TERMS AND CONDITIONS
1. GENERAL INFORMATION ON THE COLLECTION OF PERSONAL DATA
GrayLab places great importance on protecting your personal information. This privacy policy explains how GrayLab uses and protects personal data collected through https://graylab.es/ (GrayLab's website).
By personal data we mean any information that identifies a person, such as name, address, e-mail address, IP address, etc. Your personal data will only be processed in accordance with the provisions of the European Union's General Data Protection Regulation (GDPR) and other applicable EU and national data protection laws.
The collection of personal data only occurs after you have given your consent or where the processing is permitted by law. The following provisions inform you about the type, scope and purpose of the collection and processing of your personal data.
If we use external service providers for specific services or your data for advertising or analysis purposes, we will inform you in detail about the respective processes. In addition, we will inform you about the specific criteria and duration of data storage. You will also be informed about your rights in connection with any data processing.
This privacy policy applies exclusively to our GrayLab website. If you are redirected via links from our website to third-party websites, please refer to their respective data processing policies.
2. CONTACT INFORMATION OF THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER
The responsible person under the GDPR and other applicable data protection laws within the EU (“Data Controller”) is GrayLab. If you have questions, suggestions or concerns about privacy on our website, please contact us at: info@graylab.es.
In addition, anyone may contact our Data Protection Officer at any time with questions or suggestions regarding data protection. You can contact the officer by writing to the e-mail address provided above.
3. LEGAL BASES AND DURATION OF DATA RETENTION
3.1. Legal bases for processing personal data
-
If we obtain your consent to the processing of personal data, Article 6(1)(a) of the GDPR serves as the legal basis. Any consent can be revoked by you with future effect.
-
If the processing of personal data is necessary for the performance of a contract with you or your company, the legal basis is Article 6(1)(b) GDPR. This also applies to pre-contractual measures.
-
If the processing of your personal data is necessary to fulfill one of our legal obligations, Article 6(1)(c) GDPR serves as the legal basis.
-
If the processing is necessary to safeguard the legitimate interests of our company or a third party, and your interests, rights and freedoms do not override these legitimate interests, Article 6(1)(f) GDPR serves as the legal basis.
3.2. Duration of storage and deletion of data
The personal data we collect, process and store is only retained for as long as necessary for the specific purpose that requires its storage. Once that purpose is no longer relevant, your data is deleted or its processing is restricted.
However, European regulations, applicable national laws or other legislation may require a longer retention period for the data we process. Once such retention periods expire, we will delete the data or restrict its processing.
4. YOUR RIGHTS
With regard to our processing of your data, you are the “data subject” within the meaning of the GDPR. As a data subject, you have the following rights with respect to GrayLab:
4.1 Right to information about the processing
At any time, within the scope of the statutory provisions, you may request confirmation as to whether we are processing your personal data. In such a case, you have the right to request information about the scope of the processing (see Article 15 GDPR).
4.2. Right of rectification
You have the right to rectify and/or supplement your data with GrayLab if the personal data we process is incorrect or incomplete (see Article 16 GDPR).
4.3. Right to restriction of processing
You have the right to request the restriction of the processing of your data under certain conditions (see Article 18 of the GDPR).
4.4. Right to erasure (“right to be forgotten”)
You may request that GrayLab delete your personal data without undue delay, given certain conditions. The right of erasure does not apply if the processing is necessary (see Article 17 of the GDPR).
Si el tratamiento de datos personales se realiza con fines de marketing directo, tiene derecho a oponerse al tratamiento de sus datos personales para tales fines en cualquier momento (véase el artículo 21.2 del RGPD).
Puede informarnos de su oposición a través de los siguientes datos de contacto: info@graylab.es.
4.5. Right to be informed
If you have exercised your right to rectification, erasure or restriction of processing with GrayLab, we will notify all recipients to whom the personal data was disclosed of such rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort (see Article 19 of the GDPR).
4.6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to GrayLab, in a structured, commonly used and machine-readable format. In addition, you have the right to transfer this data to another company without obstruction by GrayLab under certain conditions (see Article 20 of the GDPR).
4.7. Right to object
You have the right to object, at any time, to the processing of personal data concerning you pursuant to Article 6(1)(f) of the GDPR based on your particular situation (see Article 21(1) of the GDPR). As a result of the objection, GrayLab will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims.
4.8. Right to withdraw consent
If you have given us a declaration of consent, you may withdraw it at any time (see Article 7 of the GDPR). The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.
4.9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data constitutes a breach of the GDPR (see Article 77 of the GDPR).
5. VISITING THE GRAY LAB WEB SITE AND CREATING LOG FILES
Each time you visit the GrayLab website, our system automatically collects data and information from your computer. Specifically, the following data is collected:
-
Information about your browser
-
Information about your operating system
-
Information about your Internet service provider
-
Your IP address
-
The date and time of your visit to our website
-
Information about the website from which your system accessed our website
-
Information about the pages your system accessed through our website
The data collected above is stored in log files within our system. This data is not stored together with other personal data.
The legal basis for storing the data and log files is Article 6(1)(f) of the GDPR. We have a legitimate interest in collecting and temporarily storing this information, as the temporary storage of the IP address is necessary for the website to load correctly on your device.
The storage of log files is done to ensure the functionality of our website. In addition, this data is used to optimize our website and to ensure the security of our computer systems. No evaluation of log files is carried out for marketing purposes.
6. NEWSLETTER
6.1. Newsletter publication
When you create an account, you have the option to subscribe to a free newsletter. With your consent, our newsletter will keep you informed about logistical updates, tips, events and services offered by Gray Lab. The data you enter when subscribing to the newsletter is transmitted to us via the user interface. This data typically includes
-
Your email address
-
Your first name
We need your e-mail address to send you the newsletter and to verify your identity and consent.
6.2. Transmission to third parties
Our newsletters are distributed through Wix, a website management platform. We use the services of Wix under a data processing agreement. Wix may use pseudonymized data of recipients, which means that the data cannot be linked to an individual user, to optimize or improve its services (e.g. for technical optimization of newsletter delivery and presentation or for statistical purposes). However, Wix does not use the data of recipients to contact them directly or share it with third parties.
Wix also processes your personal information in the United States under the EU-US Privacy Shield:
Wix is used on the basis of our legitimate interest and in accordance with Article 6(1)(f) of the GDPR. If you unsubscribe or revoke your consent, we will instruct Wix to delete your data. You can view Wix's privacy policy here: https://www.wix.com/about/privacy.
7. CONTACT WITH GRAY LAB
Processing by GRAY LAB:
We have provided an e-mail address on our website that you can use to contact us (info@graylab.es). If you send us an email, we will store your email address as well as any other data you provide.
The lawful basis for processing is Article 6.1(b) and (f) of the GDPR, as the contact could be the initiation of a contract, but GRAY LAB also has a legitimate interest in processing your data to respond. The data will be deleted once it is no longer necessary for the purpose of collection, and such deletion does not conflict with any legal or contractual archiving obligations. The conversation ends when it can be inferred from the circumstances that the matter has been resolved.
When sending your message, the following data may also be stored:
-
Your IP address
-
The date and time of your contact
This additional personal data is processed for the purpose of preventing misuse of e-mail communication and protecting our IT systems. Additional personal data collected during the sending process will be deleted at the latest 7 days after collection. The data is processed exclusively for the purpose of managing the conversation. The legal basis for processing this data is Article 6.1(b) or (f) of the GDPR.
8. USE OF COOKIES
In addition to the data mentioned above, when you use the GRAY LAB website (graylab.es), several types of cookies will be used and stored on your device. Cookies are small text files that are stored on your computer or mobile device when you visit the GRAY LAB website. Through the use of cookies, we collect various information.
We use the following types of cookies:
Essential cookies: these cookies are necessary for the proper functioning of our website. For example, we can tell if you have visited our website before.
Functional cookies: We use cookies to provide a more user-friendly experience that would not be possible without them.
Personalization cookies: These cookies help us tailor the information and promotions we offer on our website to your needs. They allow us to identify you when you visit our site, making your experience more seamless.
These cookies may be used to analyze website usage, such as tracking how many users visit the site and which areas need improvement. However, this analysis does not link any personal information to the statistics generated. Analytics Cookies:
We will retain the data collected by cookies for as long as necessary to fulfill the specific purpose for which they were collected.
Cookies are stored on your device and you can delete them at any time. You can also decide, through your browser settings, whether to disable, limit or completely eliminate the use of cookies. If you disable all cookies for our website, you may not be able to use all of its features completely. For more information on how to manage and disable cookies in your browser, please refer to the following links:
-
Safari
-
Google Chrome
-
Internet Explorer / Edge
-
Firefox
9. USE OF GOOGLE ANALYTICS
The GRAY LAB website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to analyze your use of the GRAY LAB website. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google servers in the United States. However, your IP address will be anonymized on our website and truncated beforehand within EU member states or in other countries that are part of the European Economic Area agreements. Only in exceptional cases, the full IP address will be sent to Google servers in the USA and truncated there. On behalf of the website operator, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage.
In exceptional cases where personal data is transferred to the USA, Google adheres to the framework of the Privacy Shield between the EU and the USA (Privacy Shield).
The use of Google Analytics is justified in accordance with Article 6.1(a) of the GDPR, where we obtain your prior consent, and Article 6.1(f) of the GDPR, as GRAY LAB has a legitimate interest in analyzing and improving the use of the website.
You can prevent the storage of cookies by configuring your browser settings. However, please note that in that case you may not be able to use all functions of the GRAY LAB website. You can also prevent the collection of data generated by cookies related to your use of the website (including your IP address) by downloading and installing the Google Analytics opt-out add-on: Google Opt-out.
We will process your data only for the time necessary for the purpose of its collection (in this case, statistics and their evaluation). Data related to cookies and unique identifiers will be automatically deleted after 14 months. The deletion of data after the expiration of the retention period will take place on a monthly basis.
For more information on terms of use and privacy, please visit: Google Analytics Privacy.
10. LINKS TO SOCIAL NETWORKS AND ADDITIONAL PROGRAMS
10.1 General Information
We use the following links to Gray Lab social media profiles on our website. By clicking on each respective link, there will be no automatic exchange or transfer of personal data to the social media providers, unless otherwise stated. Only when you click on the respective links, which will open a pop-up window, and enter your login credentials (or if you are already logged in), the data will be processed exclusively by the respective social media platforms.
You can control the data you share on social networks through the privacy settings available on most platforms. For more information on how to customize your privacy settings and how these platforms handle your personal information, please refer to the following:
10.2. Facebook
We have a link to Facebook (“Facebook”), operated by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, U.S.A. When you click on the link, a connection will be established between your browser and Facebook. You can find information on the collection, processing and use of data by Facebook, as well as your rights and options for protecting your privacy, in Facebook's privacy policy: Facebook Privacy.
10.3. Instagram
We also have a link to Instagram, provided by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, U.S.A. The link is identified with the Instagram logo. By clicking on it, your browser will connect directly to Instagram's servers. For more information about data collection, processing and use, as well as your privacy rights and choices, please refer to Instagram's privacy policy: Instagram Privacy.
10.4. LinkedIn
We also provide a link to LinkedIn, operated by LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, California 94085, U.S.A. When you click on the link, a connection will be established between your browser and LinkedIn's servers. For information about LinkedIn's collection, processing and use of data, as well as your privacy rights and choices, please refer to LinkedIn's privacy policy: LinkedIn Privacy.
11. DISCLOSURE TO THIRD PARTIES
11.1. General Information
As a general rule, we only share your personal data with service providers, business partners, affiliated companies and other third parties within the applicable framework of data protection laws.
We may disclose personal information to service providers engaged by us to perform a service on our behalf (data processing). These service providers may include Gray Lab affiliated companies or third party vendors. In this process, we strictly comply with national and European data protection laws. Service providers are subject to our instructions and to strict contractual restrictions regarding the processing of personal data. Therefore, such processing is only permitted to the extent necessary to perform the service on our behalf or to comply with legal requirements. We determine in advance the rights and obligations that our suppliers must have with respect to personal data.
We may disclose personal information to third parties if required to do so by law or legal process, or to provide and manage our products and services. We may also be required to provide information to law enforcement agencies or other authorities. If sharing information is necessary for Gray Lab's cooperation and provision of services, or if you give your consent, we may also disclose information. When audits are conducted, disclosure of information is generally unavoidable.
We may share personal data, such as your name, contact information and order history, with your sponsor or online upline to assist you and help you grow your business.