1.1 Applicability: This Policy applies to personal data that we collect from authorized users and employees of contracting companies who have access to our Platform. It does not apply to guest users, as no guest access is provided. Visitors to our public website may view general information without logging in; however, no personal data is collected from such visitors unless they provide it voluntarily.

1.2 Data Protection Officer (DPO): We have appointed our CTO as the Data Protection Officer. For privacy-related inquiries, please contact: info@leolia.es.

2.1 Types of Personal Data: We may collect the following categories of personal data:

• Identification Data: Full name, email address, identity card number.
• Business Information: Company affiliation, role, and related business details.
• Device and IoT-Generated Data: Device usage logs, IoT data linked to specific business processes or spaces assigned to users.
• Images: Pictures or business cards uploaded or associated with user profiles.

2.2 No Special Categories: We do not collect health, biometric, or sensitive financial information beyond what is required for payment methods related to salaries or expenses.

3.1 Direct Collection: Personal data is collected when authorized users or employees input their information into Frappe-based forms within our Platform.

3.2 System Logs and Local Storage: We use local storage and logging mechanisms to track user activities, ensure security, debug issues, and maintain accurate invoicing records.

3.3 No Automated External Collection: We do not collect personal data through external APIs or automated third-party integrations for personal data acquisition.

4.1 Service Provision: We process personal data to provide and maintain the Platform's business process management functionalities, including analytics, reporting, and IoT integration.

4.2 Support and Invoicing: Personal data may be used to offer customer support, issue invoices, and manage subscriptions.

4.3 Communications: With consent, we may send newsletters or notifications regarding updates to our services.

4.4 No Profiling or Automated Decision-Making: We do not use personal data for profiling or automated decision-making that produces legal or similarly significant effects.

5.1 Contractual Necessity: We process personal data to fulfill our contractual obligations to the contracting company and its authorized users.

5.2 Legitimate Interests: We rely on our legitimate interests to ensure the security and proper functioning of the Platform, protect our business, and improve our services.

5.3 Compliance with Legal Obligations: We may process personal data to comply with applicable legal, regulatory, or judicial requirements.

6.1 Third-Party Processors: We do not share personal data with third parties except where necessary to process payments or to comply with a legal request (e.g., courts or authorities).

6.2 No External Data Transfers: We do not transfer personal data to external APIs, third-party software, or services not agreed upon in the subscription contract.

7.1 Retention Periods: Personal data is retained for the duration of the subscription and as long as necessary to fulfill the purposes described in this Policy. Once the service is terminated and after all invoicing and legal obligations are met, personal data may be archived or made inactive.

7.2 State of the Art Retention: As a guideline, we may retain personal data for up to 5 years following the end of the subscription to comply with accounting, legal, and regulatory requirements, unless a shorter or longer retention period is required or permitted by law.

8.1 Technical and Organizational Measures: We employ role-based access controls, permission management, encryption where appropriate, and maintain comprehensive logging to ensure data integrity and confidentiality. Only authorized personnel can access personal data.

8.2 Data Breaches: In the event of a suspected data breach, we will investigate promptly, identify the scope of accessed data, and, if required by law, notify affected individuals and supervisory authorities.

9.1 No External Transfers: We do not currently transfer personal data outside the EU or to any jurisdiction lacking adequate data protection standards.

10.1 Your Rights: Under the GDPR and applicable EU laws, you have the right to access, rectify, erase, and object to the processing of your personal data.

10.2 How to Exercise These Rights: To exercise your rights, please contact us via email at info@leolia.es or reach out to our DPO at info@leolia.es. We may require verification of your identity before fulfilling your request.

11.1 Age Restriction: We do not knowingly collect personal data from children under 16 without appropriate authorization from the contracting company. If we become aware that personal data of children under 16 is processed without proper consent, we will take steps to delete it.

12.1 Changes to the Policy: We may update this Policy from time to time to reflect changes in our practices, legal requirements, or the services offered.

12.2 Notification of Changes: Material changes will be communicated to subscribed users via email before they become effective. The "Last Updated" date at the top of this Policy indicates when it was last revised.

13.1 Queries and Complaints: For questions, concerns, or complaints about this Policy or the processing of your personal data, please contact us at:

Leolia Solutions SL
Asturias, Spain
Email: info@leolia.es

By continuing to use our Platform, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.