Privacy Policy

Commercial communications related to our services

Basic information on Data Protection
Responsible SURTECH SOLUTIONS
Purpose

Commercial communications related to our services

Registration as users

Legitimation Express consent and legitimate interest.
Recipients No data is transferred to third parties, except where legally required
Rights Access, rectify and delete data, as well as other rights, as explained in the additional information.

We care about your privacy

In particular, the General Data Protection Regulation (GDPR) 2016/679, of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data.

For us it is also a commitment to you and a way to demonstrate that we like to do right.

That is why we want to be transparent and explain that we will incorporate the data you provide us into an automated file for which SURTECH SOLUTIONS LLC (as SURTECH SOLUTIONS, hereinafter) is responsible.

In addition, we want you to know that:

Your data is collected to meet your needs and interests and, as a result, improve your user experience.
Our priority is to ensure your security and treat your data in accordance with the stipulations established in European regulations.
Whenever we are going to use your personal information, we will comply with the legislation. When necessary, we will ask for your consent.
Your data is yours. If you decide to withdraw your authorization to process your data, you can ask us to stop processing it.

You can then consult the different sections of our Privacy Policy::

Who is responsible for processing your personal data?

Identity: SURTECH SOLUTIONS LLC
Registered Office: 3500 South Dupont Highway,  Dover, CP 19901, Delaware
VAT ID: 92-3236321
Email: gdpr@midway.la

If you wish to make an inquiry regarding the processing of your personal data, you can contact us by email at gdpr@midway.la.

Our privacy principles

We have a program based on responsibility and we commit to comply with the following principles based on European and international privacy and data protection frameworks:

Legality, fairness, and transparency: Our data processing activities are carried out: 1) with your consent; 2) to fulfill the obligations we have contracted with you; 3) for the legitimate purposes of operating our business, developing innovations and offering a customer experience, or, 4) in accordance with the Law.
Notice and Choice of Data Use: Given that one of our goals is transparency, we notify you and offer you the choice to select the types of personal data we collect and the purposes for which we collect and process them. We will not use personal data for purposes that are incompatible with these principles, our privacy statement, or specific notices associated with SURTECH SOLUTIONS services.
Access to Data: We offer you reasonable access, as well as the possibility to review, correct, modify, or delete the personal data you have shared with us.
Data Integrity and Purpose Limitation: We only use personal data for the purposes described at the time of collection, taking appropriate measures to ensure that personal data is accurate, complete, and current, and we only obtain the personal data necessary for the purposes for which we collect them. We keep personal data only for as long as necessary to fulfill the purposes for which we collected them, and subsequently securely delete or destroy them.
Data Security: To protect your personal data against unauthorized use or disclosure, we implement information security policies in our own facilities.
Responsibility regarding subsequent transfers: Personal data will only be shared when third parties are contractually obliged to provide equivalent levels of protection.
Recourse, Oversight, and Enforcement: We are committed to resolving any questions you may have regarding your personal data and to providing resources to those who believe that SURTECH SOLUTIONS has not adequately respected their rights.

What personal data are we going to collect?

The personal data that the user may provide:

Name
Email
Location
IP adress
Date and time you accessed our services
Internet browser you use and data about the device’s operating system

In some cases, it is mandatory to complete a registration form to access and enjoy certain services offered on the website. Also, not providing the requested personal data or not accepting this data protection policy implies the impossibility of subscribing, registering or participating in any promotions that require personal data.

Why and for what purpose do we process your data?

We process the information you provide us with the following purposes:

Manage the sending of the information you request, as well as any other inquiries you may have that are not subject to the conditions of the website or service contracting..
Manage the registration of new users subscribed to the platform in order to provide the services previously contracted.
Develop commercial actions and carry out the maintenance and management of the relationship with you, as a user, as well as the management of the services offered through the website and information tasks.
Develop promotional activities that may be organized.

In some cases, it will be necessary to provide information to authorities or third companies for audit purposes, as well as to manage personal data of invoices, contracts and documents to respond to customer or Public Administrations claims.

We inform you that the personal data obtained as a result of your registration as a user will be part of the Record of Activities and Treatment Operations (RAT) where SURTECH SOLUTIONS is the owner, which will be periodically updated in accordance with the provisions of the GDPR.

What is the legal basis for processing your data?

The processing of your data may be based on the following legal bases:

Consent of the interested party for the contracting of services through contact forms, requests for information, or newsletter subscriptions.
To fulfill a contractual obligation and carry out the service provision correctly.
Legitimate interest for the processing of our customers’ data in direct marketing actions and explicit consent of the interested party for everything related to automatic assessments and profile elaboration.
Compliance with legal obligations for fraud prevention, communication with public authorities and third-party claims.

If you have any questions or need more information about the legal basis on which we collect your personal information, please contact us at gdpr@midway.la. 

How long do we keep your data?

We will keep your personal data only for the time necessary to fulfill the purposes for which it was collected unless you request its deletion. In some cases, we may keep your personal data for the time required by applicable law or until the statute of limitations for any potential legal claims has expired.

Who do we communicate your data to?

In some cases, only, when necessary, SURTECH SOLUTIONS will provide user data to third parties. However, your data will never be sold to third parties.

External service providers that SURTECH SOLUTIONS works with may use the data to provide the corresponding services; however, they will not use such information for their own purposes or for transfer to third parties. SURTECH SOLUTIONS ensures the security of personal data when it is sent outside the company and ensures that third-party service providers respect confidentiality and have appropriate protection and security measures in place to protect personal data. These third parties are required to ensure that the information is processed in accordance with data privacy regulations (Art. 28 GDPR).

In this case SURTECH SOLUTIONS, will communicate your data, in order to enjoy and communicate with the company to make any inquiries or information about its services, through INTERCOM, which act as data controllers that collect the data, which remains stored in their systems and records of Activity. For more information about their privacy policy, you can check here; https://www.intercom.com/legal/privacy.

SURTECH SOLUTIONS ensures the security of personal data when it is sent outside the company and ensures that third-party service providers respect confidentiality and have the appropriate measures in place to protect personal data. These third parties are required to ensure that the information is processed in accordance with data privacy regulations.

In some cases, we may also share your personal data when we believe, in good faith, that it is our obligation to do so in order to: i) respond to properly authorized information requests from official security agencies, regulators, courts, and other authorities, including compliance with certain national security or law enforcement requirements. ii) comply with laws, regulations, subpoenas, or court orders; iii) investigate and help prevent security threats, fraud, or other criminal or malicious activities. iv) exercise/protect the rights and properties of SURTECH SOLUTIONS and its subsidiaries; or v) protect the rights or personal safety of SURTECH SOLUTIONS, our employees, and third parties regarding the use of SURTECH SOLUTIONS’ property, provided that it is allowed and in accordance with applicable law.

In some cases, the law may require disclosure of personal data to public bodies or other parties. Only the strictly necessary data will be disclosed to comply with such legal obligations.

Where are your data stored?

The data we process may be transferred, stored, or processed in states located outside the EU. We rely on external providers who may process personal data on our behalf to provide services to SURTECH SOLUTIONS, and their servers may be located outside Europe.

We take technical and organizational measures to ensure that our providers offer adequate guarantees to protect the personal data they process on our behalf, and we contractually require such data to be processed in compliance with applicable data protection laws. You can find more information in the GDPR.

What rights do you have and how can you exercise them?

As a user of this Website, you have the following rights as a data subject. Please note that these rights are not absolute and, in certain cases, are subject to conditions specified in applicable law.

Under the GDPR, you can request:

Right of access and rectification (Art. 15 and 16 GDPR): The user has the right to obtain information about the personal data held by SURTECH SOLUTIONS and for what purposes they have been used, and request a copy of that personal information. The user also has the right, at any time, to request correction of any inaccurate or incomplete personal data.
Right to erasure and to be forgotten (Art. 17 GDPR): The user has the right to obtain erasure of personal data concerning him or her when the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. If you have ever given your consent for the processing of personal data, there will always be the possibility to withdraw such consent for any future processing that depends on it.
Right to restriction of processing: The user has the right to request the restriction of the processing of his or her personal data, in which case SURTECH SOLUTIONS would only keep them for the exercise or defense of claims.
Right to object (Art. 21 and 22 RGPD): The user has the right to object to the processing of his or her data as provided for in Articles 21 and 22 of the GDPR. SURTECH SOLUTIONS informs the user that even if he or she objects to certain processing, SURTECH SOLUTIONS may continue such processing if it is based on another legitimate basis. For example, to provide services or to comply with legal obligations.
Right to data portability (Art. 20 GDPR): In some cases, you may request a copy of personal data in a structured, commonly used, machine-readable format for transmission to another controller.
Right not to be subject to individualized decisions: You may request that decisions not be based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.

In some cases, the request may be refused if you request the deletion of data necessary for compliance with legal obligations.

Likewise, if you have any complaints about the data processing, you can lodge a complaint with the data protection authority.

If you have any questions about the type of personal information, we have about you or if you wish to request the deletion or correction of the personal information we have about you, or exercise any other data subject rights, please submit a written request to; gdpr@midway.la. While we will make reasonable efforts to accommodate your request, we reserve the right to reject such access requests or to impose restrictions or requirements on such requests as required or permitted by applicable law.

How do we protect your personal information?

SURTECH SOLUTIONS has adopted the legally required levels of security protection for Personal Data and seeks to install any additional technical and organizational means at its disposal to prevent loss, misuse, alteration, unauthorized access, and theft of the Personal Data provided to SURTECH SOLUTIONS. The ways we do this include:

Implementing technical and organizational measures designed to ensure the ongoing confidentiality and availability of processing systems and services.
Implementation of security policies recommended by the GDPR.
Limiting access to the information we collect about you.
Ensuring that we and our providers have adequate security safeguards to keep personal information secure.
When required by law, destroying or de-identifying personal information.

SURTECH SOLUTIONS is not responsible for hypothetical damages or harm that may result from interference, omissions, interruptions, computer viruses, telephone failures, or disruptions in the operational functioning of this electronic system, caused by factors beyond SURTECH SOLUTIONS’ control, or delays or blockages in the use of this electronic system caused by deficiencies or overloads in telephone lines or overloads in the Data Processing Center, in the Internet system, or in other electronic systems, as well as damages that may be caused by third parties through illegitimate intrusions beyond the control of SURTECH SOLUTIONS. However, the user should be aware that Internet security measures are not impregnable.

How do we securely store your data?

To prevent unauthorized access, use, or disclosure, and to ensure the correct use of information, we use appropriate physical, technical, and administrative procedures to protect the data we collect and process. SURTECH SOLUTIONS retains data as required or allowed by law, and as long as the data continue to have a legitimate business purpose.

When obtaining, transferring, or storing sensitive data, such as tax information, we use various technologies and additional security procedures to protect your personal data from unauthorized access, use, or disclosure.

Who is responsible for the accuracy and truthfulness of the provided data?

The user is solely responsible for the accuracy and correctness of the included data, releasing SURTECH SOLUTIONS from any liability in this regard. Users guarantee and respond, in any case, for the accuracy, validity, and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the registration or subscription form. SURTECH SOLUTIONS reserves the right to terminate contracted services that have been entered into with users if the data provided is false, incomplete, inaccurate, or not up to date.

SURTECH SOLUTIONS is not responsible for the truthfulness of information not of its own making and for which another source is indicated, nor does it assume any responsibility for any damages that may arise from the use of such information.

SURTECH SOLUTIONS reserves the right to update, modify, or delete the information contained on its web pages and may even limit or deny access to such information. SURTECH SOLUTIONS is exempt from any liability for any damage or harm that the user may suffer as a result of errors, defects, or omissions in the information provided by SURTECH SOLUTIONS provided it comes from sources outside it.

Likewise, you certify that you are over 14 years of age and that you have the necessary legal capacity to give your consent regarding the processing of your personal data.

How do we handle personal data of minors?

In principle, our services are not specifically directed at minors. However, in the event that any of them are directed at minors under the age of fourteen, SURTECH SOLUTIONS will require valid, free, unequivocal, specific, and informed consent from their legal guardians to process the personal data of minors. In this case, some form of identification of the person giving consent will be required.

In the case of minors over fourteen years of age, data processing may proceed with the consent of the user, except in cases where the Law requires the assistance of holders of parental authority or guardianship.

Links to other websites

The website may contain links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of that website, with SURTECH SOLUTIONS being disassociated from any responsibility regarding its privacy policy.

SURTECH SOLUTIONS as Data Processor

These conditions apply in cases where SURTECH SOLUTIONS (hereinafter, PROCESSOR) is considered a data processor for the CONTROLLER in accordance with the General Data Protection Regulation (GDPR). The following clauses are part of the contract for outsourcing the storage, maintenance, and technical support services of the platform, provided by the PROCESSOR to the CONTROLLER (hereinafter, CONTRACT). This agreement is part of the documented instructions from the CONTROLLER to the PROCESSOR, and will also apply when applicable, for any data processing where the CONTROLLER acts as a processor for other controllers. In these cases, the CONTROLLER must demonstrate that it is authorized to process the data of the other controllers.

Purpose and nature of the processing: These conditions apply to the services provided by the PROCESSOR in accordance with the CONTRACT that may involve the processing of personal data by the PROCESSOR on behalf of the CONTROLLER. The PROCESSOR will provide the CONTROLLER with the services detailed above.
Purpose of the processing: The purpose of the processing is to allow and enable the PROCESSOR to provide the agreed services under the CONTRACT, (i) the processing as necessary to provide the service in accordance with the agreement; (ii) processing initiated by the customer in his use of the service; and (iii) processing to comply with any other reasonable instruction provided by the customer (e.g., by email or support tickets) that are consistent with the conditions of the agreement.
Types of data: The data processed will be all those necessary for the provision of services by the PROCESSOR in accordance with the CONTRACT and these terms detailed below:

– Workers: identification and contact data (name, address, position, contact details, username); employment details (employer, position, area of responsibility).

– Contacts and customers: Identification and contact data (name, date of birth, gender, general occupation or other demographic information, address, contact details, including email address); personal interests or preferences (including purchase history, marketing preferences, and publicly available social media profile information); IT information (IP addresses, usage data, cookie data, online browsing data, location data, browsing data); financial information (credit card data, account details, payment information).

– Sensitive data processed: No sensitive data are intentionally collected or processed in connection with the provision of the service.

Categories of data subjects: The categories of data subjects whose data will be processed will include all those whose information is provided to the PROCESSOR by the CONTROLLER or the data subjects whose information is processed by the CONTROLLER, and which may include, but are not necessarily limited to, the following categories:

– Current and potential clients, and contacts of the CONTROLLER.

– Employees or contacts of current and potential customers, partners, and suppliers of the CONTROLLER.

Duration and termination of processing: The processing of the data will take place until the expiration of the CONTRACT, which may be subject to renewal by mutual agreement. At the end of the contract, the PROCESSOR must, at the choice of the CONTROLLER, delete or return all personal data once the provision of processing services has ended, and delete existing copies unless the retention of personal data is required under Union law or the law of the Member States.
Confidentiality: The PROCESSOR will ensure that persons authorized to process personal data have committed themselves to confidentiality or are under an obligation of confidentiality. The PROCESSOR will be subject at all times to the principles of confidentiality and data minimization when accessing or processing the data of the data subjects on behalf of the CONTROLLER.
Additional obligations of the PROCESSOR: The PROCESSOR shall:

– carry out processing only to the extent necessary to provide the services under the CONTRACT and only in accordance with:

this agreement and the service provision contract;
written instructions that the CONTROLLER may eventually document;
when required by law.

In cases where the PROCESSOR is required to process data under any legal compliance obligation, the PROCESSOR will notify the CONTROLLER of this before carrying out the corresponding processing (unless the law exempts the PROCESSOR from this under public interest);

– take all necessary measures in accordance with article 32 GDPR;

– assist the CONTROLLER, taking into account the nature of the processing, through appropriate technical and organizational measures, wherever possible, so that the CONTROLLER can comply with its obligation to respond to requests aimed at exercising the rights of the data subjects established in Chapter III GDPR;

– assist the CONTROLLER in ensuring compliance with the obligations set out in Articles 32 to 36 GDPR, taking into account the nature of the processing and the information available to the PROCESSOR.

Subprocessors: The DATA CONTROLLER authorizes the PROCESSOR to engage other subprocessors for storing, communicating, and analyzing information in order to provide services under the CONTRACT. These subprocessors may include cloud storage tools, as well as other required services.

When processing is to be carried out on behalf of a data controller, the latter will only choose a processor who offers sufficient guarantees to apply appropriate technical and organizational measures, so that the processing complies with the requirements of the RGPD and guarantees the protection of data subjects’ rights.

Inspections and audits: The PROCESSOR shall provide the CONTROLLER with all necessary information to demonstrate compliance with the obligations established in Article 28 GDPR, as well as to allow and contribute to the conduct of audits, including inspections, by the CONTROLLER or another auditor authorized by said data controller.

How do we use cookies?

A cookie is a piece of text placed on your computer’s hard drive. Depending on the settings you have selected, your browser adds the text to your device as a small file. Many browsers are set to accept cookies by default. You have the ability to accept or reject cookies as you prefer. The Help section of your web browser, usually found in the toolbar, typically tells you how to prevent your browser from accepting new cookies, how to make the browser notify you when you receive a new cookie, or how to disable cookies altogether.

The SURTECH SOLUTIONS website and social networks use cookies to optimize and personalize your navigation through it. Cookies are physical information files hosted on the user’s own terminal, and the information collected through cookies serves to facilitate the user’s navigation of the portal and optimize the browsing experience. Data collected through cookies may be shared with their creators, but under no circumstances will the information obtained by them be associated with personal data or data that can identify the user.

The websites also use both proprietary and third-party «cookies» to allow you to log in to our services and help personalize your online experience. These technologies and the information collected about you may be used to track your activity across multiple devices. When appropriate, we use cookies to store your preferences and other information on your computer to save you time by eliminating the need to enter the same information repeatedly.

However, if the user does not want cookies to be installed on their hard drive, they have the possibility to configure the browser to prevent the installation of these files. For more information, please see our Cookies Policy.

Applicable law and jurisdiction

Any dispute arising from this contract or related to it, including any matter relating to its existence, validity, interpretation, performance, or termination, shall be subject to the decision of international arbitration. The arbitration shall be governed by the law.

The parties submit, at their free choice, to the jurisdiction of the laws applicable to this contract in the domicile of SURTECH SOLUTIONS.

Can the privacy policy be modified?

In the event that we modify our Privacy Policy, we will publish the revised statement here with the updated date of the revision. If we make significant changes to our privacy policy that substantially alter our privacy practices, we may also notify you through other means, such as sending an email message or posting a notice on our corporate websites or social media pages, before the changes take effect.

We recommend that you periodically review this Privacy Policy to be informed of how we use and protect your Personal Information.

Registration as users