Disclosure to potential infringers about the processing of their personal data by Red Points acting on behalf of its clients.
Introduction
Red Points hereby informs that, by means of “bots” (autonomous programs that interact with certain domains and that capture content in their interaction with them) and an online platform property of Red Points, both of which are subject to configuration by Red Points’ clients, Red Points can process, on behalf of its clients, personal data of potential infringers of clients’ intangible rights (copyright, trademarks, industrial designs and similar) or of the sales terms and conditions of their online sellers when such clients engage Red Points’ services consisting of the search and enforcement of potential infringements according to the parameters indicated by each client to Red Points through the aforementioned online platform and configurable “bots”.
As a result, Red Points only carries out said processing upon a specific request by its clients, that is, acting as “Data Processor” under the instructions it receives from its clients who act as “Data Controllers” to the extent that it is the clients who, in their request for Red Points’ services, determine the purposes and means of the processing of personal data of potential infringers.
Therefore, prior to the processing and, specifically, of the client’s request to begin said processing by Red Points, this text serves to inform these potential infringers in a generic way about the processing of their data (that is, with regard to the processing entrusted to Red Points by its clients) notwithstanding what the clients directly and specifically inform the potential infringers of the complete processing of their data. The foregoing is within the fair balance of the fundamental rights at stake, specifically regarding the right of defense or to proper legal protection (art. 24 Spanish Constitution) of Red Points’ clients and the right to data protection (art. 18.4 Spanish Constitution) and, particularly, on the duty to inform (art. 14.5 of the European General Data Protection Regulation) potential infringers. Accordingly, the right to data protection and, in particular, the duty to inform, may be diminished by the fundamental right of defense and to proper legal protection.
Impact assessment
Red Points hereby informs that it has carried out a Privacy Impact Assessment regarding the processing of personal data that can be performed with its “bots” and online platform configurable by its clients. Notwithstanding the foregoing, Red Points’ clients, as Data Controllers, are responsible for such Privacy Impact Assessment.
Personal data processed and purposes
The personal data to be processed, regarding the intangibles that the client has marked as potential infringers or infringers to Red Points via the means described above, are those that are published in the Internet domains to be searched and, also, in other sources that allow to make online purchases, tests or simple online searches in order to identify the infringer who, supposedly, is violating the rights of the client as determined by the client.
Data referring to the name or pseudonym, email and/or telephone of those Internet users that may infringe the rights on the intangibles of Red Points’ clients will be collected on the basis of what is configured by them in the “bots” and the Red Points platform. The processing of such data is carried out for the following purposes:
- Prepare a list of possible infringements that will be validated by Red Points’ clients, whose rights may be violated by the acts of the alleged infringer.
- Monitor acts carried out by the alleged infringer, once validated by the client, in order to identify new infringements of the intangible assets of the client in different e-commerce platforms or similar sources.
- Filing claims/takedown requests on the web platforms where violations of the rights of Red Points’ clients have been located, once they have been validated by the latter, for their removal.
- In the event that the client has discarded the infringement and has identified its author as an authorized seller/distributor for the online sale of their products or services, their data will be processed for the control of the compliance with the established terms and conditions upon request of Red Points’ clients, as well as, where applicable, for further treatment entailing the search of possible matches between the data originally detected which relate different seller profiles in two or more marketplaces or similar sources, identifying information linking all of those to the same person.
General information of the Data Processor
The Legal Notice and Terms of Use provides all the details regarding Red Points as the entity in charge of data processing on behalf of its clients.
Legal basis for the processing
The legal basis for the data processing that Red Points performs on behalf of its clients is based on the legitimate interest of Red Points’ clients (that is, considering the client as Data Controller), of defending their rights over its intangibles and contractual term agreed with their sellers in the event of possible infringements, prevailing over the rights and freedoms of the data subject, otherwise the relevant investigation by Red Points’ clients would be hindered, if not impossible, as well as the implementation of effective measures by Red Points’ clients to stop the infringing activity and the exercise, where appropriate, of legal actions that allow the infringed rights to be reestablished and repaired. Therefore, informing the alleged infringers of the processing of their personal data would inevitably entail informing them of the investigation of the infringement, which would leave without effect the right of defense of Red Points’ clients as Data Controllers.
Availability of data by Red Points
In accordance with the provisions of art. 28 of the European General Data Protection Regulation, Red Points will only allocate personal data to its client, as Data Controller and holder of the intangible rights to protect. To the extent that some of these clients may be located outside the European Economic Area, this gives rise to an international transfer of data. For these cases, appropriate and suitable guarantees will be applied to safeguard the security of the data processing in accordance with European and Spanish regulatory provisions on data protection, notwithstanding what is established under the regulations of the country in which the client of Red Points is established. Moreover, based on the contractual relationship between Red Points and its clients, under the instructions of Red Points’ clients, those evidences and personal data of alleged infringers may be made available to the information and electronic commerce service providers for their withdrawal from the platforms managed by them, as well as to the corresponding authorities in compliance with legal obligations.
Term of conservation of personal data
The personal data will be kept for the entire duration of the contractual relationship between Red Points and each of its clients and, in any case, until the expiration of the period of responsibilities after the relevant blocking of the data (in general, for a period of 5 years).
Rights of the interested parties
Within the legal limits, the interested parties may in any case exercise their rights of access, rectification, deletion, opposition, limitation of the processing or portability of personal data without prejudice of the limits established by Law. Any interested party may consult their rights, as well as the conditions applicable to their exercise, in the Data Protection Policy.
In any case, to the extent that the rights of the interested party must be channeled through the Data Controller, Red Points does not assume any obligation or responsibility in this regard, notwithstanding the duty of collaboration that corresponds to Red Points as Data Processor towards its client as Data Controller.
However, the above mentioned weighing of rights of the Data Controller and the data subject, taking into account their conflicting interests, and within the limits allowed by art. 14.5 of the European General Data Protection Regulation, a waiver will apply with regard to informing the data subject of the processing carried out during the essential period of time.
Last update: October 2019
