Privacy policy

  1. IDENTIFICATION

    1. Brainless Lab SL (hereinafter, the Company); unipersonal limited liability company; registered in the Mercantile Registry of Madrid, volume 28589, page 156, section 8, entry, sheet 514734, Inscription 1; with VAT B86168978; registered office in Avenida Séptima, 23, C.P. 41092, Madrid (Spain); and email contact@adsworkbench.com, is the owner of the website located at the Internet address https://www.adsworkbench.com and their accounts on social networks (hereinafter, this Website).
    2. The Company is the owner of the following accounts in social networks:
    3. The person accessing this Website (hereinafter, the User), ensures that it has the legal minimum age established by the General Data Protection Regulation (16 years) or by the national regulations that apply to grant the consent in relation to the services of the information society.
    4. By accessing this Website, the User expressly accepts all the clauses of its legal information, this privacy policy, its cookies policy, its terms of service, as well as all those particular conditions collected for the use of certain services. In case of not accepting any of the mentioned clauses, the User must refrain from accessing this Website.

  2. PROCESSING OF PERSONAL DATA BY THE CONTROLLER

    1. The information regarding the different processing carried out by the Company as controller is expanded below.

    Data provided in the application form "Sign Up"
    Who is the controller for the processing of your data? The Company (more information in point 1.1).
    Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to provide the requested service.
    How long will we keep your data? We will keep the personal data that you provide us, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.
    What is the legitimization for the processing of your data? The legal basis for the processing of your data is the execution of the contract.
    To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.
    What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, or he right to lodge a complaint with a supervisory authority (more information in point 6).
    What data should be mandatory? All the data in the application form is compulsory, if you do not provide us with such data, you will not be allowed to contact the Company.


    Data provided in the application form "Billing information"
    Who is the controller for the processing of your data? The Company (more information in point 1.1).
    Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to provide the requested service, and make the invoicing of it.
    How long will we keep your data? We will keep the personal data that you provide us, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.
    What is the legitimization for the processing of your data? The legal basis for the processing of your data is the execution of the contract.
    To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.
    What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, or he right to lodge a complaint with a supervisory authority (more information in point 6).
    What data should be mandatory? All the data in the application form is compulsory, if you do not provide us with such data, you will not be allowed to contact the Company.


    Data provided in the application form "Contact"
    Who is the controller for the processing of your data? The Company (more information in point 1.1).
    Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to manage what is indicated in your communication.
    How long will we keep your data? We will keep the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.
    What is the legitimization for the processing of your data? The legal basis for the processing of your data is your freely granted consent.
    To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.
    What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6).
    What data should be mandatory? All the data in the application form is compulsory, if you do not provide us with such data, you will not be allowed to contact the Company.


    Contact by email
    Who is the controller for the processing of your data? The Company (more information in point 1.1).
    Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, in order to arrange and reply the communications addressed to our email.
    How long will we keep your data? We will keep the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.
    What is the legitimization for the processing of your data? The legal basis for the processing of your data is your freely granted consent.
    To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.
    What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6).
    What data should be mandatory? You are not required to provide any information to contact the Company through email.


    Contact through social networks
    Who is the controller for the processing of your data? The Company (more information in point 1.1).
    Which is the purpose of the processing of your personal data? We will process the information you provide, or authorize access, for the purpose of managing contacts in social networks.
    How long will we keep your data? We will keep the personal data that you provide us, while your communication is being handled, as long as the commercial relationship is maintained, or during the time necessary to comply with legal obligations.
    What is the legitimization for the processing of your data? The legal basis for the processing of your data is your freely granted consent.
    To which recipients will your data be communicated? No data will be transferred to third parties, except legal obligation or prior authorization.
    What are your rights when you provide us with your data? You have the right to request from the Company access to and rectification or erasure of personal data or restriction of processing concerning the User or to object the processing as well as the right to data portability, the right to withdraw consent at any time, or he right to lodge a complaint with a supervisory authority (more information in point 6).
    What data should be mandatory? You are not requested to provide any information to contact the Company through social networks.

  3. PROCESSING OF PERSONAL DATA AS PROCESSOR

    1. The User who signs a contract for the provision of services with the Company as processors, authorizes him to process the personal data necessary to provide the requested service.
    2. For the execution of the services related to the fulfillment of the object of this assignment, the controller will make available to the Company, the personal data necessary to provide the requested service.
    3. This agreement will last as long as the commercial relationship is maintained. Once this contractual relationship ends, the Company must return to the controller the personal data, or transmit it to another processor designated by the controller, and delete any copy in their possession. However, the data may be kept blocked to address possible administrative or jurisdictional responsibilities.
    4. The Company and all his personnel are obliged to:
      • Use the personal data object of processing, or those collected for inclusion, only for the purpose of this assignment. In any case it may be used data for other purposes.
      • To process the data according to the instructions of the controller.
      • Keep, in writing, a record of all the categories of processing activities carried out on behalf of the controller, which contains:
        • The name and contact information of the processor or processors and each controller for which the processors acts.
        • The processing categories carried out by each controller.
        • A general description of the appropriate technical and organizational safety measures that you are applying.
        • Do not communicate the data to third parties, unless you have the express authorization of the controller, in the legally admissible cases. If the processor wants to outsource, he has to inform the controller and request his prior authorization.
      • Maintain the duty of secrecy regarding personal data to which you have had access under this order, even after the end of the contract.
      • Guarantee that the authorized persons to process personal data commit, expressly and by writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be informed conveniently.
      • Maintain at the disposal of the controller the documentation proving compliance with the obligation established in the previous section.
      • Guarantee the necessary training regarding the protection of personal data of the persons authorized to process personal data.
      • When the affected users exercise the rights of access, rectification, erasure and object, limitation of the processing and portability of data to the Company, this must be communicated by email to the controller's address. The communication must be made immediately and in no case beyond the working day following the reception of the request, together with, when appropriate, other information that might be relevant to resolve the request.
      • Notification of data security breaches: The Company will notify the data controller, without undue delay and through his email address, of the security breaches in relation to the personal data in his charge which he has knowledge of, together with all the relevant information for the documentation and communication of the incident. At least the following information must be provided:
        • Description of the nature of the violation of the security of personal data, including, when possible, the categories and the approximate number of interested parties affected, and the categories and the approximate number of personal data records affected.
        • Information of the contact person to obtain more information.
        • Description of the possible consequences of the violation of the security of personal data.
        • Description of the measures adopted or proposed to remedy the violation of the security regarding personal data, including, if applicable, the measures adopted to mitigate the possible negative effects. If it is not possible to provide the information simultaneously, and to the extent that it is not, the information will be provided gradually without undue delay.
      • The Company, at the request of the controller, will communicate those breaches of data security to the controller as soon as possible, when it is likely that the violation implies a high risk to the rights and freedoms of natural persons. The communication must be done in a clear and simple language and must include the elements indicated in each case by the controller, at least:
        • The nature of the data breach.
        • Data of the contact of the controller where more information can be obtained.
        • Describe the possible consequences of the violation of the security of personal data.
        • Describe the measures adopted or proposed by the controller to remedy the violation of the security of personal data, including, if applicable, the measures adopted to mitigate the possible negative effects.
      • Provide the controller with all the information necessary to demonstrate compliance with their obligations, as well as for the performance of audits or inspections carried out by the person in charge or by another auditor authorized by him.
      • Implement the necessary technical and organizational security measures to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.
      • Return to the controller the personal data and, if applicable, the media where they appear, once the service has been completed.
      • The return must involve the total deletion of the existing data in the computer equipment used by the Company. However, the Company may keep a copy, with the data duly blocked, as long as responsibilities for the execution of the provision can be derived.
    5. Duties the controller:
      • Provide the processor with the necessary data so that he can provide the service.
      • Ensure, prior to and throughout the processing, compliance with the General Data Protection Regulations of the Company.
      • Supervise the processing.

  4. GOOGLE USER DATA

    1. Ads Workbeck allows the User to automate the syncing of their contacts in theirs CRM / ESP systems with his Customer Match audiences in AdWords.
    2. In order to do this and as required action, the User must authorize the Ads Workbench application the programatic access via API to update his Customer Match audiences in AdWords.
    3. This authorization is carried on using the industry-standard protocol for authorization OAuth2, including the following Google scopes:
      • https://www.googleapis.com/auth/userinfo.email - This is scope is used to pull the email address of the user granting the authorization and it is used just for information purpose, allowing the User identify the authorized account.
      • https://www.googleapis.com/auth/adwords - The AdWords scope is used exclusively to update the User's Customer Match audiences on his behalf on a recurring basis.
    4. Additionally, if the User wants to use Google Sheets as a destination for the collected information from his leads, or as a source with contacts' data to refresh his custom audiences, and new OAuth2 authorization will be required, including the scope https://www.googleapis.com/auth/spreadsheets.

  5. SOCIAL NETWORKS

    1. When the User accesses the accounts of the Company on social networks, they accept the processing of their personal data by them according to their privacy policies:

  6. PAYMENT METHODS

    1. When the User accesses the payment methods, they accept the processing of their personal data by them according to their privacy policies:

  7. GUARANTEE

    1. The User guarantees that the information provided is truthful, accurate, complete and up-to-date, and is responsible for any damage or loss, direct or indirect, that may be caused as a result of breach of this obligation.
    2. If the data provided belonged to a third party, the User guarantees that he has informed that third party and obtained has authorization to provide his personal data to the Company.

  8. RIGHTS

    1. Right of access: The User shall have the right to obtain from the Company confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.
    2. Right to rectification: The User shall have the right to obtain from the Company without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the User shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
    3. Right to erasure: The User shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay.
    4. Right to restriction of processing: The User has the right to obtain from the Company restriction of processing.
    5. Right to data portability: The User has the right to receive the personal data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data has been provided.
    6. Right to object: The User has the right to object, on grounds relating to his or her particular situation, at any time regarding the processing of personal data concerning him or her. the Company shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
    7. Automated individual decision-making, including profiling: The User has the right to not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or affects him or her similarly.
    8. Right to withdraw his or her consent: The User shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. It shall be as easy to withdraw as to give consent.
    9. The User may exercise the rights of access, rectification, erasure, restriction of processing, object and portability at any time, by writing addressed to Brainless Lab, S.L., Santa María de la Guí­a Street, 7, 1ºC, C.P. 41008, Seville (Spain), or through the e-mail address contact@adsworkbench.com.
    10. More information about these rights here.