Política de privacidad (Sitio web)

GENERAL INFORMATION

¿Qué son los datos personales?
Personal Data is information that makes it possible to identify a natural person. This includes in particular, your name, date of birth, address, telephone number, e-mail address, but also your IP address. Anonymous data exists if no personal reference to the user can be made.

¿Qué es el tratamiento?
Una cookie es un pequeño archivo de texto que un sitio web envía al disco duro de su dispositivo. Cada vez que vuelve al mismo sitio web, su navegador recupera y envía la(s) cookie(s) correspondiente(s) al servidor del sitio web.

Who is responsible?
The person responsible for the processing of Personal Data is Apps Do Wonders LLC, a Dallas based limited liability company. Please read this Privacy Policy together with our Cookie Policy and email us using support@twistly.ai or our Formulario de contacto si tiene alguna pregunta.

Purpose and legal basis of processing
In accordance with the TDPSA and the GDPR we need to have both a purpose and a legal basis to process Personal Data. The purposes are:

• providing the website and their functions and contents,
• responding to contact requests and communicating with our customers,
• providing our services, and
• security measures.

Of course, we can only do that if we have at least one of the following legal bases or in other words lawful reasons to do so. Unless specifically described below, we typically link the above purposes to one of the following:

• consent,
• to fulfill our services and carry out contractual obligations,
• to fulfill our legal obligations, and
• to protect our legitimate interests.

Data transfers
En determinados casos, es necesario transmitir los Datos Personales tratados en el curso del tratamiento de datos. A este respecto, existen diferentes organismos destinatarios y categorías de destinatarios.

• Service providers in the context of fulfillment processing,
• Companies that provide marketing services,
• Service providers within the scope of providing our website, and
• State authorities and institutions as far as this is required or necessary.

Our main operations are based in the USA and your Personal Data is generally processed, stored and used within the USA. In some instances, your Personal Data may be processed outside the USA. If and when this is the case, we take steps to ensure there is an appropriate level of security, so your Personal Data is protected in the same way as if it was being used within the USA. Where we need to transfer your data outside the USA, we will use approved standard contractual clauses in contracts for the transfer of Personal Data to third countries.

Security
In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. Our security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Storage and retention
Your Personal Data will be stored by us only for as long as is necessary to achieve the purposes for which the data was collected or – if statutory retention periods exist that go beyond this point and for the duration of the legally prescribed retention period. We then delete your Personal Data. Only in a few exceptional cases is your data be stored beyond this period, e.g., if storage is necessary in connection with the enforcement of and defense against legal claims against us.

What Personal Data do we process?

Log files
When you access our website, some access data is recorded automatically and stored in a log file on our website’s server. This means if you browse and simply have a look at our website, we process a) the IP address of your computer, b) the date and time of your access, c) the name and URL of the accessed file, d) the browser used, e) the amount of bytes transferred, f) the status of the page request, g) the session ID and g) the referrer URL. The legal basis for processing is our legitimate interest.

Hosting of our website
We use the hosting services of Servicios web de Amazon (AWS), for the purpose of hosting and displaying our website. AWS does so on the basis of processing on our behalf, and that also means that all data collected on our website and shop is processed on AWS’ servers.The basis for processing is our legitimate interest, and the initiation and/or fulfillment of a contract.

Content Management System
We use the open source Content Management System (CMS) of WordPress.Org to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to us is transferred to AWS. This represents a legitimate interest.

Fonts
We have integrated Google Fonts by Google. To enable the display of fonts, a connection to Google’s server is established when our website is accessed. This enables Google to determine which website sent the request and to which IP address the display of the font is to be transmitted. The integration is based on our legitimate interest.

Cookies
We use so-called cookies on our website. Cookies are small text files that are stored on your device (PC, smartphone, tablet, etc.) and saved by your browser. For further information, please refer to our Cookie Policy. The legal basis for the use of cookies is your consent as well as our legitimate interest.

Contact options
If you contact us, we process the following data from you for the purpose of processing and handling your request: first name, last name, e-mail address, and, if applicable, other information if you have provided and your message. The legal basis for the data processing is our obligation to fulfill the contract and/or to fulfill our pre-contractual obligations and/or our legitimate interest in processing your request.

When using our services
The protection of your Personal Data is particularly important to us in the performance of our contract with you and allowing you access to our add-ins (“Services”). We therefore only want to process as much Personal Data (for example, your name, address, e-mail address, or telephone number) as is absolutely necessary. Nevertheless, we rely on the processing of certain Personal Data, to fulfil our contractual obligations to you or to carry out pre-contractual measures and in the context of administrative tasks as well as the organisation of our business and compliance with legal obligations, such as archiving.

As mentioned above, we process the Personal Data involved in your use of our Services(“Service Data”) in order to be able to provide our services. We recognise that you own your Service Data and provide you with complete control of your Service Data by providing you the ability to (i) access your Service Data, (ii) share your Service Data through supported third-party integrations, and (iii) request export or deletion of your Service Data.

Garantizamos que el acceso de nuestros empleados a sus datos sólo esté disponible en función de la necesidad de conocerlos, restringido a personas concretas y registrado y auditado. Comunicamos nuestras directrices de privacidad y seguridad a nuestros empleados y hacemos cumplir estrictamente las salvaguardias de privacidad y protección.

We process your Service Data as Data Processor or in other words on behalf of you, and will only do so in accordance with your instructions and use it only for the purposes agreed between you and us. We also take appropriate legal precautions and corresponding technical and organisational measures to ensure the protection of your Service Data. For further information, please also refer to our Privacy Policy (Add-in) and Data Processing Addendum.

Gestión de datos
Para una óptima atención al cliente y gestión de los datos, utilizamos los mismos datos que procesamos en el curso de la prestación de nuestros servicios contractuales y los almacenamos en nuestra propia plataforma de atención al cliente apoyada por HelpScout. Este tratamiento de datos se basa en nuestro interés legítimo en prestar nuestro servicio al cliente.

Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as organization of our business, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are our legal obligations and our legitimate interest.

Analytics
For business reasons, we analyse the data we have on web and server traffic patterns, website interactions, browsing behaviour, etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarised and/or anonymised values (“Aggregated Data”). Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy. For this purpose we use Google Analytics from Google. En legal basis is our legitimate interest and your consent. For further information on our use of Google Analytics, please refer to our Cookie Policy.

Direct marketing in the context of a customer relationship
Insofar as you have also given us separate consent to process your data for marketing and advertising purposes, We are entitled to contact you for these purposes via the communication channels you have ticked in this consent.

OTHER USES OF YOUR PERSONAL DATA

We may also collect, store, and use your Personal Data for the following purposes:

• to operate, manage, develop, and promote our business and, in particular, our relationship with you and related transactions, including, for example:
  • marketing purposes (when we have either gathered prior opt-in consent and/or have a legitimate interest to send you communications which we believe to be relevant and of use to you);
  • to operate, administer, and improve our website and other aspects of the way in which we conduct our business;
  • to offer you our blog;
  • to provide you with services or information that you may have requested; and
  • to keep you informed and updated on relevant topics or services you may be interested in.
• to protect our business from fraud, money laundering, breach of confidence, theft of proprietary materials, and other financial or business crimes;
• to comply with our legal and regulatory obligations, bring and defend legal claims and assert legal rights; and
• if the purpose is directly connected with an assigned purpose previously made known to you.
  

We will only process your Personal Data as necessary so that we can pursue the purposes described above and where we have a legal basis for such processing. Where our lawful basis for processing is that such processing is necessary to pursue our legitimate interests, we will only process your Personal Data where we have concluded that our processing does not prejudice you or your privacy in a way that would override our legitimate interest. In exceptional circumstances, we may also be required by law to disclose or otherwise process your Personal Data.

LINKED SITES

For your convenience, our website may contain hyperlinks to other websites. We are not responsible for the privacy practices of linked websites or companies that are not owned or controlled by us, and this Privacy Policy does not apply to them. The links on our website may collect additional information in addition to the information we collect.

We do not endorse any of these linked websites, their products, services, or any content on their websites. We encourage you to read the privacy policies of each linked website you visit to understand how the information collected about you is used and protected.

SOCIAL MEDIA

We are present on social media based on our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint responsibility agreement. The Personal Data collected when you contact us is used to process your request, and the basis for this is both your consent and our legitimate interest.

SUS DERECHOS Y PRIVILEGIOS

Derecho a la intimidad
En virtud de la TDPSA, puede ejercer los siguientes derechos:

• Derecho a saber
• Derecho de rectificación
• Derecho de supresión
• Derecho a la no discriminación
• Derecho a no participar en la venta

En virtud del GDPR, puede ejercer los siguientes derechos:

• El derecho de acceso;
• Derecho de rectificación;
• El derecho al borrado;
• Derecho a restringir el tratamiento;
• Derecho a oponerse al tratamiento;
• Derecho a la portabilidad de los datos;

Actualizar sus datos y retirar su consentimiento
Si cree que la información que tenemos sobre usted es inexacta o solicita su rectificación, supresión u oposición al tratamiento por interés legítimo, póngase en contacto con nosotros.

Solicitud de acceso
In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

Lo que no hacemos

• No solicitamos Datos Personales de menores ni de niños;
• No tratamos datos de categoría especial sin obtener previamente un consentimiento específico;
• No utilizamos la toma de decisiones automatizada, incluida la elaboración de perfiles.
• No vendemos sus Datos Personales.

Derecho a reclamar
Tiene derecho a presentar una reclamación sobre nuestro tratamiento de Datos Personales ante una autoridad supervisora responsable de la protección de datos. No obstante, le agradeceríamos que nos diera la oportunidad de resolver sus dudas antes de ponerse en contacto con cualquier autoridad supervisora.

Notificación y violación de datos
Las bases de datos o los registros que contengan Datos Personales pueden ser violados accidentalmente o mediante una intrusión ilícita. Tan pronto como tengamos conocimiento de una violación de datos, lo notificaremos a todas las personas afectadas cuyos Datos Personales puedan haberse visto comprometidos, y la notificación irá acompañada de una descripción de las medidas que se adoptarán para reparar el daño causado por la violación de datos. Las notificaciones se enviarán lo antes posible una vez descubierta la violación.

DISPOSICIONES ESPECÍFICAS PARA EE.UU.

Lo siguiente se aplica a los usuarios ubicados en otros lugares de Estados Unidos. Aunque entendemos y apreciamos que las leyes de privacidad y protección de datos de los consumidores difieren, ya que están sujetas a la legislatura de cada estado y que no existe un marco de protección de datos similar al GDPR de la UE a nivel federal, nos comprometemos a seguir y aplicar las normas y reglamentos de privacidad pertinentes para su estado.

En el momento de la redacción, los siguientes Estados habían promulgado leyes de protección de la intimidad y de los datos de los consumidores: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregón, Tennessee, Utah y Virginia. Teniendo en cuenta las similitudes de las disposiciones anteriores, no debería surgir ningún conflicto si se persigue un enfoque uniforme que conceda a todos los usuarios de EE.UU. los mismos derechos y privilegios que se han expuesto anteriormente. No obstante, en caso de ambigüedad, se ha optado por la disposición más estricta para garantizar el enfoque más completo en lo que respecta a la protección de sus Datos Personales.

Además, también se aplica lo siguiente

1. “Brilla la luz”
   “La ley ”Shine the Light’ (Sección 1798.83 del Código Civil) nos obliga a responder a las solicitudes de California que pregunten sobre las prácticas de la empresa relacionadas con la divulgación de Datos Personales a terceros para fines de marketing directo de dichos terceros. Puede realizar una solicitud sobre nuestra recopilación y divulgación de sus Datos Personales utilizando los datos de contacto proporcionados.
2. COPPA (Ley de Protección de la Privacidad Infantil en Internet)
   Cuando se trata de la recogida de datos personales de niños menores de 13 años, la Ley de Protección de la Privacidad Infantil en Internet (COPPA) pone a los padres al mando. La Comisión Federal de Comercio, la agencia de protección del consumidor de Estados Unidos, hace cumplir la norma COPPA, que establece lo que los operadores de sitios web y servicios en línea deben hacer para proteger la privacidad y la seguridad de los niños en línea. No comercializamos específicamente con niños menores de 13 años.
3. Ley CAN SPAM
   La Ley CAN-SPAM es una ley que fija las normas para el correo electrónico comercial, establece requisitos para los mensajes comerciales, otorga a los destinatarios el derecho a que se les impida el envío de correos electrónicos y establece duras sanciones en caso de infracción. Para estar en conformidad con CAN SPAM, aceptamos lo siguiente: Si en cualquier momento desea darse de baja para no recibir más correos electrónicos, puede enviarnos un correo electrónico y le eliminaremos de TODA la correspondencia.
4. Ley de Protección del Consumidor Telefónico (TCPA)
   Si tratamos sus Datos Personales con el fin de enviarle comunicaciones de marketing por SMS, puede gestionar la recepción de nuestras comunicaciones de marketing y no transaccionales respondiendo o enviando el mensaje ‘STOP’ si recibe nuestras comunicaciones por SMS. A este respecto, el tratamiento de datos se realiza únicamente sobre la base de nuestro consentimiento en publicidad directa personalizada por SMS.
5. Controles de las funciones "No seguir".
   La mayoría de los navegadores web y algunos sistemas operativos y aplicaciones para móviles incluyen una función o configuración de No rastrear (‘DNT’) que puede activar para indicar su preferencia de privacidad para que no se controlen ni recopilen datos sobre sus actividades de navegación en línea. Por el momento, no se ha ultimado ninguna norma tecnológica uniforme para reconocer y aplicar las señales DNT. Por ello, nuestro sitio web no responde actualmente a las señales DNT del navegador ni a ningún otro mecanismo que comunique automáticamente su elección de no ser rastreado en línea. Si en el futuro se adopta una norma para el rastreo en línea que debamos seguir, le informaremos sobre dicha práctica en una versión revisada de esta política.
6. Derecho a reclamar
   Por último, y en relación con el derecho a presentar una reclamación ante una autoridad de control. Usted tiene derecho a presentar una reclamación sobre nuestro tratamiento de Datos Personales ante una autoridad supervisora responsable de la protección de datos. Los usuarios con sede en los Estados antes mencionados pueden presentar una reclamación ante la fiscalía o la oficina del fiscal general correspondiente. No obstante, le agradeceríamos que nos diera la oportunidad de abordar sus preocupaciones antes de ponerse en contacto con cualquier autoridad de control.