STUDIO 128K SL makes this privacy policy available to you through the website www.studio128k.com with the purpose of informing you in detail about how we handle your personal data and protect your privacy and the information you provide us. In case of introducing modifications in the future, we will inform you through the website or other means so that you can be aware of the new privacy conditions introduced.

In compliance with Regulation (EU) 2016/679, General Data Protection Regulation, and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights, we inform you of the following:

Data Controller

Owner: STUDIO 128K SL

NIF: B56110794

Registered office: Glorieta Paises Bálticos, 5 Local 14 – 14014 Córdoba

Phone: 957676046

Email: info@studio128k.com

Website: www.studio128k.com

For what purpose do we process your personal data?

We collect and process your personal information in general to manage the relationship we maintain with you, with the main purposes we have identified being the following:

• Management and procurement of the products and services offered by our company
• Channel the requests for information, suggestions, and complaints that you may send us.
• Keep you informed about events, offers, products, and services that may be of interest to you through various communication channels, provided you have given your consent.
• Management of the employment relationship, in the case of our employees.
• Management of the business relationship maintained with our suppliers
• Management of personnel selection
• Ensure the safety of people and facilities

How do we collect your information?

We collect your personal information through various means, but you will always be informed at the time of collection through informative clauses about the data controller, the purpose and legal basis of the processing, the recipients of the data, and the retention period of your information, as well as how you can exercise your rights regarding data protection.

In general, the personal information we handle is limited to identifying data (name and surname, date of birth, address, ID number, phone number, and email), contracted services, and payment and billing data.

We obtain the data of our potential clients/users related to identification data (name, surname, ID number, postal address, phone, email), professional data (position, workplace, sector of activity) directly from them when they request information about our services.

In cases of personnel management and selection, we collect academic and professional data to fulfill the obligations arising from maintaining the employment relationship or, if applicable, to become part of our staff.

We use social media, and this is another way to reach you. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies that explain how they use and share your information, so we recommend that you consult them before using these platforms to confirm that you agree with how your information is collected, processed, and shared.

Through our website, we collect personal information related to your browsing through the use of cookies. To clearly and precisely understand the cookies we use, their purposes, and how you can configure or disable them, please consult our Cookie Policy.

Additionally, our facilities are equipped with a video surveillance system whose purpose is to ensure the safety of people and property, so your image may be recorded simply by accessing them. Those images are stored for a maximum period of 1 month from their capture and would only be communicated to the State Security Forces and Corps if necessary.

User responsibility

By providing us with your data through electronic channels, the user guarantees that they are over 14 years old and that the data provided is true, accurate, complete, and up-to-date. To this end, the user confirms that they are responsible for the truthfulness of the data provided and that they will keep this information appropriately updated to reflect their actual situation, taking responsibility for any false or inaccurate data they may provide, as well as for any direct or indirect damages that may arise.

How long do we keep your information?

We only retain your information for the period necessary to fulfill the purpose for which it was collected, comply with the legal obligations imposed on us, and address any potential liabilities that may arise from fulfilling the purpose for which the data was collected.

In the event that you wish to join our staff and apply for one of our job positions, the provided data will become part of our employment pool and will be retained for the duration of the selection process and for a maximum of two years or until you exercise your right to deletion.

If at any time we have collected your data to address you as a potential user of our services or to respond to an information request made by you, such data will be kept for a maximum of two years from its collection, and will be deleted after this period if no contractual relationship has been formalized or at the moment you request it.

In any case, and as a general rule, we will retain your personal information as long as there is a contractual relationship binding us or you do not exercise your right to deletion and/or limitation of processing, in which case, the information will be blocked without being used beyond its preservation, as long as it may be necessary for the exercise or defense of claims or any type of liability that needs to be addressed.

To whom do we communicate your data?

In general, we do not share your personal information, except for those disclosures that we must make based on imposed legal obligations.

Although it is not a data transfer, in order to provide you with the requested service, it may be that third-party companies, acting as our suppliers, access your information to carry out the service we have contracted them for. These contractors access your data following our instructions and without being able to use it for any other purpose, while maintaining the strictest confidentiality.

In the event that it becomes necessary due to an incident recorded by our security cameras, their images may be communicated to the State Security Forces and Corps, in accordance with the provisions of the Law.

Likewise, your personal information will be available to Public Administrations, Judges, and Courts, to address any potential liabilities arising from the processing.

International data transfers

The company contracts its virtual infrastructure under a “cloud computing” model through Google under the standard contractual clauses available at https://cloud.google.com/security/compliance/eu-scc?hl=en

With our suppliers, we have agreed that, for the provision of the contracted service, they use servers located in the EEA and although appropriate measures have been taken for such transfers ensuring that these suppliers are under the Privacy Shield agreement or that there are other adequate guarantees.

What are your rights regarding the processing of your data and how can you exercise them?

The data protection regulations allow you to exercise your rights of access, rectification, deletion, and data portability, as well as opposition and limitation to their processing, and not to be subject to decisions based solely on the automated processing of your data, when applicable.

These rights are characterized by the following:

• Its exercise is free of charge, unless it involves manifestly unfounded or excessive requests (e.g., repetitive in nature), in which case we may charge a fee proportional to the administrative costs incurred or refuse to act.
• You can exercise your rights directly or through your legal or voluntary representative.
• We must respond to your request within one month, although, considering the complexity and number of requests, the deadline can be extended by another two months.
• We are obligated to inform you about the means to exercise these rights, which must be accessible and cannot deny you the exercise of the right solely for choosing another means. If the request is submitted electronically, the information will be provided through these means when possible, unless you request otherwise.
• If we do not proceed with the request, we will inform you, no later than one month, of the reasons for our inaction and the possibility of appealing to a Control Authority.

In order to facilitate its exercise, we provide you with the links to the application form for each of the rights:

Form for exercising the right of access

Form to exercise the right of rectification

Opposition Right Exercise Form

Right to Erasure Request Form (Right to be Forgotten)

Form for exercising the right to restriction of processing

Form for exercising the right to portability

Exercise form not to be subject to automated individual decisions

To exercise your rights, we provide you with the following means:

1. By means of a written and signed request addressed to the company, Ref. Exercise of LOPD Rights.
2. Sending the scanned and signed form to the email address provided above, indicating “Exercise of LOPD Rights” in the subject line.

In both cases, you must verify your identity by providing a photocopy or, if applicable, a scanned copy of your ID or equivalent document to ensure that we only respond to the interested party or their legal representative, who must provide a document proving their representation in this case.

Likewise, and especially if you believe that you have not fully satisfied your rights, we inform you that you can file a complaint with the national control authority by addressing it to the Spanish Agency for Data Protection, C/ Jorge Juan, 6 – 28001 Madrid.

How do we protect your information?

We are committed to protecting your personal information.

We use reasonably reliable and effective physical, organizational, and technological measures, controls, and procedures aimed at preserving the integrity and security of your data and ensuring your privacy.

Additionally, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of personal data.

In the case of the contracts we enter into with our suppliers, we include clauses requiring them to maintain the duty of confidentiality regarding personal data to which they have had access by virtue of the assignment made, as well as to implement the necessary technical and organizational security measures to ensure the permanent confidentiality, integrity, availability, and resilience of the systems and services for processing personal data.

All these security measures are reviewed periodically to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed, and there is no impenetrable security system. Therefore, in the event that any information subject to processing and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Control Authority, and, if applicable, inform those users who may have been affected so that they can take appropriate measures.