OptiTurno

Privacy Policy

Effective date: 2025/01/01

Introduction

This Privacy Policy governs the collection, use, and disclosure of personal data by OptiTurno ('we', 'us' or 'our'). We comply with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPD-GDD), Royal Decree 1720/2007, and Law 34/2002 (LSSI-CE). By using our web application, you acknowledge that you have read and understood this Privacy Policy.

Person responsible for data processing:

Guiding Principles for Personal Data Processing

The processing of personal data will be carried out in accordance with the fundamental principles established in the applicable regulations. In this regard, legality, fairness, and transparency in the use of data will be ensured at all times, ensuring that they are handled in accordance with current legislation and the rights of the owners.

The data collected will be strictly limited to previously determined, explicit, and legitimate purposes, and cannot be used for purposes incompatible with these intentions. Furthermore, the principle of minimization will be observed, so that only the data essential to achieve these purposes will be collected and processed.

Necessary measures will be taken to ensure that the data is accurate, truthful, and kept up to date, avoiding any inaccuracies that could compromise the rights of the data subjects. Furthermore, the data retention period will be limited to the time strictly necessary to fulfill the purposes of the processing, after which it will be securely deleted or anonymized.

At all times, the necessary technical and organizational measures will be applied to protect the integrity, confidentiality, and security of personal data, preventing unauthorized access, loss, alteration, or improper disclosure. Finally, as part of the commitment to regulatory compliance, proactive accountability mechanisms will be implemented to demonstrate proper data handling and compliance with legal standards.

Categories of Processed Data

We process the following categories of personal data:

  • Identification Data Names, email addresses, and other contact details.
  • Technical Data IP addresses, browser types, and operating systems.
  • User Preferences Language settings, notification preferences, calendar preferences, etc.

Legal basis for data processing

The processing of personal data is carried out exclusively when there is a clear and legitimate legal basis supporting it, in accordance with the applicable data protection regulations.

First and foremost, explicit and free consent from the user is obtained, which is requested unequivocally at the time of registration or when using our services. This consent can be revoked at any time without affecting the legality of prior processing.

In addition, data processing may be necessary for the execution of a contract, including the provision of services requested by the user. In such cases, the data will be processed exclusively to ensure compliance with contractual obligations.

Lastly, under certain circumstances, the processing may be based on our legitimate interest, provided that the fundamental rights and freedoms of users are not overridden. These legitimate interests may include improving the functionality of our services, implementing security measures to protect data and systems, and analyzing usage patterns to optimize the user experience and detect potential abuses or irregularities.

In all cases, we commit to carefully evaluating the applicable legal basis and ensuring that users' rights are fully protected throughout the entire process of personal data processing.

Purpose of Data Usage

Personal data is processed for the following purposes:

  • User Interaction Facilitation Provide and manage access to our services.
  • Service Optimization: Improve the user experience and app functionality.
  • Operational Goals Ensure the effective operation of the web application.
  • Statistical and Analytical Purposes Use tools like Google Analytics or similar to analyze usage and improve services.
  • Communication: Send operational and commercial communications when appropriate.

Data Preservation and Security

Personal data is retained only for the time strictly necessary to fulfill the described purposes, ensuring its protection at all times through advanced security measures. This includes the implementation of protocols that ensure the confidentiality, integrity, and availability of the information.

  • Cifrado: All data transmission over the internet is protected through encryption to prevent unauthorized access.
  • Access Control Access to personal data is restricted exclusively to authorized personnel, ensuring proper and secure handling.

Account Administrator's Responsibility for Data Deletion

OptiTurno operates as a platform that allows account administrators to manage their own data and that of their end users within the application. Since our application can be used in various regions with specific data protection regulations (such as the GDPR in the European Union), the primary responsibility for managing the lifecycle of data entered or managed through our service lies with each account administrator.

This includes the administrator's obligation to determine when the personal data under their control is no longer necessary for the purposes for which it was collected or if there are other legal grounds requiring its deletion (for example, in compliance with the rights of data subjects under the GDPR or other applicable local laws). The administrator is responsible for actively requesting the deletion of such outdated or unnecessary data by contacting us or using the tools provided on the platform, if available.

OptiTurno does not assume responsibility for proactively monitoring or determining compliance with specific obligations regarding data retention and deletion that apply to each administrator depending on their jurisdiction and context of use. The account administrator releases OptiTurno from liability arising from the failure to meet their own legal obligations regarding data conservation and deletion.

User Rights

Users have the following rights:

  • Acceso: Request details of the processed personal data.
  • Correction Correct inaccurate or incomplete data.
  • Deletion Request the deletion of personal data.
  • Limitation Restrict the processing of personal data under certain conditions.
  • Data Portability Receive personal data in a structured and commonly used format.
  • Opposition: Object to processing based on legitimate interests.
  • Non-Automated Decisions Ensure that decisions affecting them are not based solely on automated processes.

    • To exercise these rights, users can contact us together with the person responsible for data processing.

Claims to the Authority

If you believe your rights have been violated, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD): https://www.aepd.es/

Policy Updates

We reserve the right to update or modify this Privacy Policy at any time and without prior notice, in order to reflect changes in regulations, our practices, or the services offered. Any changes will be posted on this page and will take effect immediately after publication. We recommend users review this Policy periodically to stay informed about potential changes.