We make this Privacy Policy available to you with the aim of informing you in detail about how we treat your personal data and protect your privacy and the information you provide to us.

If, in the future, we introduce modifications to this Privacy Policy, we will communicate this to you through this website or by other means, so that you may know the new privacy conditions that are adopted.

KNOWEE CARDS, S.L. (hereinafter, KNOWEE) provides a service intended for the user to have their own professional contact card on the KNOWEE Web and share it with whomever they wish in different ways.

The user may share their professional card with third parties through three methods:

1. Communicating the Knowee code to the third party (an 11-character code including uppercase and lowercase letters, alphanumeric, which identifies a card).

2. Providing the third party with the QR code linked to their card.

3. Providing a third party with a physical card that has a Knowee code or a QR code or NFC chip. In this case, the third party will only have to upload the user’s physical card to the Knowee Website and the system will find the Knowee card without the user needing to enter any additional type of data. Likewise, the user may share their Knowee card by sending it to the contacts they desire, provided that the communication of their personal data complies with the legislation currently in force regarding this matter.

In addition to facilitating a quick and simple system for sharing contact cards between different people, KNOWEE offers the “Meeting Point” service. To be able to enjoy this service, the user who is going to create an event through the commercial tools available to them, such as Outlook, Gmail, notes, etc., apart from inviting all the attendees they wish, the user must appoint a virtual assistant named know.ee Steward, (who@know.ee).

know.ee Steward will know who is invited to the event and is going to offer, to each of them, the list of their own cards that they have available in Knowee so that, if they wish, they can share their cards with the event attendees.

If you do not wish to share your card for the meeting, you simply must ignore or delete the message from the Steward know.ee that offers you the list of cards.

We inform you below, in the form of questions and answers, of the conditions under which our entity treats your personal data:

Who is the Data Controller of your data? Identity: KNOWEE CARDS, S.L. Tax ID (CIF): B-86815172. Postal address: Avda. de Fuencarral, 44; Ed 3, L 19, 28108 – Alcobendas (Madrid). Email: support@know.ee.

For what purpose do we treat your personal data? We treat the personal data you provide us with for the following purposes:

1. The management of the relationship with the client and the billing and collection of services. The supply of data for this purpose by our clients is mandatory; otherwise, the fulfillment of the contract is prevented.

2. The management of relationships with our suppliers, as well as the billing and payment of services. For this purpose, it is mandatory for the supplier to provide us with their data, since, otherwise, the contract could not be executed.

3. To channel requests for information, suggestions, and claims that you may send us, contact the sender of the information, respond to your request or inquiry, and carry out subsequent follow-up. The act of providing data for this purpose is voluntary, although, in the event of not doing so, it will not be possible to respond to the request, inquiry, or claim. Therefore, the communication of your personal data for these purposes is a necessary requirement for us to be able to attend to those requests.

4. The sending of commercial communications of our products or services. If you are our client, we will send you said communications, unless you manifest your will against it by checking the corresponding box at the moment of providing your data or, subsequently, by communicating it to us through any means.

5. Conversely, if you do not end up contracting our products or services, we will not send you commercial information, unless you expressly authorize us to do so. The authorization is voluntary and your refusal would only result in you not receiving commercial offers of our products or services.

6. In the event that you become our friend or follower on social networks, we will treat your data to keep you informed of our activities and promotions through said channels. The act of providing data for this purpose is voluntary, although, in the event of not doing so, you will not be able to be our friend or follower on the corresponding social network. The categories of data that are treated for this purpose are identification data.

For how long will we treat your data? We only keep your data for the period of time necessary to fulfill the purpose for which it was collected, to comply with the legal obligations imposed on us, and to address the possible responsibilities that could derive from the fulfillment of the purpose for which the data was collected.

Data for the management of the relationship with clients and suppliers and the billing and collection of services will be kept for that purpose during the entire time the contract is in force. Once said relationship has ended, where applicable, the data may be kept during the time required by the applicable legislation and until any eventual responsibilities derived from the contract prescribe.

Data for the sending of commercial communications of our products or services will be kept indefinitely, until, where applicable, you manifest your will to delete them or your desire to stop receiving said communications.

Data of potential clients who do not end up contracting our products or services and who do not wish to receive commercial information will be deleted when it is confirmed that the contracting will not take place. In the event that the prior relationship between the parties, even if not consummated, could give rise to eventual responsibilities, the data will be kept until these prescribe.

Data treated to attend to requests, petitions, inquiries, or claims will be kept during the time necessary to respond to them and consider them definitively closed. Subsequently, they will be kept as a history of communications for a period of one year, unless you request their deletion sooner.

Data provided through social networks will be kept as long as you remain our friend or follower on the corresponding platform.

What is the legitimation (legal basis) for the treatment of your data? The legal basis for the treatment of client and supplier data is the execution of the service provision contract, according to the terms and conditions set forth therein.

The prospective offer of products and services to our clients is based on the satisfaction of the legitimate business interest consisting of being able to offer them the contracting of other products or services and thus achieve their loyalty. Said legitimate interest is recognized by the applicable legal regulations (General Data Protection Regulation), which expressly allows the treatment of personal data on that legal basis for direct marketing purposes. However, we remind you that you have the right to oppose this treatment of your data, being able to do so by any of the means provided in this clause.

The prospective offer of products and services to those who, having shown interest in them, are not or have not become our clients, is based on the consent of the interested party. Said consent is revocable at any time, without this having more consequences than stopping the receipt of advertising and without this affecting the data treatments carried out previously.

The treatment of personal data for the response to your requests for information, petitions, inquiries, and claims is based on the consent of the interested person. Said consent may be withdrawn at any time, although this will not affect the lawfulness of the treatments carried out previously. In the event that you provide us with your data by taking an interest in our services or to request a quote, the legitimizing basis of the treatment will be the eventual pre-contractual relationship.

Data provided through social networks will be treated on the legal basis of your consent, which may be revoked at any time, although this will not affect the lawfulness of the treatments carried out previously.

The categories of data treated are those requested in each case in the form or contract through which you provide us with your data.

To which recipients will your data be communicated? The data will be communicated to the competent Public Administrations, in the cases provided for by Law and for the purposes defined therein, to the corresponding financial entities, for the management of collections and payments, as well as to the entity that provides card scanning services, INTSIG (provider company of the CamCard software).

Although this is not a transfer of data, it may be that third-party companies, which act as our suppliers, access your information to carry out the service. These data processors access your data following our instructions and without being able to use them for a different purpose and maintaining the strictest confidentiality and based on a contract in which they commit to complying with the requirements of the current regulations regarding personal data protection.

This company contracts its virtual infrastructure according to a cloud computing model through the company Google Workspace, located in the USA, which offers adequate data protection guarantees by applying the Standard Contractual Clauses approved by the European Commission for international data transfers.

What are your rights when you provide us with your data? Any person has the right to obtain confirmation about whether we are treating personal data that concerns them, or not. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where applicable, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Under the conditions provided in the General Data Protection Regulation, interested parties may request the limitation of the treatment of their data or its portability, in which case we will only keep them for the exercise or defense of claims.

In certain circumstances and for reasons related to their particular situation, interested parties may oppose the treatment of their data. If you have granted consent for any specific purpose, you have the right to withdraw it at any time, without this affecting the lawfulness of the treatment based on consent prior to its withdrawal. In these cases, we will stop treating the data or, where applicable, we will stop doing so for that specific purpose, except for compelling legitimate reasons, or the exercise or defense of possible claims.

Furthermore, the regulations regarding data protection allow you to oppose being the subject of decisions based solely on the automated treatment of your data, when appropriate.

The aforementioned rights are characterized by the following:

– Their exercise is free, unless it involves manifestly unfounded or excessive requests (e.g., repetitive character), in which case a fee proportional to the administrative costs borne may be charged or a refusal to act may occur.

– You may exercise the rights directly or through your legal or voluntary representative.

– Your request must be responded to within a period of one month, although, taking into account the complexity and number of requests, the period can be extended by another two months.

– We have the obligation to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of opting for another means. If the request is submitted by electronic means, the information will be provided by these means when possible, unless you request us to do so otherwise.

– If, for any reason, the request is not processed, we will inform you, no later than one month, of the reasons for this and of the possibility of claiming before a Supervisory Authority.

– In order to facilitate the exercise of the referred rights, we provide you below with the links to the application form for each of them:

Form for the exercise of the right of access. Form for the exercise of the right of rectification Form for the exercise of the right of opposition Form for the exercise of the right of deletion (“right to be forgotten”) Form for the exercise of the right to the limitation of treatment Form for the exercise of the right to portability Form for the exercise not to be the subject of automated individual decisions

All the rights mentioned can be exercised through the contact means that appear at the beginning of this clause.

Facing any violation of your rights, especially when you have not obtained satisfaction in their exercise, you may submit a claim before the Spanish Data Protection Agency (contact details accessible at www.aepd.es), or another competent supervisory authority. You may also obtain more information about the rights that assist you by addressing said bodies.

How do we protect your personal data? We have a firm commitment to protect the personal data we treat. We use physical, organizational, and technological measures, controls, and procedures, reasonably reliable and effective, oriented to preserve the integrity and security of your data and guarantee your privacy.

Furthermore, all personnel with access to personal data have been trained and are aware of their obligations in relation to the treatment of your personal data.

In the case of the contracts we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the assignment carried out, as well as to implement the necessary technical and organizational security measures to guarantee the permanent confidentiality, integrity, availability, and resilience of the systems and services for the treatment of personal data.

All these security measures are reviewed periodically to guarantee their adequacy and effectiveness.

However, absolute security cannot be guaranteed and there is no security system that is impenetrable, so, in the case that any information subject to treatment and under our control were compromised as a consequence of a security breach, we will take the appropriate measures to investigate the incident, notify the Supervisory Authority and, where applicable, those users who could have been affected so that they take the appropriate measures.

What is your responsibility as the data holder? By providing us with your personal data, the person doing so guarantees that they are over 14 years of age and that the data provided is true, exact, complete, and updated.

For these purposes, the interested party is responsible for the veracity of the data and must keep it conveniently updated so that it responds to their real situation, being responsible for the false and inaccurate data that they could provide, as well as for the damages and losses, direct or indirect, that could be derived.

If you provide data of third parties, you assume the responsibility of informing them previously of everything provided in Article 14 of the General Data Protection Regulation under the conditions established in said precept.

How have we obtained your data? In those cases where user registration is effected through social networks, the personal data we will treat will proceed from the social network in question, to which, previously, the interested party will have provided said data for the purposes provided in their corresponding privacy policies. The categories of data that we will collect from the social network in question are those that appear in our registration form and that you have provided to said social network. If, to proceed with the registration on our website, more data than that supplied by the social network were essential, you must fill them in additionally in our registration form, subject to the privacy conditions provided in this Policy.

Specially protected data is not treated.