GRACE STORE informs users of the website about its policy regarding the treatment and protection of personal data of users and customers that may be collected by navigation, product acquisition or contracting services through its website. In this sense, GRACE STORE guarantees compliance with current regulations on the protection of personal data, reflected in Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to processing of the protection of personal data and the free circulation of these data.
RESPONSIBLE FOR TREATMENT
Identity: GRACE STORE SL
TIN / NIF: B67116061
Registered office: Calle Aribau, 207, Principal A. 08021. Barcelona
Email: [email protected]
Phone: +34937370299 (Spain), +351300509006 (Portugal)
1. PURPOSES OF THE TREATMENT
The personal data provided by the user will be included in an automated file for which GRACE STORE SL is responsible, serving the following purposes:
1. Manage and develop your registration as a user on the website
2. Develop, fulfill and execute the sale of the products marketed by GRACE STORE and offered on the website.
3. Inform, process, manage, process and send the orders (and possible returns) as well as the improvement of the purchase contract of the products that the customer has acquired.
4. Send transactional communications in relation to the purchase made
5. Management and issuance of documents accrediting sales: digital ticket, sales invoice or Tax Free.
6. Process the guarantee of products purchased through the website
7. Attend, respond and follow requests for information, queries and requests that the client directs through the channels of attention or communication identified on the website.
8. Send informative communications about the products marketed by GRACE STORE and exclusive promotions, by any communication channel available, including SMS messages, email, etc ...; in cases in which the user and/or customer has given express consent to send communications electronically by subscribing to NEWSLETTER. The sending of this information will involve the creation of user profiles consisting of using personal data, the history of your purchases if applicable, as well as navigation information on the WEB to evaluate certain aspects related to your personal preferences with the objective to offer you the commercial communications appropriate to your profile.
9. Conduct studies for statistical purposes.
10. Contact the client in relation to updates or informative communications related to the functionalities, products or services contracted, including security updates of the Platform, whenever it is necessary or reasonable for its execution.
11. Respond to the exercise of ARCO rights.
12. Send satisfaction surveys on the products purchased or services used by GRACE STORE customers to request their opinion and improve them.
The User and/or Customer may at any time revoke the consent granted with respect to sending informative communications regarding the products marketed by GRACE STORE by sending an email to the address [email protected]
GRACE STORE will treat the information in a confidential manner and exclusively for the determined, explicit and legitimate purposes and will not be treated further in a manner incompatible with said purposes. When the further processing of personal data for a purpose other than that for which it was collected is projected, the interested party will be provided, prior to said further processing, information about that other purpose and any additional relevant information.
2. TYPE OF COLLECTED DATA AND DATA PROPORTION
Data provided voluntarily:
GRACE STORE obtains personal data directly from users and/or customers, because they are provided at the time of the request for information or purchase of a product through the completion of contact forms.
The types of personal data that are requested through these forms are:
a) Customer data for online purchases:
- Identification data such as: name and surname, tax identification number, place and date of birth, sex, nationality and age.
- Contact details that allow you to keep or contact the owner, such as: email address, address, contact phone number.
- Financial data, such as: name of cardholder, credit / debit card number, expiration date and CVV2, in compliance with PCI DSS standards.
b) Customer data for after-sales services - name, address, postal code, telephone contact, email, purchase details, warranty of the item - when a product repair / repair is requested or a quality claim is submitted.
The personal data provided in a telematic way, either through email or contact forms on this website will be treated through servers managed by computer professionals, which will be considered as the Person in Charge of Processing.
The user guarantees the authenticity, accuracy and veracity of all the information provided, undertaking to keep updated the data provided so that they respond, at all times, to their actual situation. The User will be solely responsible for false or inaccurate statements and the damages that they may cause.
Data collected automatically:
When using the platform, the computer systems in charge of its operation collect, during its normal exercise, automatically the following user and/or client data that are necessary for the operation of the Internet: its IP address, browser type, the system operative and interface, the internet service provider that uses it and the date and time in which it has seen each page of the web, and other parameters related to the operating system and the computer environment of the user. This information will be used by GRACE STORE only to allow access to the website and to improve the quality and services of the website.
3. LEGITIMATION OF THE TREATMENT
GRACE STORE has the following legitimate bases to be able to process personal data:
a) Execution of the purchase agreement: The legal basis for the treatment of the personal data of the interested party that is collected is the execution of the purchase agreement. In this sense, the interested party is obliged to provide the data that are necessary for its execution. In case of not providing us with these data, it will not be possible to carry out the sale.
b) Consent: In relation to the following purposes described, the legal basis of the treatment of the personal data of the interested party will be the consent of the same, if it has been provided:
- Management of the registry on the WEB.
- Management of sending informative communications about the products marketed by GRACE STORE and exclusive promotions, latest news and personalized information adapted to the profile of the interested party.
- Response to the exercise of ARCO rights, consultations and claims by the interested party.
- Management and issuance of the following documents accrediting sales: digital ticket and Tax Free.
The withdrawal of the consent of these treatments by the interested party will not condition the execution of the contract of sale concluded between it and GRACE STORE.
c) Legal Obligations: in relation to the management and issuance of the sales invoice, the legal basis is based on the legal obligation of GRACE STORE in its relationship with customers.
d) Legitimate interest: In relation to the following purposes described, the legal basis of the processing of the personal data of the interested party will be the legitimate interest of GRACE STORE:
- Profiling to send information about exclusive promotions, latest news and personalized information adapted to the profile of the interested party.
- Sending satisfaction surveys on the products purchased or services used by GRACE STORE customers to request their opinion and improve them.
Our legitimate interest consists of being able to guarantee that the WEB remains safe, as well as to help GRACE STORE to understand the needs, expectations and level of satisfaction of the users and, therefore, to improve the services and products.
In any case, the data requested is appropriate, relevant and strictly necessary in relation to the scope and the determined purposes and in no case the user and/or client is obliged to provide them. To this end, failure to provide the requested personal data or not accepting this data protection policy means that it is impossible to buy the products marketed by GRACE STORE, as well as to receive any information related to its products.
4. DATA CONSERVATION PERIODS
GRACE STORE will keep personal data only for a period of time that is reasonably necessary taking into account the needs to respond to issues arising from the sale of products or solve problems, make improvements, activate their services and meet the requirements that require the applicable legislation. This means that you can keep your personal data for a reasonable period of time even after the user has stopped using GRACE STORE services or has stopped using the WEB.
In any case, the data will be kept for no longer than necessary for the purposes of the treatment, and may be retained for compliance with legal obligations until:
• 4 years: Law on Infractions and Sanctions in the Social Order (obligations in terms of affiliation, registrations, cancellations, payment of salaries ...); Arts. 66 and next General Tax Law (accounting books ...)
• 5 years: Art. 1964 Civil Code (personal actions without special term)
• 6 years: Art. 30 Commercial Code (accounting books, invoices ...)
• 10 years: Art. 25 Law on the Prevention of Money Laundering and Financing of Terrorism.
The personal data provided for the sending of communications for promotional and informative purposes will be retained while the interested party does not revoke the consent and/or exercise its rights of opposition and/or suppression. When the user and/or client revoke their consent or exercise their right of deletion, their data will be blocked and archived and with restricted access during the periods outlined in the previous paragraph, in order to respond to possible liabilities related to the treatment .
Once the established statutory limitation periods have elapsed, the personal data of the users and/or clients will be permanently and completely deleted or anonymized, or, if the above were not possible (for example, because these personal data have been stored) in backup files), they will be stored securely and kept locked until their removal is possible.
5. RECIPIENTS OF DATA
In order to offer the customer a quality service, GRACE STORE is obliged to provide certain data of its users to other companies that collaborate with the provision of the service. For this purpose, the personal data of the interested party may be communicated / assigned by GRACE STORE to the following addressees, who will act in charge of the Treatment, under their corresponding privacy conditions and security measures:
1. Public Administrations and Organizations when required by fiscal, labor, Social Security or any other applicable regulations.
2. Third party service providers to GRACE STORE: suppliers that participate in the process of purchase and management of payments, transportation and messaging, storage of goods, communications sending companies, financial entities, campaign and marketing agencies, manufacturing companies profiles, hosting of web pages, computer professionals who offer IT support and maintenance services and data processing, etc ...
3. companies and offices that provide advisory services to GRACE STORE.
4. Any other body or entity when it is previously obtained the consent of the user and/or client.
GRACE STORE never sells customer data to third parties.
6. INTERNATIONAL TRANSFERS
As a general rule, GRACE STORE tries to keep personal data of users within the European Union (EU) or the European Economic Area (EEA). However, sometimes, GRACE STORE may need to provide them to service providers that are located in other countries, either by necessity to provide the requested service, or to provide the service with the highest quality standards.
In these situations, GRACE STORE guarantees the application of all necessary measures and controls to guarantee and protect the processing of your personal data, such as:
- Communication to countries that, despite not being part of the EU or the EEA, have been considered by the European Commission as countries that have data protection regulations that guarantee a level of security similar to that applicable in Europe.
- Existence of standard contractual clauses of the European Commission: to ensure that companies from third countries that are not part of the EU or the EEA comply with a similar level of protection. GRACE STORE will sign these contracts as long as there is no equivalent alternative that guarantees the protection of your personal data.
- Prior accreditation by these third parties of the adoption of adequate technical and organizational measures for the correct protection of personal data, such as adhesion to the Privacy Shield Framework (Privacy Shield)
The user may request information about said guarantees from the addresses indicated below.
7. USER RIGHTS
Users and/or customers may exercise the following data protection rights:
• Right of access: allows the interested party to know and obtain information about their personal data submitted to treatment.
• Right of rectification: it allows to correct errors and modify the data that prove to be inaccurate or incomplete.
• Right to suppression / right to be forgotten: allows the deletion of data that prove to be inadequate or excessive and that were not necessary for the purposes that were collected.
• Right of opposition: the right of the interested party to not carry out the processing of their personal data or to cease it. In such case, GRACE STORE will stop processing the data, except for compelling legitimate reasons or the exercise or defense of possible claims.
• Limitation of the treatment: it involves the marking of the personal data kept, with the purpose of limiting its future treatment.Portabilidad de los datos: facilitación de los datos objeto de tratamiento al interesado, a fin de que éste pueda transmitirlos a otro responsable, sin impedimentos.
• The right not to be the subject of automated individual decisions: the right not to be the subject of a decision based on automated processing, including the elaboration of profiles, that produces effects or significantly affects, unless it is necessary for the celebration or execution of a contract between the user and GRACE STORE; is authorized by law and that also establishes adequate measures to safeguard the rights and freedoms and your interests, or if it is based on your explicit consent.
The user and/or customer may exercise these rights of protection of personal data by directing a written communication to the registered office of GRACE STORE, at C / Aribau, 207, Principal A1, 08021, Barcelona, indicating the reference "DATA PROTECTION" or to the electronic mail enabled for this purpose, [email protected]; including in both cases photocopy of your ID or other equivalent identification document and indicating name and surname, request in which the request is specified, address for the purposes of notifications, date and signature. You will also be able to exercise your rights through legal representation, in which case, in addition to the ID of the interested party or equivalent, a DNI and authentic proof of the third party's representation must be provided.
In case of divergences with GRACE STORE in relation to the processing of your data, you can submit a claim to the Data Protection Agency (www.agpd.es), Spanish State Control Authority.
8. SECURITY OF PERSONAL DATA
With the aim of safeguarding the security of personal data, GRACE STORE has adopted all technical and organizational measures necessary to guarantee the security of the personal data provided of its alteration, loss and unauthorized access or treatment, including - among other -:
1) Implementation of mechanisms that guarantee the integrity and quality of personal data.
2) Conservation and transfer of personal data by secure means
3) use of mechanisms that guarantee the ability to restore availability and access to personal data quickly, in the event of a physical or technical incident.
3) Permanent monitoring of information systems with the aim of preventing, detecting and preventing the improper use of personal data
4) Use of cryptographic mechanisms and access control procedures that guarantee restricted access to personal data only by those who need it to fulfill the detailed purposes.
Additionally, any transaction carried out through the website is carried out through secure payment systems. Confidential payment data are transmitted directly and in encrypted form (SSL) to the corresponding entity.
9. UNDERAGE CHILDREN
In the event that the user is a minor, they can only provide their personal data in the collection forms, with the prior consent of the parents or guardians, sending the corresponding form duly signed by the parents or guardians. certified mail and with a copy of the DNI of the parent or guardian, following the procedure previously outlined.
GRACE STORE does not respond to those data of minors that without being able to know GRACE STORE this fact has been facilitated without the consent of the parents or tutors.
10. LINKS TO THIRD PARTY SITES
11. UPDATING OF THE POLICY
This policy has been updated in accordance with the requirements of the Community regulations for the Protection of Personal Data, the General Data Protection Regulations (RGPD) and can be modified to adapt them to the changes that occur on our website, as well as legislative amendments or jurisprudential personal data that appear, so it requires reading, each time you provide your data through this website.