PRIVACY POLICY

If you are a representative of a legal entity client, we will process your personal data based on our legitimate interest to stay in contact with the entity you represent.
If you are a self-employed individual, we will process your personal data based on the contractual relationship that binds us to provide the requested services.
At any time, you can exercise your rights of access, rectification, deletion, limitation of processing, and objection by contacting us at the following address: contact@mail.nbx.digital
NBX DIGITAL will not disclose your personal data to any third parties, except when there is a legal obligation, or it is necessary for the provision of services. Your personal data may be accessed by service providers of the Company who need to access your data to provide such services.

NBX DIGITAL AS A DATA PROCESSOR:

In the event that NBX DIGITAL needs to access personal data that is the responsibility of the client as part of the services proposed, the provisions of this clause shall apply. The client, as the data controller for personal data, provides NBX DIGITAL with the identifying data of its employees, clients, suppliers, and/or contact persons. The provision of services by NBX DIGITAL implies the performance of the necessary processing activities for the provision of the service, such as collection, recording, structuring, modification, retention, extraction, consultation, communication, dissemination, interconnection, comparison, limitation, erasure, destruction, or any other activity derived from the services specified in the proposal.

NBX DIGITAL AS A DATA PROCESSOR:

NBX DIGITAL declares that it has sufficient technical and organizational capacity to fulfill its obligations arising from the provision of services related to personal data protection regulations, and it can commit, to the extent that the provision of services requires it, to comply with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”).

NBX DIGITAL will maintain the confidentiality and secrecy of the personal data for which the client is responsible and to which it has access, and it will process such data exclusively on behalf of the client.
NBX DIGITAL will use the said data solely for the provision of services and will not use or apply them in any way that exceeds this purpose. If the client requests any processing that goes beyond the provision of the service, it will be detailed in writing through the corresponding instructions.
NBX DIGITAL will not communicate the data it has access to, even for their storage, to third parties, nor will it duplicate or reproduce all or part of the information, results, or relationships regarding such data, except in cases where it is legally required.
NBX DIGITAL will provide the client, upon the client’s request, with the necessary information to demonstrate compliance with its obligations, as well as for the conduct of audits or inspections reasonably carried out by the client or another auditor on its behalf.
NBX DIGITAL has appointed a Data Protection Officer, whose contact point is contact@mail.nbx.digital
Authorized personnel at NBX DIGITAL to process personal data are expressly and in writing committed to respecting confidentiality and complying with the corresponding security measures. NBX DIGITAL provides continuous training in the protection of personal data to all authorized employees.
NBX DIGITAL will provide the necessary support to the client in conducting impact assessments and prior consultations with the supervisory authority, when necessary and reasonably required.
If NBX DIGITAL believes that compliance with a specific client instruction could result in a breach of data protection regulations, it may suspend the application of the relevant instruction pending the client’s decision regarding the withdrawal, amendment, or confirmation of the instruction in question. If the client decides not to amend the instruction, even against NBX DIGITAL’s recommendations, the client shall indemnify NBX DIGITAL against any sanctions or claims that may arise as a result of the application of the instruction contrary to data protection regulations.

Upon the completion of the provision of services, and at the request of the client, NBX DIGITAL will return the personal data it has accessed, as well as the documents or media containing any of this data. In this case, the costs of returning the data may be passed on to the client. Specifically, NBX DIGITAL undertakes to return: (i) the data included in files for which the client is responsible and that the client has made available to NBX DIGITAL as a result of the provision of services; (ii) any data that may have been generated as a result of NBX DIGITAL’s processing of the data for which the client is responsible; and (iii) all media or documents containing any of this data.
NBX DIGITAL will notify, as a data processor, without undue delay, and in any case within a maximum of 48 hours, and by email, any incident, suspected or confirmed, related to data protection, any processing of data that may be considered unlawful or unauthorized, any loss, destruction, or damage to personal data within NBX DIGITAL’s area of responsibility (caused by NBX DIGITAL, its personnel, agents, or subcontractors), and any incident that may be considered a breach of data security, along with all relevant information for documenting and reporting the incident to the authorities or affected parties.
Furthermore, NBX DIGITAL will assist the client in the event of a personal data security breach, ensuring compliance with the obligations to notify a personal data breach in accordance with the GDPR (in particular, Articles 33 and 34 of the GDPR) and any other applicable rules that may amend, supplement, or be enacted in the future.
NBX DIGITAL will assist the client when requested through a reasonable request, providing the information and/or documentation needed for the proper response to requests from data subjects to exercise their rights of access, rectification, erasure, objection, restriction of processing, and data portability, which may be received from the data subjects, holders of the data being processed. NBX DIGITAL will do so within reasonable timeframes.
In cases where NBX DIGITAL directly receives a request for access, rectification, erasure, objection, restriction of processing, or data portability from the data subject, the data subject will be promptly informed to the client so that the client can handle it within the legally established deadlines.
NBX DIGITAL will not subcontract the services to any third party, except for logistical, technological, or system services that NBX DIGITAL needs to provide its services properly. If NBX DIGITAL needs to subcontract a processing, it will notify the client of the services and processing it intends to subcontract, the identity of the subcontractor, and their contact details. This notification shall be made by NBX DIGITAL as soon as possible.
NBX DIGITAL will keep a written record of all categories of processing activities carried out under the Contract.
NBX DIGITAL will not carry out international transfers of the personal data for which the client is responsible and to which it has access unless it has the prior written authorization of the client or unless such transfers are properly regularized.
NBX DIGITAL will have an overview of technical and organizational security measures related to pseudonymization and encryption of personal data, where applicable; the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services; and the ability to quickly restore the availability and access to personal data in the event of a physical or technical incident. NBX DIGITAL will also carry out regular verification, assessment, and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.
NBX DIGITAL has implemented technical and organizational security measures that are applicable in accordance with the provisions of the GDPR (in particular, Article 32). The security measures applicable to the services are as mentioned earlier and, in particular, those established in ISO-27.001. Security measures may be updated if required by any future regulations. If this affects the costs of the contracted services, the parties will agree on appropriate measures to address the situation. If you wish, you can request details of the security measures by writing to the Data Protection Officer at contact@nbxdigital.com

FULL PRIVACY INFORMATION:

Who is responsible for processing your data?

Domain name: https://nbxdigital.com/
Commercial name: NBX Digital
Company name: Nubexx Industries, S.L.
Registered address: Califato, 5, 04638 Mojacar, Spain
Phone: +34 693 707304
Email: contact@mail.nbx.digital

For what purpose do we process your personal data?

At NBX DIGITAL, we process the information provided by interested parties in order to manage the sending of the requested information, provide interested parties with offers of requested or of interest products and services, and/or manage the entrusted assignment.
No automated decisions will be made based on this profile.

How long will we keep your data?

The personal data provided will be kept for as long as the commercial relationship is maintained, and their deletion is not requested by the data subject for a period of 2 years from the last confirmation of interest. When they are no longer necessary for this purpose, they will be deleted with appropriate security measures to ensure data pseudonymization or complete destruction.

What is the legal basis for processing your data?

The legal basis for processing your data is the execution of the service provision contract according to the terms and conditions stated therein and/or the request for a quote by legitimate interest of the controller (GDPR, Article 6.1.f): The prospective offer of products and services is based on the consent requested from the data subject (GDPR, Article 6.1.a), with the withdrawal of this consent in no case conditioning the execution of the service provision contract.

What are your rights when you provide us with your data?

Any person has the right to obtain confirmation as to whether or not NBX DIGITAL is processing personal data concerning them.
Interested parties have the right to access their personal data and to request the rectification of inaccurate data or, where appropriate, request their deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Under certain circumstances, interested parties may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defense of claims.
In certain circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. NBX DIGITAL will cease processing the data, unless compelling legitimate grounds for processing exist, or for the exercise or defense of legal claims.

How did we obtain your data?

The personal data processed at NBX DIGITAL comes from the data subject themselves or from companies that have contracted our services.
The categories of data that are processed are:

Identification data
Telephone numbers
Postal or email addresses
Commercial information
No specially protected data is processed.

How can you contact the Data Protection Officer (DPO)?

You can contact the DPO by email at contact@mail.nbx.digital, where you can request the exercise of your rights and/or request information related to your data.