ product via a telecommunications operator and you need to contact our technical support service).

These are the main interactions that you may have with us:

1. You sign up to our newsletter or you agree to receive marketing communications*:

Personal information
Email
Purpose

Sending you marketing and/or corporate information and informing you of news and promotional campaigns from BQ and other related companies if you have previously given your consent. We will also use your email to contact you if there is an issue with an order.

Lawful basis for porcessing
Consent of the interested party

 

*.- AUTOMATIC UNSUBSCRIBE: We have included a button at the bottom of all of our communications so that you can revoke your consent automatically and stop receiving that specific type of communication.

 

2. Web Browsing:

Personal information
None. Statistical information about the use of our website and information gathered using cookies (browser, date and time of connection, etc.). See Cookies Policy.
Purpose

Enabling smooth browsing, adapted to your needs as a user.

Lawful basis for porcessing
Consent of the interested party.

 

3. You participate in a selection process:

Personal information

Identifiable data and contact details: Academic and professional data: Curriculum Vitae, academic record or employment history. Results of the tests, group dynamics, personal interviews and selection tests conducted. Information regarding the absence of a criminal record for positions that require contact with minors. Information to confirm your residency and work permit. Certificate of disability if you provide it to us.

Purpose

Managing the participation of the candidate in the selection process and carrying out their assessment.

Lawful basis for porcessing
Consent of the interested party.

 

We may use your personal data or information resulting from its combination for other purposes related to the above stipulations or to offer you products, services or personalised value proposals, but only with your consent and within the framework set out by our Privacy Policy.We may also use your information to invite you to participate, if you so wish, in the evaluation of our products and services through surveys, market research or other systems that allow you to communicate your experience with BR to us. We do not use your personal data for automated decision-making that could adversely affect you or have legal consequences for you.

How long do we retain your data

We retain your data for the time necessary to meet the purpose for which it was collected, taking the legitimacy of the processing into account. If the same type of personal data is used for two or more different purposes, we will apply the longer storage limitation period and we will only allow access to those that need it in order to carry out their duties.

  • For purposes related to the execution of the contract for the sale or use of a product, we will retain your personal data for as long as the contractual relationship remains valid or for as long as it is necessary to meet our contractual obligations, and for eight years afterwards in order to be able to deal with queries or requests for assistance. Where it concerns the provision of a service, the storage limitation period shall be four years from its inception.
  • For purposes relating to marketing activities and commercial or corporate communication, we will retain your data for a period of five years from the last date that we obtained your consent. If you revoke it, we will restrict the personal data related to these purposes so that it cannot be used and we will delete it when one year has passed.
  • For purposes related to personnel selection processes, we will retain the personal data of the applicants for two years.
  • For purposes connected with the fulfilment of our legal obligations, we will retain your data for the period specified by the specific applicable law (tax, trading, etc.) in each cae.

Once the maximum storage limitation period has ended, we will delete your personal data as stipulated by the GDPR, meaning it shall be restricted, made anonymous, pseudonymised or totally erased.

 

How we protect your data

The data security principle requires that the necessary technical and organisational measures be adopted to ensure the security of the personal data and to prevent its alteration, loss or unauthorised access and processing.

At BR we have taken as a reference the measures established in Title VIII of the Development Regulation of the Organic Law on Data Protection, approved by Royal Decree 1720/2007, of 21 December. On the basis of this and the provisions of the GDPR, we have established additional measures that improve the control of the processes and the security of our privacy management model, by applying the best available practices. Your data is hosted on reliable servers and is protected by strict policies and security measures and, periodically, we submit to independent external audits to check the robustness of our management model and to explore opportunities for improvement.

Transfer and/or communication of the information to third parties

We may share personal data with service providers and authorised third parties for legitimate activities and purposes (for example, those which are necessary for the operation of processes or the provision of products and services provided by other companies, contracted by BR and who can assume the role of “Data processor”).This communication may be bidirectional and shall always be protected by the existence of a contract that regulates it.
Some of these activities are:

  • Carrying out commercial activities, marketing and other advertising campaigns.
  • Operational and contractual relationship with our business partners (distributors, retailers, technical support, etc.).
  • Operational and contractual relationship with our subsidiaries and any commercial representatives we may have.

On selecting the companies that provide us with these services, we have taken into account, among other factors, their compliance with the GDPR (and they are actually susceptible to be audited by our team). They carry out the processing of personal data on the basis of the indications that we specify in writing in a contract and always in accordance with the provisions of the GDPR. For example, you will never receive their marketing communications nor will they do anything with your data outside of the agreement with BR.If the processing of this personal data were to take place outside of the list of countries of members of the European Economic Area, it would be made on the basis of contractual clauses approved by the European Commission.Remember that we may transfer your data to third parties when it is required for the fulfilment of our legal obligations (tax, trading, etc.) or at the request of a legal authority.

Use of tools for automatic data collection

We use cookies and pixel tags on our websites or in certain digital communications and we also allow other companies to do so that provide services to us relating to marketing and web analytics. These technologies enable us to improve the quality and the personalisation of the content that you access, to optimise our communication and ultimately, to offer you with a better user experience.

  • Cookies: Small data files that the internet server sends to the device you are using to access our website. They can be proprietary or third-party cookies (such as those arising from the use of the Google Analytics tool), they are only associated to your browser and do not themselves provide personal data.Cookies cannot harm your device and are very useful to us for identifying and resolving errors, and offering you a better user experience. You can read more in our Cookies Policy.

  • Pixel tag: In our store, this technology allows us to track specific actions and to find out the users’ preferences and interest in the products.

Processing of children’s data

Our products, services and promotional campaigns are largely designed for and directed at adults. We will only collect and process your personal data if you are at least 14 years of age, which is the threshold set under the current Spanish legislation on data protection to determine whether you are under age or not. Although we cannot verify your age when you purchase our products and services, we have implemented control mechanisms for contracting some of them (such as registration for workshops or courses) or the use of applications or platforms (such as the Bitbloq programming platform) and, in such cases, we will restrict the personal data entered by the minor until his father, mother or guardian validates the user’s sign-up or registration and proceeds to finalise the purchase if it is not free of charge. We will delete any personal data entered by any minor under the age of 14 years who does not comply with this condition within a limited time period.

Your responsibility

As a user, you are responsible for the veracity, accuracy, validity and authenticity of the data that you provide to BR. You are also responsible for the information that you provide to us regarding third parties, from whom you are obliged to obtain their consent. If you are a registered BR user, never share your password or make it public.

BR accepts no liability for the consequences that may result from inappropriate use of our products or services.

BR cannot be held liable for any violation of third-party rights by by one or more users via their activities on the BR website.

On occasion, for certain services, we must include a link to a third-party website (for example, for the joint provision of services with a partner which has its own privacy policy and may come to act as as data controller) and, where applicable, they will be responsible for obtaining your consent. The same applies to social networking services such as (Facebook, Twitter, Instagram or YouTube), which have their own conditions of use and privacy policies, which generally include the use of cookies, pixels, web beacons and other automatic data collection technologies.

What are your rights and how to exercise them

  • Right to be informed: You have the right to obtain clear and easy-to-understand information about how we use your personal data and what your rights are. We give you this information in this policy.

  • Right of access: You have the right to access the personal data we hold on you. In certain cases, there may be a (reasonable) cost to cover the administrative expenses that providing the information involves. Any repetitive, unfounded or excessive requests will not be attended to. To exercise this right, write to us atgrdp@blueregeneration.com and attach a copy of your national ID or official document to verify your identity

  • Right to erasure/to be forgotten: You have the right to request that we delete or remove your personal data, as long as it is possible and the company has no legal or legitimate reasons for keeping it. To exercise this right, write to us at grdp@blueregeneration.com and attach a copy of your national ID or official document to enable the verification of your identity.

  • Right to restrict processing: The processing of your data will be subject to limitations (we can continue to store it but without using it) when any of the following circumstances apply: 1) you have requested verification of the accuracy of the data that we hold, 2) you have objected to the processing, 3) we no longer require your data for the purposes of processing or 4) the processing is unlawful.

  • Right to data portability: You have the right to request that we transfer your personal data to another data controller where possible. To exercise this right, write to us at privacyteam@bq.com and attach a copy of your national ID or official document to enable the verification of your identity.

  • Right to withdraw your consent and the right object to direct marketing: You can withdraw your consent to the processing of your personal data at any time, and you can unsubscribe from our direct marketing communications. You can do this by clicking on the link “Unsubscribe” link that you will find in any email or communication that we send you, or by writing to us grdp@blueregeneration.com.

  • Right to file a complaint with a control authority: If you believe that we have not respected your rights, you can file a complaint with the Spanish Data Protection Agency (www.agpd.es). We encourage you to contact our data protection officer in the first instance by writing to us at grdp@blueregeneration.com so that we can assist you.

How to contact us

If you have any questions about the use we make of your personal data you can contact our data controler:

Blue Regeneration, S.L. C/ Estrasburgo, 8, nave 13, 28232, Las Rozas de Madrid

Data controler: grdp@blueregeneration.com

Changes to our Privacy Policy and applicable legislation

We may update our privacy policy at any time, and if this involves substantial changes that could affect your rights, we will inform you using the notifications system of your device, by email or by publishing an informative notice on one of our corporate information channels. Even so, we recommend that you review our policy periodically. If you continue to use our services once the change has been communicated, this implies that you are familiar with the terms set out in the new privacy policy.

The acceptance of our privacy policy necessarily involves the acceptance of our cookies policy.

Our policy and procedures for managing personal information have been created in accordance with the requirements of the General Data Protection Regulation, which constitutes our referential framework.

Date of application: 04 march 2019

BLUE REGENERATION, BIOROCK, BIOROCK IN A BOX, ELECTRIC REEF IN A BOX and BIOROCA are all registered trademarks