IEDISA Privacy Statement

Version May 24, 2018


This privacy statement explains how IEDISA handles the personal data that we collect for the performance of our services. IEDISA respects your privacy and is committed to protecting and handling your personal data with the greatest care.



1. Which data does IEDISA collect?

IEDISA collects and processes only the personal data you provided:
Ex: your name, job title, contact information, …
The provision of specific data can be required to use our products and services. This will be shown when the information is requested.



2. For which purposes will your data be processed?

IEDISA collects and uses your personal data:



To provide information and reply to your questions; and provide, products and services that you demand. And for legal issues (invoices,..)

3. Legal basis for processing personal data

IEDISA processes your personal data to provide our products and services to you, and to comply with legal obligations.

Where we process your personal data on the basis of your consent, you may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent, by reaching out to us.

Where we process your personal data for a purpose other than that for which we collected it initially (and we rely on a legal basis other than consent or complying with legal obligations for this new purpose), we will ascertain whether processing for this new purpose is compatible with the purpose for which the personal data were initially collected.



4. In which way does IEDISA obtain data?

We obtain personal information about you when you apply for one of our services, and you give it to us.



5. Who has access to your data?

In view of the purposes mentioned above, or in the context of its service provision IEDISA WILL NOT share, pass on or in any other way make accessible your personal data to other service providers or third parties.

We have an authorization policy for our systems, so that persons only have access to your data in so far as this is necessary for the performance of their tasks and within the framework of the purposes mentioned. All these individuals and organizations have agreed to treat your data confidentially and with the greatest care.

We are an international company, so outside the European Economic Area, IEDISA will use European Commission approved mechanisms, such as the Privacy Shield certification, and Standard Contractual Clauses as safeguards, such as the “(EU-)controller to (Non-EU/EEA-)controller” Decision 2004/915//EC(see Article 46 GDPR). If you wish to receive a copy of these safeguards, please contact us.



6. Security

IEDISA shall implement appropriate technical and organizational measures to ensure an appropriate level of security against unlawful use, unauthorized access, alteration or unlawful destruction of your personal data.



7. Retention Period

IEDISA retains your personal data as long as necessary in view of the purposes set out above, or as long as prescribed by law. IEDISA will delete these data when requested by you in accordance with Section 9 “Your rights”.



8. Cookies

Our website makes use of cookies to register visitor data in order to further optimize the website’s functionality and to improve its security. You can change the settings of your browser in such a way that you no longer receive cookies. If cookies are disabled, IEDISA cannot guarantee that all services and functionalities of its website function properly.



9. Your rights

You may contact our Privacy Office (please see below) to exercise any of the rights you are granted under applicable data protection laws, which includes (9.1) the right to access your data, (9.2) to rectify them, (9.3) to erase them, (9.4) to restrict the processing of your data, (9.5) the right to data portability and (9.6) the right to object to processing.



1. Right to access
You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.



2. Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.



3. Right to erasure
You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, any other controller to whom your data has previously been made public by us. Erasure of your personal data only finds place in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.



4. Right to restriction of processing
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continue storing your personal data. We will inform you before the restriction is lifted.



5. Right to data portability
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller.



6. Right to object.
You also have the right to object to the processing of your personal data, which means you may request us to no longer process your personal data. This only applies in case the ‘legitimate interests’ ground (including profiling) constitutes the legal basis for processing (see Section 4 “Legal basis for processing personal data” above). At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes. You may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent. To exercise any of the abovementioned rights, please contact us using the contact details stated under Section 11 below. You can also contact us at if you have any questions, remarks or complaints in relation to this privacy policy.However, if you have unresolved concerns you also have the right to complain to the the supervisory authority of your EU member state.



10. How we look after this policy

This privacy policy was most recently amended on May 24, 2018 and replaces earlier versions. We may amend this privacy policy from time to time and will notify you of any changes prior to these changes taking effect.



Contact details

If you have any questions regarding this policy or the processing of your personal data, please contact us:

itc@graphenstone.com
legal@graphenstone.com



Headquarters | Polg Ind Poliviso. C / Carpinteros, 25. EL VISO DEL ALCOR, 41520 Seville, Spain.