Privacy policy

Until now, the LOPD has been complied with for data privacy issues, a law that as of 25 May 2018 will be replaced by the General Data Protection Regulation (GDPR) of the European Union.

This privacy policy shall be valid only for personal data obtained on the Website, and shall not apply to information collected by third parties on other websites, even if these are linked to the Website.

With this, the Website expresses its commitment to maintain and guarantee commercial relations with the User in a secure manner by protecting their personal data and guaranteeing their right to privacy.

PERSONAL DATA REQUIRED BY THE WEBSITE

In order to be able to provide our services we need some identifying data depending on the service that Website provides you with:

For the guestbook/opinions:

– Name: to identify the User.
– email: to know the email from which the comment was made.

For the online shop:

– Only the data that are obligatory in order to process an order will be requested.
– Name and surname: to manage the order.
– NIF/tax code: to manage the order.
– Address: to process the order.
– Postal code: to process the order.
– City: to process the order.
– Province: to process the order.
– Country: to process the order.
– Telephone: to manage the order.
– email: to manage the order, to be able to send copies of the order and other communications related to the order.

For the private customer area:

The customer area is a private area. The person responsible for the Website will provide you with a username and password so that as a User you can access this restricted service, on the understanding that you accept all the legal conditions.

For the contact form:

– Name and surname: to be able to answer the query.
– Telephone: to be able to answer the query.
– email: to be able to answer the query.

To make online payments:

In the event of using a credit or debit card or a PayPal account to make an online payment for a service or product, the banking or financial data of the User involved in the payment are always managed directly by the suppliers indicated in the section “Services offered by third parties”.

Services offered by third parties.

The Website will never have access to the User’s bank details.
In addition, when you visit our Website certain information is automatically stored for technical reasons such as the IP address assigned by your Internet access provider.

LEGITIMATION

Thanks to your consent we can process your data, this being a mandatory requirement for you to be able to correctly access the services of the Website. The user has the right to be forgotten when he/she wants all his/her data to be deleted from our databases.

DATA CATEGORY

The data collected by the Website are not considered sensitive or protected data.

According to article 9.1 of the new general data protection regulation of the European Union (GDPR), personal data are considered sensitive or protected data if they reveal:

– Racial or ethnic origin.
– Political opinions.
– Religious or philosophical convictions.
– Trade union membership.
– The processing of genetic data.
– Biometric data intended to uniquely identify a natural person.
– data concerning health
– Data relating to the sex life or sexual orientation of a natural person.

We only work with the minimum identification data required to carry out our work: name, surname, address, telephone, email, tax number.

TIME OF CONSERVATION OF THE DATA

Customer data: name, telephone, postal address, email, etc. will remain in our system for as long as legally and technically required for the normal operation of the Website, unless the User exercises their right to delete or update it.

APPLICABLE REGULATIONS

Since 25 May 2018, the Website is governed by the General Data Protection Regulation (GDPR) of the European Union.

https://www.boe.es/doue/2016/119/L00001-00088.pdf

SECURITY MEASURES

The Website is hosted on systems operated by servers owned by the company, and the necessary technical and organisational security measures are in place to guarantee the security of the User’s personal data and thus prevent its alteration, loss and unauthorised processing and/or access. This, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether from human action or from the physical or natural environment. All this in accordance with the provisions of the GDPR.

Likewise, additional measures have been established in order to reinforce the confidentiality and integrity of the information on this Website. Continuously maintaining the supervision, control and evaluation of the processes to ensure respect for data privacy.

Specifically, the measures adopted are:

– Connection with SSL certificate on the Website.
– Encryption of keys and passwords using standard cryptographic algorithms.
– Protection of servers by firewalls, process isolation, and other standard security measures.
– Geographically distributed daily backups to ensure continuity of service in the event of an incident.

EXERCISE OF RIGHTS

Users who have provided their data to the Website may contact the owner of the website in order to exercise their right of access to their data, rectification or deletion, limitation and opposition with respect to the data included in their files, free of charge.

The method to be used by the User to communicate with the Website will be by means of their email account registered in our web service, or in writing.

Users may exercise their rights by writing to Website with the reference “Data Protection”, specifying their details, accrediting their identity and the reasons for their request to the following address:

rgpd@ociomoda.com

Any information that we need to store by virtue of a legal, fiscal or contractual obligation will be blocked and only used for such purposes instead of being deleted.

MODIFICATION OF THE PRIVACY POLICY

Website reserves the right to modify the Privacy Policy, motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency.

Any modification of the Privacy Policy will be published at least ten days prior to its effective application.

DATA CONTROLLER AND DATA PROCESSOR

The person responsible for the data file is the owner of the Website.

SERVICES OFFERED BY THIRD PARTIES

In order to provide services strictly necessary for its proper functioning, the Website uses the following service providers under their corresponding privacy conditions:

– Google Analytics, for statistics. https://policies.google.com/privacy?hl=es
– Facebook Pixel, for statistics. https://www.facebook.com/privacy/explanation
– Stripe for payments. https://stripe.com/es/privacy

SOCIAL PLUGINS

On our Website we offer links and services related to different social networks. If the User is a member of a social network and clicks on the corresponding link, the provider of the social network may link your profile data with information about your visit to the Website.

The User must therefore be informed about the functions and policies on the processing of his personal data of the respective social network. Whether you access one of our web pages with one of your social network profiles or share information through them.

The User can access the privacy policies of the different social networks at any time, as well as configure their profile to guarantee their privacy.

– Facebook: https://www.facebook.com/help/323540651073243/
– Instagram: https://help.instagram.com/155833707900388

ACCEPTANCE, CONSENT AND REVOCABILITY

The User declares to have been informed of the present conditions on the protection of personal data, accepting and consenting to the processing of the same by the Website in the manner and for the purposes indicated in the Legal Notice.

The User may revoke his/her data at any time, but without affecting actions already carried out in the past, i.e. without retroactive effect.