1.1. Data Processed

1. a) Information supplied directly by Users:

1. b) Information indirectly supplied by Users:

- Data arising from the Use of the Platform: HAJDE collects the data arising from Users’ Use of the Platform every time they interact with the Platform.

- Data on the application and the device: HAJDE stores data on the device and the Application used by Users to access the services. This data is:

- Data arising from the User’s origin: if a User arrives at the HAJDE Platform through an external source (such as a link from another website or a social network), HAJDE collects data on the source from which the HAJDE User arrived.

- Data resulting from the management of incidents: if a User contacts the HAJDE Platform through the Contact Form or on HAJDE’s phone number, HAJDE will collect the messages received in the format used by the User and may use and store them to manage current or future incidents.

- Data arising from “cookies”: HAJDE uses its own and third-party cookies to facilitate browsing by its users and for statistical purposes.

- Data resulting from external third parties: HAJDE may collect personal data or information from external third parties only if the User authorises such third parties to share that information with HAJDE. For example, if a User creates an account through their Facebook account, Facebook could disclose to us the personal data of that User that can be found on his/her Facebook profile (such as name, gender or age).

Similarly, if a user accesses HAJDE through products and services offered by Google, Google may send the User’s browsing data to HAJDE, with access to the platform through the links created by Google.

The information provided by the external third party may be controlled by the User in accordance with the third party’s own privacy policy.

- Geolocation Data: provided that this has been authorised by Users, HAJDE will collect data relating to their location, including the real-time geographic location of their computer or mobile device.

1.2 Purpose

1.2.1. To use the Hajde Platform

HAJDE uses the data collected from Users to enable them to access and communicate with the HAJDE platform and to provide the services requested by them through their account on the HAJDE Platform, in accordance with the procedure described in the “Terms of Use”.

1.2.2. To send communications

HAJDE uses Users’ personal data to communicate via e-mail and/or send them SMS messages relating to the operation of the service.

HAJDE may send messages to the User’s mobile phone with information relating to the status of the order requested. When the order is completed, HAJDE will send a summary/receipt of the order and price thereof to the User’s e-mail.

1.2.3. To detect and investigate fraud and possible criminal offenses

HAJDE also uses the information to research and analyse how to improve the services it provides to Users, as well to develop and improve the features of the service it offers. Internally, HAJDE uses the information for statistical purposes in order to analyse User behaviour and trends, to understand how Users use the HAJDE Platform and to manage and improve the services offered, including the possibility of adding new, different services to the Platform.

HAJDE may monitor all actions that could result in fraud or in the commission of a criminal offence relating to the means of payment employed by users. HAJDE may ask users for a copy of their ID card as well as for certain information on the credit card used to place the order. In any event, all data will be processed by HAJDE for the sole purpose of fulfilling its fraud prevention and monitoring functions, and it shall be stored for as long as its relationship with the user concerned remains in force, and even after this time until the user’s right to make claims or take legal action relating to payment for the products or services ordered through HAJDE has expired. The data relating to the credit card used will be retained until the incident has been resolved and for 120 days thereafter. If any irregularities in its use that could be considered illegal activities are detected, HAJDE reserves the right to retain the data provided and to share it with the competent authorities in order to carry out the relevant investigation. HAJDE may share the data with the authorities based on the legal obligation to prosecute conducts that are contrary to the applicable law.

1.2.4. To ensure security and an appropriate environment for the safe supply of services

HAJDE may use the data in order to ensure the proper use of the products requested on its Platform (e.g. to guarantee pharmaceutical advice or to ensure the delivery is made to persons over the age of 18).

When HAJDE is the intermediary for the collection of Pharmaceutical products, when the User enters the Pharmacy area of the Platform, he/she expressly authorises HAJDE, where applicable, to provide the pharmacist with any personal data that may be necessary to enable the pharmacist responsible for dispensing the product to contact the purchaser, if he/she considers it appropriate, and provide relevant information on the treatment that will result in a correct use of the product and to dispatch it, thus ensuring that Pharmaceutical advice is given. The Pharmacist may not use the data for any other purpose than that of providing the advice needed to provide the service entrusted.

1.2.5. To comply with the legislation and bring and defend legal actions

HAJDE informs the user that conversations with the Mandatary using the chat system may be reviewed and used by HAJDE for the purpose of filing and/or defending any claims and/or legal actions that may be necessary, as well as to manage any incidents arising in connection with orders.

1.2.6. Promotion and commercial offers (on-line and off-line)

HAJDE uses third-party technology integrated in its Platform for the purpose of collecting Users’ data and preferences and using this with CRM systems and advanced technology for the benefit of Users. The following processing will thus be carried out on their data through the information collected:

Users may use their privacy management centre to unsubscribe from online marketing services or to close their account if they do not wish to receive samples with their Hajde orders.

1.2.7. For statistical and service analysis purposes

HAJDE uses the information for statistical purposes in order to analyse User behaviour and trends, to understand how Users use the HAJDE Platform and to manage and improve the services offered, including the possibility of adding new, different services to the Platform.

HAJDE also uses the information to research and analyse how to improve the services it provides to Users, as well as to develop and improve the features of the service it offers.

HAJDE also processes User’s statistics based on the Users Personal data in order to assist Users in their decisions and use of the service, including the possibility to quickly reorder from the stores where Users have ordered in the past or suggest Users stores based on their past orders or “popularity” among new users. Additionally, HAJDE could assist Users in their decisions through automatically determined filters by the historical order Users have placed in the past.

1.2.8. To ensure security and an appropriate environment for the safe supply of services

HAJDE may use the data in order to ensure the proper use of the products requested on its Platform (e.g. to guarantee pharmaceutical advice or to ensure the delivery is made to persons over the age of 18).

1.2.9. To process incidents and claims with insurance companies

If a User contacts HAJDE to report the occurrence of any damage or unforeseen event that may be covered by HAJDE’s insurance policy, HAJDE shall process all data relating to the incident for the purpose of handling and responding to requests.

1.3 Legal Basis of Processing

Users’ data is processed in accordance with the following legal bases:

1.4 Recipients of the Data

HAJDE warrants that all commercial partners, technicians, suppliers or independent third parties are bound by contractually binding promises to process the information shared with them in accordance with HAJDE’s indications, this Privacy Policy and the applicable data protection legislation. We will not disclose your personal data to any third party who does not act under our instructions, and no communication will involve selling, renting, sharing or in any other way revealing customers’ personal information for commercial purposes in breach of the commitments made in this Privacy Policy.

1.4.1. When carrying out an order, data may be shared with:

1.4.2. Sharing User data with third parties

In order to continue providing the services offered through the Platform, HAJDE may share certain personal data of Users with:

HAJDE Users’ data will not be disclosed to any third parties unless: (i) this is necessary in order to provide the services requested if HAJDE is collaborating with third parties; (ii) if HAJDE has the User’s express and unambiguous authorisation; (iii) where this has been requested by a competent authority pursuant to its functions (in order to investigate, prevent or take action in relation to illegal actions); or (iv) finally, where required by law.

1.5. Processing the Data of Job Applicants who Contact Hajde Using the Forms in the Hajde Jobs Section

These provisions shall apply to those persons who contact HAJDE through its website for the purpose of applying for an available position (“Applicants”).

1.5.1. Purpose

To consider the Applicant’s present or future suitability for any of the positions available at HAJDE.

In addition, HAJDE shall process the Applicant’s data for the purpose of conducting any interviews it may deem necessary for the position, test the Applicant’s knowledge, contact companies for which he/she has previously worked, check references, and assess the Applicant’s skills and abilities in general.

1.5.2. Legal Basis for Processing

Before submitting their application, Applicants must consent to the processing of their data, expressly agreeing to everything set forth in this Privacy Policy. HAJDE may also process their data for the purpose of considering the possibility of establishing a contractual relationship and in view of the fact that such consideration was requested by the Applicants themselves.

1.5.3. Recipients of the Data

An Applicant’s data may be accessed by technology service providers and platforms contracted by HAJDE for the purpose of managing its recruitment processes. An example of these is Greenhouse Software, Inc., which is located in the United States of America and has been contracted by HAJDE to manage its recruitment tasks and contracting processes. This means that the personal data of Applicants located outside the United States will be transferred to the United States. Since the EU Commission has decided that US data privacy laws do not provide an adequate level of protection for personal data, the transfer will be subject to appropriate additional safeguards in accordance with standard contractual terms and/or the Privacy Shield scheme. At the same time, the Applicant’s data will be stored on Google, Inc. and on the servers of Amazon Web Services, which will act as processors and which are in compliance with the General Data Protection Regulation, and HAJDE has a written agreement with each of them.

Depending on the position for which the Applicant is applying, his or her personal information may be transferred to other HAJDE group companies for the purpose of assessing his/her application for the relevant country.

1.5.4. Retention of Data

The Applicant’s data will be retained for the duration of the selection process and, if the Applicant is not selected, for three (3) years following the end of such process, and the Applicant may exercise any of the rights set forth in Clause 4 of this privacy policy at any time.

1.6. International Data Transfers

When choosing service providers, HAJDE may transfer users’ data outside the borders of the European Economic Area. In such cases, HAJDE will ensure before sending the data that such service providers are in compliance with the minimum security standards established by the European Commission and that they always process the data in accordance with HAJDE’s instructions. HAJDE may have a contractual relationship with them under which the service providers agree to comply with HAJDE’s instructions and to put in place the necessary security measures to protect Users’ data.

1.7. Retention Periods

Users’ data will be retained during the performance and maintenance of the contractual relationship; i.e. for as long as they are HAJDE Users or until they exercise their right to restrict the processing of their data.

Once a User has cancelled his or her registration with the Platform, HAJDE will keep his or her data for the time established in the tax, health, criminal and any other legislation that may apply, for the purpose of filing and defending any actions to which HAJDE may be a party. HAJDE will in any event block Users’ data so that it can only be consulted if an action has to be filed or defended in connection with it.

Specifically but without excluding any other legislation that may apply, the data will be retained following termination by the User as provided in the table in Annex II.

Regarding anonymous information, HAJDE will apply everything set forth in Recital 26 of the GDPR, according to which “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.”

1.8. Profiling and decision making

HAJDE does not adopt any decision that could affect User significantly based solely on automated processing of User’s data (for example, reordering from the stores where Users have ordered in the past). The only decision-making processes of HAJDE are conducted by applying human intervention.

When using the application, HAJDE classifies Users based on the information provided by them about their usage of the application to adapt it to their needs and to improve it. The classification is conducted by solely using first party data. HAJDE use information that Users provide HAJDE, such as their historical orders and popularity among new users to suggest similar stores that could be of Users’ interest.

Users may exercise their rights free of charge at any time using the form available on the Platform. They may also exercise their rights by sending an e-mail to the following e-mail address info@hajde.market The e-mail must specify which right they wish to exercise, as well as, where applicable, the identifying data registered on the Platform. We will contact the User if we need additional data to that provided in order to verify his or her identity.

You may exercise the following rights vis-Ă -vis HAJDE:

If you believe that HAJDE is in breach of data protection law, please do not hesitate to contact us at the e-mail address info@hajde.market telling us what you consider to be the case, so that we can resolve the problem as soon as possible.

HAJDE has taken the necessary steps recommended by the European Commission and the competent authority to maintain the required security level, according to the nature of the personal data processed and the circumstances of the processing, in order to avoid, to the extent possible and always in accordance with the state of the art, its alteration, loss or unauthorised access or processing. As mentioned above, the personal data supplied will not be disclosed to third parties without the data subject’s prior authorisation.

As stated above, all Users have the right to access, update and erase their data, as well as object to its processing. You may exercise these rights, or make any enquiries in relation to HAJDE’s Privacy Policy, through the Contact Form.

Due to the constant evolution of HAJDE’s activities, this Privacy Policy, the Cookie Policy and the Terms of Use are also subject to change. HAJDE will send Users notifications about substantial changes and modifications to such documents by e-mail or through any other method that ensures their receipt. In any case, HAJDE will in no event modify its policies or practices to make them less effective in the protection of our customers’ previously stored personal data.