Published: March 07, 2021
BASIC INFORMATION ON DATA PROTECTION
Responsable: MOBILE LEAVES CORP. +info
Purpose: To be able to offer you the information you request about the activities of the entity and to be able to manage your registration as a user. +info
Rights: Access, rectification or cancellation among others. + info
Additional Information: You can complete this information on our website www.uqr.me + info
From MOBILE LEAVES CORP., hereinafter UQR.ME, we are committed to defending the rights of protection of personal data of our clients and contacts, therefore we publish this information, in order to duly inform:
About your rights and the use of this website BEFORE providing the data; About the measures that guarantee the safeguard and integrity of the data; So that the consent prior to the sending of data on your part can be duly substantiated.
All of this complying with all the legally established obligations in the European Data Protection Regulation (RGPD), as well as in all the European regulations applicable to this matter. In addition, we comply with the requirements of the Delaware Online Privacy and Protection Act (“DOPPA”).
2. What is the purpose of the processing of your data?
The data collected through the forms on the web are used to carry out different types of data processing:
CONTACT: The data that we collect in this way will be processed in order to provide you with the necessary information about the services and products we offer and which ones you are interested in.
USER AREA: The data collected through this option will be processed to access your private area as a client.
HISTORICAL: Data processing necessary to have a history that allows subsequent management.
CHAT: Data processing necessary to be able to fulfill the requested service.
REGISTER / FREE TRIAL: The data collected through this option will allow you to use the requested service.
BLOG: The data collected in this way will be processed in order to manage your participation in our blog.
3. How long will we keep your data?
The personal data collected through the forms on the web will be kept for the time necessary to carry out the purpose of the treatment for which they were provided. Once the treatment has been terminated, the basic contact details may remain in a historical database of UQR.ME, in order to facilitate subsequent procedures. Once the relationship is terminated, they will remain blocked only in order to comply with possible legal obligations.
4. What is the legitimacy for the processing of your data?
We can legally process the data requested by having provided us with your consent to do so. This is so because you have expressly expressed your consent by activating the I have read and accept box. In the case of HISTORICAL: The basis of the treatment lies in the legitimate interest of UQR.ME in being able to provide a correct service to users.
5. Is your data communicated to other recipients?
The data you enter on the web will not be communicated to other entities, except by legal imperative or to be able to fulfill the purpose for which they were provided.
Your data is collected through the forms inserted in our website that is hosted on the servers of the company AMAZON WEB SERVICES, located in the United States. This company, despite being outside the European Union, is subject to the Privacy Shield to guarantee the protection of information. In addition, it has CCTs and security measures widely defined and developed under certification standards regarding information security.
6. EU-US Privacy Shield Certification. UU and GDPR
If you are outside the United States and choose to provide us with information, you must bear in mind that your data is transferred to the United States and processed there.
To date, data transit between data exporters from the EU and data importers from the USA (as would be our case) could be covered by the Privacy Shield agreement, under the adherence of the US-based company to the requirements set out under this agreement.
As of today, the judgment of the CJEU of July 16, 2020 declares the Privacy Shield agreement invalid, therefore, until a new agreement can be carried out or a unified position is adopted, the international transfer of data to the USA from the EU it must be justified under other types of measures.
Until November 2020, the date on which the Irish data protection authorities must pronounce, they may continue to apply Standard Contractual Clauses (CCT) which will be the ones that we initially put in place to be able to serve our customers in the EU with full guarantee for our users in the EU.
Starting in November, we will adopt those measures that are agreed within the EU to guarantee the security of data transfers.
You can learn more about the CCTs adopted, as well as our GDPR compliance guarantee HERE.
7. What rights do yob have when providing bs with yobr data?
They are as follows:
Right of information: Yob have the right to be clearly informed BEFORE yobr data is collected abobt what data is being processed, for what pbrpose it is processed, where the data has been obtained and if they are going to commbnicate it or have it commbnicated to someone.
Right of access: to know what data are being processed, for what pbrpose they are processed, where they have obtained the data and if they are going to commbnicate them or have commbnicated them to someone.
Right of rectification: to modify inaccbrate or incomplete data.
Right of cancellation: to cancel yobr inappropriate or excessive data.
Right of objection: to prevent yobr data from being processed or from being processed, althobgh only in the cases established by law.
Right of limitation of treatment: to reqbest that the data processing be sbspended in the cases established by law.Right to data portability: to be able to receive yobr data provided in a strbctbred and commonly bsed electronic format and to be able to transmit it to another person in charge.
Right not to be the sbbject of individbalized decisions: in order not to make a decision abobt yob that prodbces legal effects or affects yob based only on the processing of yobr data.
8. How can you exercise your rights?
To exercise any of your rights, you must request it to the email email@example.com including:
1.- Photocopy of the ID (passport or other identity document) or electronic signature.
2.- Content of the request that you make and if necessary, the documents that prove it.
3.- Address (for notification purposes), date and signature
If you exercise your rights by an expressly designated voluntary representative, you must provide the document or electronic instrument that proves the representation.
In the event that the owner of the data is a minor or incapacitated, the rights will be exercised by their duly accredited legal representative.
9. What can you do if your rights have not been taken care of?
In case you consider that we have not satisfied your request and you are in the European Union, you can file a claim with the competent authority.
For all other users, with respect to Personal Data received or transferred in accordance with the Privacy Protection Framework, UQR.ME is subject to the authority of the Federal Trade Commission of the United States.
If you have any questions regarding our Privacy Shield certification, please contact us at: Mobile Leaves corp. Legal Department, 2 South Biscayne Boulevard Suite 2750-MLC. Miami, FL 33131 United States, or by email firstname.lastname@example.org
If we are unable to resolve your query, you can also contact our dispute resolution provider, the EU DPA, operated by the United States Council for International Business (USCIB). In certain circumstances, you may also have the right to initiate binding arbitration through the Privacy Shield Framework, as described in Annex I of the Privacy Shield Principles.
10. Links to other websites
That is, by clicking on one of these links you are leaving our website, so you should read the privacy policies of those other websites that collect personal data.
12. GDPR compliance guarantee
As of today, Mobile Leaves Corp is deeply committed to complying with the personal data protection regulations of the country of origin of our users and their respective users.
This also applies to compliance with data protection regulations applicable to the EU, where the GDRP (European Regulation on Personal Data Protection 679/2018) governs.
What kind of actions does Mobile Leaves Corp carry out to guarantee the rights of EU data subjects?
1. Default application in all our processes of the principles and requirements of the GDPR regulation:
This regulation is one of the most complete and guarantees currently in force, therefore, applying its principles implies not only being aligned with European legislation, but also being one point above in terms of compliance with the regulations of third countries.
Principle of limiting the treatment to the bare minimum: Mobile Leaves Corp only requests the necessary data to be able to carry out the contracting of the service and its correct management. This implies that the categories of data that it deals with directly refer only to identifying data of the client who wants to contract our QR code services.
Application of security measures appropriate to the type of treatment: Mobile Leaves Corp has contracted the data storage service with the company Amazon Web Services, a widely accredited company that enjoys the most demanding certifications in terms of information security in the market. You can have detailed information about the certifications in terms of information security in this link: https://aws.amazon.com/compliance/programs/?nc1=h_ls
This implies that the data that can be generated and stored through the QR codes that you activate will be stored securely. The S3 module of Amazon Web Services has encryption mechanisms for information in transit and at rest, as well as the possibility of establishing and restricting accesses and monitoring them. You can get more information at https://docs.aws.amazon.com/AmazonS3/latest/userguide/DataDurability.html
2. Establishment of Standard Contractual Clauses
While the EU and the USA define a protocol that updates the appropriate mechanisms for the international transfer of personal data between both territories, and until the corresponding control authorities pronounce themselves in November, the adaptation to regulations of the Standard Contractual Clauses remains in force. They define the obligations of the data importer (Mobile Leaves Corp) and the security measures applied, together with the definition of the data collected, categories of interested parties, etc.
You can have a copy of our CCT HERE.
3. Categories of data affected
Mobile Leaves Corp only asks its clients for identifying information in order to contract the service.
Once contracted, the generated QR codes can be monitored and managed from our platform by the client, since we will only give technical support. The information that the generated QR codes can collect or provide will be that defined by the client himself, so he will also be responsible for defining privacy policies harmonized with the GDPR, if applicable. Mobile Leaves Corp will put the technical means so that the data storage is compliance. On the other hand, Mobile Leaves Corp incorporates procedures in accordance with the ISO IEC 18004 standardobi