Privacy Policy of Viewed

1. Information about the Data Controller

If you register as a user on the platform https://www.viewed.app/en/ or provide your personal data in any other way, the entity responsible for handling that data is Viwom Video Marketing S.L. (hereinafter VIEWED), with its registered office at C/ Teruel nº 1, 1st floor, offices C and D, 26006 – Logroño, La Rioja (Spain).

You can contact VIEWED directly and effectively regarding this privacy policy at the email address: support@viewed.video

2. Processing of Personal Data through Viewed

VIEWED guarantees the protection of personal data voluntarily provided by the user in any of the following cases:

  • When personal data is provided through direct contact via email, sent to any of the email addresses that VIEWED makes available to users.
  • When filling out contact or registration forms.
  • When formalizing a contractual relationship.
  • When using any other service that involves the communication of data.
  • When linking the VIEWED account with any other email marketing or social media platform.

Personal data will be processed in accordance with the European Data Protection Regulation 679/2016, of April 27, hereinafter GDPR, and in accordance with the provisions of this policy, which is published based on the principle of proactive responsibility and transparency in information, and aims to demonstrate the unequivocal consent of the data subject.

In all cases, personal data will be retained in a manner that allows the identification of the data subject only for as long as necessary for the purposes of the processing.

2.1 Purpose of Data Processing

The personal data collected and processed by VIEWED through this website, trade shows, contracts, conferences, newsletters, sweepstakes, or other means, will be appropriate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

a) For Forms and Voluntary Submissions: The purpose of processing the data you provide through registration forms and other voluntary submissions is to manage your specific request. This includes responding to inquiries, managing subscriptions and newsletters, making commercial contact, registering you for events, and sending you documentation and information about our services. Additionally, we will use this data to send you commercial and promotional communications about VIEWED. You can opt out of these communications at any time if you wish.

b) For Contracting Services: When you contract our services, we use your data to establish and maintain the contractual relationship according to the service contracted. This includes managing historical records related to the provision of services.

c) For the Collection of Statistical Data on Social Media: Based on the data from your social media accounts, VIEWED will provide customized analysis and insights, and any data disclosure will be carried out in accordance with the Google API services user data policy.

2.2 Data Processing as Data Controller

VIEWED, as the Data Controller, decides how and for what purpose the data is processed.

2.2.1 Data Managed by VIEWED

a) For your registration request as a user on VIEWED: We will ask for your name, phone number, professional email address, and a password that will be securely stored. The email address and password will be your credentials to access VIEWED. We will send a verification email to the address provided.

b) For information requests: If you contact us to request information, we will ask for your name, email address, and phone number.

c) For linking your VIEWED account with your CRM or ESP for email marketing campaigns: When you link your VIEWED account with your CRM or ESP (such as Mailchimp), VIEWED will not access, collect, or store any information from your database. Our system will only have limited access to the list of email templates in your Mailchimp account to embed your videos in them.

d) For connecting your social media accounts with VIEWED to track video performance: When you connect your social media accounts (such as Facebook, TikTok, Instagram, and YouTube) with your VIEWED account, you can compare the performance of your videos on social media with those you send via email.

  • Access and storage of information and data:
    • User profile and posts: VIEWED will be able to access your profile information and posts on the connected social media accounts.
    • Statistics: You will be able to view the results of video campaigns sent via email and social media, comparing their performance through the VIEWED platform’s statistics area.
    • Social media APIs and other providers: VIEWED will use the APIs (Application Programming Interfaces) of YouTube, Facebook, and TikTok to access the necessary information. Access is obtained through an access token that is temporarily stored and updated when accessing specific pages of the social media networks.
  • Use and transfer of data:
    • The information obtained through these APIs is processed solely for the user’s benefit and is not shared with third parties.
    • For more details, you can consult Google’s privacy policy here.
    • The use and transfer of data obtained from Google’s APIs will comply with the Google API Services User Data Policy, including the limited use requirements.
  • Revocation of permissions:
    • You can revoke the permissions granted to VIEWED from our analysis page or directly from the social media platform or data provider.
    • For YouTube, you can revoke permissions through the Google Security Service here.

2.2.2 Obligations of VIEWED as Data Controller

a) Ensure that individuals authorized to process personal data expressly commit in writing to respect confidentiality and comply with the relevant security measures, which they must be properly informed about.

b) VIEWED will notify the user without undue delay, and in any case within a maximum period of 72 hours via email, of any data security breach involving personal data in its possession. The notification will include all relevant information to document and communicate the incident.

It is not necessary to notify if the personal data security breach does not pose a significant risk to your rights and freedoms.

c) In any case, VIEWED will implement measures to:

  • Ensure the confidentiality, integrity, availability, and continuous resilience of our data processing systems and services.
  • Quickly restore the availability and access to personal data in the event of a physical or technical incident.

2.3. Data Processing as Data Processor

In cases where VIEWED accesses and/or processes personal data for which its clients are responsible and acts as a data processor in accordance with current regulations, it commits to thoroughly regulate the content of the data processing agreements, addressing aspects such as:

  • Purpose, duration, nature, and objectives of the processing.
  • Designation of a data protection officer, if applicable.
  • Maintaining a record of activities that includes the types of personal data and categories of data subjects.
  • Obligation of the data controller to process personal data only following the documented instructions of the processor.
  • Conditions for the data controller to provide prior, specific, or general authorization for subcontracting.
  • Notification of data security breaches.

Once the contractual provision has been fulfilled, the data will be destroyed or returned, as agreed between the parties. However, VIEWED may use the data for research, scientific, and statistical purposes after anonymizing it.

3. Legal Basis for Data Processing

The legal basis for legitimizing data processing by VIEWED depends on the different processing activities, the type of data subjects, and the purposes of the data. For these cases, the basis for legitimization includes:

  • Acceptance or Explicit Consent: For individuals who contact VIEWED to request information, make inquiries, subscribe to information and newsletters, training, etc., and who voluntarily provide the requested personal data.
  • Contract: For clients who access VIEWED services and provide their consent through the formalization of the contract.
  • Legitimate Interests: The legitimate interests of VIEWED or third parties to whom the data is communicated prevail when contact data is collected beyond the forms indicated in the purpose of processing section (e.g., receiving business cards, email inquiries).

The services provided by VIEWED are aimed at professionals of legal age. The use of services offered by minors must be previously authorized by their parents, guardians, or legal representatives, as they are considered responsible for the actions of the minors in their charge.

4. Transfer

VIEWED only transfers personal data to third parties to fulfill its contractual or legal obligations of the service, with suppliers or public or private organizations. In these cases, the data subject consents to such transfers and can be informed about them in the exercise of their rights.

International Transfers: VIEWED informs that in the development of its activity, it uses services from suppliers located outside the European Economic Area, making an international data transfer, based on the “EU-US Data Privacy Framework” of July 10, 2023. Below are the providers so you can review their privacy policies:

The legal basis for these transfers is consent or legitimate interest.

5. Security Measures

The personal data provided or collected from users, for which VIEWED is responsible, is structured in files; automated or otherwise, and VIEWED maintains a record of processing activities in accordance with current regulations.

Additionally, for data processing, VIEWED establishes appropriate technical and organizational measures that ensure the confidentiality, integrity, availability, and resilience of the data included in the processing, necessary to guarantee their adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

  • The pseudonymization and encryption of personal data.
  • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • The ability to restore the availability and access to personal data quickly in the event of a physical or technical incident.
  • The process of regular testing, assessing, and evaluating the effectiveness of technical and organizational measures to ensure the security of the processing.

6. User Rights

The user can exercise their recognized rights regarding their personal data, as well as the revocation of consent for the mentioned uses, through a written communication with the request or exercised right directed to VIEWED at the address listed in this contract as VIEWED’s address or via email at support@viewed.video, proving their identification.

The recognized rights that can be exercised are as follows:

  • Access: Request information about the data we process, the purpose of the processing, and its legitimacy.
  • Rectification: Request the modification of the data if it is incorrect.
  • Erasure: Request the deletion of data in legally established cases.
  • Objection: Stop processing the data, except for justified reasons.
  • Restriction of Processing: Data will only be retained by VIEWED for the exercise or defense of claims.
  • Data Portability: In case you want your data to be processed by another PROVIDER, VIEWED will facilitate the portability of your data to the new controller.

For more information on exercising these rights, you can consult the citizen’s guide published by the Spanish Data Protection Agency.

If you believe that the processing of your personal data violates the regulations, you can file a complaint with the responsible parties at VIEWED or with the Spanish Data Protection Agency, through its postal address: C/Jorge Juan, 6, CP 28001, Madrid (Spain).

However, the data subject will be responsible, in any case, for the veracity of the provided data, reserving VIEWED the right to exclude any false or unlawful data, without prejudice to other actions that may be taken by law.

VIEWED warns that, except for a legally constituted representation, no interested party may use another person’s identity and communicate their personal data. For these purposes, the interested party will be solely responsible for the direct or indirect damages caused to third parties or VIEWED by using another person’s personal data, or their own personal data when they are false, erroneous, not current, inappropriate, or not pertinent.

Anyone who communicates the personal data of a third party will be responsible for the information obligation established in the GDPR for cases where the personal data has not been collected from the data subject, and/or for the consequences of not having informed them.