Privacy policy

Data controller

RIAM Intelearning Lab SL, with tax identification number B26332791 and registered address at Calle Piqueras nº 31, 4º, Logroño (La Rioja), owner of www.gnoss.com, hereinafter GNOSS, hereby informs that:

a) it guarantees the protection of personal data voluntarily provided by the user when communicating with GNOSS:

• by email,
• by completing data collection forms (online and offline),
• by entering into a contractual relationship, or
• by using any other service or means that involves the communication of or access to data

b) it processes the data it collects in accordance with European Data Protection Regulation 679/2016 of 27 April, hereinafter the GDPR, and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD), and in accordance with the provisions of this policy, which it makes public on the basis of the principle of proactive accountability and transparency in information.

c) in compliance with applicable regulations, it has appointed a Data Protection Officer (DPO), whose contact email is [email protected].

Purpose of processing

Personal data collected and processed by GNOSS, through this website, trade fairs, contracts, events, newsletters, prize draws, or other means, will be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

• The purpose of processing for data obtained through web forms or other unspecified means of voluntary data submission (business cards, emails, etc.) is to handle specific requests, sell products, send catalogues, respond to enquiries, manage newsletter subscriptions and distribution, maintain commercial contact, register attendees for events, and send documentation and information relating to our services and, in all cases, commercial and/or promotional communications. Data will also be used for record-keeping and research and development activities in this field.
• The purpose of processing when data is obtained through the formalisation of contracts is to establish and maintain the contractual relationship entered into, in accordance with the nature and characteristics of the contracted service, and for record-keeping and research and development activities in this field.

In all cases, personal data will be kept in a form that permits the identification of data subjects only for as long as is necessary for the purposes of processing. These retention periods will only be extended where the purposes are scientific, historical, or statistical research.

Lawful basis for processing

The legal basis for GNOSS's data processing depends on the specific processing activities, the type of data subjects involved, and the purposes of processing. The lawful bases are as follows:

• Consent for data subjects who contact GNOSS to request information, make enquiries, subscribe to newsletters and information updates, training, etc., and who voluntarily provide the personal data requested.
• Contract for clients who access GNOSS services and solutions and give their consent through the formalisation of a contract.
• Legitimate interests of GNOSS or third parties to whom data is disclosed, where contact details are collected beyond the means set out in the purpose of processing section (for example: receipt of business cards, email enquiries).

The data subject shall in all cases be responsible for the accuracy of the data provided. GNOSS reserves the right to exclude any false or unlawful data, without prejudice to any other legal actions that may apply.

GNOSS advises that, unless a legally constituted representation exists, no data subject may use another person's identity or communicate their personal data. Data subjects must therefore ensure that the personal data they provide corresponds to their own identity and is adequate, relevant, current, accurate, and truthful. Accordingly, the data subject shall be solely liable for any direct and/or indirect damage caused to third parties or to GNOSS through the use of another person's personal data, or through the use of their own personal data where it is false, inaccurate, outdated, inadequate, or irrelevant. Likewise, anyone who communicates the personal data of a third party shall be responsible to that third party for the obligation to inform as established under the GDPR where personal data has not been collected directly from the data subject, and/or for the consequences of having failed to inform them.

Disclosures and transfers

Disclosures: GNOSS only discloses personal data to third parties in order to fulfil its contractual or legal obligations, with suppliers or public or private bodies. The data subject consents to such disclosures in these cases and may exercise their rights to obtain information about them.

International transfers: GNOSS hereby informs that, in the course of its activities, it uses data processors based outside the European Economic Area, whereby international data transfers are carried out on the basis of the EU-US Data Privacy Framework of 10 July 2023. The legal basis for these transfers is consent or legitimate interest. The relevant providers and their privacy policies are listed below:

• Google, Inc: https://policies.google.com/privacy?hl=es&gl=es
• Dropbox: https://www.dropbox.com/es_ES/privacy
• Microsoft https://privacy.microsoft.com/es-es/privacystatement

User rights

Users may at any time exercise their recognised rights over their personal data, as well as withdraw consent for the uses described above, by sending a written request specifying the right being exercised to GNOSS's registered address or electronically to [email protected], including proof of identity. The rights that may be exercised are as follows:

• Access. Request information about the data we process, the purpose of processing, and its legal basis.
• Rectification. Request the correction of inaccurate data.
• Erasure. Request the deletion of data in the cases established by law.
• Objection. Request that data processing cease, except where there are justified grounds to continue.
• Restriction of processing. Data will be retained by GNOSS solely for the purpose of establishing, exercising, or defending legal claims.
• Right to data portability. Should you wish your data to be processed by another provider, GNOSS will facilitate the transfer of your data to the new controller.

For further information on exercising these rights, please refer to the citizen's guide published by the Spanish Data Protection Agency.
If you believe that the processing of your personal data infringes applicable regulations, you may lodge a complaint:

• with those responsible at GNOSS, or
• with the Spanish Data Protection Agency, at its postal address: C/ Jorge Juan, 6, C.P. 28001, Madrid (Spain).

Security measures

Personal information provided by or collected from users, for which GNOSS is the controller, is organised into files, whether automated or not, and GNOSS maintains a record of processing activities in accordance with applicable regulations.
Furthermore, for each processing activity, GNOSS implements appropriate technical and organisational measures to ensure the confidentiality, integrity, availability, and resilience of the data included in that processing, which are necessary to guarantee adequate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, and which aim to:

1. Pseudonymise and encrypt personal data.
2. Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
3. Restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident.
4. Regularly verify, evaluate, and assess the effectiveness of technical and organisational measures to ensure the security of processing.

Acting as data processor

In cases where GNOSS must access and/or process personal data for which its clients are responsible and act as data processor in accordance with applicable regulations, GNOSS undertakes to regulate the content of data processing agreements in detail, covering aspects such as:

• Subject matter, duration, nature, and purpose of the processing.
• Appointing a Data Protection Officer, where applicable.
• Maintaining a Record of Processing Activities, including the types of personal data and categories of data subjects of the controller.
• The processor's obligation to process personal data solely in accordance with the controller's documented instructions.
• Conditions under which the controller may grant prior, specific, or general authorisation for sub-processing.
• Notification of personal data breaches.
• Once the contractual service has been fulfilled, data will be destroyed or returned, as agreed between the parties. However, GNOSS reserves the possibility of using the data for research, scientific, and statistical purposes, provided it has been previously anonymised.

Policy changes

GNOSS is constantly evolving, as are its texts and policies; we will therefore publish any changes that are made. These will be posted in an easily accessible location, so that you can always know what information we collect and use.

We recommend that you review these documents regularly. If we make any significant changes to this policy, we will notify you here, by email to your contact address, or through a notice on the home page.