Imagen de reemplazo

Privacy Policy

Details of our privacy policy, second level

INDEX

  1. Purpose of the Privacy Policy
  2. Definitions
  3. Identity of the Data Controller
  4. Applicable laws and regulations
  5. Principles applicable to the processing of personal data
  6. Safety measures
  7. Processing purposes
  8. Legitimacy of the treatment
  9. Recipients of your data
  10. Data processing activities performed
  11. Personal data of minors
  12. Origin and types of data processed
  13. Rights of interested parties
  14. Acceptance

1.-POLICY OBJECTIVE

The purpose of this “Privacy Policy and Data Protection” is to inform you about the conditions that govern the collection and processing of your personal data by MEDIA INVESTMENT OPTIMIZATION, S.A in order to safeguard fundamental rights, honor, and freedoms, all in compliance with current regulations governing the Protection of Personal Data according to the European Union and the Spanish Member State.

In accordance with these regulations, we need to have your authorization and consent for the collection and processing of your personal data, so below, we indicate all the details of interest to you regarding how we perform these processes, for what purposes, that other entities may have access to your data and what your rights are.

For all of the above, once you have reviewed and read our Data Protection Policy, it is imperative that you accept it as proof of your agreement and consent.

DEFINITIONS

  • “Personal data”:All information about an identified or identifiable natural person (“the website user”) shall be considered an identifiable natural person if their identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  • «Treatment»:any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • “Limitation of processing”:the marking of personal data retained for the purpose of limiting their processing in the future.
  • «Profiling»:any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
  • “Pseudonymization:the processing of personal data in such a way that the data can no longer be attributed to an individual without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
  • «File»:any structured set of personal data, accessible according to specific criteria, whether centralized, decentralized, or distributed in a functional or geographical manner.
  • “Data controller” or “data controller”:the natural or legal person, a public authority, service, or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • «Processor» or «data processor»:the natural or legal person, public authority, department or other body processing personal data on behalf of the controller.
  1. «Recipient»:the natural or legal person, public authority, service or other body to whom personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by such public authorities shall be in accordance with the data protection rules applicable to the purposes of the processing.
  • «Third party»:a natural or legal person, public authority, agency or body other than the data subject, the data controller, the data processor, and the persons who, under the direct authority of the data controller or processor, are authorized to process personal data.
  • «Consent of the data subject»:any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • «Security breach of personal data»:any breach of security resulting in the destruction, loss, or accidental or unlawful alteration of personal data transmitted, stored, or otherwise processed, or the unauthorized communication or access to such data;
  • «Genetic data»:personal data concerning the inherited or acquired genetic characteristics of a natural person that provide unique information about the physiology or health of that person, obtained in particular from the analysis of a biological sample from such person.
  • «Biometric data»:personal data obtained through specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person that allow or confirm the unique identification of that person, such as facial images or fingerprint data.
  • «Health data»:personal data concerning the physical or mental health of a natural person, including the provision of healthcare services, which reveal information about their health status.
  • «Principal establishment»:a)in the case of a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing are made in another establishment of the controller in the Union and this other establishment has the power to implement such decisions, in which case the establishment that has made such decisions shall be considered the main establishment;b)in the case of a processor with establishments in more than one Member State, the place of its central administration in the Union or, if it has none, the establishment of the processor in the Union where the main processing activities in the context of the activities of a processor’s establishment are carried out to the extent that the processor is subject to specific obligations under this Regulation.
  • «Representative»:a natural or legal person established in the Union who, designated in writing by the controller or processor pursuant to Article 27 of the GDPR, represents the controller or processor with regard to their respective obligations under this Regulation.
  • «Enterprise»:a natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations regularly carrying out an economic activity.
  • «Supervisory Authority»:the independent public authority established by a Member State in accordance with the provisions of Article 51 of the GDPR. In the case of Spain, it is the Spanish Data Protection Agency.

Data Protection Authorities (other European countries):

Other International Data Protection Authorities :

  • “Cross-border treatment”:a)the processing of personal data carried out in the context of the activities of establishments in more than one Member State by a controller or processor in the Union, where the controller or processor is established in more than one Member State, orb)the processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
  • «Information society service»:any service provided normally for remuneration, at a distance, by electronic means, and at the individual request of a recipient of services.

3.-IDENTITY OF THE DATA CONTROLLER

Who collects and processes your data?

The Data Controller is the natural or legal person, of a public or private nature, or administrative body, which alone or jointly with others determines the purposes and means of the processing of personal data; in the event that the purposes and means of the processing are determined by the law of the European Union or of the Spanish Member State.

In this case, our identification data as Data Controller are the following:

MEDIA INVESTMENT OPTIMIZATION, S.A CIF A87668190

How can you contact us?

  • Postal and office address: Calle Alfonso XI No. 3. 28014, Madrid (Madrid), Spain
  • Registered office: Calle Alfonso XI Nº 3. 28014, Madrid (Madrid), Spain
  • Email: madrid@miogroup.com- Telephone: +34 902 333 654

Who can help you with our Data Protection Policy?

We have a person or entity specialized in data protection, which is responsible for ensuring proper compliance in our entity of the legislation and regulations in force. This person is called the Data Protection Officer (DPO) and, if needed, can be contacted as follows:

Auratech Legal– VAT number B87984621
Email: dpo@mio.es- Telephone: 34 91 1134963

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed based on the following data protection laws and regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter RGPD.
  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce. Hereinafter LSSICE.

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

Personal data collected and processed through this Web site will be treated in accordance with the following principles:

  • Principle of lawfulness, fairness, and transparency:All processing of personal data carried out through this website will be lawful and fair, with it being entirely clear to the user when their personal data is being collected, used, accessed, or processed. Information regarding the treatments performed shall be transmitted in advance, easily accessible and easy to understand, in simple and clear language.
  • Principle of purpose limitation:All data will be collected for specific, explicit, and legitimate purposes, and will not be further processed in a manner that is incompatible with the purposes for which they were collected.
  • Data minimization principle:The data collected will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Principle of accuracy:Data shall be accurate and, where necessary, kept up to date, taking all reasonable steps to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  • Principle of storage limitation:Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Principle of integrity and confidentiality:Data shall be processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.”
  • Principle of proactive accountability:The entity owning the website shall be responsible for complying with the principles set out in this section and shall be able to demonstrate such compliance.

6.-SAFETY MEASURES

What do we do to ensure the privacy of your data?

MIO has taken all the required measures to protect personal data; likewise, MIO has adopted the available technical measures to prevent data loss, unfair use, alteration, unauthorized access or data theft. However, the user should bear in mind that Internet security measures are not completely indestructible.

MIO adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, avoid its alteration, loss, treatment or unauthorized access, depending on the state of the technology, the nature of the data stored and the risks to which they are exposed.

Among others, the following measures stand out:

  • Guarantee:
    • Confidentiality: The information processed by MIO will be made available or disclosed exclusively to authorized persons at the time and by the means established.
    • Integrity: The information processed by MIO will be complete, accurate and valid, and the content will be provided by the parties concerned and will be subject to no manipulation of any kind.
    • Availability :The information processed by MIO will be accessible and usable by authorized persons at any given time, guaranteeing its persistence against any eventuality.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.
  • Pseudonymize and encrypt personal data, in case of sensitive data.

MIO assumes responsibility for supporting and promoting the establishment of the necessary organizational, technical, and control measures to comply with the above security guidelines.

On the other hand, MIO manages information systems according to the following principles:

  • Principle of regulatory compliance:All information systems will comply with the legal, regulatory, and sectoral regulations applicable to information security, especially those related to the protection of personal data, system security, data, communications, and electronic services.
  • Principle of risk management:Risks will be minimized to acceptable levels, and a balance will be sought between security controls and the nature of the information. Security objectives should be established, be reviewed and be consistent with the information security aspects.
  • Principle of awareness and training:Training programs, awareness campaigns, and sensitization efforts will be implemented for all users with access to information, concerning information security.
  • Principle of proportionality:The implementation of controls to mitigate the security risks of assets will be carried out by seeking a balance between security measures, the nature of information, and risk.
  • Principle of responsibility:All members of the Data Controller shall be responsible for their conduct regarding information security, complying with established norms and controls.
  • Principle of continuous improvement:The effectiveness of security controls implemented within the organization will be recurrently reviewed to enhance the ability to adapt to the constant evolution of risk and the technological environment.

7.- PURPOSE OF THE TREATMENT

Why do we want to process your data?

The following are the uses and purposes foreseen:

Web contact form https://miogroup.com/contacto/
Respond to people who contact us through the electronic form on the web site.
Cookies, pixel and tracking
Identify problems.
Obtain statistical data on user navigation.
Retain user preferences during their stay on a website.
Attention to people’s rights
Handling citizens’ requests regarding the exercise of the rights established by the General Data Protection Regulation
Management of communications received through the complaints channel.
Establishing an internal communication channel to facilitate the delivery of information regarding irregular practices for correction and the rectification of any damages they may have caused
Protecting citizens who report actions or omissions that violate legal regulations, affect financial interests, or impact the internal market

How long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the retention periods foreseen are as follows:

Web contact form https://miogroup.com/contacto/: For a period of 1 year from the last confirmation of interest. The data retention period will depend on the type of request and the interaction of the sender contacting through the form on the website, as well as their eventual transformation into a client, potential client, employee, or collaborator.Cookies, pixels, and trackingYou must access our cookie policy to learn about the retention time of each cookie as well as the information collected.Attention to the rights of individualsThey will be kept for the time necessary to resolve complaints. The provisions of the archives and documentation regulations will applyManagement of communications received through the whistleblowing channel.: For a period of 10 years from the last confirmation of interest. After 3 months the data will be deleted if the complaint is unsuccessful. If the complaint is successful, the maximum term may not exceed 10 years.

8.- LEGITIMACY OF THE TREATMENT

Why do we process your data?

The collection and processing of your data is always legitimized by one or more legal bases, which are detailed below:

Web contact form https://miogroup.com/contacto/

  • (Art. 6.1.a GDPR) Consent of the person concerned

Cookies, pixel and tracking

  • (Art. 6.1.a GDPR) Consent of the person concerned

Attention to people’s rights

  • Legal obligation of the Data Controller

General Data Protection Regulation (EU) 2018/679 Management of communications received through the whistleblowing channel.

  • (Art. 6.1.c GDPR) Fulfillment of legal obligations of the Data Controller
    • Law regulating the protection of persons who report regulatory violations and the fight against corruption. Law regulating the protection of persons reporting regulatory infringements and the fight against corruption transposing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of Union law.
  • (Art. 6.1.e RGPD) Fulfillment of a public mission or exercise of public powers conferred to the Data Controller.
    • RGPD and LOPDGDD. Compliance with legal obligations: General Data Protection Regulation (RGPD) and Organic Law 3/2018, of December 5, on Personal Data Protection and guarantee of digital rights (LOPDYGDD). Compliance with legal obligations: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDYGDD).
    • Organic Law 7/2021, of 26 May, on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal sanctions. Organic Law 7/2021, of 26 May, on the protection of personal data processed for the purposes of the prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal penalties.

9.- RECIPIENTS OF YOUR DATA

To whom do we disclose your data within the European Union?

Occasionally, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:

Contact form on the website https://miogroup.com/contact/: Entities of the business groupCookies, pixels, and tracking:: Companies dedicated to advertising or direct marketingManagement of communications received through the whistleblowing channel.: Other bodies of public administration. External channel managed by the Independent Authority for the Protection of Whistleblowers or similar independent regional authorities with competence. Data will also be communicated to the judicial authority, the Public Prosecutor’s Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.

Do we make International Transfers of your data outside the European Union?

We do not make international transfers of your data

10.- DATA PROCESSING ACTIVITIES

The data processing activities carried out through the Web site are detailed below, specifying each of the following sections:

  • Activity:Name of the data processing activity
  • Purposes:Each of the uses and treatments that are carried out with the data collected.
  • Base legal:The legal foundation legitimizing the data processing
  • Data processed:Type of data processed
  • Source:From where the data is obtained
  • Retention:Period during which data is retained
  • Recipients:Individuals or third-party entities to whom the data is provided
  • International transfers:Cross-border transfers of data outside the European Union

10.1 -Treatment activities

These are those data processing activities whose purposes are necessary for the provision of services.

Attention to people’s rights
Legal basisLegal obligation of the Data Controller; General Data Protection Regulation (EU) 2018/679
PurposesHandling citizens’ requests regarding the exercise of the rights established by the General Data Protection Regulation
Data categories and groupsIndividuals who lodge complaints with the organization (Identification data)
Data sourceThe interested party or his legal representative
Category of recipientsNot foreseen
International transferNot foreseen
Conservation periodThey will be kept for the time necessary to resolve the claims. The provisions of the archives and documentation regulations shall apply
Management of communications received through the complaints channel.
Legal basis(Art. 6.1.c RGPD) Compliance with legal obligations of the Data Controller (Law regulating the protection of individuals who report regulatory breaches and combating corruption); (Art. 6.1.e GDPR) Fulfillment of a public task or exercise of official authority vested in the Data Controller (GDPR and LOPDGDD. Compliance with legal obligation: General Data Protection Regulation (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDYGDD), Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation, and prosecution of criminal offenses and enforcement of criminal sanctions.)
PurposesEstablishing an internal communication channel to allow the delivery of information about irregular practices for correction and remediation of any damages caused ; Protecting citizens who report actions or omissions that violate legal regulations, affect financial interests, or impact the internal market
Data categories and groupsWhistleblowers through internal reporting channel(Identifying information; Criminal data; Other categories).Individuals allegedly involved(Identifying information; Criminal data)
Data sourceThe data subject themselves or their legal representative; The data is communicated by the informant themselves through the organization’s whistleblowing channel; Other individuals besides the data subject or their representative; The data is provided by the informant or becomes known during the instruction and investigation process.
Category of recipientsOther bodies of public administration; External channel managed by the Independent Authority for the Protection of Whistleblowers or by similar autonomous regional independent authorities with jurisdiction. Data will also be communicated to the judicial authority, the Public Prosecutor’s Office or the competent administrative authority in the context of a criminal, disciplinary or sanctioning investigation.
International transferNot foreseen
Conservation periodFor a period of 10 years from the last confirmation of interest. After 3 months the data will be deleted if the complaint is unsuccessful. If the complaint is successful, the maximum term may not exceed 10 years.
Safety measures

With the aim of safeguarding the security of personal data in the whistleblowing channel, the organization commits to maintaining the security and confidentiality of the provided data, particularly the data of the informants who make a report through the internal whistleblowing channel, preventing access to this data by those who are the subject of the report due to alleged actions within the organization contrary to the law or the entity’s Code of Conduct. The organization has adopted the legally required levels of security for the protection of personal data and has utilized the technical means at its disposal to prevent loss, misuse, alteration, unauthorized access, and theft of such data.

Likewise, the organization informs that all its staff, regardless of the processing phase in which they are involved, has adopted the commitment to treat your data with the utmost care and confidentiality.

Web contact form https://miogroup.com/contacto/
Legal basis(Art. 6.1.a GDPR) Consent of the person concerned
PurposesRespond to people who contact us through the electronic form on the web site
Data categories and groupsWeb contacts(Identifying data)
Data sourceThe interested party or his legal representative
Category of recipientsEntities of the corporate group
International transferNot foreseen
Conservation periodFor a period of 1 year from the last confirmation of interest. The data retention period will depend on the type of request and the interaction of the sender contacting through the form on the website, as well as their eventual transformation into a client, potential client, employee, or collaborator.
Safety measures

The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures outlined in Article 32 of the GDPR shall apply:

  1. The ability to ensure the permanent confidentiality, integrity, availability, and resilience of the systems and services involved in processing.
  2. The ability to promptly restore availability and access to personal data in the event of a physical or technical incident.
  3. A process of regular verification, assessment, and evaluation of the effectiveness of technical and organizational measures to ensure the security of processing.
  4. Pseudonymization and encryption of personal data.
Cookies, pixel and tracking
Legal basis(Art. 6.1.a GDPR) Consent of the person concerned
PurposesIdentifying issues; Obtaining statistical data on user navigation; Retaining user preferences during their visit to a website.
Data categories and groupsWeb users(Identifying data; Other categories)
Data sourceThe interested party or his legal representative
Category of recipientsCompanies engaged in advertising or direct marketing
International transferNot foreseen
Conservation periodYou should access our cookie policy to learn about the retention time of each cookie as well as the information collected.

11.- DATA OF MINORS

Individuals under the age of 14 may not use the services available through the website without prior authorization from their parents, guardians, or legal representatives. These adults will be solely responsible for all actions performed through the website by the minors under their care, including the completion of online forms with the personal data of such minors and, if applicable, the selection of accompanying checkboxes.

In compliance with the provisions of Article 8 of the GDPR and Article 7 of the LOPD/GDD, only individuals over the age of 14 may give their consent for the lawful processing of their personal data by MIO.

12.-PROVENANCE AND TYPES OF DATA PROCESSED

Where did we obtain your data?

Web contact form https://miogroup.com/contacto/

  • Web contacts: The interested party himself or his legal representative

Cookies, pixel and tracking

  • Users of the website: The interested party itself or its legal representative

Attention to people’s rights

  • Individuals who lodge complaints with the organization: The data subject themselves or their legal representative.

Management of communications received through the complaints channel.

  • Informants internal complaints channel: The interested party himself or his legal representative . The data are reported by the informant himself through the organization’s whistleblower channel.
  • Persons presumed to be involved: Persons other than the interested party or his representative. The data are provided by the informant or are known in the process of investigation and investigation.

What types of data do we collect and process about you?

Web contact form https://miogroup.com/contacto/Web contacts

  • Identification data(Name and Surname; E-mail address; Telephone number)

Cookies, pixel and trackingWebsite users

  • Identification data(IP address)
  • Other categories(ID generated by Pixel or Cookie)

Attention to the rights of individualsIndividuals complaining to the organization

  • Identifying information(Email address; Postal address; Handwritten signature; First and last name; Phone number; ID / Tax ID / Foreigner ID / Passport)

Management of communications received through the complaints channel.Informants internal whistleblower channel

  • Identification data(E-mail address; Mailing address; Name and Surname; Telephone number)
  • Criminal data(Administrative infractions; Criminal infractions)
  • Other categories(Telephone conversation)

Persons allegedly involved

  • Identifying data(Name and Surname)
  • Criminal data(Administrative infractions; Criminal infractions)

13- RIGHTS OF INTERESTED PARTIES

What are your rights?

The current data protection regulations protect you in a series of rights in relation to the use we make of your data. Each and every one of your rights are unipersonal and non-transferable, that is to say, they can only be exercised by the owner of the data, after verifying his or her identity.

The following are your rights:

  • Right of access:This is the right that the user of the website has to obtain confirmation of whether the Data Controller is processing their personal data and, if so, to obtain information about their specific personal data and the processing carried out or to be carried out by the Data Controller. This includes, among other things, information available about the origin of such data and the recipients of the communications made or planned regarding them.
  • Right to rectification:This is the right that the user of the website has to have their personal data corrected if it is inaccurate or incomplete, considering the purposes of the processing.
  • Right of suppression:It is often referred to as the “right to be forgotten”, and it is the right of the Website user, unless otherwise provided by law, to obtain the deletion of his/her personal data when they are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn his/her consent to the processing and there is no other legal basis; the User objects to the processing and there is no other legitimate reason to continue with the processing; the personal data have been processed unlawfully; the personal data have been obtained as a result of a direct offer of information society services to a minor under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of implementation, will take reasonable measures to inform other potential controllers who are processing the personal data of the data subject’s request for deletion of any links to that personal data.
  • Right to the limitation of data:It is the right of the Website User to limit the processing of his personal data. The user of the website has the right to obtain limitation of processing when they contest the accuracy of their personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the user needs it to make claims; and when the user of the website has objected to the processing.
  • Right to data portability:In cases where processing is carried out by automated means, the user of the website has the right to receive their personal data from the Data Controller in a structured, commonly used, and machine-readable format, and to transmit this data to another controller. Where technically feasible, the Data Controller will transmit the data directly to the other controller.
  • Right of opposition:This is the User’s right not to have his or her personal data processed or to stop the processing of such data by the Data Controller.
  • Right not to be subject to automated decision-making and/or profiling:The right of the user of the website not to be subject to an individualized decision based solely on automated processing of their personal data, including profiling, unless current legislation establishes otherwise.
  • Right to withdraw consent:This is the right of the user of the website to withdraw, at any time, the consent given for the processing of their data.
  • Right to lodge a complaintregarding data protection with the Supervisory Authority: Spanish Data Protection Agency

The interested party may exercise any of the aforementioned rights by contacting the Data Controller and prior identification of the User using the following contact information:

  • Responsible party:MEDIA INVESTMENT OPTIMIZATION, S.A.
  • Address:Alfonso XI Street No. 3, 28014, Madrid (Madrid), Spain.
  • Telephone:+34 902 333 654
  • E-mail:madrid@miogroup.com
  • Website:https://miogroup.com/

You can also exercise your rights with the Data Protection Officer:

Email:mdelapena@auratechlegal.es -Phone:647633242

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so as follows:

Web contact form https://miogroup.com/contacto/

  • Responsible party:MEDIA INVESTMENT OPTIMIZATION, S.A.
  • Address:Alfonso XI Street No. 3, 28014, Madrid (Madrid), Spain.
  • E-mail:madrid@miogroup.com
  • Website:https://miogroup.com/

Cookies, pixel and tracking

  • Responsible party:MEDIA INVESTMENT OPTIMIZATION, S.A.
  • Address:Alfonso XI Street No. 3, 28014, Madrid (Madrid), Spain.
  • Telephone:+34 902 333 654
  • E-mail:madrid@miogroup.com
  • Website:https://miogroup.com/

Attention to people’s rights

  • Responsible party:MEDIA INVESTMENT OPTIMIZATION, S.A.
  • Address:Alfonso XI Street No. 3, 28014, Madrid (Madrid), Spain.
  • Telephone:+34 902 333 654
  • E-mail:madrid@miogroup.com
  • Website:https://miogroup.com/

Management of communications received through the complaints channel.

  • Responsible party:MEDIA INVESTMENT OPTIMIZATION, S.A.
  • Address:Alfonso XI Street No. 3, 28014, Madrid (Madrid), Spain.
  • Telephone:+34 902 333 654
  • E-mail:madrid@miogroup.com
  • Website:https://miogroup.com/

How can you file a claim?

In addition to your rights, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a complaint with the Supervisory Authority, whose contact details are given below:

  • Spanish Data Protection Agency
    C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain
    Email: info@aepd.es- Phone: 912663517
    Web: https://www.aepd.es

Data Protection Authorities (other European countries):

14.-ACCEPTANCE

The acceptance and provision of this document indicates that you understand and accept all the clauses of our privacy policy and therefore authorize the collection and processing of your personal data under these terms. This acceptance is done by checking the “Read and Accept” checkbox in our Privacy Policy.

MIO reserves the right to modify this Privacy Policy according to its own criteria, or motivated by a legislative, jurisprudential, or doctrinal change from theSpanish Data Protection Agencyor any other European supervisory authority mentioned in the previous section. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any rights of the Website User, will be explicitly communicated to the user.

This policy will be maintained, updated and adapted to MIO’s needs and aligned with its strategic risk management principles. To this end, it will be reviewed at planned intervals or whenever significant changes arise to ensure its suitability and effectiveness.

Last updated: December 21, 2023