Privacy Policy

PRIVACY POLICY OF https://www.solomostradores.com/

This Privacy Policy has been developed in accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter GDPR, as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and digital rights (hereinafter, LOPDGDD) and other applicable regulations.

This Privacy Policy aims to inform individuals who provide their personal data, and/or those of the person they represent, about whom information is being collected, about the specific aspects related to the processing of their data, the purposes of the processing, the contact details to exercise their rights, the retention periods of the information, and the security measures, among other things.

WHO IS RESPONSIBLE FOR THE PROCESSING?

In terms of data protection, INTERNET RETAIL COMPANY, S.L should be considered the Data Controller, in relation to the processing of personal data carried out by this entity. Below are the contact details of the Data Controller:

  • Identity of the controller: INTERNET RETAIL COMPANY, S.L
  • NIF: B12046926
  • Physical address: P.I. VÍA EUROPA. C/ POBLA TORNESA, NAVE 5, APTO CORREOS 137, 12550, ALMAZORA/ALMASSORA, CASTELLÓN
  • Email: info@inretailshop.com
  • Phone: 964 62 65 15

WHAT PERSONAL DATA DO WE PROCESS?

All information collected by INTERNET RETAIL COMPANY, S.L will be processed fairly, lawfully, and transparently. Furthermore, the data requested in each of the processing operations carried out will consist solely of those strictly necessary to achieve the intended and informed purpose in each case. In this way, your collected data will be adequate, relevant, and not excessive in relation to the purposes for which they are processed in each case. Additionally, your personal data will be collected for specific, explicit, and legitimate purposes, and not further processed in a manner incompatible with those purposes. Moreover, they will be updated whenever necessary.

In general terms, within the framework of the various processing activities carried out by the organization, the following types of data are collected:

  • Identifying data.

WHERE DO PERSONAL DATA COME FROM?

As a general rule, personal data are always collected directly from the data subject, however, in certain exceptions, data may be collected through third parties, entities, or services other than the data subject. In this regard, this will be informed to the data subject through the informative clauses contained in the different means of data collection and within a reasonable period or in the first communication made to the data subject.

FOR WHAT PURPOSE DO WE PROCESS PERSONAL DATA?

In general terms, personal data are processed for the following purposes:

  • Contact: Respond to information requests received about the products and services we offer, as well as respond to any other type of question sent by users.
  • Internal Information System (whistleblowing channel): Processing personal data to manage the internal whistleblowing channel or ethical channel, investigate the facts and propose resolution measures, prevent regulatory breaches and correct those already detected, as well as contribute to the organization’s operational efficiency by continuously improving internal processes for managing and controlling illegal behaviors or behaviors contrary to the organization’s ethical culture.

Through these processing operations, no profiles of users browsing the web are created, and therefore, no automated decisions are made based on these data.

WHAT IS THE LEGAL BASIS FOR DATA PROCESSING?

As a general rule, the consent of the data subject is the legal basis for processing the data according to the purposes described above. This consent is expressed through a declaration or a clear affirmative action, such as checking a box provided for this purpose, voluntary subscription, or sending data through forms. This consent can be revoked at any time by contacting the company through its contact means and, in general, we will request your consent for uses for purposes other than those for which you initially granted it.

PROCESSING(S):

  • Internal Information System (whistleblowing channel): The purpose of the processing is legitimized by a legal obligation: Law 2/2023 of 20 February, regulating the protection of persons who report regulatory violations and the fight against corruption.

HOW LONG DO WE KEEP PERSONAL DATA?

In general, personal data are processed for the time necessary to fulfill the purpose for which they were collected, as long as the service provision or contractual relationship is maintained, there is a mutual interest and/or for the time provided for in the corresponding regulations. Once the established time criteria have been met, the data will be canceled. This cancellation will result in the blocking of the data, which will only be kept available to Public Administrations, Judges, and Courts, to address possible liabilities arising from the processing, during the statute of limitations. Once this period has expired, the information will be destroyed.

Specifically, for the processing operations listed below, the data are kept for the following periods:

  • Internal Information System (whistleblowing channel): Data will be kept as long as necessary to fulfill the purpose for which they were collected. In any case, three months after the data has been entered, it will be deleted from the whistleblowing system, unless the purpose of retention is to provide evidence of the functioning of the model for preventing criminal offenses by the legal entity. After the mentioned period, the data may continue to be processed by the body responsible for investigating the reported facts, without being kept in the internal whistleblowing information system.

WITH WHOM DO WE SHARE PERSONAL DATA?

To fulfill the purposes described above, personal data may be shared with:

  • Group companies.
  • Internal Information System (whistleblowing channel): The personal data collected may be communicated to the competent public administration and third parties when necessary for the adoption of disciplinary measures or for the processing of legal procedures that may be initiated.

WHAT RIGHTS CAN YOU EXERCISE?

According to European regulations, the rights you have are as follows:

  • Right of Access: The right to request information from the file controller about whether your personal data is being processed.
  • Right of Rectification: The right that allows the affected person to request the modification of data that are inaccurate or incomplete.
  • Right of Opposition: The right of a person to oppose the processing of their personal data or to request its cessation.
  • Right to Automated Individual Decisions: The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or significantly affects them in a similar way.
  • Right of Limitation: The right to suspend the processing of the user’s personal data in certain circumstances.
  • Right of Erasure (Right to be Forgotten): The right to the deletion of the data subject’s personal data.
  • Right to Portability: The right to request the data controller to provide personal data in a structured and clear format to another data controller.
  • Right to Lodge a Complaint: The right to file a complaint with the competent supervisory authority if it is considered that the processing does not comply with the current regulations.

HOW TO EXERCISE YOUR RIGHTS?

The applicant can exercise their rights through the following means:

  • Email to info@inretailshop.com.
  • Postal mail to P.I. VÍA EUROPA. C/ POBLA TORNESA, NAVE 5, APTO CORREOS 137, 12550, ALMAZORA/ALMASSORA, CASTELLÓN.

In both cases, if necessary, documentation that proves the identity of the applicant may be required. In any case, you can request the protection of the Spanish Data Protection Agency through its website. In this sense, your request will be attended to as soon as possible and considering the deadlines provided in the data protection regulations.

WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

The data requested in the fields marked with an asterisk, or identified as mandatory, or provided through the means where the information is provided, are strictly necessary in relation to the purpose for which they are collected, either for the provision of an optimal service to the data subject or due to a legal obligation imposed on the data controller or a necessary requirement to enter into a contract, with the inclusion of data in the remaining fields being voluntary.

If all the data are not provided, it is not guaranteed that the provided information and services will be fully adjusted to your needs. Therefore, if the required data are not provided or are provided incorrectly or incompletely, your request cannot be attended to, making it completely impossible to provide you with the requested information or to enter into the services. Similarly, the user guarantees that the information transmitted in any of the forms is truthful, accurate, and corresponds to their own data of which they are the holder.

WHAT SECURITY MEASURES HAVE WE IMPLEMENTED?

The security measures adopted by INTERNET RETAIL COMPANY, S.L are those required in accordance with the provisions of Article 32 of the GDPR. In this regard, considering the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing, as well as the variable probability and severity risks for the rights and freedoms of natural persons, appropriate technical and organizational measures have been established to ensure a level of security appropriate to the existing risk. In any case, INTERNET RETAIL COMPANY, S.L has implemented sufficient mechanisms to:

  • Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • Restore the availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to ensure the security of processing.
  • Enable the encryption of data and communications.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may occasionally be revised to update changes in current legislation, update procedures for collecting and using personal information, the appearance of new services, or the exclusion of others. These changes will be effective from their publication on the website, so it is important to regularly review this Privacy Policy to stay informed about changes.