PRIVACY AND DATA PROTECTION POLICY
Respecting the provisions of current law, SAFRÀ DEL MONTSEC (from here on, also Website) promises to adopt the necessary technical and organisational measures, according to the level of security adjusted to the risk of the data compiled.
- Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018, of 5 December, on Personal Data Protection and Digital Rights Guarantee (LOPD-GDD).
- Royal Decree 1720/2007, of 21 December, passing the Regulation which develops Organic Law 15/1999, of 13 December, on Personal Data Protection (RDLOPD).
- Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the personal data controller
The controller of the personal data collected through SAFRÀ DEL MONTSEC is: Jaume Casado Carulla, with NIF (tax number): 45786571B (from here on, Data Controller). His contact information is listed here:
- Address: Masia Mauri S/N – Els Masos de Llimiana
25639 Llimiana, Lleida
- Telephone: 605028536
- Email: email@example.com
Register of Personal Data
In compliance with the provisions of the GDPR and LOPD-GDD, we inform you that the personal data collected by SAFRÀ DEL MONTSEC through the forms appearing on its pages will be added to and processed in our archive to allow us to facilitate, streamline and fulfil the commitments established between SAFRÀ DEL MONTSEC and you (the User) or the maintenance of the relationship established in the forms you fill in, or to respond to your request or query. Thus, in conformance with the provisions of GDPR and LOPD-GDD, except when adhering to the exception provided for in article 30.5 of the GDPR, the Controller will maintain a register of processing activities which specifies, according to their purposes, the processing activities performed and the other circumstances established in the GDPR.
Principles applied to the processing of personal data
The processing of the User’s personal data will be subject to the following principles contained in article 5 of the GDPR and in article 4 and the following articles of Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights:
- Lawfulness, loyalty and transparency principle: your consent will always be required for the processing of your personal data, and you will be given completely transparent information on the purposes for which this data will be processed.
- Limitation of purpose principle: your personal data will be collected for specific, explicit and legitimate purposes.
- Data minimisation principle: all personal data collected will be strictly necessary in relation to the purposes for which it will be processed.
- Accuracy principle: your personal data will be accurate and always kept up to date.
- Storage limitation principle: personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Integrity and confidentiality principle: all personal data will be processed in a way which guarantees its security and confidentiality.
- Accountability principle: the Data Controller will be responsible for ensuring that the previous principles are fulfilled.
Categories of personal data
The only category of data processed by SAFRÀ DEL MONTSEC is identifying data. Under no circumstances will the company process special personal data categories in the sense of article 9 of the GDPR.
Legal basis for processing personal data
The legal basis for processing your personal data is your consent. SAFRÀ DEL MONTSEC promises to acquire your express and verifiable consent for the processing of your personal data for one or various specific purposes.
You have the right to withdraw your consent at any time. Retracting consent will be as easy as providing it. As a general rule, the retraction of consent will not condition use of the Website.
At times when you, the User, must or are able to provide your data through forms for making enquiries, requesting information or for reasons related to the content of the Website, you will be informed if the completion of one of these processes is compulsory, being essential for the correct development of the operation performed.
Purposes for which your personal data will be processed
Personal data is collected and processed by SAFRÀ DEL MONTSEC for the purpose of facilitating, streamlining and fulfilling the commitments established between the Website and you, the User, or the maintenance of the relationship established in the forms you complete or to respond to a request or enquiry.
Moreover, your data may be used for commercial purposes to support personalisation, operation and statistics, and activities inherent to the business objective of SAFRÀ DEL MONTSEC, as well as for the extraction and storage of data and marketing studies used to match the Content offered to your needs, as well as to improve quality, functioning and browsing on the Website.
Whenever personal data is obtained, you will be informed of the specific purpose or purposes of the handling to which your personal data will be subjected, that is, of the use or uses to be made of the information gathered.
Retention periods for personal data
Your personal data will be kept for as long as it is needed to provide you our services or during the time required by the pertinent laws. After this period, your personal data will be deleted.
If you have consented to receiving commercial mail, your personal data will be kept indefinitely or until you unsubscribe from these mailings.
Recipients of personal data
Your personal data will be sent to the transport agencies tasked with the delivery of your orders. In addition, your data will be released, if necessary, to the credit and/or lending bank entities of the payment services within the context of payment management.
Personal data of underage users
Respecting the provisions of articles 8 of the GDPR and 7 of Organic Law 3/2018, of 5 December, on Personal Data Protection and Digital Rights Guarantee, only users over the age of 14 years will be able to provide their consent to the processing of their personal data in a legal way by SAFRÀ DEL MONTSEC. If the data subject is under 14 years old, the consent of this subject’s parents or legal guardians will be required to process this data, and the processing will only be considered legal insomuch as the parents or guardians have authorised it.
Secrecy and security of personal data
SAFRÀ DEL MONTSEC promises to adopt the necessary technical and organisational measures, according to the level of security adjusted to the risk of the data collected, to guarantee the security of your personal data and prevent the destruction, loss or accidental or illegal alteration of personal data transmitted, kept or handled in any other way, or the unauthorised communication of or access to this data.
The Website is Secure Socket Layer (SSL) certified, which ensures that personal data is transmitted securely and confidentially, as the transmission of data between the server and the User, and data feedback, is totally encoded or encrypted.
However, since SAFRÀ DEL MONTSEC cannot guarantee the impregnability of the Internet nor the total absence of hackers or others who may access your personal data in a fraudulent way, the Data Controller promises to inform you, with no undue delay, in the occurrence of a personal data security breach likely to entail a significant risk to individual rights and liberties. Following the provisions of article 4 of the GDPR, a personal data security breach is understood as any security violation which causes the destruction, loss or accidental or illegal alteration of personal data transmitted, kept or handled in any other way, or the unauthorised communication of or access to this data.
Personal data will be treated as confidential by the Data Controller, who promises to inform and guarantee, via legal or contractual obligation, that this confidentiality be respected by all employees, associates, and anyone to whom the Controller makes the information available.
Rights derived from the processing of personal data
You, the User, may exercise the following rights recognised in the GDPR and in Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights:
- Right of access: You have the right to obtain confirmation on whether or not SAFRÀ DEL MONTSEC is handling your personal data and, if the answer is yes, obtain information on the specific personal data and the handling which SAFRÀ DEL MONTSEC has performed or is performing, as well as the origin of this data and the recipients of all completed or anticipated communications of it.
- Right to rectification: You have the right to have inaccurate personal data rectified or completed if it is incomplete considering the purposes of the processing.
- Right to erasure (“the right to be forgotten”): You have the right, unless established otherwise by current law, to have your personal data erased if it is no longer necessary for the purpose it was originally collected or processed for; you have withdrawn your consent to the processing and this processing has no other legal basis; you object to the processing and there is no overriding legitimate interest to continue it; your personal data has been processed illegally; your personal data must be erased to comply with a legal obligation; or your personal data has been obtained through a direct offer for information society services to a minor under 14 years of age. In addition to erasing the data, the Data Controller, considering the technology available and the cost of its application, must adopt reasonable measures to inform the parties responsible for processing the personal data of your request of erasure of any link to this data.
- Right to restrict processing: You, the User, have the right to restrict the processing of your personal data. You have the right to obtain the restriction of processing if you contest the accuracy of your personal data; the data has been unlawfully processed; the Controller no longer needs the personal data, but you need the Controller to keep it to exercise a claim; and when you have opposed its processing.
- Right to data portability: If the processing has been effectuated through automated means, you will have the right to receive your personal data from the Data Controller in a structured, commonly used and machine readable format, and to transmit this data to another data controller. Whenever it is technically possible, the Data Controller will transmit your data directly to this other controller.
- Right to object: You have the right for your personal data not to be processed or for its processing by SAFRÀ DEL MONTSEC to cease.
- Right not to be subject to a decision based solely on automated processing, including profiling: It is your right not to be subject to an individualised decision based solely on the automated processing of your personal data, including profiling, unless the current law states otherwise.
Thus, you may exercise your rights via written communication to the Data Controller with the subject heading “GDPR-www.shop.safradelmontsec.com”, specifying:
- Your name, surnames and a copy of your ID. In cases where the request may be submitted through a representative, it will be necessary to identify the person who represents the User through the same means and provide a document accrediting the representation. The photocopy of the ID may be replaced by any other legally valid means of accrediting identity.
- List of the specific motives of your petition or information you wish to access.
- Notification address.
- Date and your signature.
- All documentation which accredits the petition you are formulating.
This petition, and all other documents attached, may be sent to the following mailing and/or email address:
Masia Mauri S/N – Els Masos de Llimiana
25639 Llimiana (Lleida)
Email address: firstname.lastname@example.org
Links to third-party sites
The Website may include links which make it possible to access the websites of third parties distinct from SAFRÀ DEL MONTSEC and thus not operated by SAFRÀ DEL MONTSEC. The owners of these websites will have their own data protection policies, the owner themselves being, in any event, responsible for their own archives and privacy practices.
Complaints to the supervisory authority
If you, the User, believe there is a problem or infraction of current law in the way in which your personal data is being processed, you will have the right to effective legal protection and to present a complaint before a supervisory authority, in particular, in the State where you habitually reside, where you work or where the supposed infraction has taken place. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).
Cookies are automated procedures used to gather information related to the preferences you set when you visit the Website for the purpose of recognising you as a User and personalising your experience and use of the Website, and they may also, for example, help identify and resolve errors.
The information collected through cookies may include the date and time of visits to the Website, the pages viewed, the time you have spent on the Website and the sites you visit just before and after. However, no cookie is capable of making contact with your phone number or with any other means of personal contact. No cookie may extract information from your hard drive or steal personal information. The only way your private information can form part of a Cookie file is if you personally give this information to the server.
First-party cookies are sent to your computer or device and managed solely by SAFRÀ DEL MONTSEC to improve the operation of the Website. The information gathered is used to improve the quality of the Website and its Content and your experience as a User. These cookies make it possible to recognise you as a recurring visitor of the Website and adapt its content to offer you content which matches your preferences.
Third-party cookies are used and managed by external entities which provide SAFRÀ DEL MONTSEC with services it has requested to improve the Website and your user experience when browsing the Website. Third-party cookies are mainly used to obtain statistics on access and analyse browsing information —in other words, how you (the User) interact with the Website.
The information gathered refers, for example, to the number of pages visited, the language, the place connected to the IP address from which the User accesses the site, the number of Users who access it, the frequency and recurrence of the visits, the time of visit, the browser used, the operator or type of device from which the visit is made. This information is used to improve the Website and detect new needs to offer the Users optimum quality Content and/or services. In any event, all information is compiled anonymously, and Website trend reports are created without identifying individual users.
For more information on cookies or privacy information, or to consult the description of the cookie types used, their main features, expiration period, etc., please see the following link(s):
Google Analytics: https://policies.google.com/technologies/cookies
POS of Banco Santander: https://www.bancosantander.es/politica-de-cookies
The entities responsible for supplying cookies may release this information to third parties, whenever it is required by law or it is a third party who processes this information for the aforementioned entities.
Social network cookies
SAFRÀ DEL MONTSEC incorporates plug-ins from social networks, which make it possible to access these networks through the Website. For this reason, social network cookies may be stored in the User’s browser. The owners of these social networks have their own data protection and cookie policies, they themselves being, in any event, responsible for their own archives and privacy practices. Refer to these policies for information on the aforementioned cookies or, if necessary, the handling of your personal data. For informational purposes only, the links through which these privacy and/or cookie policies may be consulted are listed below:
Disable, reject or delete cookies
n and Digital Rights Guarantee.