By using our services, websites and applications, you entrust us some personal information about you. This is a big responsibility for us, and we will do our best to protect your data and keep it under your control.
. 1. Who we are?
The company ESEL AMI CONSULTING SL, with registered office at Calle General O'Donnell, 3, Iº Izq, 03003, Alicante, CIF B54929971 (hereinafter "Debex" or "company"), is the owner of a DEBEX.ES electronic portal (the websites, applications, systems) as well as of all rights to it, the equipment, software and hardware necessary for its operation.
Debex is committed to GDPR compliance and to strictly follow and to protect data subjects under other applicable privacy regulations, depending on the jurisdiction of our business.
According to the General Data Protection Regulation (EU) 2016/679 (hereinafter "GDPR") Debex may act in different roles, depending on our relationships with you.
Debex acts as:
· data controller
for your personal data if you are our user or visitor of our portal or website; organizer/seller or participant/buyer using our portal, their representative or administrator; participant of our events; guest of our offices; subscriber to our news, mailings and social media accounts; current or potential client, vendor or business partner; shareholder or investor; director, manager or representative;
· data processor
for personal data provided in the lots by organizers/sellers to participants/buyers, including any personal data on debtors, guarantors, their representatives and other data in the lots;
· data controller
for your personal data if you are Debex companies' (including affiliates and target companies for acquisition) employee, contractor, applicant, intern, trainee, referral. 2. How to contact our DPO?
We've assigned a reputable privacy firm DPO LLC
as our Data Protection Manager to respond to any requests and complaints of data subjects promptly and professionally. Feel free to contact our external DPO by direct email: [email protected] 3. What our privacy principles?
We are committed to the privacy principles and rules inherent in the GDPR and particularly we aim to ensure:
· your control under your information and transparency with regard to data processing;
· lawfulness, fairness, necessity of any processing for a specific purpose;
· accuracy, keeping up to date and erasure or anonymization when purpose of processing is achieved;
· safely and security of data processing, storage and transmission. 4. How do we register personal data?
We follow the accountability GDPR principle
and conduct an audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed. The result of such audit is documented and maintained in records of processing activities. 5. Our Policies & Trainings
The following Policies and trainings were implemented on corporate and staff levels to meet the requirements and principles of the GDPR and other relevant data protection laws:
– our rules and principles for protection of personal data of data subjects outside the company: users, partners, applicants, visitors, guests, etc.
· Internal privacy and security policies
– the set of requirements to staff and list of their obligations, procedures of data protection, of response to data subjects, of response to data breach, rules of data retention&erasure, etc.
· Data protection and security trainings
– our obligatory awareness course to familiarize our staff with policies and procedures before granting them any access to personal data. 6. How do we protect personal data?
To protect personal data we use state of the art security measires, including antivirus, vulnerability control, encryption, intrusion detection system, etc.
All information transferred between the platform and the user is encrypted with the https protocol using Cloudflare
. The company has defined and implemented procedures for backing up all critical information.
Debex is hosted on Amazon Web Services (AWS) cloud services, which provides comprehensive data protection and is certified
under ISO/IEC 27001:2013, 27017:2015, 27018:2019, 9001:2015, CSA STAR CCM v3.0.1. Incident Response Policy
The Company has defined a procedure for responding to information security incidents. As part of the procedure used, the requirements for event journaling of information system components have been defined. Procedures for identifying and eliminating vulnerabilities in software and hardware components of the infrastructure used have also been defined and implemented. Mail service and infrastructure providers provide protection against the most common attacks. Access policy
The Company's information services access policy provides for the use of a role-based model. This access model assigns the minimum access rights necessary to perform job responsibilities. Access rights to information services are reviewed and updated regularly in accordance with the policy. 7. How to execute data subjects' rights?
To ensure your full control over your privacy and you data, Debex will timely execute your privacy rights: to be informed, to access and correct your personal data, to erase your data or restrict its processing, to object to the processing, to receive your personal data in a machine-readable format (portability right), to withdraw your consent, not to be subject to automated decision-making including profiling. You also have a right to lodge a complaint with a supervisory authority.
If you wish to execute any of these rights, please contact us at [email protected]
at any time. 8. How do we delegate data processing to third parties?
When Debex is data controller, we may engage some entrusted data processor who will process your personal data on our behalf and under our documented instructions and our standard Data protection agreement. Before such engagement our data processors shall pass our privacy check to ensure they comply with the applicable data protection regulations. 9. How we transfer personal data to third countries?
To the extent that Debex has offices and organizational structures in third countries outside the EU/EEA, your data may be shared within our international business processes to perform our legal or contractual obligations to you or our business partners. We have a particular intra-group data transfer agreement in place. When such data transfers involve external data importers, we enter in respective standard contractual clauses with them.