Table of contents
3. PERSONAL DATA PROCESSED THROUGH MERE ACCESS TO THE WEBSITE
4. OTHER PERSONAL DATA PROCESSING
4.1. Cookies and similar technologies
4.6. “Ebooks” and “White papers” form
4.8. “Let’s work together” form
5. USER RIGHTS AND HOW TO EXERCISE THEM
1. WEBSITE CONTROLLER
This website is operated by TRUEITSYSTEMS S.L., Spanish Tax ID (NIF) B87306841, with its registered office at Miguel Yuste 17, 28037 Madrid, Spain (hereinafter, “ICR” or “the Company”).
The Company has formally appointed a Data Protection Officer (hereinafter, the “DPO”), who can be reached out at dpo@icr-evolution.com.
2. PURPOSE
ICR respects the privacy rights of its Users and recognises the importance of protecting the personal data the Company collects about them.
The purpose of this Policy is to inform Users of this website about the personal data processing activities carried out through it.
3. PERSONAL DATA PROCESSED THROUGH MERE ACCESS TO THE WEBSITE
3.1. What data is processed
By the mere act of accessing the website, the Company collects the User’s IP address along with other data relating to the connection and its origin. The IP address is a code that identifies the User’s internet connection at a specific moment in time.
Only the User’s internet service provider is able to identify the subscriber assigned to a particular IP address at a given time.
Due to the very nature of the server hosting the website, the User’s IP address is automatically recorded together with the date and time of access.
3.2. How this data is used
This data is used solely to manage the normal operation of the website and to carry out statistical analyses of its usage.
3.3. Data recipients
The Company does not share this information with any third party, except where required to do so by applicable law (for example, an official request issued during a police investigation).
3.4. Legal basis
The legal basis for processing the IP address is the technical necessity of doing so in order to make the website available.
3.5. Data retention period
IP addresses will be retained for a period of 1 month.
4. OTHER PERSONAL DATA PROCESSING
4.1. Cookies and similar technologies
The Company uses cookies and other similar mechanisms for storing and retrieving data on end-user devices (hereinafter, “cookies”).
Cookies are files downloaded to the User’s browser which can later be read by the Company. They enable a range of functions — for example, recognising a User who has previously visited the website and carrying out analyses of how the service is used so that it can be improved. The User’s identity cannot, however, be determined from the cookies used by ICR, unless the User provides additional information through other means that can be linked to the cookies stored on their device. For further details, please refer to our Cookie Policy.
4.2. Contact form
ICR will process the data submitted through the contact form in order to respond to the contact request.
- Legal basis: The User’s consent, given at the moment of submitting their contact request.
- Retention period: The data will be processed for as long as necessary to respond to the User’s request. Afterwards, it will be blocked and retained for 3 years to address any potential liabilities arising from the processing.
You may withdraw your consent and exercise your rights at any time, as set out in the User Rights section of this Privacy Policy.
4.3. Product demo request
ICR will process the data submitted through this form in order to respond to the request.
- Legal basis: The User’s consent, given at the moment of submitting their request.
- Retention period: The data will be processed for as long as necessary to respond to the User’s request. Afterwards, it will be blocked and retained for 3 years to address any potential liabilities arising from the processing.
You may withdraw your consent and exercise your rights at any time, as set out in the User Rights section of this Privacy Policy.
4.4. Newsletter subscription
ICR will process the data submitted through the subscription form in order to send you our newsletter, keeping you informed about ICR’s products, services, events and news that may be of interest to you.
- Legal basis: The User’s consent, given at the moment of submitting their newsletter subscription request.
- Retention period: The data will be processed indefinitely until the User revokes their consent or requests the deletion of their data.
In every communication, the User may object to receiving this type of information through the specific unsubscribe mechanisms, as well as request, where applicable, the withdrawal of their consent, the right to object, or the deletion of their data, as set out in the User Rights section of this Privacy Policy.
4.5. Chatbot
ICR will process the data submitted through the chatbot in order to respond to the contact or demo request initiated by the client through this channel. ICR does not require the input of any specific personal data; the data processed will therefore be that voluntarily provided by the User.
- Legal basis: The User’s consent, given at the moment of submitting their request.
- Retention period: The data will be processed for as long as necessary to respond to the User’s request. Afterwards, it will be blocked and retained for 3 years to address any potential liabilities arising from the processing.
You may withdraw your consent and exercise your rights at any time, as set out in the User Rights section of this Privacy Policy.
4.6. “Ebooks” and “White papers” form
ICR will process the data submitted through this form in order to fulfil the User’s download request.
- Legal basis: The User’s consent, given at the moment of submitting their request.
- Retention period: The data will be processed for as long as necessary to respond to the User’s request. Afterwards, it will be blocked and retained for 3 years to address any potential liabilities arising from the processing.
You may withdraw your consent and exercise your rights at any time, as set out in the User Rights section of this Privacy Policy.
4.7. “Watch webinar” form
ICR will process the data submitted through this form in order to respond to the request.
- Legal basis: The User’s consent, given at the moment of submitting their request.
- Retention period: The data will be processed for as long as necessary to respond to the User’s request. Afterwards, it will be blocked and retained for 3 years to address any potential liabilities arising from the processing.
You may withdraw your consent and exercise your rights at any time, as set out in the User Rights section of this Privacy Policy.
4.8. “Let’s work together” form
ICR will process the data submitted through this form in order to respond to your enquiry and explore a potential collaboration between the parties.
- Legal basis: ICR’s legitimate interest in contacting the individual whose email address is provided through the form.
- Retention period: The data will be processed for as long as necessary to assess a potential commercial partnership between the parties. Thereafter, retention periods will be linked to any commercial relationship subsequently established. Once that relationship ends, the data will be blocked and retained for the period legally required to address any liabilities arising from the processing.
You may exercise your rights at any time, as set out in the User Rights section of this Privacy Policy.
5. USER RIGHTS AND HOW TO EXERCISE THEM
Data protection law grants Users the following rights:
- Right of access: the User may find out what information is held about them, how it was obtained, who it has been shared with, and the purposes for which it has been processed.
- Right to rectification: the User may correct any inaccurate or outdated data.
- Right to erasure: the User may request that their data no longer be processed.
- Right to object: the User may request that their data no longer be used for a specific purpose.
- Right to restriction: the User may limit the processing of their data, while having it retained for a later purpose.
- Right to data portability: the User may obtain a copy of their data in electronic format and, under certain circumstances, request that it be transferred to another service provider. This right applies only to automated processing carried out on the basis of consent or for the performance of a contract.
- Right to withdraw consent: the User may withdraw any consent previously given for the processing of their data.
Exercising these rights requires the ability to identify the User making the request and to link their identity to the data processed by the Company. The Company is, however, unable to establish such a link from the data processed by the mere act of accessing the website, unless the User can provide documentation enabling identification (for example, a certificate from their internet service provider stating which IP address was assigned to them at a specific date and time).
Users are informed that they may exercise the rights described above, as well as withdraw any consent they have given, by writing to the postal address indicated above or by email to dpo@icr-evolution.com.
If Users wish to obtain further information, or believe their right to data protection has been infringed, they may contact the Spanish Data Protection Agency (www.aepd.es).
6. FURTHER INFORMATION
If you have any questions about the information set out in our Privacy Policy, you can send an email to dpo@icr-evolution.com.
7. SECURITY POLICY
ICR has chosen to manage its information systems in line with industry best practice, in alignment with ISO 27001:2022. Acknowledging the strategic importance of information systems, the Company — under the direction of senior management — establishes the following fundamental information security principles:
- Regulatory compliance: All information systems will comply with the applicable legal, regulatory and sector-specific requirements affecting information security. This includes, in particular, the provisions relating to the protection of personal data and the security of systems, data, communications and electronic services.
- Risk management: Risks will be reduced to acceptable levels, maintaining an appropriate balance between security controls and the nature of the information. Security objectives will be defined, regularly reviewed, and kept consistent with the wider information security framework.
- Awareness and training: Training programmes, awareness initiatives and educational campaigns will be implemented for all users with access to information, on matters related to data security.
- Confidentiality, integrity and availability:
- Ensuring that information is accessible only to authorised persons, entities or processes, preventing unauthorised access.
- Ensuring the integrity of the information, keeping it accurate and complete, with particular attention to the precision of content and supporting processes.
- Ensuring the availability of information, safeguarding business continuity through contingency plans supported by information services.
- Accountability: All ICR personnel are responsible for their own conduct in relation to information security, and must comply with the rules and controls established.
- Continuous improvement: The effectiveness of the security controls in place will be reviewed periodically, in order to strengthen the Company’s ability to adapt to the constant evolution of risk and the technological environment.
- Incident management: An incident response plan will be in place to effectively address security breaches and minimise the impact of potential threats.