Data Controller
Itsglimmer S.L.
1. Categories of Data Processed
When an employee uses the Glimmer platform through their company, we may collect the following data:
Full name
Work email address
Job title and department
Profile photo (if uploaded)
Personal or role descriptions (if provided)
Preferences and interests configured in the platform (to personalize content)
Skills the user declares
Content interactions (what they read, time spent, saved/shared items, etc.)
Quiz results (answers, correct/incorrect, response time)
b) Company Billing and Financial Information
Nombre de la empresa
Datos de contacto para facturación (nombre, email, dirección)
Identificador del cliente en Stripe
Detalles del plan contratado, fechas de renovación, estado de los pagos
Historial de facturación
c) Información confidencial de la empresa cliente
Company name
Billing contact details (name, email, address)
Customer identifier in Stripe
Subscription details (plan, renewal dates, payment status)
Invoice history
d) Credentials and Security
Unique identifiers for login and secure session authentication
2. Purpose of Data Processing
Granting access to and enabling the use of the Glimmer platform
Personalizing user experience and content recommendations
Managing the contractual relationship and billing with client companies
Activating notifications, reminders, or automated emails related to service use (only if authorized by the user)
Aggregating usage data to improve product experience
Ensuring account security and authentication
3. Legal Basis for Processing
Performance of a contract: related to the use of the platform and subscription services contracted by the company
Legitimate interest: to enhance the service and ensure its proper security
User consent: in specific cases such as for sending non-essential communications
4. Data Sharing
Itsglimmer S.L. does not sell or share personal data with third parties.
Some data may be processed by third-party service providers essential to the platform’s functionality (e.g., Stripe for payment processing).
These providers act as data processors and have signed the necessary data processing agreements in accordance with GDPR.
5. International Data Transfers
No data is transferred outside the European Economic Area. If such transfers become necessary in the future, we will ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses or adherence to EU-approved frameworks).
6. Data Retention
Personal data will be retained for the duration of the contractual relationship with the client company or while the user maintains an active account. After that, data will be deleted or anonymized unless there is a legal obligation to retain it (e.g., billing data).
7. User Rights
Access their personal data
Rectify inaccurate data
Request erasure (right to be forgotten)
Restrict processing
Data portability
Object to processing
To exercise these rights, users may contact admin@itsglimmer.com clearly stating the right they wish to exercise and including a copy of a valid ID.
Users also have the right to file a complaint with the Spanish Data Protection Authority (AEPD) if they believe their rights have been violated.