Privacy Policy

2. Treatments

The owner of this website is responsible for the processing of different categories of personal data as part of its activity of offering and marketing through the Internet.

Concepts about Treatments

The processing of personal data carried out by the RESPONSIBLE shares the elements defined below:

Purpose: reason why personal data are processed, including deadlines and criteria for their conservation.

Legitimation: legal basis that justifies the treatment, as well as the obligation or not to facilitate them and the consequences of not doing so.

Recipient: the natural or legal person, public authority, service or body to which the personal data are transmitted, whether or not they are processed by a third party, except for public authorities in the framework of research work in accordance with the legal system, with an indication of possible international transfers.

Rights: those corresponding to the interested parties who hold the personal data.

The RESPONSIBLE offers its collaboration for the clarification of any of the previous concepts, developed in this section.

Details about Treatments

The table below shows the treatments carried out by the RESPONSIBLE:

TREATMENT 1

Purpose

Management of requests for information related to the offer and marketing of the RESPONSIBLE.

The period of conservation of the data by the RESPONSIBLE will be the corresponding one for the analysis of the consultation and the delivery of the requested information, unless the interested party indicates his intention to make another query or acquisition of product / s.

Legitimacy

The user’s consent, expressed unequivocally with the selection of the checkbox required for the submission of the inquiry form.

The interest of the RESPONSIBLE in responding to requests for information received as part of its commercial activity through the Internet.

The interest of the RESPONSIBLE in improving security, preventing fraud and improving customer service and service processes in the consultation processes.

In all three cases, the contact forms include mandatory fields for their submission. The lack of provision of these data will prevent the request and processing of the consultation by this means.

Recipient

No recipient.

The management of queries and requests for information is carried out between the requesting user and the RESPONSIBLE.

Exceptions only imposed by legal obligations.

No international transfer of personal data takes place.

Rights

Rights of access, rectification, deletion, limitation, portability and opposition.

Right to withdraw the consent granted at any time without affecting the legality of the treatment based on said consent.

Right to lodge a complaint or complaint with the competent supervisory authority in matters of data protection.

>> Exercise of Rights

TREATMENT 2

Purpose

Management of orders and purchase and sale of products through the e-commerce platform.

The data collected in this case will be stored for a period of 3 years to comply with the legal requirements associated with the commercial transactions carried out.

Legitimacy

The contractual relationship made between the owner of the personal data and the RESPONSIBLE.

The data collection form for the start of the commercial transaction, or for the acceptance of pre-contractual measures, or where appropriate the physical format that is delivered to the client for acceptance will contain the complete reference to the processing of personal data.

In both cases, the contact forms include mandatory fields for their submission. The lack of provision of these data will prevent the request and processing of the consultation by this means.

Recipients

Third parties related to the contracted product(s), such as transport services and Internet payment processing platforms.

Exceptions only imposed by legal obligations.

The operation of means of payment managed by companies located outside Spain, as well as the shipping address indicated by the buyer, may involve the international transmission of personal data, in which case the provisions and conditions imposed by legislation, entities and regulatory control authorities will be met to ensure that the data transferred receives protection equivalent to that of the European framework.

Rights

Rights of access, rectification, deletion, limitation, portability and opposition.

Right to withdraw the consent granted at any time without affecting the legality of the treatment based on said consent.

Right to lodge a complaint or complaint with the competent supervisory authority in matters of data protection.

>> Exercise of Rights

TREATMENT 3

Purpose

Creation of customer accounts during the process of ordering and buying and selling products through the e-commerce platform.

The data collected in this case will be stored indefinitely to comply with the legal requirements associated with the commercial transactions carried out, and to give the customer the possibility to consult their order history and make others about the information that already exists.

Legitimacy

The contractual relationship made between the owner of the personal data and the RESPONSIBLE.

The data collection form for the start of the commercial transaction, or for the acceptance of pre-contractual measures, or where appropriate the physical format that is delivered to the client for acceptance will contain the complete reference to the processing of personal data.

In both cases, the contact forms include mandatory fields for their submission. The lack of provision of these data will prevent the request and processing of the consultation by this means.

Recipients

Third parties related to the contracted product(s), such as transport services and Internet payment processing platforms.

Exceptions only imposed by legal obligations.

The operation of means of payment managed by companies located outside Spain, as well as the shipping address indicated by the buyer, may involve the international transmission of personal data, in which case the provisions and conditions imposed by legislation, entities and regulatory control authorities will be met to ensure that the data transferred receives protection equivalent to that of the European framework.

Rights

Rights of access, rectification, deletion, limitation, portability and opposition.

Right to withdraw the consent granted at any time without affecting the legality of the treatment based on said consent.

Right to lodge a complaint or complaint with the competent supervisory authority in matters of data protection.

>> Exercise of Rights

Treatment Registry

The RESPONSIBLE keeps a record of the generic and, sometimes, specific categories of treatment according to the contents below:

1. Name and contact details of the RESPONSIBLE.

2. Purposes of the treatment.

3. Description of the categories of data subjects and categories of personal data.

4. The categories of recipients to whom the personal data were or could be communicated, including recipients in third countries or international organisations.

5. Transfers of personal data to a third country or an international organisation, including its identification and documentation of appropriate safeguards.

6. The deadlines for the deletion of each of the categories of data stored.

7. The general description of the technical and organisational security measures that have been used or implemented in each processing or its categories.

Such a register is made available to the supervisory authorities and courts of law as appropriate.

3. Exercise of rights

Any user of this website, as well as the buyers of its products, has the opportunity to exercise the rights recognized by the applicable national and international regulations against the RESPONSIBLE.

Exercisable Rights

Right to request access to personal data, to know which are subject to treatment and what it consists of.

Right to request rectification, to correct inaccuracies or outdated.

Right to request its deletion, if possible.

Right to request the limitation of its treatment, in case of doubts about the legality or opportunity of its purpose, legitimacy, duration of file, or other questions about the treatment, as well as its accuracy or updating.

Right to data portability, when the legitimacy for the treatment is the contractual relationship or the consent of the interested party.

Right to object to the processing, when the legitimacy for the treatment is the legitimate interest.

The RESPONSIBLE offers its collaboration for the clarification of any of the previous concepts and definitions.

Withdrawal of Consent

The consent granted for any specific processing of your personal data may be withdrawn at any time, without affecting the lawfulness of the processing based on the consent withdrawn later.

Procedure

The interested party may exercise any of the rights described in this section by communicating to the RESPONSIBLE, necessarily providing the following information:

    1. Full name.

    2. Means of contact (email address and telephone or fax).

    3. Copy of THE DNI/NIE, passport or equivalent document.

    4. Identification of the personal data and the right or rights they intend to exercise.

All this can be sent to the attention of the RESPONSIBLE by electronic message

The RESPONSIBLE reserves the right to demand more information or additional identifying elements.

Complaint or Denunciation to Control Authorities

Any interested party may file a claim or complaint with the competent control authority in matters of data protection if they consider that their claims have not been satisfactorily addressed by the RESPONSIBLE, or when they understand that there has been negligence, abuse or irregularity or illegality in the processing of their personal data.

In general, before the Spanish Agency for Data Protection (www.agpd.es), being safe the determination of the competence of other control authorities at regional or European level.

Exceptions for Legitimate Interest or Legal Obligation

The RESPONSIBLE for the treatment could keep personal data necessary for the exercise of legal actions in defense of their rights or those of third parties, or to attend to claims legally foreseen by organs of the Public Administration, Administration of Justice and Bodies and Forces of Security of the State, according to the applicable regulations.

Similarly, the nature of the action and services developed by the RESPONSIBLE imposes compliance with the regulations on administrative, accounting and tax matters, which legitimizes and requires the conservation of the corresponding categories of personal data during the period of time imposed in each case.

In addition, and when it deems appropriate, the RESPONSIBLE may share information with lawyers, officials of the Public Administration and Justice to protect interests or property, prevent fraud or other illegal activities perpetrated through the Internet or on their behalf or that of this website, or to avoid any imminent damage to persons or property.

In these cases, the data and information will be kept duly blocked and unused for the corresponding period of time according to the limitation periods of possible civil, commercial, administrative and / or criminal liabilities.

4. Cookies

The specialty of this heading within the terms and conditions governing the processing of personal data advises us to dedicate a special section within this website, which can be consulted by interested users under the title “Use of Cookies” [see].

5. Principles of Action

The RESPONSIBLE strives to carry out a strict application of principles of action based on compliance with the regulations on the protection of personal data, including the knowledge and practical application of opinions of control authorities and jurisprudence from the ordinary and constitutional jurisdiction.

Principle of Necessity

It imposes a restrictive treatment of the personal data provided or obtained, according to criteria of relevance, proportionality and adequacy to the purposes proposed, explicit and legitimate that are its own to satisfy the needs of the offer and commercialization of this website.

Principle of Information

It requires a clear and simple description of the circumstances and conditions of the treatments and the request for authorization for them, according to criteria of conciseness, transparency, and ease of understanding and access.

Principle of Accuracy

It requires the application of active prevention and procedures to guarantee the authenticity, veracity, accuracy and validity of the personal data processed since its collection.

Principle of Security

It demands the application of adequate technical and organizational security measures to guarantee the integrity, confidentiality, availability and resilience of the systems and files related to the treatment, and that of the data processed.

Principle of Personal Control

It determines the highest degree of demand in the selection, training and supervision of any person in charge of the processing of personal data, if it becomes necessary to hire them, based on criteria of qualification, knowledge, competence and professional suitability.

Principle of Care

Provides an adequate and prompt response to any request for additional information, consultation, doubt or support to interested parties and third parties in relation to their personal data; especially to ensure the effectiveness of the rights of access, rectification, deletion, limitation, portability and opposition according to the applicable regulatory framework.

6. Security

The RESPONSIBLE strives to combine legal and technical knowledge in the creation and operation of this website for an exhaustive compliance with the regulations applicable to the processing of personal data.

Data Protection by Design and by Default

During the creation of this website, the technical and organizational measures have been optimized in anticipation of data processing to ensure that, by default, only those strictly necessary for each purpose are treated, also taking into account their quantity, extension of the treatment, conservation period and accessibility limited to the decision of the RESPONSIBLE.

Safety in Treatments

The nature, scope, context and purpose of the treatments to be carried out, as well as the possible risks of probability and gravity for the rights and freedoms of the interested parties, have been decisive when assessing the security measures applicable to each process.

In any case, an assessment of the risk planted in the processing of data in case of destruction, loss or intentional or accidental alteration has been carried out to determine the most appropriate technical and organizational measures to guarantee confidentiality, integrity, availability and resilience of the systems and files involved in each treatment, and that of the data specifically processed.

In addition, measures have been articulated to guarantee a rapid restoration of the data and access to them in case of any incident.

Concluding with a policy of periodic reviews for the correct evaluation and verification of the effectiveness of the measures described in this section.

Security Breach Procedure

Given the risk posed by possible security breaches in the system that could affect the correct processing of personal data, a protocol has been developed that includes:

    1.Notification to the competent control authority within 72 hours of the security incident.

   2. Immediate, clear and understandable notification of the security breach to the holders of personal data when there is a verifiable risk to their rights and freedoms.

   3. Analysis of its causes, effects and measures applied for its correction, as well as the documentation of each incident.

This protocol has been tested and verified.

Computer Security

The computer security measures applied in the management of this website are made available under the heading Computer Security of the Terms and Conditions of Use section.

7. Limitation of Liability

The users of this website responsible for the accuracy and quality of the data provided to the RESPONSIBLE in terms of its authenticity, veracity, precision and validity, and must communicate any modification or incident related to them after delivery.

They are responsible for the data of third parties provided, and must obtain the corresponding consent, without prejudice to the actions carried out by the RESPONSIBLE to adapt treatments or irregular or illegal situations.

Minors may not contract the products offered in the commercial catalog of that website, or send any information or query through their forms or contact mailboxes without the authorization of their parents, guardians or legal representatives, who will be in any case responsible for such actions.

8. Terminology

The definitions in this section clarify the understanding of data processing information in this section.

Personal data: any information about an identified or identifiable natural person (“the data subject”), whose identity can be determined, directly or indirectly, by means of an identifier.

Processing: any operation or set of operations carried out on personal data or sets of personal data (collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of enabling access, comparison or interconnection, limitation, deletion or destruction).

Limitation of the treatment: the marking of the personal data kept in order to limit its treatment in the future.

Third: natural or legal person, public authority, service or body other than the interested party, the RESPONSIBLE, the person in charge of the treatment and the persons authorized to process the personal data under the direct authority of the RESPONSIBLE or the person in charge.

Consent of the interested party: any expression of free, specific, informed and unequivocal will by which the interested party accepts, either by means of a declaration or a clear affirmative action, the processing of personal data concerning him.

Pseudonymisation: the processing of personal data in such a way that they can no longer be attributed to a data subject without using additional information, provided that such additional information is listed separately and is subject to technical and organisational measures aimed at ensuring that the personal data are not attributed to an identified or identifiable natural person.

Responsible for the treatment: the natural or legal person, public authority, service or other body that, alone or together with others, determines the purposes and means of the treatment.

Supervisory authority: the independent public authority established by a Member State of the European Union.

Cross-border processing: (a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or a processor in the Union, if the controller or processor is established in more than one Member State; or (b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

The RESPONSIBLE will respond to any query for a better understanding of any of the above concepts, developed in this section.

9. Modifications

The RESPONSIBLE reserves the right to modify the terms and conditions in this privacy policy to adapt them to any change in the commercial offer provided in its catalog, in its commercial sector or to modifications in the regulations applicable to any of the headings in this section.

The date of modification of this section will be updated and any significant changes will be brought to the attention of users and customers whose personal data are being processed so that they make the allegations they consider appropriate and, in the cases provided for by law, they can grant their consent again.

In no case, the changes that may be made will affect the rights derived or that could derive from the commercial transactions carried out prior to said modifications.

Treatments after the modification date will be carried out in accordance with the new conditions in this section.

10. Questions and Suggestions

For any questions or suggestions about any of the contents of this privacy policy, please contact the DATA CONTROLLER through the following email: