Processing of Data of Users and Persons Who Contact Hajde

1.1. Data Processed

1. a) Information supplied directly by Users:

Registration Data: the information provided by Users when they create an account on the HAJDE Platform: username and phone number.
User Profile Information: the information added by Users on the Platform in order to be able to use the HAJDE service; i.e. their mobile phone number and delivery address. Users can view and edit the personal data on their profile whenever they wish. HAJDE does not store Users’ credit card details, but these are provided to licensed electronic payment service providers, who receive the data included directly and store it in order to facilitate the payment process for Users and to manage it on HAJDE’s behalf. This information is under no circumstances stored on HAJDE’s servers. Users may delete the details of the credit cards linked to their account at any time. This will trigger the service provider to delete the information, which will have to be re-entered or selected in order to place new orders through the Platform. Users may request such providers’ privacy policies at any time.
Additional information that Users wish to share: any information that a User could supply to HAJDE for other purposes. Examples include a photograph of the User or the billing address in the case of Users who have asked to receive invoices from HAJDE.
Information about previous communications with HAJDE: HAJDE will have access to the information supplied by Users for the resolution of any queries or complaints about the use of the platform, whether through the contact form, by e-mail or by phone through the customer service.
Information on accidents involving any of the parties involved in the provision of services through the Platform for the purpose of making insurance claims or carrying out any other actions with the insurance companies contracted by HAJDE.
Transcription and recording of conversations held between the USER and HAJDE for the processing of incidents, queries or any other consultations that may be made.
Information on Communications between Users and Mandataries: HAJDE will have access to the communications exchanged between Users and the Mandatories that collaborate with the Platform by means of the chat system provided on the Platform.

1. b) Information indirectly supplied by Users:

- Data arising from the Use of the Platform: HAJDE collects the data arising from Users’ Use of the Platform every time they interact with the Platform.

- Data on the application and the device: HAJDE stores data on the device and the Application used by Users to access the services. This data is:

The IP address used by each User to connect to the Internet using his/her computer or mobile phone.
Information about his/her computer or mobile phone, such as his/her Internet connection, browser type, version and operating system, and type of device.
The full uniform resource locator (URL) Clickstream, including date and time.
Data from the User’s account: if a User arrives at the HAJDE Platform through an external source (such as a link from another website or a social network), HAJDE collects data on the source from which the HAJDE User arrived
The User’s browsing history and preferences.

- Data arising from the User’s origin: if a User arrives at the HAJDE Platform through an external source (such as a link from another website or a social network), HAJDE collects data on the source from which the HAJDE User arrived.

- Data resulting from the management of incidents: if a User contacts the HAJDE Platform through the Contact Form or on HAJDE’s phone number, HAJDE will collect the messages received in the format used by the User and may use and store them to manage current or future incidents.

- Data arising from “cookies”: HAJDE uses its own and third-party cookies to facilitate browsing by its users and for statistical purposes.

- Data resulting from external third parties: HAJDE may collect personal data or information from external third parties only if the User authorises such third parties to share that information with HAJDE. For example, if a User creates an account through their Facebook account, Facebook could disclose to us the personal data of that User that can be found on his/her Facebook profile (such as name, gender or age).

Similarly, if a user accesses HAJDE through products and services offered by Google, Google may send the User’s browsing data to HAJDE, with access to the platform through the links created by Google.

The information provided by the external third party may be controlled by the User in accordance with the third party’s own privacy policy.

- Geolocation Data: provided that this has been authorised by Users, HAJDE will collect data relating to their location, including the real-time geographic location of their computer or mobile device.

1.2 Purpose

1.2.1. To use the Hajde Platform

HAJDE uses the data collected from Users to enable them to access and communicate with the HAJDE platform and to provide the services requested by them through their account on the HAJDE Platform, in accordance with the procedure described in the “Terms of Use”.

1.2.2. To send communications

HAJDE uses Users’ personal data to communicate via e-mail and/or send them SMS messages relating to the operation of the service.

HAJDE may send messages to the User’s mobile phone with information relating to the status of the order requested. When the order is completed, HAJDE will send a summary/receipt of the order and price thereof to the User’s e-mail.

1.2.3. To detect and investigate fraud and possible criminal offenses

HAJDE also uses the information to research and analyse how to improve the services it provides to Users, as well to develop and improve the features of the service it offers. Internally, HAJDE uses the information for statistical purposes in order to analyse User behaviour and trends, to understand how Users use the HAJDE Platform and to manage and improve the services offered, including the possibility of adding new, different services to the Platform.

HAJDE may monitor all actions that could result in fraud or in the commission of a criminal offence relating to the means of payment employed by users. HAJDE may ask users for a copy of their ID card as well as for certain information on the credit card used to place the order. In any event, all data will be processed by HAJDE for the sole purpose of fulfilling its fraud prevention and monitoring functions, and it shall be stored for as long as its relationship with the user concerned remains in force, and even after this time until the user’s right to make claims or take legal action relating to payment for the products or services ordered through HAJDE has expired. The data relating to the credit card used will be retained until the incident has been resolved and for 120 days thereafter. If any irregularities in its use that could be considered illegal activities are detected, HAJDE reserves the right to retain the data provided and to share it with the competent authorities in order to carry out the relevant investigation. HAJDE may share the data with the authorities based on the legal obligation to prosecute conducts that are contrary to the applicable law.

1.2.4. To ensure security and an appropriate environment for the safe supply of services

HAJDE may use the data in order to ensure the proper use of the products requested on its Platform (e.g. to guarantee pharmaceutical advice or to ensure the delivery is made to persons over the age of 18).

When HAJDE is the intermediary for the collection of Pharmaceutical products, when the User enters the Pharmacy area of the Platform, he/she expressly authorises HAJDE, where applicable, to provide the pharmacist with any personal data that may be necessary to enable the pharmacist responsible for dispensing the product to contact the purchaser, if he/she considers it appropriate, and provide relevant information on the treatment that will result in a correct use of the product and to dispatch it, thus ensuring that Pharmaceutical advice is given. The Pharmacist may not use the data for any other purpose than that of providing the advice needed to provide the service entrusted.

1.2.5. To comply with the legislation and bring and defend legal actions

HAJDE informs the user that conversations with the Mandatary using the chat system may be reviewed and used by HAJDE for the purpose of filing and/or defending any claims and/or legal actions that may be necessary, as well as to manage any incidents arising in connection with orders.

1.2.6. Promotion and commercial offers (on-line and off-line)

HAJDE uses third-party technology integrated in its Platform for the purpose of collecting Users’ data and preferences and using this with CRM systems and advanced technology for the benefit of Users. The following processing will thus be carried out on their data through the information collected:

HAJDE may send e-mails with promotional messages and/or offers relating to the service offered by it that may be of interest to Users. Hajde may gauge and personalise such advertising in accordance with its Users’ preferences. If a Hajde User does not wish to receive this information and/or commercial communications, he/she may at any time opt to “Unsubscribe” in the e-mail, and HAJDE will immediately stop sending the aforementioned information.
HAJDE may also send Users messages and/or offers relating to such services through “push” notifications consisting of sending such promotional messages and/or offers to their mobile phones. The user can deny these notifications any time through their device.
HAJDE and/or the third parties associated with Hajde may use the order delivery address entered by the User for the purpose of carrying out promotional activities for the delivery of samples or free products of the service related to HAJDE which may be of interest to the User (e.g. home delivery of free samples or advertising brochures) at the same time as delivering the order.
As a result of using the Hajde Platform, Users may also receive commercial communications from third parties associated with the Platform, such as Facebook and Google, all this in accordance with the privacy preferences set by each User on the said Platforms.

Users may use their privacy management centre to unsubscribe from online marketing services or to close their account if they do not wish to receive samples with their Hajde orders.

1.2.7. For statistical and service analysis purposes

HAJDE uses the information for statistical purposes in order to analyse User behaviour and trends, to understand how Users use the HAJDE Platform and to manage and improve the services offered, including the possibility of adding new, different services to the Platform.

HAJDE also uses the information to research and analyse how to improve the services it provides to Users, as well as to develop and improve the features of the service it offers.

HAJDE also processes User’s statistics based on the Users Personal data in order to assist Users in their decisions and use of the service, including the possibility to quickly reorder from the stores where Users have ordered in the past or suggest Users stores based on their past orders or “popularity” among new users. Additionally, HAJDE could assist Users in their decisions through automatically determined filters by the historical order Users have placed in the past.

1.2.8. To ensure security and an appropriate environment for the safe supply of services

1.2.9. To process incidents and claims with insurance companies

If a User contacts HAJDE to report the occurrence of any damage or unforeseen event that may be covered by HAJDE’s insurance policy, HAJDE shall process all data relating to the incident for the purpose of handling and responding to requests.

1.3 Legal Basis of Processing

Users’ data is processed in accordance with the following legal bases:

To perform the contractual relationship following Users’ registration on the Platform (for example, processing their data to deliver an order placed).
On the basis of our own legitimate interest (such as monitoring for the prevention of fraud through the Platform).
To fulfil our legal obligations (such as when competent authorities request data in connection with court investigations and/or with the filing of the necessary actions to protect HAJDE’s interests.
Express consent for the disclosure of users’ data to third parties for the purpose of making commercial communications

1.4 Recipients of the Data

HAJDE warrants that all commercial partners, technicians, suppliers or independent third parties are bound by contractually binding promises to process the information shared with them in accordance with HAJDE’s indications, this Privacy Policy and the applicable data protection legislation. We will not disclose your personal data to any third party who does not act under our instructions, and no communication will involve selling, renting, sharing or in any other way revealing customers’ personal information for commercial purposes in breach of the commitments made in this Privacy Policy.

1.4.1. When carrying out an order, data may be shared with:

The Mandatory who carries out the task of collecting and delivering the product
The establishment or venue in charge of selling the product, if the User has requested the purchase of a product. If a User contacts the above-mentioned providers directly and gives them his/her data directly, HAJDE will not be responsible for the providers’ use of such data.
The Customer Care Services contracted by Hajde for the purpose of warning the User of any possible incidents or asking why negative feedback has been given for the service. HAJDE may use the data provided in order to manage any incidents that may occur during the provision of the services.
The payment Platform and payment service providers so that the amount can be charged to the User’s account.
Telecommunications service providers, when they are used to send communications regarding orders or incidents relating to orders.
Providers rendering satisfaction survey services on HAJDE’s behalf

1.4.2. Sharing User data with third parties

In order to continue providing the services offered through the Platform, HAJDE may share certain personal data of Users with:

Service providers: HAJDE’s third-party service providers that send parcels, carry out orders and/or resolve incidents with deliveries will have access to Users’ personal information as may be necessary to carry out their functions, but they may not use it for any other purposes. They must process the said personal information as provided in this Privacy Policy and in the applicable data protection legislation.
E-invoicing service providers: HAJDE may share User data with electronic invoicing service providers in order to send the respective invoices.
Pharmacies: HAJDE may provide a User’s name and phone number to pharmacists dispensing products to those Users in order to ensure the provision of pharmaceutical advice in accordance with the current applicable legislation.
Payment Service Providers: When a User enters his/her card number on the Hajde Platform, this is stored directly by the Payment Platforms contracted by HAJDE, which will allow payment to be charged to the User’s account. Payment service providers have been chosen based on their security measures and in any event complying with the security measures stipulated in the payment service legislation, and they are PC1 Compliant under the Payment Card Industry Data Security Standard or PCI DSS. HAJDE does not store such data in any event.
Service providers for fraud control purposes: HAJDE will share Users’ data with fraud control service providers to assess the risk of the transactions carried out.
Service providers for the anonymisation of some data: In order to prevent the misuse of Users’ data by third-party service providers, HAJDE may disclose Users’ data for the purpose of anonymising it so that it can be used solely for the provision of the service to Users. For example, HAJDE may assign Users’ telephone numbers to third parties in order to anonymise them and provide them in this format to the providers used to carry out the services contracted by Users.
Security companies and Law Enforcement Forces and Agencies: HAJDE may disclose personal information and data on its customers’ accounts if it believes that such disclosure is necessary to comply with the law, to enforce or apply the “Terms of Use” or to protect HAJDE’s, its users’ or third parties’ rights, property or safety. The above therefore includes the exchange of information with other companies and organisations as well as with Law Enforcement Forces and Agencies to protect against fraud and reduce credit risk. After being required to do so by law, HAJDE may share information with bodies of executive authorities and/or third parties in relation to requests for information relating to criminal investigations and alleged illegal activities.
Call centre and incident management services: In order to provide a Customer Service and call centres, actions to measure Users’ degree of satisfaction and the provision of administrative support services, HAJDE may disclose Users’ data to companies located outside the EEA, provided it is authorised to do so and the security requirements mentioned in the preceding section have been met.
Telecommunications services: In order to be able to provide Users with telephone contact services, HAJDE may contact telecommunications companies that provide secure lines and systems for the purpose of contacting Users
Companies in the HAJDE group: In order to be able to provide its services, HAJDE may transfer certain personal data of Users to subsidiaries, based on the geographical area from which users request our services. Users are hereby informed that, when they register on the Platform from any country in which HAJDE operates, their data will be stored on HAJDE’s database, which is located in Ireland and belongs to the Spanish company HAJDE. In the case of subsidiaries located outside the EEA, the data will be transferred, using the systems established by the European Commission and the GDPR, to countries with an appropriate personal data protection level or through contracts approved by the European Commission establishing and guaranteeing the rights of data subjects.
Social media connected by Users: If a User connects his/her HAJDE account to other social media or to a third-party platform, HAJDE may use the information provided to such social media or third party, provided that it has been made available to HAJDE in compliance with the privacy policy of the social media or third-party platform in question.
Third parties associated with HAJDE for the purposes of commercial communications: Hajde may, with a User’s express consent, transfer his/her personal data to third parties associated with Hajde, provided that the User has given his/her express informed and unequivocal consent to such transfer of data and is aware of the purpose and recipient of such transfer.
Changes of ownership: If HAJDE’s ownership changes or the majority of its assets are acquired by a third party, Users are informed that HAJDE will transfer their data to the acquiring organisations in order to continue to provide the services subject to the processing of data. The new file controller will inform Users of its identification data. HAJDE states that it will comply with its duty of information to the relevant Supervisory Authority in the event of such circumstances arising, and it shall inform Users of the change of file controller if and when this happens. This processing shall be carried out under the contract entered into with HAJDE.
Insurance companies: Hajde may provide users’ data to those insurers and insurance brokers with which it has an agreement in place for the management and processing of claims and losses arising from the activity carried out by Hajde and the parties that collaborate with it.

HAJDE Users’ data will not be disclosed to any third parties unless: (i) this is necessary in order to provide the services requested if HAJDE is collaborating with third parties; (ii) if HAJDE has the User’s express and unambiguous authorisation; (iii) where this has been requested by a competent authority pursuant to its functions (in order to investigate, prevent or take action in relation to illegal actions); or (iv) finally, where required by law.

1.5. Processing the Data of Job Applicants who Contact Hajde Using the Forms in the Hajde Jobs Section

These provisions shall apply to those persons who contact HAJDE through its website for the purpose of applying for an available position (“Applicants”).

1.5.1. Purpose

To consider the Applicant’s present or future suitability for any of the positions available at HAJDE.

In addition, HAJDE shall process the Applicant’s data for the purpose of conducting any interviews it may deem necessary for the position, test the Applicant’s knowledge, contact companies for which he/she has previously worked, check references, and assess the Applicant’s skills and abilities in general.

1.5.2. Legal Basis for Processing

Before submitting their application, Applicants must consent to the processing of their data, expressly agreeing to everything set forth in this Privacy Policy. HAJDE may also process their data for the purpose of considering the possibility of establishing a contractual relationship and in view of the fact that such consideration was requested by the Applicants themselves.

1.5.3. Recipients of the Data

An Applicant’s data may be accessed by technology service providers and platforms contracted by HAJDE for the purpose of managing its recruitment processes. An example of these is Greenhouse Software, Inc., which is located in the United States of America and has been contracted by HAJDE to manage its recruitment tasks and contracting processes. This means that the personal data of Applicants located outside the United States will be transferred to the United States. Since the EU Commission has decided that US data privacy laws do not provide an adequate level of protection for personal data, the transfer will be subject to appropriate additional safeguards in accordance with standard contractual terms and/or the Privacy Shield scheme. At the same time, the Applicant’s data will be stored on Google, Inc. and on the servers of Amazon Web Services, which will act as processors and which are in compliance with the General Data Protection Regulation, and HAJDE has a written agreement with each of them.

Depending on the position for which the Applicant is applying, his or her personal information may be transferred to other HAJDE group companies for the purpose of assessing his/her application for the relevant country.

1.5.4. Retention of Data

The Applicant’s data will be retained for the duration of the selection process and, if the Applicant is not selected, for three (3) years following the end of such process, and the Applicant may exercise any of the rights set forth in Clause 4 of this privacy policy at any time.

1.6. International Data Transfers

When choosing service providers, HAJDE may transfer users’ data outside the borders of the European Economic Area. In such cases, HAJDE will ensure before sending the data that such service providers are in compliance with the minimum security standards established by the European Commission and that they always process the data in accordance with HAJDE’s instructions. HAJDE may have a contractual relationship with them under which the service providers agree to comply with HAJDE’s instructions and to put in place the necessary security measures to protect Users’ data.

1.7. Retention Periods

Users’ data will be retained during the performance and maintenance of the contractual relationship; i.e. for as long as they are HAJDE Users or until they exercise their right to restrict the processing of their data.

Once a User has cancelled his or her registration with the Platform, HAJDE will keep his or her data for the time established in the tax, health, criminal and any other legislation that may apply, for the purpose of filing and defending any actions to which HAJDE may be a party. HAJDE will in any event block Users’ data so that it can only be consulted if an action has to be filed or defended in connection with it.

Specifically but without excluding any other legislation that may apply, the data will be retained following termination by the User as provided in the table in Annex II.

Regarding anonymous information, HAJDE will apply everything set forth in Recital 26 of the GDPR, according to which “The principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. This Regulation does not therefore concern the processing of such anonymous information, including for statistical or research purposes.”

1.8. Profiling and decision making

HAJDE does not adopt any decision that could affect User significantly based solely on automated processing of User’s data (for example, reordering from the stores where Users have ordered in the past). The only decision-making processes of HAJDE are conducted by applying human intervention.

When using the application, HAJDE classifies Users based on the information provided by them about their usage of the application to adapt it to their needs and to improve it. The classification is conducted by solely using first party data. HAJDE use information that Users provide HAJDE, such as their historical orders and popularity among new users to suggest similar stores that could be of Users’ interest.

Exercise of Rights

Users may exercise their rights free of charge at any time using the form available on the Platform. They may also exercise their rights by sending an e-mail to the following e-mail address info@hajde.market The e-mail must specify which right they wish to exercise, as well as, where applicable, the identifying data registered on the Platform. We will contact the User if we need additional data to that provided in order to verify his or her identity.

You may exercise the following rights vis-à-vis HAJDE:

The right of access to your personal data in order to know which data is being processed and the processing operations carried out thereon;
The right to correct any inaccuracies in relation to your personal data;
The right to the erasure of your personal data, where possible;
The right to request the restriction of processing of your personal data when the accuracy, legality or need for processing of the data is in question, in which case we may retain the data for the purpose of filing or defending claims.
The right to object to the processing of your data in order to resolve any query you may have raised with us through the contact form, and the right to object to the processing of your data on social media and/or for the purpose of processing your CV. In addition, you may withdraw your consent to the receipt of commercial communications at any time, through the Platform User profile, either by sending an e-mail or by using the link provided for this purpose in every commercial communication. You can also object to profiling at any time through the Platform User profile or by sending an e-mail.

If you believe that HAJDE is in breach of data protection law, please do not hesitate to contact us at the e-mail address info@hajde.market telling us what you consider to be the case, so that we can resolve the problem as soon as possible.

Security Measures

HAJDE has taken the necessary steps recommended by the European Commission and the competent authority to maintain the required security level, according to the nature of the personal data processed and the circumstances of the processing, in order to avoid, to the extent possible and always in accordance with the state of the art, its alteration, loss or unauthorised access or processing. As mentioned above, the personal data supplied will not be disclosed to third parties without the data subject’s prior authorisation.

Notifications and Modifications

As stated above, all Users have the right to access, update and erase their data, as well as object to its processing. You may exercise these rights, or make any enquiries in relation to HAJDE’s Privacy Policy, through the Contact Form.

Due to the constant evolution of HAJDE’s activities, this Privacy Policy, the Cookie Policy and the Terms of Use are also subject to change. HAJDE will send Users notifications about substantial changes and modifications to such documents by e-mail or through any other method that ensures their receipt. In any case, HAJDE will in no event modify its policies or practices to make them less effective in the protection of our customers’ previously stored personal data.