Privacy Policy

 DISCLAIMER: The English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.  

 

Our privacy policy includes the following sections.

  1. Privacy policy of beabloo.com. In this section we explain how we process your data when you browse our website or contact us through online forms.
  2. Information regarding data protection regulations for BEABLOO clients. This section is for clients that use digital signage and analytics services and collects information of interest to them to help them comply with personal data protection legislation when using these services.
  3. Information security policy. This policy is of interest to clients and possible clients of BEABLOO and includes information about our Information Security Management System.

Privacy Policy

Use of this website and forms requires that you accept the processing of user data in accordance with this privacy policy, including the collection of access data and sending commercial information electronically.

Data controller and contact information

The data controller is BEABLOO SL

Address: C/PUJADES, 350 8º A2 08019 BARCELONA (SPAIN)

Data protection officer contact info: dpo@beabloo.com

Purpose of processing

Data is processed with the objective of providing access to online content, responding to user requests, registering visits for statistical purposes (IP addresses, browsing data, country, page accessed, etc.), applying measures aimed at web security, and sending commercial information about our products and services electronically.

The personal data you provide through any form will be used for the purposes for which they were requested in order to process your request.

Authorization

Data is processed based on user consent, complying with legal obligations, where appropriate for performing a contract or precontract.

Recipients and transfers

International data transfer (outside the European Economic Area) is not planned, except for storage purposes, and in any case based on a decision concerning its appropriateness, based on suitable guarantees, as well as to organizations that have signed up to the privacy shield agreement (http://www.privacyshield.gov).

Data storage time limit

Data will be stored for at least the time limit established by applicable legislation and in any case while the consent is still valid.

Data protection rights

Data subjects have the right to: access, rectify and erase their data; request data portability; object to processing or request limitation; and revoke consent, when appropriate.

To do so, send a request to

To facilitate identification, we recommend the data owner to attach a copy of their ID or passport.

Data subjects can also file a complaint with the data protection supervisory authorities.

Accuracy and updating of data

You must fill in our forms with your own genuine, precise, complete and up-to-date data. BEABLOO assumes that you have entered your own data.  You alone are responsible for any direct or indirect harm or damage caused to another person when you provide false, inexact, incomplete or outdated information, or data belonging to another person.

You must inform BEABLOO of any changes to your data in order to ensure that our information is up to date.

Minors

This Website cannot be used by people aged under 14 years old, unless BEABLOO has received specific consent from their parents or guardians.

Minors cannot provide data about other members of the household, for example their parents’ job titles, financial information, demographics or any other information, without the consent of those concerned.

Web analytics

This website uses web analytics to help us understand how you search, access and browse. These analytics may imply the collection of personal data such as, for example, IP address, connection location, browsing hardware and software information, etc. This information is not associated with users and is used for the exclusive purpose of collecting statistical information on usage of the company’s website.

Use of third-party tools and plugins

This website incorporates tools and plugins provided by third parties for various purposes, for example: third-party web analytics, third-party maps, third-party videos, social media sharing, etc.

A third-party tool or plugin establishes a direct connection between your browser and domains owned by the third party, to allow you to download and run the tool.

Most third-party plugins collect information about the websites you visit in order to provide personalized advertising.

Use of Google, Inc tools

This website uses tools provided by Google Inc (1600 AMPHITHEATRE PARKWAY, MOUNTAIN VIEW, CALIFORNIA, USA) to understand how you search, access and browse it. For that reason, when using this website, the user’s browser establishes a direct connection with servers in the internet domain of google.com and other Google domains. This lets Google know that the user has visited their website from their IP address. Google collects data about your website use for several purposes including personalized advertising, in accordance with Google’s privacy policy:  http://www.google.es/intl/en/policies/privacy/ You agree to the processing performed by Google when using this website.

 DISCLAIMER: The English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.  

Information regarding data protection regulations for BEABLOO clients

 

Information about General Data Protection Regulation (EU) 2016/679 and Organic Law 1999/153 on personal data protection and guaranteed digital rights

 

1 – Introduction

 

This section lays out the information regarding compliance with the current legislation on personal data protection as it relates to use of multichannel digital communication services provided by BEABLOO. These include, among others, digital signage and analytics services (Content Analytics, Radio Analytics, Video Analytics, beacons and myBloo.)

 

The General Data Protection Regulation (EU) 2016/679 (GDPR) regulates personal data protection in the European Union. It is directly applicable in all member states of the European Economic Area and is mandatory from the implementation date, May 25, 2018.

 

Organic Law 1999/153 2018 on personal data protection and guaranteed digital rights (LOPD) adapts the Spanish legal system to the GDPR, repealing the former Organic law 1999/15 on personal data protection. Organic Law 2018/3 came  into effect on December 7, 2018.

 

2 – Position of the CLIENT and BEABLOO as the Controller and Processor, respectively

 

BEABLOO offers personal data processing services as the data PROCESSOR, while the CLIENT has the role of data CONTROLLER.

 

Below are different aspects that the CLIENT must consider to comply with its obligations as the data controller. For more information, see the Spanish Data Protection Agency website, http://www.agpd.es

 

3 – The CLIENT’s obligations derived from the GDPR (from May 25, 2018)

 

Create a record of data processing activities in accordance with article 30 of the GDPR. In this data processing activity record, the CLIENT must include a processing activity with the following information in accordance with article 30.1 of the GDPR:

 

  1. Controller: identification of the CLIENT as the data controller
  2. Purposes of the processing: multichannel digital communication and analytics services in establishments through pseudonymized Wi-Fi device tracking, local facial analysis, beacon detection, and analytics services provided from pseudonymized and anonymized information.
  3. Categories of data subjects and categories of data: visitors to the establishments. For Video Analytics, the facial recognition software analyzes a person’s face to infer certain parameters, such as gender or age range, without generating identifying data or storing any images of faces. These images are analyzed then discarded immediately. For Radio Analytics, the processed data includes: a hash calculated from the MAC address of the device (which allows for the detection, but not the identification, of unique devices), the approximate position/location of a device, the type of device and/or its operating system. Beacons store data relative to the detection of a nearby beacon, which is associated with a specific location. They also store data relative to content views on a unique device.
  4. Data recipients: the data is only used for statistical and analytic purposes. Identifying data is never sent to third parties under any circumstances. The recipient of the statistics is the Controller.
  5. Transfer: no data transfer outside of the European Economic Area is planned.
  6. Time limits: pseudonymized data will be kept for the length of time required to successively identify unique devices (beacons and Radio Analytics). Images captured for Video Analytics are discarded immediately.
  7. Security measures: to guarantee the security of devices and online infrastructure, BEABLOO has implemented an Information Security Management System in accordance with ISO 27001:2015 that includes yearly external audits of the systems among other aspects.

 

. To facilitate compliance with this obligation, BEABLOO has established the following authorizing bases:

 

  • Beacons service: based on consent from interested parties, which must be requested by the CLIENT from APPS compatible with beacons. Consent must be informed and through a clear, affirmative response from the user.
  • Radio and Video Analytics services: based on the legitimate interest of the Controller in accordance with article 6.1.f of the GDPR and following recommendations from Opinion 2014/6 from the Working Party on article 29 on legitimate interest (WP217).

 

Inform interested parties about data processing in accordance with articles 13 and 14 of the GDPR. To facilitate compliance with this obligation, the CLIENT must request the following forms from BEABLOO:

 

  • Informative sign regarding the use of Radio Analytics and Video Analytics
  • Informative note to include in all of the CLIENT’S beacon-compatible APPS
  • Optionally, an informative note that BEABLOO recommends the CLIENT include on its website

 

Attend to the rights of the interested parties in relation to their rights of:

 

  • access (article 15 of the GDPR)
  • rectification and erasure (article 16 and 17 of the GDPR)
  • restriction of processing (article 18 of the GDPR)
  • data portability (article 20 of the GDPR)
  • objection and automated individual decision-making (articles 21 and 22 of the GDPR)

 

To facilitate compliance with this obligation, the CLIENT must request the forms from BEABLOO to attend to these requests.

 

Sign a data processor contract in accordance with article 28 of the GDPR. To facilitate compliance with this obligation the CLIENT can request a copy of the processor contract form from BEABLOO.

 

Perform a risk analysis and, if necessary, an impact assessment. To facilitate compliance with these obligations, BEABLOO provides the main conclusions of the risk analysis of information security issues, as well as the impact asessment related to the use of analytics services.

 

Minimization and limitation of data processed. In compliance with that stipulated in article 89.1 of the GDPR, BEABLOO uses technical measures to guarantee the pseudonymization of the data collected by analytics systems.

 

Report security breaches. It is the responsibility of the CLIENT to notify the data protection authorities and the persons whose data have been compromised by any data security breaches (articles 33 and 34 of the GDPR). To that end, in case of any incident that poses a risk to the rights and freedoms of those affected, BEABLOO will notify the CLIENT as soon as possible and will help with the notifications.

 

Designate a data protection officer. In accordance with articles 37, 38 and 39 of the GDPR, the CLIENT must designate a data protection officer and report their identity to the data protection authorities. The CLIENT must also inform BEABLOO of the data protection officer’s contact information.

 

 

 

4 – The CLIENT’s obligations derived from the LOPD (not applicable after May 25, 2018) Security measures applied by BEABLOO

 

Beabloo has implemented a Security Management System in accordance with ISO 27001:2015.

 

The following are some security measures applied by BEABLOO:

 

  • Personnel functions and obligations: BEABLOO personnel have received the necessary training regarding IT systems security and have all of the necessary rules and procedures.
  • Incident report: BEABLOO will report any incidents that occur that could affect personal data included in processing of which the CLIENT is the controller, indicating the type of incident, the time it occurred, the person who made the report, who they reported it to and the possible effects of the incident.
  • Identification and authentication: BEABLOO has implemented identification and authentication procedures based on passwords or similar mechanisms. There is a process for assigning, distributing and storing passwords that guarantees their confidentiality, integrity and individual identification for users. With regard to CLIENT personnel access to the web control panel, it is the responsibility of the CLIENT to maintain an updated list of the authorized persons and grant individual passwords confidentially, and to renew them at least once a year.
  • Access control: BEABLOO personnel are only authorized to access the necessary resources to perform their duties. The CLIENT must only grant usernames and passwords to access the BEABLOO web control panel to those persons designated for management and supervision and no-one else.
  • Physical access control: The infrastructure that provides the service is housed in a space equipped with access control and monitoring and control systems to guarantee that only authorized persons have access.
  • Device management: BEABLOO performs the management and inventory of the devices necessary for the analytic infrastructure.
  • Device destruction: Beabloo has implemented measures for the destruction of devices. These devices will only leave BEABLOO locations with prior authorization from the CLIENT.
  • Backup copies and recovery: BEABLOO will make security backups of CLIENT information, which will be stored in its web infrastructure.
  • Data protection audit: BEABLOO will provide the necessary data to the CLIENT to perform data protection audits related to processing of which the CLIENT is the controller and always related to the verification of the requirements stipulated in the data protection legislation.

 DISCLAIMER: The English version is a translation of the original in Spanish for information purposes only. In case of a discrepancy, the Spanish original will prevail.  

INFORMATION SECURITY POLICY:

 

In response to the new technological environment in which the convergence of information technology and communication is creating a new productivity paradigm for companies, BEABLOO is committed to maintaining a competitive service. Its offering includes app hosting services in a quality environment in which best practice in security is key to protecting the organization’s information assets.

The mission of BEABLOO’s Security Policy is to establish global security guidelines for the company, as well as to protect data, resources and BEABLOO information systems from threats, including internal and external, deliberate and accidental threats, with the aim of ensuring compliance with the confidentiality, integrity, availability and legality of information.

This policy is based on the recommendations of best practices to guarantee the security of information systems management (ISO 27001 and ISO 27002 international standards) as well as the current applicable legislation.

BEABLOO has consequently defined the following guidelines for implementing its Information Security Management System (ISMS):

  • Confidentiality: Information processed by BEABLOO will be made available or disclosed exclusively to authorized persons at the time and by the means established.
  • Integrity: Information processed by BEABLOO will be complete, accurate and valid and the content will be as provided by the parties concerned and subject to no manipulation whatsoever.
  • Availability: Information processed by BEABLOO will be accessible to and usable by authorized persons at any given time, guaranteeing its persistence against any eventuality.
  • Compliance: BEABLOO guarantees compliance with any and all applicable laws and more specifically with the regulations in effect on the processing of personal data.

The company’s senior management assumes responsibility for supporting and furthering the establishment of the organizational, technical and control measures necessary to comply with the above security guidelines.

This security policy will be maintained, updated and adapted to the organization’s needs and aligned with its strategic risk management principles. To that end, it will be reviewed at planned intervals or whenever significant changes arise to ensure its suitability and effectiveness. To manage the risks BEABLOO faces, the company has defined a formal risk assessment procedure.

This policy affects all of the company’s information assets, including personal devices or servers, networks, applications, operating systems, and company processes that belong to or are administrated by BEABLOO.

The obligation to know and comply with this Security Policy extends to any person belonging to the organization, as well as any person belonging to third parties that act as providers that perform any type of processing of data owned by BEABLOO.

Please read our Cookie Policy.