PLAIN CONCEPTS Group is committed to the protection of your privacy and to compliance with the legislation on the protection of personal data, specifically, with the General Data Protection Regulation (hereinafter, GDPR) and the personal data protection legislation applicable in each country where the different companies of the PLAIN CONCEPTS Group are domiciled. The processing of personal data carried out by PLAIN CONCEPTS, will be done in accordance with the principles of loyalty, legality, adequacy and transparency, always in accordance with specific, explicit and legitimate purposes. PLAIN CONCEPTS undertakes to keep your data up to date and to keep it only for the time necessary to fulfill the purposes of the processing.

This website is the property of PLAIN CONCEPTS, S.L.U. (hereinafter, PLAIN CONCEPTS), an entity of Spanish nationality and domiciled in Spain (State belonging to the European Union and the European Economic Area), Responsible for the Processing of the personal data collected through this website. You can consult the information relating to the entity that manages the website by accessing the link called Legal Notice that is incorporated at the bottom of the website.

This Privacy Policy informs you of how PLAIN CONCEPTS will process your personal data as a result of using this website.

By using this website, you consent to the collection, processing, transfer, storage and other processing of your personal data in accordance with this Privacy Policy and its terms. If you do not fully agree with them, you should not use this website.

Any updates or modifications to this Privacy Policy will be communicated to you through this website.

Who is the data controller?

The Data Controller is PLAIN CONCEPTS, S.L.U. (A company belonging to the PLAIN CONCEPTS Group) with CIF: B24532178 and registered office at C/ Gran Vía Don Diego López de Haro, 1º, 8ª planta, 48001 Bilbao (Vizcaya), Spain.

If you have any questions regarding the processing of your personal data, do not understand or need the translation of this Privacy Policy into another language, you can contact us at the address gdpr@plainconcepts.com.

We also inform you that PLAIN CONCEPTS has a designated Data Protection Officer (hereinafter DPO), who can be contacted at the address dpo@leasba.com.

What personal data do we process and how do we collect it?

In this Privacy Policy, “personal data” means any information that identifies you or can be used to identify you.

The personal data processed by PLAIN CONCEPTS are:

1. Those that you provide to us by filling in the forms you fill in or through the different email accounts that are made available to you on the website for contacting PLAIN CONCEPTS.
2. Those that you provide us with for your registration in the Newsletter service. PLAIN CONCEPTS will only process the personal data necessary to fulfill the purposes of registration of the service. This data is your name and email address.
3. Those that you may provide in each of the forms where your personal data are collected. (For example: Job offers, Events or Whistleblowing Channel). In each of these forms you will find specific information on the data required, the purposes for which they will be used, the third parties to whom, if applicable, they may be transferred, the legitimacy of the processing, etc.

For what purpose do we process your personal data?

PLAIN CONCEPTS will process your personal data for the following purposes:

1. Answer and attend to any queries or request you may have.
2. Manage your subscription to the Plain Concepts Newsletter, and therefore, send you by electronic means information of interest about congresses, events, projects, activities, news, and any other information of interest about PLAIN CONCEPTS.
3. To answer your request to apply for a job position and to carry out the necessary steps for the processing of your application (in this case, the Privacy Policy that you will accept before sending your application will be applicable).
4. To send commercial communications.
5. To use them for any other purpose required or permitted by applicable legislation or when you have given your express consent.

Which is the legitimacy for the processing of your personal data?

The legal bases pursuant to Article 6 of the GDPR for the processing of your personal data are as follows:

1. Consent of the data subject (you) (Art. 6.1.a GDPR): For the processing of your personal data when subscribing to the Newsletter and to respond to queries or requests that you may make, the legal basis that legitimizes the processing is your consent that you are giving when accepting this Privacy Policy or the consent that you are giving when contacting us and,  therefore, the need for such processing to attend and respond to the query or request for information that you make to us.
2. Compliance with a legal obligation (Art. 6.1.c GDPR): Some processing of your personal data may be processed in compliance with current legal obligations that apply to PLAIN CONCEPTS. When this happens, you will be informed of the details of the processing, as well as the rule that requires the specific processing.
3. Legitimate interest of PLAIN CONCEPTS (Art. 6.1.f GDPR): PLAIN CONCEPTS may have a legitimate interest in processing your data, to analyse the usability of the website, as well as your degree of satisfaction, as this may be of benefit to you.

To whom will your data be communicated?

Your personal data may be transferred to the following groups:

1. Service suppliers: If necessary, PLAIN CONCEPTS may transfer your personal data to the appropriate suppliers for the development and execution of the purposes of the processing. In these cases, PLAIN CONCEPTS, as the data controller, has signed the confidentiality and data processing contracts required by current regulations.
2. Companies belonging to the PLAIN CONCEPTS Group: There is the possibility that your data may be transferred to one of the companies of the Group, for internal administration purposes or to provide specific services necessary for the development and execution of the processing.

How long will we keep your data?

Data will be kept as long as the interested party does not exercise their right of deletion or for the time necessary to maintain the purpose of the processing. However, the data will be kept for the corresponding period to comply with legal obligations, during the applicable limitation periods to meet possible liabilities arising during processing. In this case, the data will be kept duly blocked until the limitation period for any legal liabilities associated with the processing has elapsed.   In the event that they are removed, it will be carried out by applying the appropriate security measures to guarantee their total destruction.

Data transfer to third countries

It is possible that in order to send the Newsletter, manage your requests, collect data from forms and emails, it is necessary to transfer some data to non-European countries (which you consent to by accepting this Policy) such as the USA, etc. USA, for which there is an adequacy decision by the European Commission (EU- USA Data Privacy Framework Decision of 10 July 2023).

In particular, data transfers to third countries may occur when using the services of the provider HubSpot, S.L. HubSpot may, in accordance with its Privacy Policy, transfer information to other subsidiaries of the Group and external entities that provide services to it on a contractual basis. However, this company has incorporated Standard Contractual Clauses (SCC) in the contracts signed between the parties, approved by the European Commission, which allow secure processing and in accordance with the current regulation on data protection. In addition, HubSpot will take additional measures as appropriate, such as implementing commercially standard secure encryption methods to protect personal data at rest and in transit, TLS on HubSpot-hosted sites, and firewalls to protect web applications, as well as other relevant contractual and organizational measures.

Some of the companies in the PLAIN CONCEPTS group are located outside the European Economic Area, which entails an international transfer of data. Specifically, to the following group companies:

• PLAIN CONCEPTS CORP INC. (United States of America): The US has an adequate level of protection for personal data, as there is an adequacy decision by the European Commission (EU- USA Data Privacy Framework Decision of 10 July 2023).
• PLAIN CONCEPTS UK LTD (United Kingdom): The guarantee for this international transfer of data is based on the existence of an Adequacy Decision of the European Commission: Commission Implementing Decision (EU) 2021/1773 of 28 June 2021

Which are your rights?

The data subject (you) can exercise their rights under current data protection legislation. Specifically:

• Right of access to your personal data: You have the right to obtain confirmation from the controller as to which of your personal data is being processed or not and whether an international transfer of your personal data is taking place.
• Right to rectification of the wrong or inaccurate data: You have the right to obtain without undue delay from the controller the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed for you, including by means of an additional statement.
• Right of deletion or cancellation: You have the right to obtain erasure of your personal data without undue delay where:

1. The data are no longer necessary in relation to the purpose for which it was collected.
2. The data are out of date.
3. The consent is withdrawn by the interested party. This withdrawal of consent shall not affect the lawfulness of the processing that has been previously carried out on the basis of the corresponding legitimation.
4. The data have been used unlawfully.

• Right to data portability: you have the right to have the controller transmit your data to another controller, which will be done in a structured format that is commonly used and machine-readable when the processing is carried out by automated means.
• Right to restriction of the processing: in certain circumstances, you may request the restriction of the processing of your data, in which case the data will only be kept for the purpose of pursuing or defending claims.
• Right to object: You may object to the processing of your personal data in certain circumstances and for reasons relating to your particular situation. In this case, PLAIN CONCEPTS will stop processing both personal data, except in those cases in which there is an overriding legitimate interest or the exercise or defense of possible claims.

The interested party may exercise their rights by sending an email to the gdpr@plainconcepts.com address, indicating the reason for their request and the right they wish to exercise. If we consider it necessary, because there are reasonable doubts as to whether we can identify you, we may ask you to copy a document proving your identity. You can also send a communication to the Data Protection Officer by sending an email to dpo@leasba.com.

In those cases in which you feel that your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you can file a complaint with the Data Protection Supervisory Authority, specifically the Spanish Data Protection Agency, through its website: www.aepd.es.

As the PLAIN CONCEPTS Group processes data in different EU Member States, its main point of contact may be a Supervisory Authority of another EU Member State, which can find its contact details at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Links to other websites

PLAIN CONCEPTS websites may contain links to other websites, which we may consider to be useful to you. However, PLAIN CONCEPTS is not responsible for the content published on such websites, nor for their Privacy Policies.  PLAIN CONCEPTS encourages you to carefully review the Privacy Policy before using these websites to ensure that you are satisfied with the information that is collected.

Children’s use policy

This website is not directed to minors in accordance with applicable current legislation. Parents, guardians or legal representatives will be solely responsible for all acts carried out on this website by the minors in their care, including the completion of the forms with the personal data of said minors and the ticking, where appropriate, of the boxes that accompany them.

Security measures

PLAIN CONCEPTS applies all the security measures required by the regulations on the protection of personal data, with the aim of protecting your rights and freedoms. PLAIN CONCEPTS implements the necessary measures to guarantee the confidentiality of the personal data of all persons under its responsibility.

Privacy Policy Modifications

PLAIN CONCEPTS reserves the right to modify or update this Privacy Policy at any time. In the event that any clause of this Privacy Policy is annulled or considered null and void, the rest of the conditions will not be affected, and will fully retain their validity and validity, in accordance with the regulations in force applicable at all times.

Information on Cookies

This website may use Cookies. For more information, please consult our Cookies Policy.verned by public international law or which is set up under any agreement between two or more countries. 

Privacy Policy for suppliers and partners

The PLAIN CONCEPTS Group is committed to the protection of your privacy and to compliance with the legislation on the protection of personal data, specifically with the General Data Protection Regulation (hereinafter, GDPR) and the personal data protection legislation applicable in each country where the different companies of the PLAIN CONCEPTS Group are domiciled. The processing of personal data carried out by PLAIN CONCEPTS will be carried out in accordance with the principles of loyalty, legality, adequacy and transparency, always in accordance with specific, explicit and legitimate purposes. PLAIN CONCEPTS undertakes to keep your data up to date and to keep them only for the time necessary to comply with the purposes of the processing, the legal provisions and the deadlines for demanding possible liabilities arising from the processing.

PLAIN CONCEPTS has implemented the necessary technical and organizational measures to protect your data against accidental loss, alteration, unauthorized use or disclosure. It has also established procedures to react to any security incident that may affect your personal data.

This Privacy Policy applies to the management of the personal data of the Suppliers and/or Potential Suppliers, as well as the data of their representatives and contact persons, in the event that the Suppliers and/or Potential Suppliers are legal entities.

Please read this Policy carefully and make sure you understand the information it contains.

Any updates and/or modifications made to this Privacy Policy will be communicated to you in a timely manner through this website.

Who is the data controller?

The Data Controller of your data is the company of the Plain Concepts Group with which you have a contractual relationship and whose data appears in the contractual documentation.

Company name Registered office

Plain Global Solutions S.L. C/ Gran Vía Don Diego Lopez de Haro, 1-8º – 48001 – Bilbao – VIZCAYA.

Plain Concepts S.L.U. C/ Gran Vía Don Diego Lopez de Haro, 1-8º – 48001 – Bilbao – VIZCAYA.

Plain Concepts UK LTD Delta Place, 27 Bath Road, Cheltenham, Gloucestershire GL53 7TH (U.K.).

Plain Concepts Corporation INC 8201 164th Ave Ne, Redmond, WA 98052 (USA).

Plain Concepts GmbH c/o KRIEGER GmbH Steuerberatungsgesellschaft, Berliner Straße 51, 60311 Frankfurt am Main (Germany).

Plain Concepts RO S.R.L. Bucureşti Sectorul 1, Calea VICTORIEI, Nr. 145, MODUL 1.25, Etaj 1, Cod poștal 10072 (Romania).

In the contracting carried out by Plain Concepts UK LDT, Plain Concepts Corporation INC, Plain Concepts GmbH or Plain Concepts RO S.R.L., Plain Concepts S.L.U. will act as joint controller.

If you have any questions about who is responsible for your data, you can send an inquiry to the email address: gdpr@plainconcepts.com.

PLAIN CONCEPTS has a Data Protection Officer (DPO), who you can contact by sending an email to dpo@leasba.com in order to resolve any questions regarding this Privacy Policy.

What personal data do we process and how do we collect it?

The personal data processed by PLAIN CONCEPTS comes from the interested party, who provides them during the registration process in the Register of Suppliers and, where appropriate, throughout the contracting process and throughout the period of development of the contractual relationship.

The personal data that are processed by PLAIN CONCEPTS are:

• Identification data: name and surname, postal and email address, telephone number, NIF/DNI/NIE, passport or any other similar identity document and signature.
• Commercial data or conditions: services provided, activities and business and, where applicable, commercial licenses.
• Data relating to transactions of goods and services: financial transactions, compensation, etc.
• Bank details: such as, for example: account number.
• Employment data: in the event that you are a natural person who provides services for our legal entity Suppliers, PLAIN CONCEPTS may process, in addition to your contact details, data relating to the function or position performed.

If you do not provide us with the personal data requested, it is likely that we will not be able to register you in the Register of Suppliers, comply with the contractual relationship, manage the activity and comply with legal obligations.

Likewise, PLAIN CONCEPTS, in accordance with its internal procedure for managing suppliers and potential suppliers and in compliance with the established guidelines on risk management, may obtain information from third parties.

For what purpose do we process your personal data?

The personal data that is requested and collected by PLAIN CONCEPTS is strictly necessary to comply with the following purposes:

1. Participation in the supplier qualification and selection process within the framework of its risk management standards and procedures.
2. Periodic verification of compliance with all the requirements required to be a Supplier of PLAIN CONCEPTS, as well as the appropriate economic and financial situation.
3. Management of the contractual relationship with suppliers in all its aspects.
4. Internal management and communication between the Group’s organizations on matters relating to supplier relations.
5. Administrative, collection and payment management.
6. Sending commercial communications related to sustainability, ethics and compliance.
7. Comply with legal obligations and requirements from government and judicial bodies.

Which is the legitimacy for the processing of your personal data?

The legal basis for processing your data is different depending on the purpose for which the data is intended:

• Performance of a contract (art. 6.1 b) GDPR): for the purposes of paragraphs a), b), c) and e), standing is based on the performance of a contract to which you are a party or for the application of pre-contractual measures, in particular in the case of the qualification and selection process of suppliers.
• Compliance with legal obligations (art. 6.1.c) GDPR): for the purposes of section g), the legitimacy is based on compliance with the legal obligations imposed on PLAIN CONCEPTS.
• Legitimate interest of the controller (art. 6.1 f) GDPR): the legitimacy for the purpose set out in section d), is based on the legitimate interest of PLAIN CONCEPTS in the management of the present and future relationship with you as a representative of a supplier, legal person or contact person, or as a natural person.
• Consent of the interested party (art. 6.1.a) GDPR): the legitimacy for the purpose set out in section f), is based on the consent granted by you for the sending of commercial communications.

By virtue of legitimate interest and in accordance with Recital 48 GDPR, all entities that are part of the PLAIN CONCEPTS Group may communicate data with each other for internal administrative purposes, supplier control, relationship management and risk management.

To whom will your data be communicated?

The personal data of you, a natural person or representative or contact person in the case of a legal person, may be communicated to third parties and relevant bodies when necessary for the fulfilment of the purposes set out above.

Specifically, the data will be communicated to:

• Public records.
• Tax Administration.
• Other Public Administration bodies.
• Banks/Savings Banks.
• Insurance companies.
• Suppliers of products and services.
• PLAIN CONCEPTS Group companies: Some of the group companies are located outside the European Economic Area (EEA), which entails an international transfer of data, which will be detailed in point 6 referring to international transfers.

International Data Transfers

In the processing of personal data relating to the management of suppliers, transfers to third countries are foreseen, in particular to:

1. PLAIN CONCEPTS GROUP COMPANIES OUTSIDE THE EEA: the transfer of data to subsidiaries located in third countries is carried out for the purpose of collaboration between the different companies of the Group, administration, execution and development of projects for the provision of services to customers.

The personal data that are subject to transfer are only the personal identification and professional data that are essential for internal administrative purposes, supplier control, relationship management and risk management.

Therefore, international data transfers are planned to the following companies in the Group:

• PLAIN CONCEPTS CORP INC. (United States of America): The US has an adequate level of protection for personal data, as there is an adequacy decision by the European Commission (EU- USA Data Privacy Framework Decision of 10 July 2023).
• PLAIN CONCEPTS UK LTD (United Kingdom): The guarantee for this international transfer of data is based on the existence of an Adequacy Decision of the European Commission: Commission Implementing Decision (EU) 2021/1773 of 28 June 2021.

How long will we keep your data?

PLAIN CONCEPTS will keep your personal data for the duration of the current commercial relationship. In addition, for the sending of commercial communications, they will be maintained as long as you do not withdraw your consent to them. This, without prejudice to the conservation of the data during the period established to comply with the legally established obligations and to deal with possible claims that may arise in relation to the processing of the data. During this period of time, the data will be kept duly blocked.

What are the rights of the data subject?

The data subject (you) can exercise their rights under current data protection legislation. Specifically:

• Right of access to your personal data: You have the right to obtain confirmation from the controller as to which of your personal data is being processed or not and whether an international transfer of your personal data is taking place.
• Right to rectification of inaccurate or erroneous data: You have the right to obtain without undue delay from the controller the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed for you, including by means of an additional statement.
• Right of deletion or cancellation: You have the right to obtain erasure of your personal data without undue delay where:

1. The personal data is no longer necessary in relation to the purpose for which it was collected.
2. The data is out of date.
3. The consent is withdrawn by the interested party. This withdrawal of consent will not affect the lawfulness of the processing that has been previously carried out on the basis of the corresponding legitimation.
4. The data have been used unlawfully.

• Right to data portability: you have the right to have the controller transmit your data to another controller, which will be done in a structured format that is commonly used and machine-readable when the processing is carried out by automated means.
• Right to restriction of processing: in certain circumstances, you may request the limitation of the processing of your data, in which case it will only be kept duly blocked for the exercise or defence of claims.
• Right to object: You may object to the processing of your personal data in certain circumstances and for reasons relating to your particular situation. In this case, PLAIN CONCEPTS will cease to process any personal data, except in those cases in which there is a compelling legitimate interest or the exercise or defence of possible claims.

The interested party may exercise their rights by sending an email to the gdpr@plainconcepts.com address, indicating the reason for their request and the right they wish to exercise. If we consider it necessary, because there are reasonable doubts as to whether we can identify you, we may ask you to copy a document proving your identity. You can also send a communication to the Data Protection Officer by sending an email to dpo@leasba.com.

In those cases in which you feel that your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you can file a complaint with the Data Protection Supervisory Authority, specifically the Spanish Data Protection Agency, through its website: www.aepd.es.

As the PLAIN CONCEPTS Group processes data in different EU Member States, your main point of contact may be a Supervisory Authority of another EU Member State, which can find your contact details at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Security Measures

PLAIN CONCEPTS applies all the security measures required by the regulations on the protection of personal data, with the aim of protecting your rights and freedoms. PLAIN CONCEPTS applies the necessary measures to guarantee the confidentiality of the personal data of all people under its responsibility.

Privacy Policy Modifications

PLAIN CONCEPTS reserves the right to modify or update this Privacy Policy at any time. In the event that any clause of this Privacy Policy is annulled or considered null and void, the rest of the conditions will not be affected, and will fully retain their validity and validity, in accordance with the regulations in force applicable at all times.

Event Privacy Policy

The PLAIN CONCEPTS Group is committed to protecting your privacy and complying with personal data protection legislation, in particular the General Data Protection Regulation (GDPR) and the personal data protection legislation applicable in each country where the various companies of the PLAIN CONCEPTS Group are domiciled. The processing of personal data carried out by PLAIN CONCEPTS will be carried out in accordance with the principles of loyalty, legality, adequacy and transparency, always in accordance with specific, explicit and legitimate purposes. PLAIN CONCEPTS undertakes to keep your data up to date and to keep it only for the time necessary to fulfill the purposes of the processing.
This website is the property of PLAIN CONCEPTS, S.L.U. (hereinafter, PLAIN CONCEPTS), an entity of Spanish nationality and domiciled in Spain (a State belonging to the European Union and the European Economic Area), Responsible for the Processing of the personal data collected through this website. You can consult the information relating to the entity that manages the website by accessing the link called Legal Notice that is incorporated at the bottom of the website.
This Privacy Policy informs you of the way in which PLAIN CONCEPTS will process your personal data because of your participation in a PLAIN CONCEPTS event.
Please read carefully and make sure you understand the following information. If you are going to be accompanied to the event, before providing PLAIN CONCEPTS with the personal data of the companions, make sure to inform them about the processing of your personal data in accordance with this Privacy Policy.
Any updates or modifications to this Privacy Policy will be communicated to you through this website.

Who is the Data Controller of your personal data?

The Data Controller is PLAIN CONCEPTS, S.L.U. (A company belonging to the PLAIN CONCEPTS Group) with CIF: B24532178 and registered office at C/ Gran Vía Don Diego López de Haro, 1º, 8ª planta, 48001 Bilbao (Vizcaya), Spain.

If you have any questions regarding the processing of your personal data, do not understand or need the translation of this Privacy Policy into another language, you can contact us at the address gdpr@plainconcepts.com.

We also inform you that PLAIN CONCEPTS has a designated Data Protection Officer (hereinafter, DPO), who can be contacted at the address dpo@leasba.com.

What personal data do we process and how do we collect it?

The personal data processed by PLAIN CONCEPTS is that which you provide to us when completing the form or application for registration for the event or within the framework of any other PLAIN CONCEPTS event that you have participated in. Where appropriate, PLAIN CONCEPTS will process your image and/or voice that appears in the photographs or videos taken during the event.

PLAIN CONCEPTS may also process data relating to disabilities or food allergies that you may send to PLAIN CONCEPTS, considering the specific characteristics of the event and in order to guarantee satisfactory care.

For what purpose do we process your personal data?

PLAIN CONCEPTS will process your personal data for the following purposes:

1. Inscription and sending of the invitation to the event and, if applicable, sending of the satisfaction survey.
2. Management of your involvement, participation or collaboration in the event.
3. Access control in the place where the event take place.
4. In order to promote the PLAIN CONCEPTS brand, the creation and/or editing of the photographs and videos taken during the event for subsequent dissemination in legal media and on the social media profiles of PLAIN CONCETPS.

Which is the legitimacy for the processing of your personal data?

The legal bases, in accordance with Article 6 of the GDPR, for the processing of your personal data are as follows:

1. For the purposes mentioned in letters a), b) and c) of the previous section, the legal basis is the legitimate interest of PLAIN CONCEPTS (Art 6.1.f GDPR), for the appropriate management of your participation and attendance at the event you have requested, to guarantee the security of the facilities where the event takes place, and where appropriate, to know the degree of satisfaction of the attendees.
2. For the collection of images and/or voice taken during the event, letter d) of the previous section, we differentiate:

• General plans – (where you are not recognized)-: The legal basis is the legitimate interest of PLAIN CONCEPTS (Art 6.1.f GDPR), for the advertising and promotion of the PLAIN CONCEPTS brand.
• Close-ups – (where you are acknowledged): The legal basis is your consent that will be requested in each case. With your consent, you will be authorising the transfer of your image and/or voice rights free of charge, for use in all known legal media, present or future and without geographical limitation. You may revoke your consent at any time, however, the revocation of consent can never be retroactive, so it will not affect the lawfulness of the processing based on consent prior to withdrawal. These close-ups can be collected directly by the PLAIN CONCEPTS team or by contracted third parties.

To whom will your data be communicated?

Your personal data may be transferred to the following groups:

1. Companies belonging to the PLAIN CONCEPTS group: In some cases, your personal data will be communicated to other companies belonging to the PLAIN CONCEPTS group, for internal administration purposes if the event is international in nature and requires the participation of all or some companies of the group. Therefore, by registering or, where appropriate, by purchasing the ticket and/or participating in the event, you are accepting and giving your explicit consent for the transfers to be made to the companies belonging to the group and always in accordance with the purposes described above.
2. Sponsors/Partners/Collaborating Companies: Some events may be organised jointly with other companies in the sector, with which there is a collaboration agreement, and there may be a transfer of attendees’ data to these companies or organisations in order to be able to inform about the products or services they provide, as well as to carry out marketing actions related to them. Therefore, you will be informed in advance of such transfers, requesting your explicit consent to carry them out.
3. Companies or organizations directly related to the data controller: Your data may be communicated to external service providers that are directly related to PLAIN CONCEPTS, which are necessary for the organization and development of the event, such as security companies, owners of the premises or rooms where the event takes place, catering services, companies that are responsible for the issuance of accreditations, companies in charge of taking and editing photographs, etc. With all these companies (in charge of the processing) PLAIN CONCEPTS has signed the corresponding contracts for the processing of personal data, which specify the obligations in terms of security and purposes of the processing.
4. Social networks: PLAIN CONCEPTS may make publications on the company’s social media profiles, where your image and/or voice will be processed. If you are directly acknowledged, your prior consent will be asked in accordance with section 4 of this privacy policy and you will be informed of the details of this processing. They will process your data in accordance with the rules and privacy policy established for this purpose by each of them.

How long will we keep your data?

PLAIN CONCEPTS will keep your personal data for the management and access of the event, until the end of the event. Your image and voice will be retained until you exercise the right of erasure or revoke consent in accordance with paragraph 4.  However, the data will be kept for the corresponding period to comply with legal obligations, during the applicable limitation periods to meet possible liabilities arising during processing. In this case, the data will be kept duly blocked until the limitation period for any legal liabilities associated with the processing has elapsed

Data transfer to third countries

There may be the following transfers of data to third countries:

1. Sponsors/Partners/Collaborating Companies: These collaborators may be located outside the European Economic Area, so there will be international data transfers. In the event that there is no adequacy decision by the European Commission with respect to the third country, PLAIN CONCEPTS will ensure that it has the appropriate guarantees so that the data is protected in identical or similar terms to those provided for in European regulations.
2. Companies or organisations directly related to the Data Controller: In the event that any of these companies is located outside the European Economic Area and there is an international transfer of data to a third country which, in some cases, involves certain risks to your privacy due to the absence of an adequacy decision, PLAIN CONCEPTS will ensure that it has the appropriate guarantees so that the data is protected under the same or similar terms as those provided for in European regulations.
3. Eventbrite: PLAIN CONCEPTS uses the Eventbrite platform for the entire process of managing, acquiring free of charge and purchasing tickets for the events it organizes. The processing of your personal data through this platform will be carried out in accordance with Eventbrite’s privacy policy which you can find at the following link:

https://www.eventbrite.es/help/es/articles/460838/politica-de-privacidad-de-eventbrite/.

Eventbrite will be a processor of your personal data and is subject to a data processing agreement (DPA), incorporated into the terms and conditions of the service purchased by PLAIN CONCEPTS. This agreement includes Eventbrite’s legal obligations as a processor under the GDPR, which can be found at the following link: https://www.eventbrite.es/help/es/articles/429030/anexo-de-procesamiento-de-datos-para-organizadores/.

Eventbrite physically stores personal data in the United States of America, resulting in an international transfer of data to a third country outside the European Economic Area. The United States has an adequacy decision from the European Commission (EU- USA Data Privacy Framework Decision of 10 July 2023).

1. Social networks: Some of the social networks used by PLAIN CONCEPTS contemplate international data transfers to third countries. They will process your data in accordance with the rules and privacy policy established for this purpose by each of them.
2. Companies belonging to the PLAIN CONCEPTS group: Some of the companies in the PLAIN CONCEPTS group are located outside the European Economic Area, which entails an international transfer of data. Specifically, to the following group companies:

• PLAIN CONCEPTS CORP INC. (United States of America): The US has an adequate level of protection for personal data, as there is an adequacy decision by the European Commission (EU- USA Data Privacy Framework Decision of 10 July 2023).

• PLAIN CONCEPTS UK LTD (United Kingdom): The guarantee for this international transfer of data is based on the existence of an Adequacy Decision of the European Commission: Commission Implementing Decision (EU) 2021/1773 of 28 June 2021.

Which are your rights?

The data subject (you) can exercise their rights under current data protection legislation. Specifically:

• Right of access to your personal data: You have the right to obtain confirmation from the controller as to which of your personal data is being processed or not and whether an international transfer of your personal data is taking place.
• Right to rectification of inaccurate or erroneous data: You have the right to obtain without undue delay from the controller the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed for you, including by means of an additional statement.
• Right of deletion or cancellation: You have the right to obtain erasure of your personal data without undue delay where:

1. The personal data is no longer necessary in relation to the purpose for which it was collected.
2. The data is out of date.
3. The consent is withdrawn by the interested party. This withdrawal of consent will not affect the lawfulness of the processing that has been previously carried out on the basis of the corresponding legitimation.
4. Have been used unlawfully.

• Right to data portability: you have the right to have the controller transmit your data to another controller, which will be done in a structured format that is commonly used and machine-readable when the processing is carried out by automated means.
• Right to restriction of processing: in certain circumstances, you may request the limitation of the processing of your data, in which case it will only be kept duly blocked for the exercise or defence of claims.
• Right to object: You may object to the processing of your personal data in certain circumstances and for reasons relating to your particular situation. In this case, PLAIN CONCEPTS will cease to process any personal data, except in those cases in which there is a compelling legitimate interest or the exercise or defence of possible claims.

The interested party may exercise their rights by sending an email to the gdpr@plainconcepts.com address, indicating the reason for their request and the right they wish to exercise. If we consider it necessary, because there are reasonable doubts as to whether we can identify you, we may ask you to copy a document proving your identity. You can also send a communication to the Data Protection Officer by sending an email to dpo@leasba.com.

In those cases in which you feel that your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you can file a complaint with the Data Protection Supervisory Authority, specifically the Spanish Data Protection Agency,  through its website: www.aepd.es.

As the PLAIN CONCEPTS Group processes data in different EU Member States, your main point of contact may be a Supervisory Authority of another EU Member State, which can find your contact details at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

Security measures

PLAIN CONCEPTS applies all the security measures required by the regulations on the protection of personal data, with the aim of protecting your rights and freedoms. PLAIN CONCEPTS applies the necessary measures to guarantee the confidentiality of the personal data of all persons under its responsibility.

Privacy Policy Modifications

PLAIN CONCEPTS reserves the right to modify or update this Privacy Policy at any time. In the event that any clause of this Privacy Policy is annulled or considered null and void, the rest of the conditions will not be affected, and will fully retain their validity and validity, in accordance with the regulations in force applicable at all times.