We use our own, functional, and third-party cookies to optimize your browsing experience. For more information about the use of cookies or to change your cookie preferences, click on "Cookie Settings." You can change this setting at any time by visiting our Cookie Policy and following the instructions it contains. By clicking "Accept all cookies," you agree to the storage of cookies on your device.
We use our own, functional, and third-party cookies to optimize your browsing experience. For more information about the use of cookies or to change your cookie preferences, click on "Cookie Settings." You can change this setting at any time by visiting our Cookie Policy and following the instructions it contains. By clicking "Accept all cookies," you agree to the storage of cookies on your device.
1. Introduction
Our website www.kokuai.com (the "Website") uses cookies and related technologies (for convenience, all technologies will be referred to as "cookies"). Cookies may also be placed by third parties we have contracted. In the following document, we inform you about the use of cookies on our Website.
2. What are cookies?
A cookie is a small file that is sent along with the pages of this Website and that your browser stores on the hard drive of your computer or other device. The stored information may be returned to our servers or to the relevant third-party servers during a subsequent visit.
3. Cookies
Some cookies ensure that certain parts of the Website function correctly and that your user preferences are recognized. By placing functional cookies, we make it easier for you to visit our Website. In this way, you do not need to repeatedly enter the same information when visiting our Website. We can place these cookies without your consent.
4. Cookies used
Third parties: Google Analytics
5. Consent
When you visit our Website for the first time, we will show you a pop-up window with an explanation about cookies. As soon as you click "Accept," you authorize us to use the categories of cookies you selected in the pop-up window, as described in this cookie policy. You can disable the use of cookies through your browser, but please note that our Website may no longer function properly.
6. Your rights regarding personal data
You have the following rights regarding your personal data:
● You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained.
● Right of access: You have the right to access the personal data that we hold about you.
● Right of rectification: You have the right to complete, rectify, delete or block your personal data whenever you wish.
● If you give us your consent to process your data, you have the right to withdraw that consent and have your personal data deleted.
● Right to data portability: You have the right to request all your personal data from the controller and to transfer it in full to another controller.
● Right to object: You may object to the processing of your data. We will comply with this unless there are justified grounds for processing.
To exercise these rights, please contact us. Please refer to the contact details at the bottom of this cookie statement. If you have any complaints about how we handle your data, we would like to hear from you, but you also have the right to lodge a complaint with the supervisory authority (the Data Protection Authority).
7. Enabling/disabling and deleting cookies
You can use your Internet browser to delete cookies automatically or manually. You can also specify that certain cookies cannot be placed. Another option is to change your Internet browser settings to receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in your browser's Help section.
Note that our Website may not function properly if all cookies are disabled. If you delete the cookies from your browser, they will be placed again after your consent when you revisit our websites.
10. Contact details
For questions and/or comments about our cookie policy and this statement, please contact us using the following contact details:
hola@kokuai.com
NOVENA. APPLICABLE LAW AND CONFLICT RESOLUTION
This Contract shall be governed, interpreted, and executed in accordance with Spanish law. For the resolution of any disputes that may arise in relation to the interpretation, execution, or termination of this Contract, the Parties, expressly waiving any jurisdiction that may correspond to them, submit to the Jurisdiction and Competence of the Courts of Barcelona.
ANNEX I: DATA PROCESSOR
The present Annex is an integral part of the contractual agreement to which it is incorporated, referring to the content of the aforementioned agreement, which will prevail in case of conflict regarding its content.
I. Both parties are linked by a contractual relationship for the provision of services
consisting of the use of the Platform owned by KOKUAI.
II. For the provision of the service, it is necessary for the Data Processor to process personal
data.
III. In accordance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the
Council, of April 27, 2016, regarding the protection of individuals with regard to the
processing of personal data and the free movement of such data (General Data Protection
Regulation or GDPR), this document defines the obligations and responsibilities
assumed by the Processor in the processing of personal data, according to the
following:
Covenants
FIRST. Object of the treatment assignment
The purpose of this agreement is to define the conditions under which the company KOKUAI, as the data processor, will process personal data for the provision of the previously described services. Such processing will be carried out with due diligence and in full compliance with the applicable regulations, in an automated and/or non-automated manner.
The Data Processor agrees to process personal data in accordance with the instructions provided by the Data Controller at any given time and the applicable legal regulations, limiting itself to performing the necessary actions to correctly develop the contracted services, and not applying or using them for purposes other than those stipulated in this or the service provision contract, nor communicating them, not even for their preservation, to other persons.
Such communication is strictly prohibited, nor is the application or use of the personal data subject to processing for purposes other than those provided herein, except for express authorization provided in writing by the Data Controller.
Furthermore, the communication of the data subject to processing, not even for preservation purposes to other persons, is prohibited, except for legally established transfers, those necessary for the compliance with the purposes of the contractual relationship, and those expressly authorized by the Data Controller.
The purpose that motivates the Data Controller's processing of data by the Data Processor is solely and exclusively to enable the provision of the service contracted by the Data Controller to the Data Processor. The general processing to be carried out by the Data Processor includes Registration, Preservation, Communication by transmission, and Communication, as well as any other that would be relevant for the correct provision of the service.
SECOND. Identification of the information to be processed by the manager
The Data Processor will process personal data relating to clients and potential clients of the controller.
The Processor may process personal data of the following categories:
Identifying data: Name and surname, email address, telephone number, and appointment details.
The legal basis that legitimizes the processing of the data is the proper contractual execution between the Parties.
THIRD. Duration
The duration of this contract is subject to the validity of the agreed service provision. Notwithstanding this, either party may request its modification if the European Commission or the Spanish Agency for Data Protection publish the standard clauses referred to in points 7 and 8 of Article 28 of the GDPR, and the purpose of such modification is to include one or more of the published clauses.
If either party incurs one or more causes for the termination of the contract, the other party may initiate the termination of this contract, regardless of the remaining service provision time.
FOURTH. Obligations of the Data Controller
Corresponds to the Data Controller, in addition to fulfilling any obligations
imposed on it throughout this contract, the following tasks must be carried out:
a) Comply with all necessary technical and organizational measures to ensure the security of the processing, the premises, equipment, systems, programs, and the individuals involved in the activity of processing the personal data referred to, as stipulated in the applicable current regulations.
b) Deliver to the Processor the data referred to in clause 2 of this document when necessary,
as well as the necessary instructions to carry out the processing of the data under the terms established by the Data Controller.
c) Ensure the rights of the affected parties, such as among others, the rights of access,
rectification, deletion, opposition, limitation, and portability.
d) Ensure, prior to and during the processing, compliance with the applicable data protection regulations by the Processor.
e) Communicate to the Processor any changes that occur in the provided personal data, so that it can proceed with its updating.
f) Conduct an analysis of the potential risks arising from the processing to determine appropriate security measures to ensure the safety of the processed information and the rights of the interested parties.
g) In case of determining that there are risks for data processing, conduct the corresponding Data Protection Impact Assessment (DPIA) and provide the Processor with a report regarding it, so that it can implement appropriate measures to avoid or mitigate them.
FIFTH. Obligations of the Data Processor
The Data Controller undertakes, in addition to complying with any obligations imposed on him throughout this contract, to:
a. Use the personal data subject to processing, or those collected for inclusion, solely for the purpose of this mandate and in accordance with the instructions of the Data Processor.
b. Implement the necessary technical and organizational measures to ensure the security and integrity of the personal data included in the processes owned by the Data Processor, preventing its alteration, loss, processing, or unauthorized access, taking into account the state of technology, the nature of the stored data, and the risks to which they are exposed.
c. He is obliged to professional secrecy regarding personal data and to the duty of
keeping them, obligations that will continue even after his relationship with the Data
Controller ends.
d. Communicate, without undue delay, to the Data Controller any breach or security failure that he may detect in the processing of the assigned data, as well as information about the adoption of the necessary corrective security measures for controlling possible
incidents produced, as established in clause NINTH of this document.
e. Maintain a written record of the categories of processing activities carried out on behalf of the controller.
f. Not communicate, disclose or transfer the personal data in his custody to third parties, not even for their safekeeping, unless he has the express authorization of the data controller, in legally permissible cases.
g. Ensure the necessary training in matters of personal data protection for the authorized personnel who process personal data.
SIXTH. Duty of professional secrecy
The personnel of the Data Processor has a duty to maintain professional secrecy regarding personal information subject to processing. This obligation will be enforceable to the personnel even after their relationship with the Data Processor has ended indefinitely.
Furthermore, it will be the duty of the latter to communicate and demand compliance with the duty of professional secrecy from their personnel, as well as the rest of the conditions and terms established in this contract. In particular, to ensure, if applicable, the necessary training on personal data protection for those authorized to process personal data.
The Data Processor must keep available to the Data Controller the documentation that proves compliance with these obligations.
SEVENTH. Outsourcing of the service
Through this contract, for the provision of the indicated services, the Data Processor is prohibited from engaging another processor (Sub-processor) without the prior written authorization of the Controller.
In the event that after the signing of this document, the hiring of a Sub-processor is authorized, the Data Processor will inform the Controller indicating the processing activities intended to be subcontracted and clearly and unequivocally identifying the subcontracting company and its contact details, giving the Controller the opportunity to oppose the subcontracting within the established period of 30 days.
The relationship between the Data Processor and the Sub-processor must be formalized by contract or another legal act established in accordance with the law of the Union or of the Member States, setting forth in it the same data protection obligations as those stipulated in this contract between the Controller and the Data Processor, in particular the provision of sufficient guarantees for the application of appropriate technical and organizational measures so that the processing is compliant with the legally established provisions.
If the Sub-processor fails to comply with its data protection obligations, the Data Processor will remain fully responsible to the Data Controller for the compliance with the obligations of the other processor.
EIGHTH. Data security
The Data Processor will attend to any instructions regarding security that may be communicated to them by the Data Controller. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the varying probability and severity risks to the rights and freedoms of natural persons, the Data Processor will establish, if necessary, the appropriate technical and organizational measures to ensure a level of security appropriate to the existing risk that may include, among others:
a) The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
b) The ability to restore the availability and access to personal data quickly in the event of a physical or technical incident;
c) A process for the regular verification, evaluation, and assessment of the effectiveness of the technical and organizational measures to ensure the security of processing.
In any case, the Data Processor will adopt appropriate security, technical, and organizational measures to ensure the security of personal data and to prevent its alteration, loss, processing, or unauthorized access, taking into account the state of technology, the nature of the data, and the risks to which they are exposed.
Notwithstanding the above, in the event of changes to the current regulations regarding data protection or any other applicable regulations related to the processing object of this contract, the Data Processor guarantees the implementation and maintenance of any other security measures that may be required, without such changes constituting a modification of the terms of this contract.
NOVENA. Incident notification
The data controller must notify the data processor, without undue delay and in any case before the maximum period of seventy-two hours, through the means indicated by the data processor, of any security breaches of personal data under their responsibility of which they become aware, along with all relevant information for the documentation and communication of the incident. For these purposes, at a minimum, the following information shall be provided:
a. Description of the nature of the breach of personal data security, including, where possible, the categories and approximate number of affected data subjects, and the categories and approximate number of personal data records affected.
b. Contact details for obtaining further information.
c. Description of the possible consequences of the breach of personal data security.
Description of the measures taken or proposed to remedy the breach of personal data security, including, if appropriate, the measures taken to mitigate possible negative effects.
If it is not possible to provide the information simultaneously, the information will be provided in a timely manner without undue delay.
TENTH. Collaboration
The Processor shall make available to the Controller all necessary information to demonstrate compliance with the obligations established in this contract, as well as to allow and contribute to the conduct of audits, including inspections, by the Controller or another auditor authorized by the Controller.
If applicable, the Processor shall assist in the event that a notification of data breaches must be made to the Data Protection Authorities, the communication of data breaches to the data subjects, the conduct of data protection impact assessments (DPIAs), and, if applicable, the conduct of prior consultations.
In any case, the Processor shall cooperate with the Controller in response to any request made by the competent authority regarding the processing of personal data entrusted.
ELEVEN. Duty of repayment and non-retention
Once the contractual relationship between the parties has been fulfilled or resolved, the Data Processor must request specific instructions from the Data Controller regarding the destination of the personal data under their responsibility, being able to choose between its return, transfer to another service provider, or complete destruction, as long as there is no legal provision requiring the retention of the data.
The Processor may retain, duly blocked, the personal data subject to this contract, as long as responsibilities may arise from their relationship with the Controller.
TWELFTH. Mutual information duty
The parties inform the representatives who sign this contract that their personal data will be processed for the maintenance and fulfillment of the contractual relationship, making it essential to provide their identifying data, the position they hold, their ID number or equivalent document, and their signature.
THIRTEENTH. Responsibility
The Data Processor commits to complying with the obligations established in this contract and in the current regulations concerning this data processing assignment. In the event that the Data Processor allocates the data for purposes other than those indicated, communicates or uses it in violation of the stipulations of this contract, it will be considered, for all intents and purposes, the Data Controller, being accountable for any infringements it may have personally incurred before the competent authorities.
The Data Processor is not obliged to carry out impact assessments related to data protection (EIPD) that the Data Controller must perform depending on the risk posed by its data processing in accordance with the GDPR.
FOURTEENTH. Applicable Law and Jurisdiction
The contract will be governed by Spanish law and any dispute between the parties
will be decided under the exclusive jurisdiction of the Courts and Tribunals of Barcelona.
And in proof of agreement, the parties sign this contract, in duplicate and for a single purpose, in the city and date indicated at the beginning
