Original language: English. | Leer versión en Español or
translate to another language using Google Translate
We are a company established under the laws of Wyoming (USA) and we strictly comply with all the requirements of the European GDPR and the EU-U.S. Data Privacy Framework.
GPRD - EU-U.S. Data Privacy Framework
Below we offer you all the information on the General Data Protection Regulation, its application and detailed requirements.
The EU General Data Protection Regulation is enforced for European companies but also requires companies outside the European Union to protect personal data.
GDPR is a European Union data privacy law that requires organizations to keep data secure, while giving people more control over how their data is used.
This is the compliance checklist that applies to all businesses and US businesses:
Legal basis and transparency
We conduct an information audit to determine what information we process and who has access to it.
We have a legal justification for data processing activities.
We comply with cross-border transfer laws
We consider data protection at all times, from the development phase to every time we process data.
We encrypt, pseudonymize or anonymize personal data whenever possible.
We have created an internal security policy for team members and have raised awareness about data protection.
We have defined when to conduct a data protection impact assessment and have a process in place for conducting it.
We have a process for notifying you in the event of a data breach.
Responsibility and governance
We designate one person to be responsible for ensuring GDPR compliance across the organization and with EU member states.
We enter into a data processing agreement between our organization and any third party that processes personal data on our behalf.
It is easy for our users to correct or update inaccurate or incomplete information.
It is easy for our users to request the deletion of their personal data.
It is easy for our users to ask us to stop processing their data.
It is easy for our users to receive a copy of their personal data.
It is easy for our users to object to the processing of their data.
If we make decisions about individuals based on automated processes, we have a procedure in place to protect your rights.
"Portal", "web site", "site" or "Website": The main Gespet website (gespet.com) as well as all subdomains.
"User", "users", "client", "clients", "customer", "customers", "you", "Contracting Party" or "Contracting person": Any individual or legal entity that contracts, accesses, browses, or uses the Service; uses contact forms, demo access forms, or purchasing forms; accesses the User support center; engages with social media; and the Portal, even if no purchase is made, and who uses, accesses, or utilizes the Contents provided therein.
"Contents": Any information, text, link, software, material, images, videos, documentation, etc., whose provision and access occur solely online through the Portal and by navigating through it.
"Gespet", "Services", "the platform", "the service" or "we": Services offered on our website and accessible through gespetsoftware.com and any of its subdomains.
We are a company based in the United States (USA), and therefore, your
data is transferred to the United States (USA). As the Controller or Processor, we
are committed to respecting and complying with the obligations arising from Data
The User or Client authorizes and accepts that we store their data in a computer file for internal use and to facilitate the provision of services.
The only information we store is the information that you voluntarily provide to us when filling out forms on our website and within the Gespet platform, emailing us or support ticket, writing to us or contacting us via email, blog, chat, phone, social media, or any other means.
We do NOT collect or store sensitive information about you (banking details, economic information, health information, loans, etc.). The only information about the User that we collect and store is basic data that identifies you in order to contact you:
Contact person's name
Contact person's email
Contact person's alternative email
Areas of Business Interest
And the required information for the configuration of your account:
Additionally, to ensure security, comply with data protection laws, and provide technical support, we also store the following technical information:
Name and version of the web browser.
Name of the operating system.
All data is provided by the user themselves when contacting us through our email or social media, filling out any of the forms on the website or on the Gespet platform, or when opening a support ticket through our support area to obtain help and technical assistance, the additional technical data is collected automatically. It is the user who expressly authorizes receiving communications from us.
We are absolutely opposed to the practice of spamming. We will only
use these contact details to send the user, via email, information related to the
contracted service, updates being implemented on the platform, keep them informed
about news we believe are of interest to them, or send important notifications such
as upcoming renewals, service expiration, changes in legal terms, or
The reasons for collecting and processing your personal information depend on your relationship with us and for us to:
Respond to your questions via email or social media.
Address your questions when you visit the website through our contact forms.
Handle your support tickets and provide technical assistance.
Process your purchase orders and payments through our payment provider.
For billing and collection purposes, if you have subscribed to one of our payment plans.
Create, maintain, and manage your Gespet account.
Ensure the security of the website, platform, and your Gespet account.
Investigate, prevent, and manage fraud and violations of our Legal Terms.
Comply with data protection laws, tax laws, and legal obligations arising from your contract with us.
Comply with applicable laws to which we are subject.
Enable third parties to provide services to us.
Send you emails with important notifications about your contracted services.
Send you important emails regarding security and privacy.
Send you emails with updates about products and services of interest.
Send you emails with information about new products and services of interest.
Your personal information is not shared with anyone, unless a Law or a
community norm provides otherwise, or if it is necessary for the provision of the
In this case, we will only communicate those essential data to manage the request and provide the contracted services, so that the assignment responds to the free and legitimate acceptance of a legal relationship existing between the interested parties and us, whose development, compliance and control necessarily imply the connection of the data and that includes the necessary transmission of the same.
In the event that a User leaves a comment or interacts socially with social networks, they must bear in mind that their data will be published in the environment in which they act, that is, they will be expressly authorizing the communication of their data -associated with the action they carry out. - to other Users who access the website or social network.
If necessary, we may share certain of your information with the
following people or groups of people:
Subcontracted service providers. Our service providers (including IT providers) may have access to your information as part of their service to us. Our service providers are subject to strict contractual obligations to treat your personal information confidentially and to comply with data protection law at all times.
We collect, process, and securely store your personal information in the United States (USA).
We transfer personal information outside the European Economic Area (EEA) to the following service providers. For each recipient, we have identified the current legal safeguards to ensure that your information is protected:
Freshworks (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.
Linode LLC. (USA). EU-US Data Privacy Framework.
Google LLC. (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.
Sentry RT of FUNCTIONAL SOFTWARE, INC. (USA). EU-US Data Privacy Framework.
Mailgun (USA). EU-US Data Privacy Framework. USA and European Data Protection Authorities.
Stripe (Ireland, EU). EU-US Data Privacy Framework. USA and European Data Protection Authorities.
PayPal (USA - EU) EU-US Data Privacy Framework. USA and European Data Protection Authorities.
Government bodies and courts. If we have a legal obligation to do so, we will share your information with government agencies, regulators and/or courts.
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability
The security of Your Personal Data is important to Us, but remember that no method of
transmission over the Internet, or method of electronic storage is 100% secure. While
We strive to use commercially acceptable means to protect Your Personal Data, We
cannot guarantee its absolute security.
Gespet, in its capacity as a Processor, has implemented the technical and organizational measures necessary to ensure the security of personal data and prevent its alteration, loss, processing, or unauthorized access, in accordance with current regulations on the protection of personal data. Gespet only provides the technical infrastructure, and its responsibility is limited to the security measures related to these functions.
Therefore, its responsibility will be limited to tasks that, by their nature, must be carried out by Gespet directly on the platform and/or servers. Gespet disclaims any responsibility for the breach of the security systems of the Contracting Party or the inviolability of information when transported through any communication network. Gespet will also not be held accountable for security incidents resulting from an attack or unauthorized access to the platform, communication networks, devices, and/or servers, making it impossible to detect or prevent even when necessary measures are taken according to the current state of technology. This also applies to the lack of diligence on the part of the User or Contracting Party regarding the safekeeping of access keys, devices, communication networks, and/or personal data.
The Contracting Party acknowledges that these measures comply with the security level applicable to the type of information processed as a result of the service provided by Gespet on behalf of the Contracting Party, in accordance with the current regulations on data protection. It is solely the responsibility of the Contracting Party to assess whether the conditions of this agreement are suitable for their needs and comply with the legal requirements to which they are obligated as the Data Controller/Processor.
The User who uses or contracts the service (User, Client or
Contracting person), or, where appropriate, the third entity that decides on the
purpose, content, use and treatment of personal data, are the solely responsible for
the data that is collected and stored in the platform and/or on the servers. We treat
the information hosted on its account and/or servers exclusively on behalf of the
Contracting person under the terms and conditions stipulated herein.
The Contracting person, or the third party to which it is providing a service processing data for which it is responsible, state that they are the owners of files that contain legally collected personal data and that, by virtue of the services contracted to Gespet, authorizes their treatment and processing to the extent necessary for their provision.
Gespet only provides the technical infrastructure, circumscribing its responsibility to the security measures provided in relation to these functions.
The User assumes all responsibilities for the data collected and hosted in the platform and/or servers, and Gespet is expressly exonerated from all types of civil, criminal or any other type of liability that may arise from claims in relation to the contents that the User store or use.
The User or Contracting Party of Gespet, as the Data Controller, is responsible to Gespet, acting as the Processor, and agrees to indemnify Gespet for all damages, losses, interests, and claims that Gespet may incur as a result of a third-party lawsuit or claim, filed due to a breach by the User or Client of Gespet of the obligations arising from this contract. This includes, in general, the User's role as an intermediary or processor for Gespet, excluding any consequences directly resulting from Gespet's failure to meet its legal or contractual commitments.
The User is responsible for the data and must carry out the actions required by law for the processing and registration of data files with the relevant authorities. If the User violates regulations, they will be held responsible and will assume any sanctions imposed as a result of this lack of legitimacy.
Gespet will solely act as the Processor or data processor and will only process the data on behalf of the file controller, complying with the provisions of this agreement. Gespet will also handle the destruction of the data once the contracted service is completed, as stipulated in the conditions expressed in this agreement.
In cases where Gespet may have access to the data, it commits not to
apply, use, or disclose the processed data for purposes other than those detailed in
these legal conditions. As a Processor, Gespet will only process the data contained
in the user's account and/or servers to execute the services contracted on behalf of
the User or Contracting Party in accordance with the provided instructions, and under
no circumstances will it use them for purposes other than those agreed upon.
Gespet will not communicate or allow access to the processed data to any third party, even for storage, unless otherwise specified, or the communication is necessary for the provision of contracted services, or the transfer is mandated by a law with the force of legislation. In this regard, the contracting party expressly authorizes Gespet, when contracting any of its services, to subcontract on its behalf and at its expense any entities necessary for the proper provision of services.
The entities thus subcontracted will have the status of Controller or Processor, be subject to the same data protection and confidentiality rules as Gespet, and regulate their relationship with Gespet in accordance with data protection regulations.
In compliance with current legislation, the platform ensures the integrity, preservation, accessibility, readability, traceability, and unalterability of records.
In the event that the Contracting person acts as the person in charge
of the treatment of a third entity responsible for the data, he must guarantee,
before contracting any service that involves the treatment of said data, that he has
the express authorization of this to proceed with the subcontracting of the services
entrusted to it, it also ensures that the relationship with the third party entity
responsible for the data is legally regulated in accordance with the requirements of
current regulations on data protection prior to the service contracting. Otherwise,
you must refrain from subcontracting with Gespet and if you breach this prohibition
you will be responsible and will assume any sanction that is imposed on it as a
result of this lack of legitimacy.
If you have expressly requested it, we will occasionally send you information about our services, updates or service-related content that we think you may be interested in. You have the right at any time to stop us from contacting you for marketing purposes. If you no longer want us to contact you for marketing purposes, you can click on the option enabled for this purpose in all emails or by clicking here
We want to make sure you know all your data protection rights:
The right of access: you have the right to request copies of the personal data we store about you from our company.
The right to rectification: you have the right, in certain circumstances, to have your information rectified, blocked, deleted or destroyed if it is inaccurate.
The right to erasure: You have the right to request that our company erase your personal data, under certain conditions.
The right to restrict processing: You have the right to request that our company restrict the processing of your personal data, under certain conditions.
The right to object to processing: You have the right to object to the processing of your personal data by our Company, under certain conditions.
The right to data portability: You have the right to request that our company transfer the data we have collected about you to you, under certain conditions.
If you make a request, we have a month to respond. If you wish to exercise any of these rights, please contact us via our email. See Contact section below.
A Cookie is a small file that is stored on the User's device
(computer, tablet, smartphone or any other) with information about
The set of cookies helps to improve the quality of websites, providing information of interest and are essential for the operation of the Internet, providing innumerable advantages in the provision of interactive services, facilitating navigation and usability of the websites.
In no case can cookies damage a device. On the contrary, if they are active, it is possible to identify and resolve errors more efficiently.
For more information, visit allaboutcookies.org.
By using this Portal and the software, you expressly consent and agree that we store these cookies on your computer or device for the stated purposes.
Used to control the session that the user starts in the platform. It does not store personal data and is necessary for the operation of the platform.
Own, Session, Technical
At the end of the session
Google > reCAPTCHA
reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis in spam protection and may store browsing device information. It's used to prevent malicious users from overusing the forms on the website and to guarantee security for our users.
Third party, Persistent, Technical & analytical
Support and technical queries
Third party, Persistent, Technical & analytical
You can allow, block or eliminate the cookies installed on your
computer by configuring the options of your web browser (or Browser). If you do not
allow the installation of cookies in your browser, you may not be able to access some
of the services and your experience on our website may be less
In the following links you have at your disposal all the information to configure or disable cookies in each browser:
In the case of significant changes, we will send you a notification through the platform or by email.
ONEDA Group, LLC is a company established under the laws of Wyoming with its registered office at 30 N. Gould Street, Suite N, Sheridan, WY 82801. U.S.
If you wish to file a complaint or if you believe that Our Company has not addressed your concern to your satisfaction, you may contact the Information Commissioner's Office.