EN
Log In Sign Up

GDPR Compliance

Information about how we process personal data in accordance with the General Data Protection Regulation (GDPR).

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

At Connecting Bots, we are committed to ensuring the security and protection of the personal data that we process, and to providing a compliant and consistent approach to data protection. This document outlines how we comply with the GDPR and what measures we have implemented to protect your personal data.

2. Data Controller Information

For the purposes of the GDPR, the data controller for personal data processed through our website and services is:

Company Name: Connecting Bots, S.L.

Tax ID (CIF): B12345678

Registered Office: Innovation Street, 123, 28001 Madrid, Spain

Email: dpo@connectingbots.com

Phone: +34 900 000 000

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR compliance document and our privacy practices. If you have any questions about this document or how we handle your personal data, please contact our DPO at dpo@connectingbots.com.

3. GDPR Principles

We adhere to the principles set out in the GDPR, which require that personal data shall be:

  1. Processed lawfully, fairly, and in a transparent manner in relation to individuals.
  2. Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data are erased or rectified without delay.
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  6. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

4. Lawful Bases for Processing

We process personal data on the following lawful bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal obligation: Where processing is necessary for us to comply with the law.
  • Legitimate interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

For each type of personal data we process, we have identified the lawful basis for processing in our Privacy Policy.

5. Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data:

  • The right to be informed about how we collect and use your personal data.
  • The right of access to your personal data and any supplementary information.
  • The right to rectification if your personal data is inaccurate or incomplete.
  • The right to erasure (also known as 'the right to be forgotten') in certain circumstances.
  • The right to restrict processing in certain circumstances.
  • The right to data portability, allowing you to obtain and reuse your personal data for your own purposes across different services.
  • The right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority, direct marketing, and processing for purposes of scientific/historical research and statistics.
  • Rights in relation to automated decision making and profiling.

To exercise any of these rights, please contact our Data Protection Officer at dpo@connectingbots.com. We will respond to your request within one month of receipt.

6. Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate.
  • Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.
  • Pseudonymization and/or anonymization of personal data where possible.
  • Access controls and authentication to ensure that only authorized personnel have access to personal data.
  • Regular backups to ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Staff training on data protection and information security.
  • Data protection impact assessments for high-risk processing activities.

7. Data Breaches

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

If the breach is likely to result in a high risk to the rights and freedoms of natural persons, we will also notify the affected individuals without undue delay.

We maintain a record of all personal data breaches, comprising the facts relating to the breach, its effects, and the remedial action taken.

8. International Data Transfers

We may transfer personal data to countries outside the European Economic Area (EEA) only when one of the following conditions applies:

  • The European Commission has decided that the third country ensures an adequate level of protection.
  • Appropriate safeguards are in place, such as binding corporate rules, standard contractual clauses, or approved codes of conduct.
  • You have explicitly consented to the proposed transfer after having been informed of the possible risks.
  • The transfer is necessary for the performance of a contract between you and us or for the implementation of pre-contractual measures taken at your request.
  • The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person.
  • The transfer is necessary for important reasons of public interest.
  • The transfer is necessary for the establishment, exercise, or defense of legal claims.
  • The transfer is necessary in order to protect your vital interests or those of other persons, where you are physically or legally incapable of giving consent.

9. Data Protection Impact Assessments

We carry out Data Protection Impact Assessments (DPIAs) for processing that is likely to result in a high risk to individuals. This includes:

  • Systematic and extensive profiling with significant effects.
  • Large scale processing of special categories of data or personal data relating to criminal convictions or offenses.
  • Large scale, systematic monitoring of public areas.

Our DPIAs include:

  • A description of the processing operations and their purposes.
  • An assessment of the necessity and proportionality of the processing.
  • An assessment of the risks to the rights and freedoms of data subjects.
  • The measures envisaged to address the risks and demonstrate compliance with the GDPR.

10. Data Protection Officer

We have appointed a Data Protection Officer (DPO) based on professional qualities and expert knowledge of data protection law and practices. The DPO's tasks include:

  • Informing and advising us and our employees about our obligations under the GDPR and other data protection laws.
  • Monitoring compliance with the GDPR and other data protection laws, including managing internal data protection activities, advising on data protection impact assessments, training staff, and conducting internal audits.
  • Cooperating with the supervisory authority and acting as the contact point for the supervisory authority on issues relating to processing.
  • Being available for data subjects who wish to exercise their rights, raise concerns, or make complaints about the processing of their personal data.

You can contact our DPO at dpo@connectingbots.com.

11. Changes to This GDPR Compliance Document

We may update this GDPR compliance document from time to time in response to changing legal, technical, or business developments. When we update this document, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

The date at the bottom of this page indicates when this GDPR compliance document was last updated.

12. How to Contact Us

If you have any questions about this GDPR compliance document or our data protection practices, please contact us:

Data Protection Officer: dpo@connectingbots.com

Phone: +34 900 000 000

Postal Address: Innovation Street, 123, 28001 Madrid, Spain

13. Complaints

If you are not satisfied with our response to your concerns, you have the right to lodge a complaint with a supervisory authority. In Spain, the supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD), which you can contact at:

Website: www.aepd.es

Postal Address: C/ Jorge Juan, 6, 28001 Madrid, Spain

Phone: +34 901 100 099 / +34 912 663 517

Last updated: April 15, 2025