Privacy Policy

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), on the protection of natural persons with regard to the processing of their personal data and on the free movement of such data; Spanish Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (the “LSSI”); and Spanish Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights, HOLBOX TECHNOLOGIES, S.L. (“Nomade”), Tax ID No. B-09896960, with registered office at Carrasco y Formiguera 6, 08017, Barcelona (Spain), and registered in the Commercial Registry of Barcelona, hereby provides its privacy policy (the “Privacy Policy”).
For any matter relating to this Privacy Policy, please contact: info@nomaderevolution.com.

2. INTRODUCTION

This Privacy Policy sets out the terms on which the online platform owned by Nomade (the “Platform”), accessible via the website located at the URL www.nomaderevolution.com or via the mobile application (the “Application”), collects, uses, stores and protects the information provided by its users, including companies, influencers and other interested parties (individually, the “User” and, collectively, the “Users”), through:

Forms on the Platform, including sign-up and registration data, plan subscriptions, requests for information or services, advertisements or messages posted, or data relating to complaints and claims.
Correspondence exchanged with Users, and records of such correspondence, including emails and information about telephone communications.
Questionnaires and surveys completed by Users.
Information from the computer or device through which Users access the Platform, such as the IP address used to connect to the internet.

This Privacy Policy applies to all data collected from Users when they request information or register on the Platform, request or contract collaborations, use the Platform or otherwise interact through the Platform or with Nomade. The data collected will primarily be used for the operation of the Platform, but may also be used to respond to queries and for the other purposes described in Section 5 of this Privacy Policy. Nomade undertakes to protect the privacy of its Users and, through this document, to inform them of their rights and obligations as regards the privacy of their data, as well as to explain the reasons for storing and using such data, in accordance with this Privacy Policy. Users should read this Privacy Policy carefully; it has been drafted in clear and simple terms to facilitate understanding.

3. INFORMATION AND CONSENT
The information collected may include, among others, the name or corporate/trade name of the Users and/or their representatives, tax identification number, registered address, and contact details (including postal and/or email addresses, telephone numbers, and billing and payment data), as well as any other information required for the provision of services and the proper operation of the Platform.
By accepting this Privacy Policy, the User is informed and gives free, informed, specific and unequivocal consent for the personal data provided to Nomade through the Platform, or in relation to it or its services, to be processed by Nomade, as well as data derived from browsing and any other data that may be provided in the future.

4. OBLIGATION TO PROVIDE DATA
The data requested in the Platform’s forms are, in general, mandatory (unless otherwise specified in the relevant field) in order to properly fulfil the purposes for which they are being collected.
If the required data are omitted or incorrect, it will not be possible to respond to Users’ requests.
Users undertake to notify Nomade of any change to the data provided. This communication may be made by email to: info@nomaderevolution.com.

5. FOR WHAT PURPOSES DOES NOMADE PROCESS USER DATA?
Users’ personal data will be processed by Nomade for the following purposes:

Contact: to manage and respond to requests made through the contact area enabled on the Platform. This processing is lawful based on the express consent given when the request is sent (Article 6.1(a) GDPR).
Potential Users and commercial communications: to maintain relationships of any kind and to inform Users about Nomade’s products or services, at their request or with their consent. This processing is lawful based on legitimate interests (Article 6.1(f) GDPR) for professional contacts belonging to legal entities, or on express consent (Article 6.1(a) GDPR) in the case of natural persons.
Users, suppliers and collaborators: to manage contractual relationships. This processing is lawful based on legitimate interests (Article 6.1(f) GDPR) for legal entities, and on performance of a contract (Article 6.1(b) GDPR) for natural persons.
To provide and manage the information or services requested or contracted by Users: including management of the contractual relationship (including collections) and provision of the requested information or services. This processing is lawful based on performance of a contract (Article 6.1(b) GDPR).
Profiling and verification: to create profiles in order to offer and/or perform services requested via the Platform and to send personalised communications based on Users’ preferences. In addition, in order to verify the authenticity of such profiles and assess their suitability for potential collaborations, Nomade may request certain data or videos from Users’ private social media and review the publicly available information on them. This processing is lawful based on Users’ express consent (Article 6.1(a) GDPR), and Users may object at any time.
To facilitate communication between Users: lawful based on performance of a contract (Article 6.1(b) GDPR), as interaction among Users is essential to Nomade’s services.
To send communications on collaboration opportunities: if such communications relate to an existing contractual relationship, processing is lawful based on performance of a contract (Article 6.1(b) GDPR). Where there is no contractual relationship, processing is based on express consent (Article 6.1(a) GDPR).
To respond to questions or requests submitted through contact forms and various communication channels: lawful based on performance of a contract (Article 6.1(b) GDPR), or on legitimate interests (Article 6.1(f) GDPR) where the query relates to service provision.
To optimise services, improve the experience and products and services, and detect errors and issues on the Platform: lawful based on performance of a contract (Article 6.1(b) GDPR), as continuous improvement forms part of contractual obligations, or on legitimate interests (Article 6.1(f) GDPR) where it constitutes a general improvement to the Platform.
To prepare reports, statistics and internal analyses to improve the Platform’s services: lawful based on legitimate interests (Article 6.1(f) GDPR) or on performance of a contract (Article 6.1(b) GDPR), insofar as data analysis forms part of improving products and services.
To conduct quality and satisfaction surveys: lawful based on express consent (Article 6.1(a) GDPR), or on legitimate interests (Article 6.1(f) GDPR) where the survey is linked to the service provided.
Exercise of rights and privacy management: to manage requests for the exercise of data protection rights, or any other purpose necessary to comply with personal data-protection regulations. Lawful based on compliance with a legal obligation (Article 6.1(c) GDPR).
Cookies: the use of cookies on Nomade’s Platform entails the processing of personal data of Users and other persons who access the Platform. The purposes are, on the one hand, to enable error-free browsing through the installation of technical cookies on the User’s device and, on the other, to improve the Platform’s functionalities through the information collected by analytics cookies, which will be installed on devices where Users provide their consent (Article 6.1(a) GDPR). Further information is available in Nomade’s Cookies Policy at www.nomaderevolution.com.
Compliance with legally established obligations: lawful based on compliance with a legal obligation (Article 6.1(c) GDPR).

The consents obtained for the above purposes are independent; therefore, Users may revoke any one of them without affecting the others. To revoke consent, Users may contact Nomade by email at info@nomaderevolution.com.
Where the data provided directly by Users who accept this Privacy Policy refer to other natural persons, Users warrant that they have informed those persons and obtained their prior unequivocal consent for the processing of their data in accordance with the purposes set out in this Privacy Policy. Users hold Nomade harmless from any liability arising from failure to comply with this obligation.
To use the Platform and access the Services, Users must be over 14 years of age. For minors aged 14 to 18, Nomade may require the minor’s consent, unless the law requires the assistance of the holders of parental authority or guardianship for the use of the Platform or the provision of Services in which such consent is obtained. Influencers must provide proof of such consent when requested.
Notwithstanding the foregoing, Nomade may carry out periodic verifications to confirm this fact, adopting the appropriate due-diligence measures in accordance with the applicable data-protection regulations.

6. WHO MAY ACCESS USERS’ DATA?
Where, for the provision of services or the maintenance and/or management of the business relationship, it is necessary and permitted to link the processing carried out with that of third parties, Users’ data may be communicated or shared with other companies—including, among others, collaborators or providers—for the proper development and performance of Nomade’s services or to protect the Platform’s rights, as well as with competent administrative authorities, competent courts and tribunals and/or financial institutions.
Where the transfer of Users’ personal data to third parties is required, such transfer shall be made in accordance with the applicable data-protection legislation.

7. DATA RETENTION
Users are informed that Nomade has contracted services from OVH Group SAS, whose servers are located within the European Union. Users acknowledge that their data and/or that of their legal representatives or recipients for notification purposes will be incorporated into Nomade’s relevant files in order to manage the relationship between Users and Nomade.
Personal data provided by Users will be retained only for as long as strictly necessary to fulfil the purposes for which they were collected. Thereafter, they will be retained until the expiry of the legal limitation periods for actions in which such data—or the documents containing them—may be relevant. In determining the appropriate retention period, the amount, nature and confidentiality of the personal data will be considered, together with the purposes of processing and whether those purposes can be achieved by other means.
Once Nomade no longer requires the use of Users’ personal data, such data will be deleted from its systems and records or anonymised so as not to allow the identification of Users.

8. GEOLOCATION
Some functionalities of the Platform may enable the geolocation of the device from which it is accessed or on which the Application is installed (e.g., tablets, smartphones). Each User must authorise and enable this function. If geolocation is enabled, Users may disable it directly from their device or browser settings. However, disabling this option may affect the functioning of some features of the Platform.

9. USER RESPONSIBILITY
Users warrant that they comply and will comply with the applicable data-protection and intellectual-property laws and undertake to comply with any regulations deriving therefrom.
Users warrant that the data they provide to Nomade are true, accurate, complete and up to date. To this end, Users are responsible for the truthfulness of all data they communicate and will keep the information provided duly updated so that it reflects their actual situation. In any case, Users shall be solely responsible for the truthfulness and accuracy of the information provided through the Platform and for any damages, direct or indirect, caused to Nomade or to third parties.
Nomade shall not be liable for any loss, damage or harm that Users may suffer, including, without limitation, those arising from access to services, websites, applications, advertisements, content or links of third parties available on Nomade’s Platform, nor for the results of any interaction or relationship between Users and third parties unrelated to Nomade. Nomade does not review, approve or monitor such third-party content, products or services accessible through the Platform. Use of any third-party links by Users is at their sole responsibility and risk, with Nomade being held harmless.

10. EXERCISING RIGHTS

Users have the right to exercise the following rights in relation to their personal data:
a) Right of access
They have the right to be informed whether Nomade is processing their personal data and, where applicable, to access such data and receive information on the purposes for which they are processed, the categories of data affected by the processing, the recipients to whom their personal data have been disclosed and the envisaged retention period, among other information.
b) Right to rectification and erasure
They have the right to request the rectification of inaccurate or incomplete data and the erasure of personal data when no longer necessary for the purposes for which they were collected, or when the consent on which the processing is based has been withdrawn.
c) Restriction of processing, revocation or erasure of consent, and total or partial objection to processing
In certain circumstances, they may request that the processing of their personal data be restricted. This may apply, among other cases, where the User contests the accuracy of their data or where processing is no longer necessary (Article 18 GDPR). In such cases, data will be processed only for the exercise or defence of claims, the protection of the rights of other natural or legal persons, or where there is an important public interest or a legal obligation to retain or use them, even under restriction. They also have the right to request the erasure of their personal data when no longer necessary for the purposes for which they were collected, or where the consent on which processing is based has been withdrawn. Likewise, they may object to the processing of their personal data at any time, in particular where processing is based on legitimate interests.
d) Data portability
They have the right to receive the personal data they have provided to Nomade in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from the controller to which the data have been provided, in the cases legally provided for this purpose (Article 20 GDPR).
Likewise, in the event that personal data are transferred to a third country or to an international organisation, the User has the right to be informed of how to access or obtain a copy of the appropriate safeguards relating to the transfer.
As the data subject, the User may send a request to Nomade by email to info@nomaderevolution.com, attaching a copy of their identity document, specifying the right they wish to exercise (rectification, objection, access, erasure, etc.), and, where applicable, the documentation justifying the request, at any time and free of charge. Nomade will respond without undue delay and within one month of receipt. Where necessary, considering the complexity and number of requests received from the same User, the period may be extended by a further two months. Nomade will inform the User of the extension and the reasons for it before the expiry of the initial one-month period.
Likewise, the User may lodge a complaint regarding the protection of their personal data with the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD) at C/ Jorge Juan 6, 28001 Madrid, if the data subject considers that Nomade has infringed the rights recognised by the applicable data-protection regulations.

11. SECURITY MEASURES
Nomade shall process Users’ data at all times in absolute confidence and with the duty of secrecy, in accordance with the applicable regulations, adopting reasonable technical and organisational security measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity risks to the rights and freedoms of natural persons, in compliance with Article 32 of Regulation (EU) 2016/679 (GDPR).

12. CHANGES TO THE PRIVACY POLICY
Nomade reserves the right to review and amend its Privacy Policy whenever it deems appropriate, in accordance with the legislation applicable at any given time. Any modification will be included in these terms and published on the Platform, where it will be accessible to all Users. For this reason, we recommend that you consult Nomade’s Privacy Policy periodically.

13. ACCEPTANCE AND CONSENT

The User declares that they have been informed of the conditions regarding personal data protection and accepts the content of this Privacy Policy. Nomade and the User agree to equate, for legal purposes, the User’s handwritten signature with any other type of key, code or identifying security element. Notwithstanding the foregoing, Nomade may require written confirmation from Users where it deems necessary.

Privacy Policy

Forms on the Platform, including sign-up and registration data, plan subscriptions, requests for information or services, advertisements or messages posted, or data relating to complaints and claims.

Correspondence exchanged with Users, and records of such correspondence, including emails and information about telephone communications.

Questionnaires and surveys completed by Users.

Information from the computer or device through which Users access the Platform, such as the IP address used to connect to the internet.

Contact: to manage and respond to requests made through the contact area enabled on the Platform. This processing is lawful based on the express consent given when the request is sent (Article 6.1(a) GDPR).

Users, suppliers and collaborators: to manage contractual relationships. This processing is lawful based on legitimate interests (Article 6.1(f) GDPR) for legal entities, and on performance of a contract (Article 6.1(b) GDPR) for natural persons.

To facilitate communication between Users: lawful based on performance of a contract (Article 6.1(b) GDPR), as interaction among Users is essential to Nomade’s services.

To respond to questions or requests submitted through contact forms and various communication channels: lawful based on performance of a contract (Article 6.1(b) GDPR), or on legitimate interests (Article 6.1(f) GDPR) where the query relates to service provision.

To prepare reports, statistics and internal analyses to improve the Platform’s services: lawful based on legitimate interests (Article 6.1(f) GDPR) or on performance of a contract (Article 6.1(b) GDPR), insofar as data analysis forms part of improving products and services.

To conduct quality and satisfaction surveys: lawful based on express consent (Article 6.1(a) GDPR), or on legitimate interests (Article 6.1(f) GDPR) where the survey is linked to the service provided.

Exercise of rights and privacy management: to manage requests for the exercise of data protection rights, or any other purpose necessary to comply with personal data-protection regulations. Lawful based on compliance with a legal obligation (Article 6.1(c) GDPR).

Compliance with legally established obligations: lawful based on compliance with a legal obligation (Article 6.1(c) GDPR).