Política de privacidad
Respecting the provisions of current legislation, MARÍA ESCOTÉ (hereinafter also Website) undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- The Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD).
- Royal Decree 1720/2007, of December 21, which approves the Regulations for the development of Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
- Law 34/2002, of July 11, 2002, on Information Society Services and Electronic Commerce (LSSI-CE).
Responsible for the processing of personal data
Identity: MARÍA ESCOTÉ INTERNATIONAL SL, with CIF: B66800368, registered in the Mercantile Registry of Barcelona with the following registration data: Volume 45430, Folio 83, Section 8, Page 487488, Entry 1, whose representative is: María Escoté (hereinafter, Data Controller).
Address: C/ Villarroel, 209, 08036, Barcelona, Spain.
Contact email: firstname.lastname@example.org
Purpose of the processing of personal data
Personal data are collected and managed by MARÍA ESCOTÉ in order to comply with the duty to provide information and obtain consent required by European legislation on the protection of personal data, as well as for the management of the relationship with the User, both established by the forms or contractual with the corresponding billing and collection of services. The provision of data for this purpose is mandatory, preventing the fulfillment of the contract in case of not accepting it.
The data will also be processed for the sending of communications, articles, informative circulars drafted by our departments and related to our activity, unless you express your will against it by any means.
Likewise, the data may be used for commercial purposes of personalization, operational and statistical, and activities of the corporate purpose of MARÍA ESCOTÉ, as well as for the extraction, storage of data and marketing studies to adapt the content offered to the User, as well as to improve the quality, operation and navigation of the Website.
MARÍA ESCOTÉ, as part of its activity, and subject to the purposes consented to by the User, needs to treat the following data strictly necessary for the proper management of the contractual relationship, and will be exclusively those provided by the User:
- Identifying data (e.g. name, surname, first name, language and country from which you interact with MARÍA ESCOTÉ, contact details, etc.);
- Economic and transactional information (e.g. payment or card details, information about purchases, orders, returns, etc.).
- Connection, geolocation and navigation data (e.g. location data, device identification number or advertising ID);
- Commercial information (e.g. newsletter subscription).
Some data to be filled in on the Website to give access to some functionality or service, will be marked as mandatory, being data that are needed to provide the service in question.
To manage the User's registration on the Platform, data will be required to identify you as a user and give you access to it to its various features. You can cancel the registered user account by contacting Customer Service.
Also, for the development, fulfillment and execution of the purchase contract that the User has contracted with MARÍA ESCOTÉ. This purpose includes the processing of user data to contact him about order updates.
To manage the payment of the products purchased by the user, regardless of the payment method chosen (for example, by activating the save payment details and autocomplete), as well as possible changes or refunds.
For billing purposes and to make available to the User the tickets and invoices of the purchases made.
To be able to attend to the requests or requests made by the channels of Attention to the User.
For marketing purposes, to personalize the services offered and to make recommendations based on the User's interaction with the platform, as well as the analysis of the user profile, based on the purchase and browsing history.
In the Newsletter subscription, the data to be processed will be those necessary to manage the subscription.
For the purpose of improving the services offered and their quality.
Categories of personal data
The categories of data processed by MARÍA ESCOTÉ are only identification data. In no case, special categories of personal data within the meaning of Article 9 of the GDPR are processed.
Registration of Personal Data
In compliance with the provisions of the RGPD and the LOPD-GDD, we inform you that the personal data collected by MARÍA ESCOTÉ, through the forms provided on its pages will be incorporated and processed in our file in order to facilitate, expedite and fulfill the commitments established between MARÍA ESCOTÉ and the User or the maintenance of the relationship established in the forms it fills, or to respond to a request or query from it. Also, in accordance with the provisions of the RGPD and the LOPD-GDD, unless the exception provided in Article 30.5 of the RGPD applies, a record of processing activities that specifies, according to their purposes, the processing activities carried out and other circumstances established in the RGPD is maintained.
Principles applicable to the processing of personal data
The processing of the User's personal data shall be subject to the following principles contained in Article 5 of the GDPR and in Article 4 et seq. of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights:
- Principle of lawfulness, loyalty and transparency: the consent of the User shall be required at all times after fully transparent information of the purposes for which the personal data are collected.
- Purpose limitation principle: personal data will be collected for specified, explicit and legitimate purposes.
- Principle of data minimization: the personal data collected will be those strictly necessary in relation to the purposes for which they are processed.
- Accuracy principle: personal data must be accurate and always up to date.
- Principle of limitation of the storage period: personal data shall only be kept in such a way as to allow the identification of the User for the time necessary for the purposes of their processing.
- Principle of integrity and confidentiality: personal data will be processed in such a way as to ensure their security and confidentiality.
- Principle of proactive responsibility: the Data Controller shall be responsible for ensuring that the above principles are complied with.
Legal basis for the processing of personal data
The legal basis for the processing of personal data is consent. MARÍA ESCOTÉ undertakes to obtain the express and verifiable consent of the User for the processing of personal data for one or more specific purposes.
The User shall have the right to withdraw consent at any time. It will be as easy to withdraw consent as to give it. As a general rule, the withdrawal of consent shall not condition the use of the Website.
In the occasions in which the User must or may provide his data through forms to make inquiries, request information or for reasons related to the content of the Website, he will be informed in case the completion of any of them is mandatory because they are essential for the proper development of the operation performed.
Time limit for the processing of personal data
Personal data will only be retained for the minimum time necessary for the purposes of their processing, or until the User requests their deletion.
Personal data will be retained for as long as the contractual relationship remains in force, or for a period of five years from the last relationship, following the regulations for tax purposes.
However, MARÍA ESCOTÉ will continue to retain the User's information to send possible commercial communications that may be of interest to the User, as long as their deletion is not requested by the interested party.
Recipients of personal data
The User's data will not be communicated to any third party not related to the provision of the service, except for legal obligations in force. In any case that this possibility changes, you will be duly informed requesting your consent for such transfer.
However, for the proper provision of services it is possible that different service providers contracted by our company (data processors) may have access to personal information necessary to perform their functions.
- Financial institutions,
- Technology and analytics service providers,
- Providers and partners of logistics, transport and delivery services or their associated establishments,
- Marketing and advertising related service providers and partners, such as advertising agencies, advertising partners or social networks that, in certain cases, may act as joint controllers.
Derechos derivados del tratamiento de los datos personales
El Usuario tiene sobre MARÍA ESCOTÉ y podrá, por tanto, ejercer frente al Responsable del tratamiento los siguientes derechos reconocidos en el RGPD y la Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales:
- Acceso: Es el derecho del Usuario a obtener confirmación de si MARÍA ESCOTÉ está tratando o no sus datos personales y, en caso afirmativo, obtener información sobre sus datos concretos de carácter personal y del tratamiento que MARÍA ESCOTÉ haya realizado o realice, así como, entre otra, de la información disponible sobre el origen de dichos datos y los destinatarios de las comunicaciones realizadas o previstas de los mismos.
- Rectificación: Es el derecho del Usuario a que se modifiquen sus datos personales que resulten ser inexactos o, teniendo en cuenta los fines del tratamiento, incompletos.
- Supresión: Es el derecho del Usuario, siempre que la legislación vigente no establezca lo contrario, a obtener la supresión de sus datos personales cuando estos ya no sean necesarios para los fines para los cuales fueron recogidos o tratados; el Usuario haya retirado su consentimiento al tratamiento y este no cuente con otra base legal; el Usuario se oponga al tratamiento y no exista otro motivo legítimo para continuar con el mismo; los datos personales hayan sido tratados ilícitamentemente; los datos personales deban suprimirse en cumplimiento de una obligación legal; o los datos personales hayan sido obtenidos producto de una oferta directa de servicios de la sociedad de la información a un menor de 14 años. Además de suprimir los datos, el Responsable del tratamiento, teniendo en cuenta la tecnología disponible y el coste de su aplicación, deberá adoptar medidas razonables para informar a los responsables que estén tratando los datos personales de la solicitud del interesado de supresión de cualquier enlace a esos datos personales.
- Limitación del tratamiento: Es el derecho del Usuario a limitar el tratamiento de sus datos personales. El Usuario tiene derecho a obtener la limitación del tratamiento cuando impugne la exactitud de sus datos personales; el tratamiento sea ilícito; el Responsable del tratamiento ya no necesite los datos personales, pero el Usuario lo necesite para hacer reclamaciones; y cuando el Usuario se haya opuesto al tratamiento.
- Oposición: Es el derecho del Usuario a que no se lleve a cabo el tratamiento de sus datos de carácter personal o se cese el tratamiento de los mismos por parte de MARÍA ESCOTÉ.
- Portabilidad de los datos: En caso de que el tratamiento se efectúe por medios automatizados, el Usuario tendrá derecho a recibir del Responsable del tratamiento sus datos personales en un formato estructurado, de uso común y lectura mecánica, y a transmitirlos a otro responsable del tratamiento. Siempre que sea técnicamente posible, el Responsable del tratamiento transmitirá directamente los datos a ese otro responsable.
- Derecho a no ser objeto de una decisión basada únicamente en el tratamiento automatizado, incluida la elaboración de perfiles: Es el derecho del Usuario a no ser objeto de una decisión individualizada basada únicamente en el tratamiento automatizado de sus datos personales, incluida la elaboración de perfiles, existente salvo que la legislación vigente establezca lo contrario.
Therefore, the User may exercise his/her rights by means of a written communication addressed to the Data Controller with the reference "RGPD", specifying:
- Name, surname of the User and copy of the ID card.
- Request with the specific reasons for the request or information to be accessed.
- Address for notification purposes.
- Date and signature of the applicant.
- Any document that accredits the request.
This request and any other attached documents may be sent to the following address and/or e-mail address:
Postal address: C/ Villarroel, 209, 08036, Barcelona, Spain.
Secrecy and security of personal data
MARÍA ESCOTÉ undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected, so as to ensure the security of personal data and prevent accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data.
The Website has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, as the transmission of data between the server and the User, and in feedback, fully encrypted or encrypted.
However, because MARÍA ESCOTÉ can not guarantee the impregnability of the Internet or the total absence of hackers or others who fraudulently access personal data, the Data Controller undertakes to inform the User without undue delay when a breach of security of personal data that is likely to involve a high risk to the rights and freedoms of individuals occurs. Following the provisions of Article 4 of the GDPR, a breach of security of personal data means any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data.
Personal data will be treated as confidential by the Data Controller, who undertakes to inform and to ensure by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom it makes the information accessible.
Links to third party websites
The Website may include hyperlinks or links that allow access to third party websites other than MARÍA ESCOTÉ, and therefore are not operated by MARÍA ESCOTÉ. The owners of such websites will have their own data protection policies, being themselves, in each case, responsible for their own files and their own privacy practices.
Claims before the supervisory authority
In the event that the User considers that there is a problem or infringement of the regulations in force in the way in which his/her personal data is being processed, he/she shall have the right to effective judicial protection and to file a complaint before a supervisory authority, in particular, in the State in which he/she has his/her habitual residence, place of work or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/).