PRIVACY POLICY

What is this document?
Through this privacy policy drafted pursuant to Art. 13 European Reg. no. 679/2016("General Data Protection Regulation" o "GDPR") and in compliance with the principles contained therein, GOGOCHAMELEON SLintends to inform each user ("the User") of the processing of personal data collected through the siteoceanworking.es

Owner and Contact Details
GOGOCHAMELEON SL (hereinafter referred to as "Owner"for the purposes of of Art. 4(7) GDPR)with registered office at C. Mar Blanco, 6, 3 planta - local 316, 35100 San Bartolomé de Tirajana, Las Palmas
management@oceanworking.es

Purpose of processing, Legal basis, Personal data processed and Retention period
The Controller acquires personal data for the following purposes, as specified below, where the legal basis and duration of of data processing.

Purpose	Personal Data	Legal basis	Conservation period
Allow you to register on the site and use our services	✓ Master Information ✓ Contact details	Contract (Art. 6(1)(b) GDPR)	For the period necessary for the response.
Send newsletters and/or other materials for the purposes of marketing	✓ Master Information ✓ Contact details	Consent [Art. 6(1)(a) GDPR].	Until consent is withdrawn.
To enable the Controller to comply with formalities required by law, including those of a fiscal nature.	✓ Master Information ✓ Contact details	Legal obligation (Art. 6(1)(c) GDPR)	According to the applicable legislation.
Improve the website by analysing how Visitors or Users navigate and/or use the website.	✓ IP address	Legitimate Interest (Art. 6(1)(f) GDPR)	Not applicable (aggregated or anonymous data).
Detect or prevent fraudulent activities and exercise the rights of the Controller in court	✓ Master Information ✓ Contact details	Legitimate Interest (Art. 6(1)(f) GDPR)	10 years

In the event that the User prefers not to communicate data mandatory and/or necessary for the fulfillment of certain purposes, GOGOCHAMELEON SLreserves reserves the right not to provide the service.

The User may request clarification of the legal basis of each processing at any time.

Processing is carried out by means of computerised and telematic tools automated and/or manual tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, unlawful or unauthorised use or unauthorised use of the data.

Access to dataI Personal Data may be shared with the following entities, in compliance with Applicable Privacy Laws: (i) service providers Internet service providers and platforms used by the Controller as organisation, communication and/or promotion channels; (ii) vendors third parties, consultants and other third party service providers who perform services for us or on our behalf and require access to such information to perform such work.

All relations with the subjects listed above are - and will be - formalised with a contract pursuant to Art. 28 GDPR (Appointment as Data Processor).

Personal data will be processed by specifically authorised internal personnel pursuant to Article 29 of the GDPR.The names of all authorised personnel are available upon request to the Data Controller at management@oceanworking.es.

Place of Data Processing
Personal data is processed at the Controller's premises, as well as in the servers hosting the oceanworking.es website. Personal data are stored on servers located in the EU territory and will not be transferred outside of the same. The Data Controller guarantees that when using cloud providers established outside the the EEA,the processing of personal data by these recipients transfers are carried out in accordance with applicable law. carried out by means of appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided by the GDPR.

Rights of the data subject
The User may exercise all the rights provided for in Articles 15-21 of the GDPR at any time and without undue restriction by contacting the Controller at management@oceanworking.es. The requests are filed free of charge and processed by the Controller within 30 days.In particular, the User may:
Obtaining confirmation that treatment is being treatment (Art. 15);
- Obtaining the rectification of inaccurate or incomplete data (Art. 16);
- Obtain the deletion of data without unjustified delay (Art. 17);
- Limit processing to only part of the personal data (Art. 18);
- Receive a copy of the personal data held by the data controller, in a commonly used and machine-readable format machine; obtain unimpeded transfer to another data controller (Art. 20);
- Oppose the processing of personal data at any time. (Art. 21);

Complaints
The User may always lodge a complaint with the competent authority (Garante per la Protezione dei Personal Data),pursuant to Art. 77 of the GDPR, if you believe that the Controller processes your Personal Data in violation of the applicable legislation applicable legislation.

Modifications
The Controller reserves the reserves the right to amend and update the following Privacy Policy following following any new provision of national or European law on the protection of personal data.