Go Back

Privacy policy

Last updated: 12/12/2021

We are very pleased about your interest in Almendra and our company. Data protection is of a particularly high priority for the management of Napsis Technologies LLC. The use of the Internet pages of Napsis Technologies LLC is possible without any indication of personal data. However, if a data subject wants to use services or IOS and Android Mobile Application, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation and the Spanish Data Protection and Digital Rights Act collectively the GDPR, the Delaware Online Privacy and Protection Act (DOPPA) and in accordance with the country-specific data protection regulations Health Insurance Portability and Accountability Act (HIPPA) applicable to Napsis Technologies LLC. By means of this privacy policy, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, Napsis Technologies LLC has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Definitions

We use the following terms, among others, in this privacy policy:

  1. a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  1. b) Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

  1. c) Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  1. d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

  1. e) Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

  1. f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

  1. g) Controller or person responsible for processing.

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for in accordance with Union or Member State law.

  1. h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

  1. i) Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

  1. j) Third Party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

  1. k) Consent

Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

General Information

Name and address of the controller

The controller within the meaning of the applicable data protection laws and other provisions with data protection character is:

Napsis Technologies LLC

2055 Limestone Rd Ste 200C, Wilmington, DE, 19808

E-mail: hola@almendra.io

Website: www.almendra.io

Facebook: https://www.facebook.com/almendra.io

YouTube: https://www.youtube.com/channel/UC9wO_nSso__fRUqI3pMiadQ

Instagram: https://www.instagram.com/almendra.software/ 

Our principles

Napsis Technologies LLC processes personal data in order to better understand the needs of its customers and thus to be able to improve its services. Personal data will only be used in the specific context of your customer relationship with Napsis Technologies LLC to the extent permitted by law or on the basis of your prior express consent. 

In particular we are committed to the following key principles:

  • We protect your privacy and aim to provide you with a service that is tailored to your needs.
  • Personal data is collected for specific purposes based on your consent or a legitimate interest when you contact us.
  • You have the right to information and access to your personal data at any time and may request its correction or deletion.
  • We do not sell your personal data to third parties. However, if necessary and if explicitly mentioned afterwards or if you have consented, we may share your data with group companies, brand licensees, partners and other service providers. In this case, their own privacy policies may also apply.
  • We take all reasonable measures to ensure the security and protection of your data from misuse.
  • Personal data are processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its contents and the services offered.

Legal basis of processing

Art. 6 I lit. a GDPR serves us as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. 

If we are subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. 

In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. 

Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).



Data Processing When Using Our Website

Cookies

www.almendra.io uses cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, Napsis Technologies LLC can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping cart in an online store. The online store remembers the items that a customer has placed in the virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

A cookie is a small computer file, also called a "tracker", which is stored on your terminal device (computer, smartphone, device or cell phone) when you browse our website. This tracker makes it possible to identify the computer, smartphone, device or cell phone used and provides information about the user of the website.

For example, the cookies used by www.almendra.io allow it to collect information about your visit to the website, such as your browsing habits or language preference, in order to improve the browsing experience and the content and features of the www.almendra.io website.

There are two types of cookies:

  • Session cookies, which are deleted after the session and browser have been closed.
  • Persistent cookies, which are deleted from your terminal device only after their lifetime has expired.

The cookies used on the www.almendra.io website may be set by our company or by a third party or partner. When cookies are placed by third parties, they may access certain information about you. These cookies are usually used for analysis purposes, to measure visitors or to integrate website content with social networks.

How can you accept, reject, delete or set cookies in your browser?

When you arrive at the website, you can choose to accept, reject or set the parameters of the cookies used by the website through the cookie banner.

You also delete Cookies following the links embedded, Google Chrome, Mozilla Firefox, Flash cookies, Microsoft Internet Explorer, Opera, Safari



List of cookies used on the website

Cookie

Type

Description

Lifespan

_fbp

Advertisement

This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.

3 months

fr

Advertisement

Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.

3 months

test_cookie

Advertisement

The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

15 minutes

_ga

Analytics

The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

2 years

_gid

Analytics

Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

1 day

_gat_gtag_UA_167855969_1

Analytics

Set by Google to distinguish users.

1 minute

_gcl_au

Analytics

Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.

3 months

__hstc

Analytics

This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

1 year 24 days

hubspotutk

Analytics

HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

1 year 24 days

__hssc

Functional

HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.

30 minutes

__cf_bm

Functional

This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

30 minutes

__hssrc

Necessary

This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.

session

Collection of general data and information

www.almendra.io collects a series of general data and information each time a data subject or automated system calls up the website. This general data and information is stored in the server log files. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, Napsis Technologies LLC does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack. Therefore, Napsis Technologies LLC analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so that we can ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Registration on our website

The data subject has the opportunity to register on the website of the controller by providing personal data. Which personal data are transmitted to the controller in the process results from the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be transferred to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for an internal use attributable to the controller.

By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date as well as the time of registration are also stored. The storage of this data takes place against the background that only in this way can the misuse of our services be prevented and, if necessary, this data makes it possible to clarify committed crimes. In this respect, the storage of this data is necessary for the protection of the data controller. As a matter of principle, this data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal prosecution.

The registration of the data subject by voluntarily providing personal data serves the purpose of the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to registered users. Registered persons are free to modify the personal data provided during registration at any time or to have it completely deleted from the data stock of the controller.

The controller shall provide any data subject at any time upon request with information about what personal data is stored about the data subject. Furthermore, the controller shall correct or delete personal data at the request or indication of the data subject, provided that this does not conflict with any statutory retention obligations. The entire staff of the controller is available to the data subject as a contact person in this context.

Contact possibility via the website

www.almendra.io contains information that enables a quick electronic contact, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

Routine erasure and blocking of personal data.

The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of storage or insofar as this has been provided for in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply or if a storage period prescribed expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Google Analytics 

The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data on which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used for the optimization of a website and for the cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The controller uses the addition "_gat._anonymizeIp" for web analysis via Google Analytics. By means of this additive, the IP address of the Internet connection of the data subject is shortened and anonymized by Google if access to our Internet pages is from a Member State of the European Union or from another State party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the place from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose this personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the possibility to object to the collection of data generated by Google Analytics and related to the use of this website as well as to the processing of this data by Google and to prevent such processing. For this purpose, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information regarding visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the information technology system of the data subject is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. Provided that the browser add-on is uninstalled or deactivated by the data subject or another person attributable to his or her sphere of control, there is the option of reinstalling or reactivating the browser add-on.

Facebook Custom Audiences

Our website uses the "Custom Audiences" remarketing function of Facebook Inc, 1601 S. Delaware Ave, Palo Alto, CA 94304, USA ("Facebook"). This allows users of the website to be shown interest-based advertisements ("Facebook Ads") when visiting the social network Facebook or other websites that also use this procedure. In this way, we pursue the interest of showing you advertising that is of interest to you in order to make our online offers more interesting for you. The legal basis for the processing of your data is Art. 6 (1) f GDPR.

With Custom Audiences, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have called up our website or clicked on an advertisement from us. If you are registered with a Facebook service, Facebook can assign the visit to your Facebook account. Even if you are not registered with Facebook or have not logged in, it is possible that the provider processes your IP address and other identifying features.

Deactivation of the "Facebook Custom Audiences" function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#.

Further information on data processing by Facebook is available at https://www.facebook.com/about/privacy.

Hubspot

When you visit certain business sections of our website, our partner HubSpot uses the cookie listed below for functionality, performance and to track visitors. This cookie is used to keep track of a visitor's identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. Please refer to HubSpot`s usage policy for more information. The legal basis for the collection and processing of the data is Art. 6 (1) f GDPR. The legitimate interest in collecting and processing the data is to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and internet use.



Data Processing When Using Our App and Services

Almendra General mode of operation

This section explains how Napsis Technologies LLC, as the provider of Almendra (hereinafter referred to as "Almendra"), handles personal and sensitive data of its users. If you do not agree with this, you should not use the Almendra or the system.

Users can use the Almendra without providing any personal identifying information such as name, date of birth, mail address, etc. or registering for this service. This means we do not collect any personal identifying data from patients and have no way to identify them through the data the patient may have submitted. A combination with other data sources is not carried out by Napsis Technologies LLC and cannot be carried out by us under any technical circumstances.

As a user, patients have the possibility on the one hand of obtaining information about offers from a dietitian’s services and on the other hand, to a certain extent, of recording their own health data, transferring it in encrypted form to our server and making it accessible to the dietitians designated by them. In the event that the patient wishes to make data accessible to the dietitian, the patient must use the app, which creates a unique and unambiguous profile. 

Type of data processed 

Insofar as a contractual relationship is to be established between you and us, or its content is to be developed or changed, we collect and use personal data from you insofar as this is necessary for these purposes.

By order of the competent authorities, we may provide information about this data (inventory data) in individual cases, insofar as this is necessary for the purposes of criminal prosecution, to avert danger, to fulfill the statutory tasks of the constitution protection authorities or the Military Counter-Intelligence Service or to enforce intellectual property rights.

The data we collect from dietitians 

Firstname, lastname, date of birth, sex, mail, billing and payment data. Following the signup, we collect a set of data that allows us to know precisely how the clients want to use the platform (preferences) also the country, the date and time of the login, cell phone number, workplace among other information. 

The data collected by patients

The patient's data is directly collected, for the most part, by the dietitians. The dietitians may request just basic data (name, mail, gender) from their patients, or more personal data such as clinical history, food history, body measurements, etc. The use of Almendra is intended for use by patients, its completely optional to use, and in cases where it is used. As such the dietitian becomes the Controller and Napsis Technologies LLC, the Processor within the meaning of Article 24 of the GDPR.

Device information (App)

We collect information from and about the device(s) you use to access our services, including: hardware and software information such as IP address, device ID and type, device-specific and apps settings and characteristics, app crashes, browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address); information on your wireless and mobile network connection, like your service provider and signal strength; information on device sensors such as accelerometers, gyroscopes and compasses.

Usage data 

We collect and use personal data from you to the extent necessary to bill for the use of our services (usage data). This includes, in particular, features for your identification and information on the beginning and end as well as the extent of the use of our offer. We only use personal information from you within Napsis Technologies LLC and do not pass it on to third parties without your express consent.

We process data of Almendra users pursuant to Art. 6 para. 1 lit. b) GDPR on the basis of the contractual relationship, which has come about through registration and acceptance of our terms of use. We process patient data on the basis of Art. 9 para. 1, 2 lit h) GDPR for the fulfillment of our contractual obligations to you to provide the health data in the Almendra.

The data stored by you will be kept in our company until you terminate the contractual relationship with Napsis Technologies LLC.

You have the right at any time to request information, correction, deletion or restriction of processing of the data stored on our Amazon Web Services (AWS) server and to request that we provide you with the stored data in a standard electronic format.

Data transmission to dietitians using Almendra 

You have the optional option of entering your own personal data, in particular health data, transferring it in encrypted form to our Amazon Web Services (AWS) server and making it accessible to the dietitian by you.

Use of this function - entering health data and storing it on Almendra servers - is only permitted if your dietitian has registered with Almendra as a data recipient and accepted the terms of use. Data storage without prior registration of your dietitian is not permitted.

We as the operator of the app and the servers have no way of assigning the stored data to any natural person; from our point of view, the data stored on our servers is anonymous.

Within the scope of this convenience function, your personal data, in particular health data, is stored on our systems for the purpose of enabling you to conveniently transmit your health data to the dietitian selected by you and thus to optimize your treatment and therapy success.

We process your data on the basis of Art. 9 para. 1, 2 lit h) GDPR to fulfill our contractual obligations with your dietitian. If this agreement with your dietitian ends, for whatever legal reason, the health data will be deleted, unless there is a legal obligation to retain them.

You are not obligated to provide the personal data however as a consequence of not providing the data, the convenience of the Almendra service cannot be used, and thus the functions therapy control, questionnaires, values, diaries in the app cannot be used. The other functions can be used in full.

The data saved by you will be stored on our servers for the duration of the contractual obligations.

You have the right to information, correction, deletion or restriction of processing of the data stored on our servers at any time, as well as to have us provide you with the stored data in a standard electronic format. In order to exercise these rights, you must approach your dietitian. There is no other technical possibility of allocation, neither for us nor for third parties.

Receiving messages (push notification)

For individual areas, the app offers the option of being informed via push notification (push technology or Server Push describes a type of communication in which data is transmitted even though the receiving app is running in the background).

You can configure this function via the settings of your smartphone settings and activate/deactivate the notifications there. For the delivery of the messages, it is necessary to store a push token of your mobile end device.

Authorizations and Access

We may request access or permission to certain functions from your mobile device. The legal basis for data processing is our legitimate interest and the provision of contractual or pre-contractual measures. 

You can deactivate push notifications at any time via Settings/Messages (iOS) or Settings/Notifications/ (Android).

Push notifications for advertising purposes will only be sent to you if you have given your prior consent. The legal basis for sending promotional push notifications is consent. Deactivation is also possible via Settings/Messages (iOS) or Settings/Apps/ (Android).

Processing of personal data when using the offered services

Personal data will be collected, processed or used ("used") in connection with the services offered. This is always done in compliance with applicable law. Insofar as we use your personal data for a purpose that requires your consent according to the legal provisions, we will always ask for your express consent.

Administration, financial accounting, office organization, contact management

We process data in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are Article 6 (1) (c) GDPR, Article 6 (1) (f) GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose and our interest in the processing lies in the administration, financial accounting, office organization, archiving of data, i.e., tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the data mentioned in these processing activities.

In this context, we disclose or transfer data to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service provider.

Furthermore, based on our business interests, we store information on suppliers, and other business partners, e.g., for the purpose of contacting them at a later date. This data, most of which is company-related, is generally stored permanently.

Data transfer to our payment service provider Stripe

In order to fulfil the contract, we pass on your data to the company commissioned with the payment (Stripe), insofar as this is necessary for the payment of our services. Depending on which payment method you select, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to Stripe. In some cases, Stripe also collects this data themselves. In this case, Stripe`s privacy policy applies. The legal basis for the data processing is contract.

Other third party services

Mixpanel

Mixpanel is provided by Mixpanel Inc. You can prevent Mixpanel from using your information for analytics purposes by opting-out. To opt-out of Mixpanel service, please visit this page: https://mixpanel.com/optout/ For more information on what type of information Mixpanel collects, please visit the Terms of Use page of Mixpanel: https://mixpanel.com/terms/

CI/CD tools

We may use third-party Service Providers to automate the development process of our Service.

GitHub

GitHub is provided by GitHub, Inc. GitHub is a development platform to host and review code, manage projects, and build software. For more information on what data GitHub collects for what purpose and how the protection of the data is ensured, please visit GitHub Privacy Policy page: https://help.github.com/en/articles/github-privacy-statement.




Miscellaneous

Duration for which the personal data are stored.

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data will be routinely deleted, provided that they are no longer required for the performance of the contract or the initiation of the contract. legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is sometimes required by law (e.g., tax regulations) or may also result from contractual regulations (e.g., information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data by the data subject, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

General technical organizational measures

Napsis Technologies LLC has taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by Napsis Technologies LLC is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons in accordance with this Privacy Policy.

Legal defense and enforcement of our rights

The legal basis for the processing of your personal data in the context of legal defense and enforcement of our rights is our legitimate interest. The purpose of processing your personal data in the context of legal defense and enforcement of our rights is the defense against unjustified claims and the legal enforcement and assertion of claims and rights.

Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement of our rights. Consequently, there is no possibility for you to object.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

Accountability

In certain countries, including in the European Union, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how we process information. The data protection authority you can lodge a complaint with notably may be that of your habitual residence, where you work or where we are established.

Accuracy

It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.

Children Data

Our website is not intended for children, and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server

Social Media

The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication. 

If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.

As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform. As already explained, we can unfortunately hardly influence the web tracking methods of the social media platform. We cannot, for example, switch this off.

Please be aware: It cannot be ruled out that the provider of the social media platform uses your profile and behavioural data, for example to evaluate your habits, personal relationships, preferences, etc. We have no influence on this. In this respect, we have no influence on the processing of your data by the provider of the social media platform.

Delaware Personal Identity Information (PII) Statement

Commercial Partners

Individual(s) or companies that have been approved by us as a recipient of organizational PII and from which Napsis Technologies LLC has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to Napsis Technologies LLC and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.

PII Training

All new hires entering Napsis Technologies LLC who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data

PII Audit(s)

Napsis Technologies LLC conducts audits of PII information maintained by Napsis Technologies LLC in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.

Data Breaches/Notification

Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, Napsis Technologies LLC will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.

Confirmation of Confidentiality

All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgment reminders annually attesting to their understanding of this company requirement.

Violations of PII Policies and Procedures

Napsis Technologies LLC views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under Napsis Technologies LLC’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in Napsis Technologies LLC’s PII onboarding and refresher training to reinforce Napsis Technologies LLC’s continuing commitment to ensuring that this data is protected by the highest standards.

Your Rights

Delaware Specific Rights

If you are a Delaware resident, you have the following rights:

You have the right to:

  • request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell.
  • request that we delete personal information that we collect from you, subject to applicable legal exceptions.
  • “opt out” of the “sale” of your “personal information” to “third parties”

In addition, Delaware residents who provide personal information (as defined in the statute) to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year).

GDPR Specific Rights 

  1. a) Right to information

You have the right to request information and/or copies of the personal data stored about you.

  1. b) Right to rectification

You have the right to request that personal data relating to you be corrected and/or completed without delay.

  1. c) Right to restriction of processing

You have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure, and we no longer require the data, but you need it for the assertion, exercise, or defense of legal claims, or you have lodged an objection to the processing.

  1. d) Right to erasure

You have the right to request the erasure of your personal data stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defense of legal claims.

  1. e) Right to information

If you have exercised the right to rectification, erasure, or restriction of processing, we will inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

  1. f) Right to data portability

You have the right to have personal data that you have provided to us handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.

  1. g) Right of objection

Insofar as your personal data are processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object to the processing at any time pursuant to Article 21 (1) of the GDPR.

If we process your for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing in accordance with Art. 21 (2) GDPR; this also applies to profiling insofar as it is related to such direct marketing.

  1. h) Right to withdraw consent

You have the right to revoke your consent to the collection of data at any time with effect for the future. The data collected until the revocation becomes legally effective will remain unaffected. Please understand that the implementation of your revocation may take a little time for technical reasons and that you may still receive messages from us in the meantime.

  1. i) Right to complain to a supervisory authority

If the processing of your personal data violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority.

You can also exercise your rights of rectification and deletion most quickly, easily and conveniently by logging into your customer account and directly editing or deleting your data stored there. Please note that after deleting your data, the offers of our product partners via our website will also no longer be available to you. This includes, among other things, re-download options. Therefore, please save your data before asserting a claim for deletion. Data that we are required to store due to legal, statutory or contractual retention obligations will be blocked instead of being deleted in order to prevent it from being used for other purposes.

  1. j) Automated decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you (scoring).

Closing

Am I Obliged To Provide Data?

The processing of your data is necessary for the conclusion or fulfillment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfillment of the contract or that is not required by law.

Can we make changes to this Privacy Policy?

We reserve the right to update and amend all or parts of this Privacy Policy, at any time, to the fullest extent permitted under applicable law. The version published on the Site is the version actually in force.

As an individual whose personal data is processed as described in this Privacy Policy, you have a number of rights which are summarized below. Please note that exercising these rights is subject to certain requirements and conditions as set forth in applicable law.

Welcome to NAPSIS TECHNOLOGIES LLC

If you have any questions about this Privacy Policy, please contact us:

By email: soporte@almendra.io.