Privacy policy
1. Definitions and Interpretation
Who is the data controller?
Mobail Apps, S.L. (hereinafter, "Stay") is responsible for the processing of personal data in Stay Academy for all users who participate in the courses independently and not associated with the procurement of services by Stay customers.
With respect to users who are employees or representatives of Stay's customers, Stay will act as a data processor on behalf of its customers.
Stay is a company domiciled at Calle Bravo Murillo, 377, 8ºPlanta, 28020, Madrid, and its Tax ID number is B85879831.
At Stay we are committed to the fundamental right to the protection of your personal data and this privacy policy is intended to inform you of your rights under the General Data Protection Regulation ("GDPR").
We inform you that Stay has a Data Protection Officer in accordance with the RGPD, at your disposal for any questions or concerns regarding the processing of your data, and that you can contact through gdpr@stay-app.com.
What information do we process?
The data you provide us directly:
We collect information about you when you contact us through the channels we have set up for this purpose, such as registering for courses through the forms provided on the website.
When you contact us through these channels, we will ask for your information: name, email, password, department and if you are a Stay customer user.
All fields marked with an asterisk (*) in the forms you find in the mentioned channels must be completed, so that the omission of any of them could lead to the impossibility of providing the requested services.
It is essential that you protect your passwords, and the access codes you generate at all times. You will be responsible for your personal account, so you agree to make diligent use of such information, not to make it available to third parties, and to inform us promptly of its loss or theft.
To ensure that the information provided is always updated and contains no errors, you must inform Stay as soon as possible of any changes to your personal data by sending an email to gdpr@stay-app.com.
Likewise, by clicking on the "I accept" button (or equivalent) incorporated in the forms, you declare that the information and data you have provided in them are accurate and truthful.
Data obtained indirectly:
When you browse, different cookies and other tracking devices may be installed on your device, as explained in our Cookies Policy: https://education.stay-app.com/cookies
What is the origin of the data?
We consider that all data processed by Stay have been freely provided by you.
If the personal data provided belong to a third party, you guarantee that you have informed them of this Privacy Policy and have obtained their authorization to provide the data to Stay for the purposes indicated above. Likewise, you guarantee that the data provided are accurate and up to date, and you are responsible for any damage or loss, direct or indirect, that may be caused because of a breach of this obligation.
For what purpose and on what legal basis do we process the data?
Stay is responsible for the processing of personal data for the following purposes and in accordance with the following legal bases:
Based on the management of the contractual or pre-contractual relationship:
Manage the acquisition of products in Stay Academy, attend to any type of incident or request derived from the same, and carry out the formalities related to the issuance of certificates.
Manage your registration as a user on our website, as well as allow your access to the student area.
Based on STAY's compliance with legal obligations:
Allow users to exercise their data protection rights.
Comply with the regulations applicable to STAY.
Based on the existence of a legitimate interest on the part of STAY:
Keep you informed about STAY's products and services, related to those previously contracted and that may be of interest to you.
Conduct periodic reviews of our services and carry out satisfaction surveys to evaluate and improve the quality of the service we provide.
Conduct internal reviews and, if necessary, contact the customer if fraud or identity theft is detected or there are reasonable suspicions of fraud or identity theft.
However, if you do not want your data to be processed for these purposes, you can object at any time by contacting us at gdpr@stay-app.com as indicated in the Exercise of Rights section of this Privacy Policy.
To whom is the data communicated?
We do not transfer your data to third parties beyond the necessary communications to public administrations or justice for the fulfillment of the legal obligations that apply to us.
However, if it is necessary to carry out any transfer, we will inform you beforehand and it will always be carried out on the basis of a legal basis that legitimizes the processing.
Service providers with access to data: we use suppliers who may also process your data, but they would do so on our behalf and on our account to fulfill the purposes indicated above in this document, i.e. never for their own purposes. This is the detail of the categories of providers :
Administrative services.
Advertising and communication services.
Services of legal activities.
Printing and enveloping services.
Archiving, custody, storage and digitalization services.
Document removal and destruction services.
Back office services.
Other business support activities.
Companies providing IT services:
Technology platform services.
Hosting services.
Data processing services.
Architectural and engineering services.
Backup services.
Business continuity services.
Electronic custody services.
IT consulting services.
Security and cybersecurity services.
We have signed specific contracts with all of them in accordance with the regulations.
In the case of using suppliers located in countries outside the European Union, we ensure that personal data is transferred in compliance with the law (signature of European Commission Standard Contractual Clauses; use of certifications approved by the European Commission; adoption of binding corporate standards, or any of the exceptions provided for in the regulations).
Exercise of your rights.
We inform you that you may exercise the following rights:
Right of access to your personal data to know which data are processed and the processing operations.
Right to rectify any inaccurate personal data.
Right to suppression of your personal data.
The right to request the limitation of the processing of your data when the accuracy, legality, or necessity of the data processing is doubtful, in which case, we may retain your data for the exercise or defense of claims.
Right to object to automated decision making, including profiling.
Right to object to the processing of your personal data when the legal basis that enables us to process it, according to paragraph 4 above, is the legitimate interest of STAY.
Right to data portability.
Right to revoke the consent given.
You may exercise your rights free of charge in any of the following ways:
By sending an e-mail to gdpr@stay-app.com indicating the right you wish to exercise.
By sending a written request to Calle Bravo Murillo, 377, 8ºPlanta, 28020, Madrid, indicating the right you wish to exercise.
In addition, you can stop receiving commercial communications by clicking on the "Unsubscribe" section at the bottom of the email where you receive our commercial communications.
If there is any doubt about your identity, we may ask you for additional information to verify that it is really you.
We inform you that you have the right to file a complaint with the Spanish Data Protection Agency if you consider that we have not treated your data in accordance with the personal data protection legislation at www.agpd.com.
We also inform you that you can prevent your data from being used to send you commercial communications from companies operating in Spain by registering in the Robinson List (www.listarobinson.es).
Time period for the conservation of your data.
We will keep your personal data for the duration of the contractual relationship, and once it is terminated, we will keep it blocked for the period of limitation of the legal actions that may be applicable. The data will then be destroyed.
Otherwise, if there is no contract, we will inform you of the retention period of the processing in particular at the time of collecting your personal data.
Security and confidentiality.
In order to prevent unauthorized access or disclosure of personal data, we have taken appropriate security measures to safeguard your information.
Minors.
Minors under 18 years of age may not use the services available through our website without the prior authorization of their parents, guardians or legal representatives, who shall be solely responsible for all acts performed through the site by minors in their care, including the completion of the forms with the personal data of such minors and the marking, where appropriate, of the boxes that accompany them. In this sense, and to the extent that Stay does not have the capacity to control whether or not users are minors, it must be the parents and guardians who enable the necessary mechanisms to prevent them from accessing the website and / or provide personal data without their supervision, not admitting Stay any responsibility in this regard.
Privacy policy update.
We make our best efforts to keep our privacy policy up to date. If we make changes, they will be clearly identifiable, and we will inform you by the means we have established with you (for example: we may communicate changes by email).
This privacy policy has been revised and posted as of 20 of september of 2024