The policy for users and clients of the website www.olidengrau.com regarding the processing and protection of personal data.
We guarantee at all times full compliance with the obligations set out in the data protection and information society services regulations act: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April of 2016, relating to the protection of individuals with regard to the processing of personal data and the free movement of such data (GDRP), the regulations of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) and Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSIce).
1. Responsibility for the processing of personal data
The person responsible for the processing of data is:
AITOR TORRES CASADEMONT
Mas Torres, 30 – 17751 Sant Climent Sescebes (Girona)
2. Purposes of data processing
The data provided by the User is used for various purposes listed below:
|The purpose of processing||Legal basis for processing|
|Manage queries raised through the contact form||Legitimate interest of the Company to meet the information requirements through the web.|
Express consent given at the time of data collection through web forms.
|Create and manage registration as a user||Give consent given at the time of data collection through web forms.|
|For the development and fulfilment of the contract of sale or services that you have contracted through our website||Give consent given at the time of data collection through web forms.|
|Comply with current tax obligations||Compliance with applicable legal obligations.|
3. Terms of data retention
|The purpose of processing||Terms of retention|
|Manage queries raised through the contact form||We will process your data for as long as is necessary to process your order or request.|
|Create and manage registration as a user||We will process your data for as long as you remain a registered user (that is, until you decide to unsubscribe).|
|For the development and fulfilment of the contract of sale or services that you have contracted through our website||We will process your data for the time necessary to manage the sale of the products or services you have purchased, including possible returns, complaints or claims associated with the purchase of a particular product or service.|
|Comply with current tax obligations||We will process your data for the time necessary to comply with the applicable statutory limitation period.|
4. Recipients of the data
– Providers and collaborators of logistics, transport and delivery services.
– Providers and collaborators of services related to marketing and advertising.
Those in charge of data will answer to the Manager, follow their instructions at all times, and ensure the same levels of security are applied.
5. Users’ rights
The user has the right to:
- Request access to your personal data being processed and receive this information in writing through the requested medium.
- Request the rectification of inaccurate personal data or, where appropriate, request their deletion when, among other reasons, the data is no longer necessary for the purpose for which it was collected.
- Request the limitation of the processing of your data.
- Oppose the processing of your personal data where appropriate, in which case they will no longer be processed except for legitimate reasons.
- Right to data portability. The interested party has the right to receive personal data if it has been provided in a structured, commonly used and machine-readable format, and to transmit them to another person in charge, if the following requirements are met:
- The processing is based on consent or a contract.
- The processing is done by automated means.
- Right to withdraw consent.
- Right to complain to the Spanish Data Protection Agency.
The User may exercise the rights indicated above to the postal address of the Responsible, proving thier identity with a scanned copy of their DNI or equivalent document, and specifying the right he wishes to exercise.
6. Origin of the data
Personal data must be provided by the user on a voluntary basis. The lack of some data or not answering questions that are asked to the user during the registration processes or through electronic forms, can make it impossible to access certain services, for the provision of which it is essential to have this personal data. In this case, the Data Controller must inform the user of the obligatory or necessary nature for the operation of the service.
The Manager ensures the confidentiality of your personal data and guarantees its security, taking the necessary measures to prevent their alteration, loss, treatment or unauthorized access.
7. Information provided by the user
Children under the age of 18 may not transfer their personal data without the prior consent of their parent and / or legal guardian.
By entering their data in the contact forms or presented in download forms, the user freely and unequivocally accepts that their data is necessary for the Manager to comply with their order, and the inclusion of data is voluntary in the remaining fields.
The user guarantees that the personal data provided to the provider is true and is responsible for communicating any changes to them.
All the data requested through the website is necessary for the provision of an optimal service to the user. In the event that all the data is not provided, there is no guarantee that the information and services provided by the person in charge will completely satisfy the user’s needs.
8. Security measures
In accordance with the provisions of current regulations on the protection of personal data, the Manager is complying with all the provisions of the regulations GDRP and LOPDGDD for the processing of personal data of which they are responsible. The Manager clearly complies with the principles described in Article 5 of the GDRP and in Article 4 of the LOPDGDD, by which it is treated in a lawful, fair and transparent manner in relation to the interested party and is appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The person in charge guarantees that he / she has implemented appropriate technical and organisational policies to apply the security measures established by the GDRP and the LOPDGDD in order to protect the rights and freedoms of the interested party and has communicated the appropriate information so that they can exercise them.
9. Security breaches
The Manager will inform users, as well as the authorities, within 72 hours of any security breach that affects the database used by this website, as wells as any of our third party services.
10. Applicable law and jurisdiction
For the resolution of all disputes or issues related to this website or the activities carried out on it, Spanish legislation will be applicable, to which the parties expressly submit, being competent for the resolution of all conflicts arising from, or related to, its use by the Courts and Tribunals of Barcelona.