Details per Articles 13-14 of GDPR 2016/679 (General Data Protection Regulation)
This document (hereafter “Privacy Policy”) aims to tell users about personal data—basically any info that can ID a real person—collected on www.cardione-website.com (the “Platform”).
The data controller might tweak or update parts of this info without warning. Changes kick in once posted on the Platform. Users should check the policy every time they visit. If you don’t like updates, stop using the site and ask the controller to delete your data.
1. Personal Data Collected by the Platform
The controller gathers these types of personal data:
A. Tech stuff logged automatically when using the Platform:
System-generated data: Servers and software running the Platform might log personal data during normal ops, like IP addresses, domain names, URI paths of accessed resources, request timestamps, HTTP methods, and file sizes. These aren’t directly tied to users but could ID someone if mashed up with third-party data.
B. Data from cookies or tracking tech:
The Platform uses cookies, web beacons, and similar tools to collect info on pages viewed, links clicked, and user actions. These get stored and resent on future visits. The full cookie policy is here: https://www.cardione-website.com/cookie-policy/
2. What We Use Your Data For
Your personal data might get used for contract stuff, legal requirements, or these other reasons:
**Archiving and backend tech**: Storing user data via technical infrastructure. Data goes to SiteGround Spain SL, check their terms here.
**Anonymous stats**: Crunching numbers with aggregated or non-IDable data. Data shared with Google LLC, see their privacy policy.
**Tracking user behavior**: Watching how you interact with the platform. Data sent to Google LLC.
**Targeted ads/remarketing**: Showing ads based on your browsing habits. Data shared with Google LLC.
3. How Data Gets Processed
Data is handled via IT systems, telematics tools, or organizational methods tied to the purposes listed. Sometimes, internal staff (HR, sales, IT admins) or external parties (IT vendors, service providers, mail carriers, hosting companies) might access it. These folks could be named data processors and must keep your info hush-hush per contractual agreements.
4. Legal Basis for Processing
Your data gets processed based on these legal grounds:
- Your explicit consent for specific purposes;
- Necessary for a contract with you or pre-contract steps;
- Required to comply with laws the controller must follow;
- Needed for public interest tasks or official duties assigned to the controller;
- Essential to protect the controller’s or a third party’s legitimate interests;
- Urgent to safeguard someone’s vital interests (yours or a third party’s).
5. Where Data Lives
Data is processed at the controller’s operational offices and any other location where involved parties (like vendors or partners) operate.
6. Security Steps
Data is handled using methods and tools that lock down security and confidentiality. The controller has taken proper technical and organizational steps to ensure compliance with data protection laws and can prove it. Think encryption, access controls, and audits—but no fluff.
7. How Long We Keep Your Data
Data gets kept as long as needed to fulfill why it was collected. This includes the entire contract period, meeting legal obligations, defending claims (yours or ours), or complying with laws. If processing is based on your consent, we’ll hang onto it until you revoke that consent. Data might stick around longer if required by law or a court order. After the retention period ends, data gets deleted or stripped of identifying details within 30 days. Once this time’s up, your info’s either gone or anonymized.
8. No Robot Decisions
We don’t use automated systems (like profiling) to make decisions that legally impact you or mess with your rights. Zero algorithms calling the shots here.
9. Your Rights
You’ve got these rights over your data:
- Withdraw consent anytime;
- Tell us to stop processing your data;
- Snoop around what data we’ve got on you;
- Get errors fixed or updated;
- Put the brakes on processing;
- Wipe your data entirely;
- Grab your data or have it ported to another provider;
- File a complaint with a data watchdog or sue us.
To use these rights, contact the controller via details in this policy. Requests are free and get answered ASAP—within 30 days max.