Privacy Policy

This site is equipped with rigorous security measures aimed at protecting against the loss, misuse, and alteration of the information under our custody. When making a purchase, your name and email address will be requested, and additional data such as your website URL may also be collected. The sole purpose of using your email address and any other collected information is to facilitate communication with you regarding updates from gnuelements.com. We assure you that your personal information will remain confidential and will not be shared with third parties under any circumstances.

Safe Browsing Protocols

At Nexo Media, we assign the highest priority to your online security and privacy. We deeply understand the importance of protecting your personal and financial information; therefore, we have ensured that our entire website is protected by SSL (Secure Sockets Layer), which is the industry standard for online communication encryption.

The Importance of SSL Encryption

SSL encryption is the cornerstone of a secure and trustworthy online experience. This protocol ensures that all data transmitted between our users and our website is protected from unauthorized interventions and manipulations. When interacting with us, whether during the purchase process or while browsing our site, you can be assured that your information is safeguarded by the robust encryption provided by SSL.

Confidentiality of Your Data

SSL ensures that both our valued customers and our company can enjoy the peace of mind knowing that sensitive information, including user data, browsing data, as well as data related to payment gateways and our clients’ sites, is kept strictly confidential. This encryption technology prevents third parties from accessing your data, thereby increasing your confidence in our platform.

Commitment to Your Security.

At Nexo Media, we are firmly committed to protecting your financial and personal information, which is an absolute priority at all levels of interaction on our website. We understand the critical importance of data security and, in this regard, implement rigorous measures to ensure the confidentiality, integrity, and availability of your information, thus providing a safe and reliable experience.

One of the cornerstones of our security measures is end-to-end encryption, which is carried out using a 256-bit SSL certificate provided by Cloudflare, a renowned leader in the cybersecurity industry. This advanced encryption technology is applied comprehensively in all interactions with our website, ensuring the maximum protection of your personal and financial data.

Specific details of our encryption implementations include:

•  Login: Each time you access your account, you can be completely at ease knowing that your login credentials are protected by Cloudflare’s robust SSL encryption. This protection extends to all personal data transmitted during the authentication and access process.
•  Account Management: Information stored in your user profile, including settings and personal preferences, is continuously safeguarded under our encryption protocol. This ensures that your data remains inaccessible and secure against unauthorized access.
•  Payment Pages: During financial transactions, our payment pages are specially protected with Cloudflare SSL encryption, providing an additional layer of security that maintains the confidentiality of your banking and financial information.

The trust you place in us is of vital importance, and we tirelessly strive to maintain and elevate the highest standards of security to preserve and protect your information. We are committed to the continuous improvement of our security protocols and to implementing the most advanced technologies to ensure your peace of mind.

For any queries or concerns about our security policies and practices, we invite you to contact us. Your privacy and security are our highest priority, and we are at your disposal to ensure your complete satisfaction and well-being.

1. Definitions and Terminology

The Nexo Media Data Protection Policy has been crafted to ensure its comprehensibility and accessibility for the general public as well as for our clients and strategic partners. This document is based on the concepts and terms defined by the European legislator in the adoption of the General Data Protection Regulation (GDPR). To ensure a full understanding of the terms used in our policy, it is essential to begin with a detailed description of each one.
Within the framework of our data protection statement, we use the following key terms:

• Personal data
  Personal data is any information relating to an identified or identifiable natural person, who will be referred to as the “data subject”. A natural person can be considered identifiable if their identity can be recognized directly or indirectly, especially by an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
• Data subject
  The data subject is any natural person whose personal data is being processed by the controller.
• Processing
  Processing encompasses any operation or set of operations which is performed on personal data or on sets of personal data. This may include, without limitation, processes such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, regardless of whether these processes are carried out in an automated manner or not.
• Restriction of processing
  Restriction of processing involves marking stored personal data with the aim of limiting their processing in the future.
• Profiling
  This term describes any form of automated processing of personal data consisting of using such data to evaluate certain personal aspects relating to an individual. Particularly, this may include analyzing or predicting aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
• Pseudonymization
  Pseudonymization is a process by which personal data are processed in such a manner that they can no longer be attributed to a specific data subject without the use of additional information. This additional information must be kept separately and be subject to technical and organizational measures to prevent the identification of the natural person.
• Controller
  The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of processing are determined by European Union or member state law, the controller or the specific criteria for its nomination may be provided for by such legislation.
• Processor
  The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
• Recipient
  The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a specific investigation in accordance with European Union or member state law shall not be regarded as recipients; the processing of those data by those public authorities must comply with the applicable data protection rules according to the purposes of the processing.
• Definition of Third Party
  In the context of this regulation, the term “third party” refers to any natural or legal person, public authority, agency, or other body that is not the data subject, the data controller, the data processor, or any person who, being under the direct authority of the controller or processor, is authorized to process personal data. This term is established to clearly differentiate the entities that may interact with the data without being part of the direct process of managing and processing it.
• Concept of Consent
  The consent of the data subject is defined as any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them. This consent can be expressed through an explicit statement or by a clear affirmative action that demonstrates the acceptance of the processing of their personal data. It is imperative that such consent is given knowingly, after having been duly informed of the specific purposes of the processing and the manner in which their personal data will be handled, thus ensuring the protection of their privacy and fundamental rights.

2. Identification and Location of the Data Controller

The data controller, within the framework of the General Data Protection Regulation (GDPR), as well as according to other relevant data protection legislation in force in the member states of the European Union and other applicable data protection regulations, is the following entity:

Entity Name: Nexo Media

For any inquiries or requests related to the processing of personal data, interested parties can contact the controller via the following contact methods:

Email: info@nexomedia.io

Website: https://www.nexomedia.io

It is the responsibility of Nexo Media to ensure the proper management of personal data in accordance with the guidelines stipulated by the GDPR and to guarantee the protection of privacy and the rights of individuals affected by the processing of their personal data.

3. Cookies

The cookie policy implemented on the Nexo Media website is an essential component in managing information and personalizing the user experience. Cookies are small text files that are downloaded and stored on the user’s device via their internet browser. These files are indispensable for performing various essential functions on the website.

The use of cookies by numerous websites and servers is a common practice in the industry. A distinctive feature of cookies is that they contain a “cookie ID,” which is a unique identifier assigned to each cookie. This identifier consists of a sequence of characters that allows servers and web pages to identify the specific browser where the cookie has been saved. Thanks to this mechanism, it is possible to distinguish between different browsers accessing a website, each with its own stored cookies. This recognition allows websites to precisely and uniquely identify each browser, thus facilitating a personalized and efficient user experience.

The strategic use of cookies by Nexo Media aims to enrich users’ interaction with our website, allowing for the personalization of services and enabling functions that would otherwise be inaccessible. For example, cookies play a crucial role in remembering user preferences and data, eliminating the need to re-enter information on subsequent visits. This is evident in practical applications such as retaining products in a virtual shopping cart in an online store, where cookies remember the items previously selected by the customer, even if they have logged out and return later.

Users have total control over the use of cookies on our site. Through their internet browser settings, users can choose to reject the installation of cookies, which can be configured as a permanent action. Additionally, cookies that have already been installed can be deleted at any time using the options provided by the browser or through specific software programs. It is important to mention that this setting is available in all popular internet browsers. However, it is crucial to understand that disabling cookies can significantly limit the ability to interact with various functionalities of the website, which could result in a less optimal user experience and the inability to fully take advantage of all the services offered.

4. Data Collection Procedures and General Information at GNU Elements

The GNU Elements website performs systematic and methodical data collection every time a user or an automated system accesses the platform. This accumulation of data is essential for the operation and optimization of the services offered. The collected data are meticulously stored in server log files, thus ensuring their integrity and availability for future analysis. The range of data collected includes, but is not limited to, the following elements:

1. Browser Types and Versions: Identification of the browsers used to access the site, which aids in optimizing the site for compatibility and performance.
2. Operating System: Recognition of the operating system of the access device to ensure proper presentation of the website content.
3. Referrers: Determination of the previous website from which the user accessed ours, which is crucial for traffic analysis and marketing.
4. Sub-sites Accessed: Recording of the specific sections of the site that were visited, which facilitates the improvement of the structuring and content of the site.
5. Date and Time of Access: Documentation of the exact moment of access, useful for traffic analysis and scheduled maintenance.
6. IP Address: Capture of the IP address to maintain site security and to identify geographical usage patterns.
7. Internet Service Provider: Identification of the ISP to better understand the user demographics and for network problem diagnosis.
8. Additional Data in Case of Attacks: Collection of relevant information that may be necessary to respond to security attempts or cyber-attacks.

It is important to highlight that Nexo Media does not use these general data to make personal inferences about users. These data are indispensable for:

1. Correct Delivery of Website Content: Ensuring that the content is presented effectively and relevantly for each user.
2. Optimization of Content and Advertising: Continuously improving the relevance and effectiveness of the materials provided to users.
3. Security of Information Technology: Strengthening the technological infrastructure of the site against vulnerabilities and cyber-attacks.
4. Assistance to Legal Entities: Providing crucial data to authorities in case it is required for legal proceedings associated with security incidents.

In a commitment to data protection, Nexo Media conducts a statistical analysis of these data anonymously. This approach ensures both the enhancement of corporate information security and the optimal protection of the personal data processed. It is crucial to mention that the anonymous data contained in the log files are stored separately from any personal data explicitly provided by the users, thereby reinforcing our data privacy and security policy.

5. Registration Process on the Nexo Media Website

The GNU Elements website offers users the opportunity to register, providing essential personal data for the creation and management of personal accounts. The personal information required by GNU Elements is specified in the registration form, which guides the user through the data entry process.

Collection and Use of Personal Data

The personal data entered by users during registration are collected exclusively for internal and operational purposes of Nexo Media. This collection of information is essential to provide personalized and efficient service. In certain circumstances, and with the aim of fulfilling service purposes, GNU Elements may share this data with third-party service providers, such as logistics companies, under the condition that these data are used solely in connection with the services provided to GNU Elements and always respecting the same standards of privacy.

Security and Data Logging

During the registration process, the user’s IP address, provided by their Internet Service Provider (ISP), along with the date and time of registration, is also recorded. This information is vital to prevent misuse of our services and, if necessary, facilitate the investigation of illegal activities. These data are stored solely for security reasons and are handled with the highest degree of confidentiality. They will only be shared with external authorities under circumstances that legally require it or for criminal investigation processes.

User Information Management

Registered users at Nexo Media have full control over their personal data. They have the freedom to modify or delete their data at any time from their user profile. This level of direct control facilitates personal management of privacy and information integrity.

Rights of Access and Rectification

Nexo Media is committed to providing access to personal data to any user who requests it, allowing them to review the information held about them. Additionally, requests for correction or deletion of personal data will be respected, provided there are no legal obligations requiring their retention. Employees of Nexo Media are available to assist users with any queries or processes related to the management of their personal data.

This commitment to privacy and information security ensures that users can trust GNU Elements to handle their data with the highest level of professionalism and respect for confidentiality.

6. Newsletter Subscription Process at GNU Elements

At Nexo Media, we offer users the opportunity to stay informed and connected with our company through our newsletter. This service is designed to provide regular updates on the latest news, offers, and relevant developments from our company.

Subscription Procedure

To subscribe to the newsletter, interested parties must provide a valid email address through a specific form on our website. The subscription is done via a double opt-in procedure, which is a standard practice in the industry to ensure explicit consent. This means that after entering and submitting their email address, the subscriber will receive a confirmation email. This email serves to verify that the owner of the email address authorizes the receipt of the newsletter, which is crucial to prevent misuse of information and to ensure compliance with legal regulations.

Data Logging During Subscription

At the time of registration, we also record the IP address provided by the user’s Internet Service Provider (ISP), along with the exact date and time of the registration. Collecting this information is essential to provide a legal context in case of possible misuse of the email address in the future and to facilitate the protection of the user’s and the data controller’s rights.

Use of Personal Data

The personal data collected during the subscription process are used exclusively for the distribution of the newsletter. Occasionally, subscribers may also receive communications about significant changes to the newsletter service or relevant information affecting their subscription, such as modifications in content or necessary technical adjustments.

Privacy and Security

At Nexo Media, we maintain a firm commitment to the privacy and security of our subscribers. Personal data collected through the newsletter service are not transferred to third parties under any circumstances. The subscription to the newsletter can be canceled by the user at any time. Each newsletter includes an easily accessible link to revoke consent and unsubscribe from the service. Additionally, users can cancel their subscription directly from our website or contact us to manage their cancellation through other means.

This approach ensures that GNU Elements users can receive valuable information securely and controlled, always having the ability to modify or cease their participation according to their personal preferences.

7. Tracking Mechanism in GNU Elements Newsletters

The newsletters sent by GNU Elements incorporate a technology known as tracking pixels. These are miniature graphics embedded within the emails sent in HTML format. Their primary function is to enable both the logging and detailed analysis of newsletter activity through log files, which in turn facilitates the statistical evaluation of the impact of our online marketing campaigns.

Functionality of Tracking Pixels

The implementation of tracking pixels allows us to determine whether an email has been opened by the recipient, as well as to identify which specific links within the message have been accessed by users. This information is crucial for measuring the effectiveness of our communications and for better understanding how users interact with our content.

Analysis and Optimization of the Newsletter

The data collected through tracking pixels are thoroughly analyzed by the data controller with the goal of optimizing the delivery of future newsletters and personalizing the content to more closely align with the interests and needs of subscribers. This analytical process is fundamental for continuously improving the relevance and effectiveness of the information we provide to our community.

Confidentiality and User Rights

It is important to highlight that the personal data collected through tracking pixels are handled with the utmost confidentiality and are not shared with third parties. Users have the right to revoke at any time the consent previously granted for tracking. This revocation can be carried out through the same double opt-in procedure initially used to subscribe to the newsletter. If a user decides to cancel their newsletter subscription, this will automatically be interpreted as a revocation of consent, and consequently, we will proceed to delete the associated personal data of the user from our records.

At GNU Elements, we are committed to respecting the privacy of our users and to transparency in the handling of information. We strive to ensure that all data collection and analysis processes are conducted under the strictest standards of security and confidentiality, thus guaranteeing the protection and respect for the rights of our users.

8. Communication Through the GNU Elements Website

The GNU Elements website offers various forms of electronic contact to facilitate quick and direct communication with our company. This functionality is essential for providing immediate access to support and assistance, allowing users to interact with us through traditional means such as email, as well as through modern communication platforms like Meta (Facebook, Instagram, WhatsApp).

Data Collection Process during Contact

When an individual contacts us using the available contact options, such as sending an email or completing a contact form on our website, the personal data provided are automatically collected and stored. The information collected includes, but is not limited to, name, email address, and any other data the user decides to provide to facilitate communication.

Purpose and Use of Collected Data

The personal information that users voluntarily provide is stored with the explicit purpose of processing their inquiries or to facilitate effective communication. This approach ensures that we can respond efficiently and accurately to requests, questions, or any type of feedback that users wish to share.

Confidentiality and Data Security

At GNU Elements, we treat the privacy and security of data with the utmost seriousness. Personal data collected through contact interactions are not shared or transmitted to third parties. We commit to keeping this information confidential and to using it solely for the described purposes, namely to address the communication needs of our users and to continuously improve our interaction with them.

This contact system not only reflects our commitment to accessibility and transparency but also ensures that we maintain an open line of communication with our users, allowing them to express their needs and concerns effectively and safely.

9. Systematic Deletion and Blocking of Personal Data

The data controller will process and retain the personal data of the data subject only for the period strictly necessary to fulfill the purposes of said storage, or until the term set by the European legislator or other competent legislators, in accordance with the laws and regulations applicable to the data controller.

In the event that the purpose of the storage is no longer relevant, or once the storage period prescribed by the European legislator or another authorized legislator has concluded, the personal data will be systematically blocked or deleted in accordance with the prevailing legal provisions.

10. Rights of the Data Subject

a) Right of Confirmation
Every data subject is entitled, under the provisions established by the European legislator, to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. Should a data subject decide to exercise this right of confirmation, they may contact any employee of the controller at their convenience.

b) Right of Access
Every data subject is entitled to access, free of charge, their personal data held by the controller at any time, and to receive copies of such data. Additionally, the European directives and regulations provide the data subject with access to the following information:

• The purposes of the processing.
• The categories of personal data processed.
• The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organisations.
• Where possible, the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine that period.
• The rights to request from the controller rectification or erasure of personal data, or restriction of processing concerning the data subject, or to object to such processing.
• The right to lodge a complaint with a supervisory authority.
• Where the personal data are not collected from the data subject, any available information as to their source.
• The presence of automated decision-making, including profiling, as specified in Article 22(1) and (4) of the GDPR, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Should the data subject decide to exercise this right of access, they may contact any employee of the controller at their discretion.

c) Right to Rectification
Every data subject has the right to have the controller rectify without undue delay any inaccurate personal data concerning them. Considering the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Should the data subject decide to exercise this right, they may at any time contact any employee of the controller.

d) Right to Erasure (Right to be Forgotten)
Every data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller is obligated to erase personal data without undue delay where one of the following grounds applies, provided the processing is not necessary:

• The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
• The data subject withdraws consent on which the processing is based under point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR, and no other legal ground for the processing exists.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2).
• The personal data have been unlawfully processed.
• The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
• The personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Should a data subject wish to request erasure of personal data, they may, at any time, contact any employee of the controller. The employee will promptly ensure that the erasure request is complied with immediately.

e) Right of Restriction of Processing
Every data subject has the right to obtain from the controller restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by the data subject, allowing the controller time to verify the accuracy of the personal data.
• The processing is unlawful, and the data subject opposes the erasure of the personal data and requests instead the restriction of their use.
• The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defence of legal claims.
• The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

Should a data subject wish to request the restriction of the processing of personal data, they may at any time contact any employee of the controller. The employee will arrange the necessary measures for the restriction of processing.

f) Right to Data Portability
Every data subject has the right, granted by the European legislator, to receive their personal data, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided the processing is based on consent under point (a) of Article 6(1) or point (a) of Article

9(2) of the GDPR, or on a contract under point (b) of Article 6(1), and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Moreover, in exercising their right to data portability pursuant to Article 20(1) of the GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may at any time contact any employee of the controller.

g) Right to Object
Every data subject has the right, granted by the European legislator, to object, on grounds relating to their particular situation, at any time, to the processing of personal data concerning them, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

The controller shall no longer process the personal data in the event of the objection unless compelling legitimate grounds for the processing override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defence of legal claims.

If the controller processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them by the controller for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may contact any employee of the controller. Furthermore, the data subject is free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use their right to object by automated means using technical specifications.

h) Automated Individual Decision-Making, Including Profiling
Every data subject has the right, as granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, provided the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, the controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

If a data subject wishes to exercise the rights concerning automated individual decision-making, they may, at any time, contact any employee of the controller.

i) Right to Withdraw Data Protection Consent
Each data subject is endowed with the right, as stipulated by the European legislator, to withdraw their consent to the processing of their personal data at any time.

Should a data subject wish to exercise the right to withdraw consent, they may contact any employee of the controller at any time.

11. Data Protection Guidelines Concerning Google Analytics with Anonymization

This website employs Google Analytics, a service for web analytics endowed with an anonymization feature, managed by Google Inc., located at 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States. Web analytics involve the systematic collection and analysis of data pertaining to the behavior of website visitors. Among other data, this service analyzes the source of a visitor’s referral, the subpages visited, the frequency, and duration of each visit, with the primary aim of enhancing website functionality and performing a cost-benefit analysis of online advertising strategies.

To ensure privacy, the website utilizes the “_gat._anonymizeIp” application, which abbreviates and anonymizes the IP address of visitors from European Union Member States or other states party to the Agreement on the European Economic Area.

The purpose of integrating Google Analytics is to analyze traffic patterns on our site, enabling Google to compile reports on website activities for us and provide additional services related to website and internet use.

Upon visiting our website, a cookie may be installed on your device to enable Google to track the usage patterns. The cookie stores various personal data, such as the time of access, the originating location, and visit frequency. Each access to our website triggers a data transmission to Google in the United States, where the data are stored. Google may also transfer this information to third parties if required by law or if third parties process the information on behalf of Google.

Visitors can prevent the storage of cookies by configuring their browser settings accordingly; this also prevents Google Analytics from depositing a cookie on their device. Furthermore, cookies already set by Google Analytics can be deleted at any time via the browser or other software solutions.

Additionally, individuals have the option to object to the collection and processing of data generated by Google Analytics related to website usage. To do this, one must download and install a browser add-on from the following link: Google Analytics Opt-out Browser Add-on. This add-on prevents Google Analytics from receiving information about website visits. If the browser add-on is deleted or deactivated, it must be reinstalled or reactivated accordingly.

For more detailed information on Google’s privacy practices and Google Analytics terms of service, please visit Google’s Privacy Policy at https://www.google.com/intl/en/policies/privacy/ and the Google Analytics Terms of Use at http://www.google.com/analytics/terms/us.html. Additional insights into Google Analytics are available at https://www.google.com/analytics/.

12. Legal Framework for Data Processing

The foundational legal provision for data processing operations that rely on explicit consent from individuals is Article 6(1)(a) of the GDPR. This clause is applicable when specific consent is obtained for distinct processing objectives. Conversely, when the processing of personal data is essential for the execution of a contractual agreement involving the data subject, as seen in scenarios where processing is necessary for the delivery of goods or the provision of services, the applicable legal basis is Article 6(1)(b) of the GDPR. This article also governs processing activities required for pre-contractual actions, such as inquiries about our products or services.

Furthermore, when our organization is compelled by legal obligations requiring the processing of personal data, such as for tax compliance, the operations are justified under Article 6(1)(c) of the GDPR.

In exceptional circumstances where it is imperative to safeguard the vital interests of the data subject or another individual, processing personal data may become necessary. An illustrative instance would be if a visitor sustains an injury at our premises necessitating the transmission of critical information such as name, age, health insurance details, or other essential data to medical personnel or another external party. Under these conditions, the processing is authorized by Article 6(1)(d) of the GDPR.

Lastly, certain processing activities may be supported by Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not encompassed by the aforementioned conditions, particularly when such processing is requisite for the legitimate interests pursued either by our company or a third party. This is contingent on the assessment that these interests do not override the rights or fundamental freedoms of the data subject that call for the protection of personal data. The European legislator has specifically recognized such operations as permissible, noting that a legitimate interest can be presumed if the data subject is a client of the data controller, as stated in Recital 47 Sentence 2 of the GDPR.

13. The legitimate interests pursued by the data controller or a third party are detailed herein

When the processing of personal data relies on Article 6(1) f of the GDPR, our legitimate interest is rooted in conducting our business operations to enhance the welfare of all our employees and shareholders.

14. Duration of Personal Data Retention

The period for retaining personal data is established based on the applicable legal retention requirements. Once this period has expired, the relevant data is systematically erased, provided it is no longer essential for the execution or initiation of a contractual agreement.

15. Obligations and Requirements for Providing Personal Data

It is essential to recognize that the requirement to provide personal data arises either from legal obligations, such as those outlined in tax laws, or as part of contractual necessities, such as details pertaining to the contracting parties.

In instances where entering into a contract is contemplated, it becomes imperative for the data subject to supply specific personal data, which will subsequently be processed by our organization. For instance, when our company intends to enter into an agreement, the data subject must furnish the necessary personal data. Should the data subject fail to provide the required data, it would render the execution of the contract impossible.

Prior to the submission of any personal data, the data subject should consult with a designated employee. This employee will provide clarification regarding whether the submission of data is mandated by law or a contractual requirement, if there is a requisite duty to supply the data, and the potential repercussions of failing to provide the data.