Important notice: The event website (www.sme-innovation-associate.eu) is related to a workshop organised by CARSA in collaboration with the European Commission, DG GROW – Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs and EASME — the Executive Agency for Small and Medium-sized Enterprises. Hence, for practical reasons, by registering to the workshop you agree that CARSA share the submitted registration data with DG GROW and EASME.
Personal Data CARSA Collects
We may collect data, including Personal Data (as defined below), about you as you use our website and Services and interact with us. “Personal Data” means any data relating to an identified or identifiable individual, including, for example, your first and last name, email address, and phone number.
Personal Data You Provide to CARSA
You may provide us with certain categories of Personal Data when you:
- Complete and submit forms on our website
- Download white papers or other CARSA content
- Register for webcasts, seminars, conferences, etc. sponsored by CARSA or a partner
- Subscribe to our newsletters or other CARSA content-related materials
- Register for support, courses, training or education
- Provide us with feedback or contact us via phone, email, social media or otherwise
- Participate in a survey
- Submit a job application via our website
- Use community forums on our website
- Purchase CARSA products or services.
Personal Data Collected Automatically
CARSA’s website uses automatic data collection tools, such as cookies and web beacons. These tools automatically collect the following:
- Technical information including, but not limited to, browser type, operating system, device information, IP address, domain name, referral URL, time zone setting, and/or a time-stamp for your visit.
- Usage information including, but not limited to, geographic location information (such as your country or state), the numbers and frequency of visitors to our site, page views, unique page views, video views, form conversions, and your clickstream behavior (e.g. clicking links to, through and from our website).
How CARSA Uses Personal Data
CARSA uses the Personal Data we collect for two main purposes: (1) to operate our business and provide the Services, and (2) to send communications, including marketing communications. For example, we may use Personal Data to:
- Respond to your requests and questions for certain products and services
- Administer and provide our website and Services
- Customize the content and advertising you see on our website
- Communicate with you about specials, sales offers and new products
- Send notifications regarding to our company, Services and changes to our terms and conditions
Data Collected for CARSA Customers
Our Services are offered and designed primarily for use by organizations. When a Customer purchases, uses or subscribes to our Products, or obtains support for such products, CARSA collects certain categories of data (each as defined below) that may include Personal Data in order to provide the Services:
“Administrative Data” is data related to employees or representatives of Customer (each an “Account Administrator”) that is collected and used by CARSA in order to administer or manage CARSA’s delivery of the Services, or the Customer’s account. Administrative Data may include Personal Data such as the first and last name, email address, professional title, company name, address, city and password an employee or representative of Customer provides.
CARSA uses Administrative Data to contact Account Administrators to provide information about a Customer’s account, subscriptions, billing and updates to the Services, including information about security, support and maintenance.
“Payment Data” is data related to Customer’s financial health that a Customer provides to CARSA in connection with making a purchase or entering into an agreement for Services.
CARSA uses Payment Data to complete transactions, as well as to detect and prevent fraud.
Disclosure of Personal Data
CARSA may share Personal Data with third parties for the purposes described below:
- CARSA Affiliates and Subsidiaries: we share Personal Data among CARSA-controlled affiliates and subsidiaries.
- Vendors and Agents: CARSA may share Personal Data with CARSA’s contracted vendors and agents working on our behalf to provide Services, including performing customer support and cloud service providers such as storage providers. In such cases, these vendors and agents must abide by our data privacy and security requirements, are not allowed to use Personal Data they receive from us for any other purpose, and we require them to agree to maintain the confidentiality of Personal Data.
- Suppliers: Certain CARSA products incorporate software provided by third party suppliers. In some cases CARSA may be required to report on sales of such products incorporating such software to those third party suppliers, and this reporting may include your Personal Information solely to the extent needed to document such sales. CARSA requires its third party suppliers to treat any such information as confidential.
- Business Transfers: In some cases, we may choose to buy or sell assets or become involved in a merger, acquisition or similar transaction. In these types of transactions, customer information (that may include Personal Data) is typically one of the assets that is transferred.
- Protection of CARSA and Others: We may disclose or share Personal Data and other information, if we believe in good faith that such disclosure or sharing is legally required, or is necessary to protect our legal rights (including, but not limited to, our intellectual property rights and enforcement of our agreements), the legal rights of others, or the safety and/or security of CARSA, our employees, our customers, or other users.
Accessing and Managing Personal Data
CARSA offers choices regarding the collection, use and sharing of Personal Data. You may manage your receipt of marketing and non-transactional communications by following the directions in that communication. You can also cancel your subscription or modify your data by sending an email to firstname.lastname@example.org. CARSA retains Personal Data for as long as your account is active or as needed to provide you Services as well as is necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
Transfer, Processing and Storage of Personal Data
CARSA is a global company with partners and customers located in many different countries around the world. Personal Data collected by CARSA may be stored and processed in the United States or anywhere CARSA or its affiliates, subsidiaries or service providers maintain facilities. CARSA transfers Personal Data from the European Economic Area and Switzerland to other countries globally. When we do so, we use a variety of lawful transfer mechanisms, including contracts, to comply with applicable law.
Security of Personal Data
The security of your Personal Data is important to us. CARSA implements administrative, physical, and technical safeguards to protect your Personal Data from unauthorized access, use, modification, or disclosure. Please be aware that no security measures can wholly eliminate security risks associated with Personal Data; keep this in mind when disclosing any sensitive information to us. Please do not disclose your website login credentials to unauthorized users. You are responsible for the security of your login credentials and for any activity that occurs under your account with us. If CARSA learns of a breach of its systems, we may notify you and others in a manner that is consistent with applicable law and/or as agreed by us in writing.
Retention of Personal Data
CARSA retains Personal Data for as long as necessary to provide the Services, to comply with our business requirements, legal obligations, resolve disputes, protect our assets and enforce our agreements.
Personal Data Dissemination
With the specific aim of providing you with our service, we are forced to share your personal data with other companies of Innovalia Group/Grupo Innovalia, so as to centralize our administrative tasks. Particularly, Innovalia Group centralizes the treatment of personal data agreeing with our internal policy, whose purpose is to ensure that any treatment assignment given by third parties is performed with the highest guarantee and according to the current applicable legal regulations.
Data Subject’s Rights According to the GDPR
According to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) you are endowed with the following rights:
- Right of access. You shall have the right to confirm that we are treating your personal data and, if yes, to obtain a copy of the mentioned data and full information on the treatment.
- Right of rectification. You shall have the right to correct any inaccurate or incomplete data concerning you, and to ensure the certainty of this data.
- Right to erasure. You shall have the right to obtain the data erasure without undue delay, where the personal data have been unlawfully processed or where purpose for which they where collected does not longer exist.
- Right to restriction of processing. You shall have the right to obtain the restriction of processing where the use of your personal data is unlawful or where the accuracy of your personal data is contested.
- Right to object. You shall have the right to object to processing of your personal data where the mentioned data are processed for direct marketing purposes or on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
- Right no to be subject of individual decision-making. You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly significantly affects you, unless the decision is necessary performance of a contract between you and us, it is authorized by Union or Member State law, or you have given your explicit consent.
Due to the nature of our services and the purpose of the treatment and collection of your data, the right to portability shall not be applied. So as to excercise the right to portability, please send an email to data_protection (at sign) carsa (dot) es (email@example.com).
In your enquiry you have to clearly indicate your identity, with indication of, at least, the full name and email address that you provided when purchasing or registering at CARSA, and the right or rights that you are excercising.
The excercise of these rights is free of charge, unless the requests are excessive or manifestly unfounded, where you would have to bear the costs of processing the enquiry.
Links to Third Party Websites
CARSA offers individuals the opportunity to interact and publish content via discussion forums, blogs, and other means on our website (“Online Communication Tools”). If you use such Online Communication Tools, any information that you disclose becomes publicly available, and could be used to contact you, to send you unsolicited messages, or for purposes neither CARSA nor you have control over. Your use of certain Online Communication Tools may be subject to additional terms and conditions. CARSA is not responsible for the Personal Information or any other information you choose to submit or publish via these Online Communication Tools.
Collection of Data From Children
CARSA does not knowingly collect Personal Data from individuals under the age of thirteen (13) or the applicable age of consent in your country. If you believe that CARSA may have collected Personal Data from someone under the applicable age of consent, please email firstname.lastname@example.org.