I. PRIVACY AND DATA PROTECTION POLICY
In compliance with current legislation, [Company/Person Name] (hereinafter also the Website) commits to adopting the necessary technical and organizational measures according to the appropriate security level for the risk of the data collected.
Laws incorporated in this Privacy Policy
This Privacy Policy is adapted to current Spanish and European regulations on personal data protection online. Specifically, it complies with the following laws:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
Royal Decree 1720/2007 of 21 December, approving the Regulation for the development of Organic Law 15/1999 of 13 December on Personal Data Protection (RDLOPD).
Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the Data Controller
The data controller for the personal data collected on [Company/Person Name] is: Leticia Álvarez de Perea Llamas , with Tax ID 47281679G (hereinafter, Data Controller).
Contact information:
Address:
Phone: +34 659387548
Email: leticiaalvarezperea@gmail.com
Personal Data Register
In compliance with the GDPR and LOPD-GDD, personal data collected via forms on the Website will be included and processed in our files to facilitate, expedite, and fulfill commitments established between [Company/Person Name] and the User or to maintain the relationship established in the forms completed by the User, or to handle a request or inquiry.
In accordance with the GDPR and LOPD-GDD, unless the exception in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying, according to their purposes, the processing activities carried out and other circumstances required by the GDPR.
Principles applicable to personal data processing
Processing of the User’s personal data shall comply with the following principles from Article 5 of the GDPR and Articles 4 and following of Organic Law 3/2018:
Lawfulness, fairness, and transparency: User consent will be obtained with fully transparent information regarding the purposes of data collection.
Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.
Data minimization: Only strictly necessary personal data will be collected.
Accuracy: Personal data must be accurate and kept up to date.
Storage limitation: Personal data will be kept only as long as necessary for the purposes of processing.
Integrity and confidentiality: Personal data will be processed securely and confidentially.
Accountability: The Data Controller is responsible for ensuring compliance with the above principles.
Categories of personal data
Only identifying data is processed on [Company/Person Name]. No special categories of personal data under Article 9 of the GDPR are processed.
Legal basis for processing personal data
The legal basis for processing personal data is consent. [Company/Person Name] will obtain the User’s explicit and verifiable consent for processing personal data for one or more specific purposes.
Users may withdraw consent at any time. Withdrawing consent should be as easy as giving it. Generally, withdrawal of consent will not affect the use of the Website.
When Users provide data via forms for inquiries, information requests, or website-related purposes, they will be informed if completing a form is mandatory for proper processing.
Purposes of data processing
Personal data is collected and managed to facilitate, expedite, and fulfill commitments between the Website and the User, or to maintain the relationship established through completed forms, or to handle requests or inquiries.
Data may also be used for commercial purposes, personalization, operational and statistical activities, marketing studies, and improving Website quality, functionality, and navigation.
At the time of collection, Users will be informed of the specific purposes for which their data will be processed.
Data retention periods
Personal data will only be retained for the minimum necessary period for the purposes of processing, and in any case only for the following period: [insert period], or until the User requests deletion.
Users will be informed of the retention period or the criteria used to determine it at the time of data collection.
Recipients of personal data
User personal data will not be shared with third parties.
Users will be informed of the recipients or categories of recipients at the time of data collection.
Personal data of minors
In compliance with Articles 8 GDPR and 7 LOPD-GDD, only individuals over 14 years may lawfully consent to the processing of their personal data. For minors under 14, parental or guardian consent is required.
Confidentiality and security of personal data
[Company/Person Name] commits to technical and organizational measures to ensure the security of personal data and prevent accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure.
The Website has an SSL certificate (Secure Socket Layer), ensuring that personal data is transmitted securely and confidentially through encryption.
However, as internet security cannot be fully guaranteed, the Data Controller will promptly inform Users in the event of a personal data breach likely to pose a high risk to rights and freedoms. A data breach is defined as any accidental or unlawful destruction, loss, alteration, or unauthorized access or disclosure of personal data (Article 4 GDPR).
Personal data will be treated as confidential by the Data Controller, who ensures that confidentiality is respected by employees, associates, and anyone granted access.
Rights of Users regarding personal data
Users may exercise the following rights with the Data Controller, as recognized by the GDPR and LOPD-GDD:
Right of access: Confirm whether personal data is being processed and obtain details.
Right to rectification: Correct inaccurate or incomplete personal data.
Right to erasure (‘right to be forgotten’): Delete data under applicable conditions.
Right to restriction of processing: Limit processing under specific conditions.
Right to data portability: Receive personal data in a structured, commonly used format and transfer it to another controller.
Right to object: Object to processing of personal data.
Right not to be subject to automated decision-making, including profiling: Protect against solely automated decisions unless legally permitted.
Users can exercise their rights in writing to the Data Controller with reference “GDPR-www.test.com,” providing:
Full name and ID copy. For legal representatives, identification and proof of representation are also required.
Specific reasons for the request or information sought.
Address for notifications.
Date and signature.
Any supporting documents.
Requests can be sent to:
Postal address:
Email: leticiaalvarezperea@gmail.com
Links to third-party websites
The Website may include links to third-party websites, which have their own privacy policies. [Company/Person Name] is not responsible for third-party practices.
Complaints to the supervisory authority
Users may file complaints with the supervisory authority if they believe their rights have been violated. In Spain, this is the Spanish Data Protection Agency (https://www.aepd.es/).
II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
Users must read and accept the conditions of this Privacy Policy for their personal data to be processed. Using the Website constitutes acceptance of this Privacy Policy.
[Company/Person Name] reserves the right to modify this Privacy Policy due to legal, jurisprudential, or doctrinal changes. Updates will not be explicitly notified to Users, so periodic consultation is recommended.
This Privacy Policy has been updated to comply with GDPR (EU) 2016/679 and LOPD-GDD 3/2018.
This Website Privacy Policy document was created using a free online privacy policy generator on 18/02/2024.