PRIVACY POLICY
In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter GDPR), Miriam Quevedo S.L. https://www.miriamquevedo.com (hereinafter THE STORE) hereby presents this Privacy Policy regarding the processing and protection of personal data.
Data controller information:
Company Name: MIRIAM QUEVEDO S.L.
Registered Office: Pol. Ind. Pla de Llerona, C/ Holanda, 44 – 08520 Les Franqueses del Valles (Barcelona)
VAT Number: B62912555
Phone: 938443994
Email: pd@miriamquevedo.com
Domain Name: www.miriamquevedo.com
Royal Legislative Decree 1/2007, of November 16, approving the consolidated text of the General Law for the Defense of Consumers and Users and other complementary laws. Law 34/2002, of July 11, on information society services and electronic commerce.
Scope of application:
This Privacy Policy applies to:
• Individuals who visit THE STORE's website, www.miriamquevedo.com.
• Those who voluntarily communicate with THE STORE via email, chat, or fill out any of the data collection forms published on THE STORE's website.
• Those who request information about THE STORE's products and services or request to participate in any of THE STORE's commercial actions.
• Those who enter into a contractual relationship with The Store by contracting its products and services.
• Those who use any other service present on the website that involves the communication of data to THE STORE or access to data by THE STORE for the provision of its services.
• Any others who, directly or indirectly, have given their express consent for their data to be processed by THE STORE for any of the purposes set forth in this Policy.
The use of THE STORE's products and services requires the express acceptance of this Privacy Policy.
THE STORE warns that, except for the existence of a legally constituted representation, no user and/or client may use the identity of another person and communicate their personal data, so the data provided to The Store must be personal data corresponding to their own identity, appropriate, relevant, current, accurate, and true. In this sense, the user and/or client will be solely responsible for any direct or indirect damage caused to third parties or to THE STORE by the use of another person's data or their own data when they are false, incorrect, not current, inappropriate, or not relevant. Likewise, the user and/or client who communicates the personal data of a third party will be responsible for having obtained the corresponding authorization from the interested party, as well as for the consequences thereof in case of non-compliance.
Likewise, the user and/or client who communicates personal data to THE STORE declares to be of legal age, in accordance with Spanish legislation, refraining otherwise from providing data to THE STORE. Any data provided about a minor will require the prior consent or authorization of their parents, guardians, or legal representatives, who will be considered responsible for the data provided by the minors in their charge.
This Policy shall be subsidiary to any other conditions regarding the protection of personal data that are established with special character and communicated, without limitation, through registration forms, contracts, and/or specific service conditions, thus, this Privacy Policy shall complement the aforementioned conditions for anything not expressly provided therein.
Purposes of data collection and processing
THE STORE, as the data controller, informs users of the existence of various treatments and files in which the personal data communicated to THE STORE are collected and stored.
The purposes of such collection and processing of personal data are as follows:
Regarding the "cookies" that THE STORE uses in browsing its website (www.miriamquevedo.com), they are stored on the user's terminal equipment (computer or mobile device) and collect information when visiting said web pages, in order to improve their usability, understand the habits or browsing needs of users to adapt to them, as well as obtain information for statistical purposes. In the case of users who are already customers of THE STORE, the information collected with cookies will also serve for their identification when accessing the various tools provided by THE STORE for the management of services. In any case, users can configure their browser to disable or block the receipt of all or some cookies. Not wishing to receive these cookies does not constitute an impediment to accessing the information on THE STORE's websites, although the use of some services may be limited. If, once consent has been given for the receipt of cookies, it is desired to withdraw it, those stored on the user's equipment must be deleted through the options of the different browsers.
In the case of sending an email to THE STORE or communicating personal data through any other means, such as a contact form, the purpose of collecting and processing such data by THE STORE is to address inquiries and requests for information regarding THE STORE's products and services.
In the case of sending an email to THE STORE related to its job offers, such data will be processed to participate in the personnel selection procedures.
In the case of forms from THE STORE that interested parties fill out to participate in any of THE STORE's commercial actions, the purpose will be to enable such participation, as well as the sending of commercial and advertising communications about THE STORE's services, unless the interested party expressly opposes at the time of data collection. However, the interested party may change their decision at any time, as many times as they wish, through the means provided by THE STORE for this purpose.
In contracting the services offered by THE STORE, only those personal data necessary to establish the contractual relationship and enable the provision of services and their remuneration by clients will be collected, and such data will be collected and processed for the following purposes:
• The main purpose will be to maintain the contractual relationship established with the client, in accordance with the nature and characteristics of the contracted services or products, with THE STORE contacting the client through the email address, telephone, or other means indicated by the latter.
• In accordance with Art. 6, paragraph 1, letter a of the GDPR, having previously obtained their express consent to subscribe to our newsletter, we will use the necessary data for this to send commercial communications according to said consent. You can unsubscribe from the newsletter at any time by sending a message to our contact address described here or by clicking on the link provided for this purpose in the email with said commercial communication. After unsubscribing, we block your email address for this use, provided that you have not given your express consent for the data to continue to be used, or we reserve the right to continue using your data in cases permitted by law and about which we inform you in this document. Regardless of whether the client has chosen to receive commercial information from THE STORE or not, the client may change their decision at any time, as many times as they wish, through the specific section available for this purpose in their Client Area or the email hello@miriamquevedo.com.
• For the maintenance of historical records of commercial relationships during the legally established periods.
• In those cases where THE STORE must access and/or process personal data regarding which the client has the status of data controller or processor, THE STORE will process such data as a data processor in accordance with the provisions of article 28 of the GDPR.
• In compliance with the provisions of Law 25/2007, of October 18, on the conservation of data relating to electronic communications and public communications networks, THE STORE informs the user that it will proceed to retain and keep certain traffic data generated during the development of communications, as well as, where appropriate, to communicate such data to the competent authorities whenever the legal circumstances provided for in said Law exist.
• For all other purposes, which are expressly stated in the Specific Conditions that apply to the corresponding product or service contracted by the client and expressly accepted by the latter.
Retention period of personal data:
THE STORE will keep personal data for the strictly necessary time to fulfill the purposes detailed above. THE STORE may duly block such data during the period in which liabilities may arise from its relationship with the client.
In the case of data subject to retention due to Law 25/2007, of October 18, on the conservation of data relating to electronic communications and public communications networks, the retention period will be detailed in said regulation.
Recipients of personal data:
The recipients of personal data collected by THE STORE will be the following:
• The employees of THE STORE itself in the performance of their duties.
• THE STORE's providers involved in the provision of services, if necessary for the provision thereof.
• Third parties that assist with statistics and data collection: (Google Analytics).
• Judicial or administrative bodies, as well as the State Security Forces and Corps, in the event that THE STORE is required under current legislation to provide information related to its clients and services.
• Any others that, due to the nature of the service, need to access the data provided with it, as detailed in the Specific Conditions that apply to the corresponding product or service contracted by the client and expressly accepted by the latter.
Users' Rights and Exercise Thereof
Users may exercise the following rights recognized by the GDPR at any time:
• Right of access: Users have the right to obtain from THE STORE information about whether personal data concerning them are being processed, to access such data, and to obtain information about the processing carried out.
• Right to obtain a copy of their personal data.
• Right of rectification: Users have the right to have THE STORE rectify their personal data if it is inaccurate or incomplete.
• Right to erasure: Users have the right to have their data erased when it is no longer necessary for the purposes for which it was provided or when the rest of the legally provided circumstances occur.
• Right to restriction of processing: Users have the right to request restriction of processing of their personal data, so that the processing operations do not apply to them, in those cases provided for in art. 18 of the GDPR.
• Right to data portability: Users have the right to receive the personal data concerning them in a structured format, provided that such data exclusively concerns the user and has been provided by him/her.
Users may exercise these rights in the following ways:
• If they are registered customers on THE STORE's website, users may check their personal data at any time through the "Client Area" tool, accessed authenticated from www.miriamquevedo.com.
• Whether they are customers of THE STORE or not, users may exercise their rights by sending an email communication to the address hello@miriamquevedo.com or by sending a request accompanied by their ID card or valid legal document proving their identity, addressed to MIRIAM QUEVEDO S.L, attention of the Customer Service Department, specifying the right they wish to exercise.
In cases of manifestly unfounded or excessive requests due to their repetitive nature, THE STORE reserves the right to charge a fee for administrative costs arising therefrom or the right to refuse to act with regard to them, in accordance with art. 12.5 GDPR.
Supervisory Authority
Users and/or customers may address the local supervisory authority if they believe that the processing of their personal data has not been carried out in accordance with current legislation.
The data protection supervisory authority in Spain is the Spanish Data Protection Agency, whose contact details are available on its website.
International Data Transfers
In those products and services of THE STORE where international transfers are required to enable their provision, this circumstance will be included in the Specific Conditions applicable to the corresponding product or service contracted by the client and expressly accepted by the client prior to the same.
MIRIAM QUEVEDO S.L. as Data Processor
In accordance with Article 28 of the GDPR and related provisions, THE STORE will process personal data for which the client holds the position of data controller or data processor, when necessary for the proper provision of contracted services. In such cases, the data controller will act as the data processor, in accordance with the terms outlined below:
• THE STORE will only process data according to the instructions of the data controller or data processor, not using it for a purpose other than that specified in this Data Protection Policy and/or in the contractual conditions applicable.
• Once the services that motivate the processing of personal data have been provided, they will be destroyed, as well as any media or documents containing personal data or any type of information generated during, for, and/or by the provision of the services subject to the corresponding Conditions. However, THE STORE may duly block said data during the period in which liabilities may arise from its relationship with the client.
• In the event that THE STORE uses the data for another purpose, or communicates or uses it in breach of this Data Protection Policy and/or the corresponding Service Conditions, it will also be considered responsible for the processing.
• THE STORE undertakes, in accordance with Article 28 of the GDPR, to maintain the necessary professional secrecy regarding the personal data to which it may have access and/or process in order to comply, in each case, with the purpose of the Service Conditions applicable to it, both during and after their termination, committing to use such information only for the purpose intended in each case and to demand the same level of commitment from any person within its organization involved in any phase of the processing of the client's personal data.
• In accordance with the GDPR, the following rules shall apply regarding the form and modalities of access to the data for the provision of services:
• In the event that THE STORE needs to access processing resources located at the client's premises, the client shall be responsible for establishing and implementing the security policy and measures, as well as for communicating them to THE STORE, which undertakes to respect them and to require compliance with them by the persons in its organization involved in the provision of services.
• When the service is provided by THE STORE at its own premises, THE STORE will record in its Activity Register the circumstances relating to data processing in the terms required by the GDPR, including the security measures corresponding to such processing.
• Access to and/or processing of data by THE STORE, without prejudice to the specific legal or regulatory provisions applicable in each case or those adopted by THE STORE on its own initiative, shall be subject to the security measures necessary to:
o Ensure the permanent confidentiality, integrity, availability, and resilience of the processing systems and services.
o Restore the availability and access to personal data quickly in the event of a physical or technical incident.
o Regularly verify, assess, and evaluate the effectiveness of the technical and organizational measures implemented to ensure the security of processing.
o Pseudonymize and encrypt personal data, as appropriate.
o The client authorizes THE STORE, as data processor, to subcontract with third parties, on behalf and for the account of the client, the services of storage, custody of data backup copies, and security, and those necessary to enable the provision of the contracted services, always respecting the obligations imposed by the GDPR and its implementing regulations. At any time, the client may contact THE STORE to find out the identity of the subcontracted entities for the provision of the indicated services, which shall act in accordance with the terms set forth in this document and upon formalization of a data processing contract with THE STORE in accordance with art. 28.4 of the GDPR.
o The client authorizes THE STORE to carry out the following actions, provided they are necessary for the execution of the provision of services. This authorization is limited to the action(s) necessary for the provision of each service and with a maximum duration linked to the validity of the applicable contractual conditions:
- To carry out the processing of personal data on portable devices only by the users or user profiles assigned to the provision of the services.
- To carry out the processing outside the client's or THE STORE's premises only by the users or user profiles assigned to the provision of the services.
- The entry and exit of media and documents containing personal data, including those included and/or attached to an email, outside the premises under the control of the data controller.
- The execution of data recovery procedures that THE STORE is obliged to carry out.
- THE STORE is not responsible for the breach of obligations arising from the GDPR or the relevant data protection regulations by the user and/or client insofar as their activity is concerned and is related to the execution of the contract or commercial relationships that bind them to THE STORE. Each party shall bear the responsibility arising from its own breach of contractual obligations and regulations.