PRIVACY POLICY

1. Introduction

1.1. Yellow Jelly SL (hereinafter the “Service Provider”) as duly identified in the Legal Notice and General Contracting Conditions (hereinafter “T&C”) by means of this Privacy Policy (which forms part of the T&C together with the Cookies Policy) sets out the basis on which any personal information (hereinafter “Personal Data”) collected by the Service Provider from the Customer or provided by the Customer shall be processed by the Service Provider. Please read the following carefully to understand the Service Provider views and practices regarding the Customer Personal Data and how the Service Provider will process such information in connection with the Services provided to the Customer, all in accordance with the T&C.

1.2. By accessing the Website or the Services provided by the Service Provider, the Customer hereby authorizes and gives its express consent in favour of the Service Provider in order to collect, process, store and use the Customer Personal Data according to this Privacy Policy. In case that the Customer has any doubt or disagreement regarding the data provided or the use of it by the Service Provider in any way permitted by this Privacy Policy, the User must refrain from using the Services.

1.3. In accordance with the T&C applicable to the Services, the Customer must be an individual professional, entrepreneur, or a company. If the Customer is an individual he / she shall be 18 years old or over, in order to access and use the Services.

2. Guidelines to be observed by the Service Provider regarding the use of the Personal Data

2.1. The Service Provider may collect and process the following Personal Data provided by the Customer: (a) information provided by the Customer when required due to the provision of the Services; (b) information about the use and resources accessed by the Customer; (c) communications maintained and exchanged with the Customer; (d) Information collected through the using of Cookies as depicted in the separate Cookies Policy; and (e) information collected as a consequence of the Services provided.

2.2. The Customer acknowledges and agrees the use of its Personal Data for the following purposes: (a) delivery of notices and communications; (b) advertising and marketing of the Services and any other related products. If the Customer does not allow the use of its Personal Data for the purposes mentioned above, a formal notice shall be sent to the Service Provider at the following address avo@zinktel.com. Consequently and, unless otherwise advised, the Customer acknowledges and expressly agrees to receive notices and communications through electronic means (SMS, e-mails and MMS) related to the Services and/or other similar services, promotions or events similar or equivalent to the Services; (c) preparation of reports, analysis or services to be done by the Service Provider and for its use; (d) to prevent any fraudulent action; (e) to be used in any other way as specified in this Privacy Policy or as required by the applicable laws and regulations currently in force.

2.3. The Service Provider is entitled to collect and use the Personal Data in order to comply with the contractual purposes of the T&C as stated therein. The Service Provider is entitled to retain the Personal Data once the provision of the Services is terminated, if required in order to comply with legal or regulatory requirements or in order to solve any dispute or to apply this Privacy Policy or any other contract executed with any other Customer.

2.4. The Service Provider shall apply the applicable technical and organizational measures in order to protect the Personal Data stored by the Service Provider from its destruction, loss, variation, disclosure, access our unauthorized use, accidental or illegal, and from any other illegal processing. The Service Provider shall apply the same or similar levels of protection in accordance with the current standards that apply in the sector. Notwithstanding the above, the Customer acknowledges and accepts that the Internet is not a completely secure environment, and thus the Service Provider cannot guarantee an eventual breach of the security measures that are applied or any other security incidents that may occur in the course of the provision of the Services.

2.5. The Services could contain link to third party websites. The Customer acknowledges and agrees that all the Personal Data provided by the Customer after clicking on these links is subject to the corresponding privacy policy of the owner of such websites and not to the Service Provider policy. The Service Provider shall do its best in order to include links only to trusted websites. Notwithstanding the above the Customer releases the Service Provider from any liability arisen related to the content, protection and security of the above mentioned third party websites.

3. Information related to the processing of Personal Data of the Customer.

In order to comply with the provisions contained in the Constitutional Act 15/1999, of 13 of December, on Personal Data Protection, which specifically apply to the Service Provider, the Service Provider informs to the Customer about the following conditions:

3.1. The Personal Data that the Customer provides, freely and voluntarily, by filling in the applicable online forms, shall be included in a database held by the Service Provider. The acceptance of the T&C and this Privacy Policy imply the Customers acceptance for the automatized processing of such Personal Data by the Service Provider in order to comply with the provision of the Services.

3.2. The purpose of the collection and processing of Personal Data by the Service Provider is the management, administration and performance of the Services offered by the company, and its use for communications with Customers as well as the eventual delivery of commercial information about products and services similar or equivalent to those contracted herein that may be of interest for the Customers.

3.3. The Customer may exercise its rights to access, rectify, cancel and oppose, at any time, the processing of its Personal Data in accordance with the applicable law, by writing a notice to the Service Provider at the following e-mail address avo@zinktel.com. The official models and forms to exercise these rights are made available to the User on the website of the Spanish Data Protection Agency, which is located at the following URL: www.agpd.es.

3.4. The Service Provider guarantees the security and confidentiality of the Personal Data provided. Pursuant to the provisions of the Royal Decree 1720/2007, of 21st December, approving the development of the Constitutional Act 15/1999, of 13th December, on Personal Data Protection, the company has adopted the security levels of protection appropriate to the level of sensitivity of the Personal Data provided by Customer and applies the necessary means and technical protection measures at its disposal to prevent alteration, loss, or unauthorized use of personal data. Nonetheless, the Customer is herein informed and acknowledges through this Privacy Policy that such means are not infallible and unassailable and that therefore the Service Provider shall not be made responsible of such events and situations.

4. Processing of Data that the Service Provider may take into effect on behalf of the Customer.

4.1.The Customer may carry out the processing of personal data on the Customer website, by using the services provided by the Service Provider. In such case, the Customer agrees and acknowledges to manage the personal data of its users and customers in full compliance with the data protection regulations and, when necessary, the rules on data protection and e-commerce that will become applicable. In this regard, the Customer shall be the sole and exclusive owner, thus assuming full responsibility in relation to such personal data, and must indemnify and keep harmless the Service Provider as a result of damages caused by any incident or administrative, judicial or extrajudicial claim that any third party might initiate in this regard.

4.2. With regard to the Service Provider, and in the event that it might process personal data of users and customers of the Customer, then there may be a data processing performed by the Service Provider on behalf of the Customer. Consequently, the Service Provider will have access to such personal data for the sole purpose of providing the services described in the T&C. The Service Provider will only process the aforementioned information according to the instructions of the data controller and data not apply or use them for purposes other than as contained in this clause, therefore shall not be disclosed, even for safekeeping, to any other people. Also upon completion of the relations linking the two sides, Service Provider must destroy the above data as well as any support or document containing any personal data provided by the data controller. Service Provider shall adopt the security measures described as basic level, in accordance with the provisions of Articles 89 to 94 and 105 to 108 of the Royal Decree 1720/2007, in relation to these personal data.