Last update: May 22th, 2018
If you have any questions or comments, or if you want to update, delete, or change any Personal Data we hold, or you have a concern about the way in which we have handled any privacy matter, please use our contact form to send us a message.
1. Who is collecting your data
Extly Tech, Extly Extensions and JoomGap are brands operated by Extly CB.
Los Olivos, 5, 33423, Spain.
VAT ES E74426792
2. Personal information collected
(a) Information You Explicitly Give Us: We receive and store any information you enter on our Website or give us in any other way through a direct interaction with us which includes:
- Your email when you subscribe to our newsletter.
- Your name and email when you contact us through our contact forms.
- Your Username/Password when you download our products.
- Your Username/Password when you subscribe to our services.
- The Personal Data you provide us when you send us an email or contact our service support.
Note that we do not collect any payment information when you subscribe to one of our services. We have an agreement with FastSpring as a reseller of our services. See the Third-party Providers section below for more information.
(b) Information we collect automatically: When you use the Services or browse our Website, we may collect information about your visit to our Website, your usage of the Services, and your web browsing. That information may include:
- Your network routing information (where you come from).
- Your Internet Protocol (IP) address used to connect your computer to the Internet and may identify your general geographic location or company.
- Your computer and connection information such as browser type, version, and time zone setting, browser plug-in types and versions, operating system, and platform.
3. How we use Personal Data
We may use and disclose Personal Data only for the following purposes:
- To allow you to purchase our products and to subscribe to our services.
- To provide support and improve the Services we offer, as well as to enhance customer relationships.
- To notify you about new product releases and service developments, offers and to advertise our products and services under this policy.
- To communicate with you about a conference or event sponsored or participated by us, including information about the event’s content, logistics, payment, updates.
- To share Personal Data with third parties who provide services to us, provided that the third party has executed any data processing documentation required by law.
- To meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
4. What Personal Data we share and disclose to Third Parties
We do not sell your Personal Data to anyone. We may share your Personal Data with our third party Service Providers, who help us provide and support our Services, such as credit card processing services, order fulfilment, analytics, event or campaign management, information technology and related infrastructure provision, e-mail delivery, and other similar services. In this case, we require by contract from our services providers to use your Personal Data only to provide services to us and subject to terms consistent with this policy.
We may disclose your personal data as we believe to be necessary or appropriate:
- under applicable law, including laws outside your country of residence;
- to comply with legal process;
- to respond to requests from public and government authorities, including public and government authorities outside your country of residence;
- to allow us to pursue available remedies or limit the damages that we may have.
Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of Extly’s business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may transfer the Personal Data it has collected to the relevant third party.
5. Public Information and Third Party Websites
a) Social media platforms. We maintain presences on social media platforms including Facebook, Twitter, and Instagram. Any information, communications, or materials you submit to us via a social media platform is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added, and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes, and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
- Google Analytics: This cookie allows us to see information on user website activities including, but not limited to page views, source and time spent on a website. The information is depersonalized and is displayed as numbers, meaning it cannot be tracked back to individuals. This will help to protect your privacy. Using Google Analytics, we can see what content is favorite on our website, and strive to give you more of the things you enjoy reading and watching.
- Google Adwords: Using Google Adwords code we can see which pages helped lead to an action taken by a visitor (conversion). This allows us to make better use of our paid search budget.
- DoubleClick: We use remarketing codes to log when users view specific pages, allowing us to provide targeted advertising in the future.
7.How You May Exercise Your Rights
- Right to require access to any Personal Data we may have about you.
- Right to request rectification (if incorrect) or deletion of Personal Data.
- Right to request limitation of their treatment, in which case Extly will only keep them for the exercise or defense of claims.
- Right to object to processing. Extly will no longer process the Personal Data in the way you indicate unless for compelling legitimate reasons or the exercise or defense of possible claims have to be further treated.
- Right to data portability. If you wish your Personal Data to be processed by another company, Extly will provide you with the portability of your data to the new data controller.
We will give you access to any Personal Data we hold about you within 30 days of any request for that information. Unless it is prohibited by law, we will remove any Personal Data about an individual from our servers at your or their request. There is no charge for an individual to access or update their Personal Data.
Models, forms, and more information about your rights: Official website of the Spanish Data Protection Agency.
Possibility of withdrawing consent. If you have given your consent for a specific purpose, you have the right to withdraw it at any time, without it affecting the lawfulness of the processing based on the consent before its withdrawal.
How to complain to the Control Authority. If you consider that there is a problem with the way in which Extly is handling your Personal Data, you may address your complaints to Extly (indicated above) or to the corresponding Data Protection Authority, being the Spanish Data Protection Agency the one indicated in the case of Spain.
8. Accuracy and Data Retention
We take reasonable business measures in compliance with laws to keep your Personal Data accurate and up to date, to the extent that you provide us with the information we need to do so. If your Personal Data change (for example, if you have a new email address), then you are responsible for notifying us of those changes.
We will retain the following data:
(a) Disaggregated data: Disaggregated data will be retained without a deadline for deletion.
(b) Subscribers data: During the time your account is active or as long as needed to provide you with our Services under our Terms of Service. In any case, it will be the minimum necessary from time to time, currently subject to certain statutes of limitation terms:
- Four years: Law on Infringements and Sanctions in the Social Order (obligations regarding affiliation, registration, cancellation, contribution, payment of salaries…); Art. 66 ff. General Tax Law (Accounting Books…);
- Five years: Art. 1964 Civil Code (personal actions without special time limit)
- Six years: Art. 30 Commercial Code (Accounting Books, invoices…)
- Ten years: Art. 25 of the Prevention of Money Laundering and Financing of Terrorism Act.
(c) Newsletter subscribers’ details: From the moment the user subscribes to the newsletter until the subscription is ceased.
9. Children’s Privacy
Our Services and Products are not directed or targeted to children. If you have not reached the age of majority or are not able to enter into legally binding agreements in your country, you may not use our Services and Products unless supervised/accepted by an adult, as applicable.
10. Notice of Breach of Security
We take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into account the risks involved in the processing and the nature of the Personal Data. If a security breach causes an unauthorized intrusion into our system that materially affects you, then we will notify you as soon as possible (in the event of a breach being detected, Extly undertakes to inform users within 72 hours) and later report the action we took in response.
We use FastSpring as the reseller of our services. Therefore, all payments for the services will be made through FastSpring. FastSpring uses security measures to protect your information both during the transaction and after its completion. They are a United States-based seller of digital goods specialized in safe and secure Internet sales, compliant with PCI and that employs Verisign SSL Certificates.
We only use service providers that enter into agreements with us whereby the service provider commits to take the appropriate measures to protect Personal Data and be compliant with GDPR.
11.Third Party Service Providers
To be transparent and provide you with the maximum information about who our third party service providers are, we list below the ones that may keep Personal Data, what information they keep, and how we ensure the GDPR compliance through their contracts.
FastSpring is a United States-based seller of digital goods specialized in safe and secure internet sales, compliant with PCI and that employs Verisign SSL Certificates. FastSpring is operated by Bright Market, LLC, the data of which are in About FastSpring. FastSpring is registered with the EU through a special scheme set up for companies outside the EU. FastSpring’s VAT number is EU826012240 (it begins with EU because FastSpring is located in the United States, not in a European Union member state).
As an additional means of meeting the adequacy and security requirements under the GDPR, a data-processing clause is included in our agreement with them.
In our websites, we use Google Analytics to analyze their use and optimize their performance.
Google is a US company the data of which are in Google Cloud Locations. As described in their Privacy Shield certification, they comply with the EU-US and Swiss-US Privacy Shield as set forth by the US Department of Commerce regarding the collection, use and retention of Personal Data from European Union member countries and Switzerland, respectively.
Google is fully committed to GDPR compliance as described on their Commitments to GDPR that articulate the commitments with us. For all the previous services, as a commitment to privacy and security, we have signed the following documents: Data Processing Security Terms (Customers) contract, and an EU Model Contract clauses.
We use Amazon Web Services (AWS), the Amazon cloud computing platform, as host of our websites. Personal Data related to this service (except for payment details, see FastSpring above) is kept in Amazon’s systems.
Amazon.com, Inc. is a US company, the data of which are in AWS Global Infrastructure. As described in their legal policies, participates in the EU-US and Swiss-US Privacy Shield Framework regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland, respectively. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles.
Amazon is fully committed to GDPR compliance as described on their Compliance to GDPR that articulate the commitments with us. As an additional means of meeting the adequacy and security requirements of the GDPR, we have signed a Data Processing Addendum with Amazon.
We use SendGrid to deliver our newsletters and other email communications. Therefore, SendGrid, with servers located around the US, keeps Personal Data about your name and email and gathers statistics about email opening and clicks as part of its service.
SendGrid is a US company, the data of which are in the US. As described in their legal policies, they has certified their compliance with the US-EU Safe Harbor Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data from European Union member countries and Switzerland. They have certified with the Department of Commerce that they adhere to the Privacy Shield Principles.
As described in their knowledge base, they are committed to achieving compliance with the GDPR and is mindful of your compliance efforts.