We are a company established under the laws of Wyoming (USA) and we strictly comply with all the requirements of the European GDPR and the EU-U.S. Data Privacy Framework.

GPRD - EU-U.S. Data Privacy Framework

Below we offer you all the information on the General Data Protection Regulation, its application and detailed requirements.

1.1. What is it?. Who does it apply to?

The EU General Data Protection Regulation is enforced for European companies but also requires companies outside the European Union to protect personal data.

GDPR is a European Union data privacy law that requires organizations to keep data secure, while giving people more control over how their data is used.

1.2. What are the requirements that need to be fulfilled?

This is the compliance checklist that applies to all businesses and US businesses:

Legal basis and transparency

Data safety

Responsibility and governance

Privacy rights

"Portal", "web site", "site" or "Website": The main Gespet website (gespet.com) as well as all subdomains.

"User", "users", "client", "clients", "customer", "customers", "you", "Contracting Party" or "Contracting person": Any individual or legal entity that contracts, accesses, browses, or uses the Service; uses contact forms, demo access forms, or purchasing forms; accesses the User support center; engages with social media; and the Portal, even if no purchase is made, and who uses, accesses, or utilizes the Contents provided therein.

"Contents": Any information, text, link, software, material, images, videos, documentation, etc., whose provision and access occur solely online through the Portal and by navigating through it.

"Gespet", "Services", "the platform", "the service" or "we": Services offered on our website and accessible through gespetsoftware.com and any of its subdomains.

We are a company based in the United States (USA), and therefore, your data is transferred to the United States (USA). As the Controller or Processor, we are committed to respecting and complying with the obligations arising from Data Protection Laws.

The User or Client authorizes and accepts that we store their data in a computer file for internal use and to facilitate the provision of services.

The User consents to the processing of their data in the terms indicated in this document by accepting this Privacy Policy when registering as a User or Client, when contacting us by any of the means of contact provided including the website, chat, blog, social networks, contact forms, purchase forms, request for access to the demo, support form and customer support area among others.

The User must refrain from providing personal data of other interested parties, unless they have the relevant authorization, according to which said interested parties will have been previously and duly informed about the content of this Privacy Policy and, specifically, that they consent to your data is provided to us to be treated according to the corresponding purposes, as well as that you can exercise the rights of access, rectification, cancellation and opposition (hereinafter, jointly called ARCO) in the terms described in this same Policy.

3.1. What data do we collect? How do we collect your data?

The only information we store is the information that you voluntarily provide to us when filling out forms on our website and within the Gespet platform, emailing us or support ticket, writing to us or contacting us via email, blog, chat, phone, social media, or any other means.

We do NOT collect or store sensitive information about you (banking details, economic information, health information, loans, etc.). The only information about the User that we collect and store is basic data that identifies you in order to contact you:

• Contact person's name

• Contact person's email

• Contact person's alternative email

• Areas of Business Interest

And the required information for the configuration of your account:

• Business name

• Business Country

• Language

Additionally, to ensure security, comply with data protection laws, and provide technical support, we also store the following technical information:

• Name and version of the web browser.

• IP address.

• Name of the operating system.

• Device type.

All data is provided by the user themselves when contacting us through our email or social media, filling out any of the forms on the website or on the Gespet platform, or when opening a support ticket through our support area to obtain help and technical assistance, the additional technical data is collected automatically. It is the user who expressly authorizes receiving communications from us.

We are absolutely opposed to the practice of spamming. We will only use these contact details to send the user, via email, information related to the contracted service, updates being implemented on the platform, keep them informed about news we believe are of interest to them, or send important notifications such as upcoming renewals, service expiration, changes in legal terms, or similar.

3.2. How will we use your data?

The reasons for collecting and processing your personal information depend on your relationship with us and for us to:

• Respond to your questions via email or social media.

• Address your questions when you visit the website through our contact forms.

• Handle your support tickets and provide technical assistance.

• Process your purchase orders and payments through our payment provider.

• For billing and collection purposes, if you have subscribed to one of our payment plans.

• Create, maintain, and manage your Gespet account.

• Ensure the security of the website, platform, and your Gespet account.

• Investigate, prevent, and manage fraud and violations of our Legal Terms.

• Comply with data protection laws, tax laws, and legal obligations arising from your contract with us.

• Comply with applicable laws to which we are subject.

• Enable third parties to provide services to us.

• Send you emails with important notifications about your contracted services.

• Send you important emails regarding security and privacy.

• Send you emails with updates about products and services of interest.

• Send you emails with information about new products and services of interest.

Your personal information is not shared with anyone, unless a Law or a community norm provides otherwise, or if it is necessary for the provision of the contracted service.

In this case, we will only communicate those essential data to manage the request and provide the contracted services, so that the assignment responds to the free and legitimate acceptance of a legal relationship existing between the interested parties and us, whose development, compliance and control necessarily imply the connection of the data and that includes the necessary transmission of the same.

In the event that a User leaves a comment or interacts socially with social networks, they must bear in mind that their data will be published in the environment in which they act, that is, they will be expressly authorizing the communication of their data -associated with the action they carry out. - to other Users who access the website or social network.

If necessary, we may share certain of your information with the following people or groups of people:

• Subcontracted service providers. Our service providers (including IT providers) may have access to your information as part of their service to us. Our service providers are subject to strict contractual obligations to treat your personal information confidentially and to comply with data protection law at all times.

3.3. How do we store your data?

We collect, process, and securely store your personal information in the United States (USA).

We transfer personal information outside the European Economic Area (EEA) to the following service providers. For each recipient, we have identified the current legal safeguards to ensure that your information is protected:

• Freshworks (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

• Linode LLC. (USA). EU-US Data Privacy Framework.

• Google LLC. (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

• Sentry RT of FUNCTIONAL SOFTWARE, INC. (USA). EU-US Data Privacy Framework.

• Mailgun (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

• Stripe (Ireland, EU). EU-US Data Privacy Framework. USA and European Data Protection Authorities.

• PayPal (USA - EU) EU-US Data Privacy Framework. USA and European Data Protection Authorities.

• Government bodies and courts. If we have a legal obligation to do so, we will share your information with government agencies, regulators and/or courts.

• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. If a change occurs to our business, the new owners may use your personal data in the same way as set out in this privacy policy.

3.4. Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation

• Protect and defend the rights or property of the Company

• Prevent or investigate possible wrongdoing in connection with the Service

• Protect the personal safety of Users of the Service or the public

• Protect against legal liability

3.5. Security

The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Gespet, in its capacity as a Processor, has implemented the technical and organizational measures necessary to ensure the security of personal data and prevent its alteration, loss, processing, or unauthorized access, in accordance with current regulations on the protection of personal data. Gespet only provides the technical infrastructure, and its responsibility is limited to the security measures related to these functions.

Therefore, its responsibility will be limited to tasks that, by their nature, must be carried out by Gespet directly on the platform and/or servers. Gespet disclaims any responsibility for the breach of the security systems of the Contracting Party or the inviolability of information when transported through any communication network. Gespet will also not be held accountable for security incidents resulting from an attack or unauthorized access to the platform, communication networks, devices, and/or servers, making it impossible to detect or prevent even when necessary measures are taken according to the current state of technology. This also applies to the lack of diligence on the part of the User or Contracting Party regarding the safekeeping of access keys, devices, communication networks, and/or personal data.

The Contracting Party acknowledges that these measures comply with the security level applicable to the type of information processed as a result of the service provided by Gespet on behalf of the Contracting Party, in accordance with the current regulations on data protection. It is solely the responsibility of the Contracting Party to assess whether the conditions of this agreement are suitable for their needs and comply with the legal requirements to which they are obligated as the Data Controller/Processor.

3.6. Legitimation

The User who uses or contracts the service (User, Client or Contracting person), or, where appropriate, the third entity that decides on the purpose, content, use and treatment of personal data, are the solely responsible for the data that is collected and stored in the platform and/or on the servers. We treat the information hosted on its account and/or servers exclusively on behalf of the Contracting person under the terms and conditions stipulated herein.
The Contracting person, or the third party to which it is providing a service processing data for which it is responsible, state that they are the owners of files that contain legally collected personal data and that, by virtue of the services contracted to Gespet, authorizes their treatment and processing to the extent necessary for their provision.

Gespet only provides the technical infrastructure, circumscribing its responsibility to the security measures provided in relation to these functions.

The User assumes all responsibilities for the data collected and hosted in the platform and/or servers, and Gespet is expressly exonerated from all types of civil, criminal or any other type of liability that may arise from claims in relation to the contents that the User store or use.

The User or Contracting Party of Gespet, as the Data Controller, is responsible to Gespet, acting as the Processor, and agrees to indemnify Gespet for all damages, losses, interests, and claims that Gespet may incur as a result of a third-party lawsuit or claim, filed due to a breach by the User or Client of Gespet of the obligations arising from this contract. This includes, in general, the User's role as an intermediary or processor for Gespet, excluding any consequences directly resulting from Gespet's failure to meet its legal or contractual commitments.

The User is responsible for the data and must carry out the actions required by law for the processing and registration of data files with the relevant authorities. If the User violates regulations, they will be held responsible and will assume any sanctions imposed as a result of this lack of legitimacy.

Gespet will solely act as the Processor or data processor and will only process the data on behalf of the file controller, complying with the provisions of this agreement. Gespet will also handle the destruction of the data once the contracted service is completed, as stipulated in the conditions expressed in this agreement.

3.7. Obligations and subcontracting

In cases where Gespet may have access to the data, it commits not to apply, use, or disclose the processed data for purposes other than those detailed in these legal conditions. As a Processor, Gespet will only process the data contained in the user's account and/or servers to execute the services contracted on behalf of the User or Contracting Party in accordance with the provided instructions, and under no circumstances will it use them for purposes other than those agreed upon.
Gespet will not communicate or allow access to the processed data to any third party, even for storage, unless otherwise specified, or the communication is necessary for the provision of contracted services, or the transfer is mandated by a law with the force of legislation. In this regard, the contracting party expressly authorizes Gespet, when contracting any of its services, to subcontract on its behalf and at its expense any entities necessary for the proper provision of services.

The entities thus subcontracted will have the status of Controller or Processor, be subject to the same data protection and confidentiality rules as Gespet, and regulate their relationship with Gespet in accordance with data protection regulations.

In compliance with current legislation, the platform ensures the integrity, preservation, accessibility, readability, traceability, and unalterability of records.

In the event that the Contracting person acts as the person in charge of the treatment of a third entity responsible for the data, he must guarantee, before contracting any service that involves the treatment of said data, that he has the express authorization of this to proceed with the subcontracting of the services entrusted to it, it also ensures that the relationship with the third party entity responsible for the data is legally regulated in accordance with the requirements of current regulations on data protection prior to the service contracting. Otherwise, you must refrain from subcontracting with Gespet and if you breach this prohibition you will be responsible and will assume any sanction that is imposed on it as a result of this lack of legitimacy.

If you have expressly requested it, we will occasionally send you information about our services, updates or service-related content that we think you may be interested in. You have the right at any time to stop us from contacting you for marketing purposes. If you no longer want us to contact you for marketing purposes, you can click on the option enabled for this purpose in all emails or by clicking here

We want to make sure you know all your data protection rights:

• The right of access: you have the right to request copies of the personal data we store about you from our company.

• The right to rectification: you have the right, in certain circumstances, to have your information rectified, blocked, deleted or destroyed if it is inaccurate.

• The right to erasure: You have the right to request that our company erase your personal data, under certain conditions.

• The right to restrict processing: You have the right to request that our company restrict the processing of your personal data, under certain conditions.

• The right to object to processing: You have the right to object to the processing of your personal data by our Company, under certain conditions.

• The right to data portability: You have the right to request that our company transfer the data we have collected about you to you, under certain conditions.

• If you make a request, we have a month to respond. If you wish to exercise any of these rights, please contact us via our email. See Contact section below.

We use cookies to provide a better service and provide you with a better browsing experience.

6.1. What is a Cookie and what is it for?

A Cookie is a small file that is stored on the User's device (computer, tablet, smartphone or any other) with information about browsing.

The set of cookies helps to improve the quality of websites, providing information of interest and are essential for the operation of the Internet, providing innumerable advantages in the provision of interactive services, facilitating navigation and usability of the websites.

In no case can cookies damage a device. On the contrary, if they are active, it is possible to identify and resolve errors more efficiently.

For more information, visit allaboutcookies.org.

6.2. What types of cookies are there?

6.3. How do we use cookies? What types of cookies do we use?

The following tables explain how we use cookies on the Portal and in the software.

By using this Portal and the software, you expressly consent and agree that we store these cookies on your computer or device for the stated purposes.

6.4. How can you configure or disable your cookies?

You can allow, block or eliminate the cookies installed on your computer by configuring the options of your web browser (or Browser). If you do not allow the installation of cookies in your browser, you may not be able to access some of the services and your experience on our website may be less satisfactory.

In the following links you have at your disposal all the information to configure or disable cookies in each browser:

• Google Chrome
• Mozilla Firefox
• Internet Explorer
• Safari
• Safari for IOS (iPhone and iPad)
• Chrome for Android

By browsing and continuing to access/use the website, the demo, the platform and your Gespet account, you confirm your consent to the use of cookies.

Our company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

We keep our privacy policy under regular review and we will make the necessary updates on this web page. This privacy policy was last updated on January 28, 2023.

In the case of significant changes, we will send you a notification through the platform or by email.

9.1. How to contact us

If you have any questions about our company's privacy policy, the data we have about you, or if you wish to exercise one of your data protection rights, please do not hesitate to contact us by email or by clicking here.

ONEDA Group, LLC is a company established under the laws of Wyoming with its registered office at 30 N. Gould Street, Suite N, Sheridan, WY 82801. U.S.

gespetsoftware[at]gmail.com   |   @gespet_software   |   @Gespet   |   Gespet help and support area

9.2. How to contact the proper authorities

If you wish to file a complaint or if you believe that Our Company has not addressed your concern to your satisfaction, you may contact the Information Commissioner's Office.