PROVIDING INFORMATION BY LAYER OR LEVEL
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016) (hereinafter referred to as the “GDPR”) provides an updated framework founded on accountability for the protection of data in Europe.
Article 12(1) of the GDPR, under chapter “Transparent information, communication and modalities for the exercise of the rights of the data subject”, stipulates the following:
The [data] controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
In order to reconcile with the greater requirements that the GDPR imposes on providing information and in order to ensure this is presented in a concise and understandable way, the data protection authorities recommend structuring information in layers or levels.
This multi-layer approach consists of:
- presenting a summary of basic information at the first level, at the same time and in the same way that data is collected;
- referring to additional information at a second level, whereby the rest of the information will be presented in a more appropriate way to ensure understanding and, if desired, archiving.
LEVEL 1: BASIC INFORMATION ON DATA PROTECTION
BASIC INFORMATION ON DATA PROTECTION
PERFUMERIA NIZA JANDIA, S.L.
C/ PEATONAL LA TARABILLA, Nº10, CP 35625, MORRO JABLE (Las Palmas)
We will use your data to respond to your requests and deliver our services to you.
We will only send you marketing correspondence if you have given your prior consent, which you can do by ticking the box for that purpose.
We will only process your data if you have given your prior consent, which you can do by ticking the box for that purpose.
Generally, only our members of staff who have been duly authorised may access the data that you have provided.
You have the right to know what information we hold about you, to rectify it and to erase it, as explained in the additional information available on our website.
For more information, please see “SECURING YOUR DATA” on our website.
LEVEL 2: ADDITIONAL INFORMATION ON DATA PROTECTION
Information in compliance with personal data protection legislation
In Spain and the rest of Europe, there are data protection regulations in place designed to protect your personal data that, as a company, we need to be compliant with.
That is why it’s important to us that you clearly understand what we do with the data we request.
We will be transparent and ensure you have control over your data, using plain language and clear options that will allow you to decide what we are allowed to do with your personal data.
If anything is unclear after reading this information, please don’t hesitate to contact us. Thank you for your cooperation.
Who are we?
- Company name: PERFUMERIA NIZA JANDIA, S.L.
- Our tax identification code/tax ID: B35111392
- Our primary activity: Retail sail all types of products and online sales.
- Our address: C/ PEATONAL LA TARABILLA, Nº10, CP 35625, MORRO JABLE (Las Palmas)
- Our telephone number: +34 928166371
- Our website: www.aloeverapoint.com
- For your peace of mind and security, we are inscribed in the following Spanish Public Registry/Commercial and Trade Registry:
- Our primary activity is subject to a system of prior administrative authorisation. For your peace of mind and security, the details of the administrative authorisation and the competent supervisory body are:
Administrative authorisation: Franz Harkam
Competent supervisory body:
- The operator of this website is a member of a regulated profession, whose details are as follows:
Official academic or professional qualification:
Issuing EU Member State:
Professional standards applicable to the exercise of the profession:
We are available should you need us. Please don’t hesitate to contact us.
Why do we use your data?
Generally, your personal data will be used to maintain a relationship with us in order to deliver our services to you.
Your data may also be used for other purposes, such as sending you marketing communications or promoting our services.
We do you need to use your data?
Your personal data is required for us to maintain a relationship with us in order to deliver our services to you. We will provide a series of tick-boxes that will allow you to make a clear and simple decision on how you want us to use your data.
Who will we share the data you provide with?
Generally, only our members of staff who have been duly authorised may access the data that you have provided.
Equally, we may pass your personal data on to other entities where this is required in order to provide our services to you. For instance, we will need to share your data with our bank if you pay for our services by credit card or bank transfer.
We will also need to pass your data on to public or private entities when we are obliged to do so by law. For example, Spanish tax law requires us to provide the tax authorities with information on financial transactions that exceed a certain amount.
Nevertheless, if we otherwise need to disclose your personal data to other entities, we will ask your permission beforehand, providing you with clear options that will allow you to make a decision.
How do we protect your data?
We protect your data using effective security measures in proportion to the risks involved in using your data.
We have adopted a Data Protection Policy, and we carry out checks and annual audits to verify that your personal data is secure at all times.
Will we transmit your data to other countries?
Many countries across the world offer secure protection for your data, while others not so much. The European Union, for example, is a secure environment for your data. Our policy is not to send your personal data to any country that does not offer secure protection for your data.
In the event that we need to send your data to a country that is not as secure as Spain, in order to deliver our services to you, we will always ask your permission beforehand and apply effective security measures to reduce the risk of sending your personal data to another country.
How long do we retain your data for?
We will store your data for the duration of our customer relationship, in compliance with the legislation. Once the statutory retention period has lapsed, we will then destroy your data in a secure and environmentally-friendly manner.
What are your rights when it comes to data protection?
You may contact us at any time to find out what personal data we hold about you, to have it rectified where it is incorrect and to have it erased once our customer relationship comes to an end, provided that it is lawful to do so.
You are also entitled to have your data transferred to other entities in certain situations, under your right to data portability.
If you wish to exercise any of these rights, please send us a written request, accompanied by a copy of your ID, so that we can confirm your identity.
We have specific forms that you can use to exercise these rights, which we would be happy to help you fill in.
For more information about your data protection rights, please visit the Spanish Data Protection Agency website at www.agpd.es.
Can you withdraw your consent if you change your mind later?
Yes, you can withdraw your consent at any time if you change your mind about how your data may be used.
For example, if you were previously interested in receiving marketing communications about our products or services, but you no longer wish to receive these, you can let us know by using the consent withdrawal form available from us.
How can you submit a complaint if you feel your rights have not been honoured?
If you are not satisfied with how we have handled your request, you may submit a complaint to the Spanish Data Protection Agency, the Agencia Española de Protección de Datos. The agency can be contacted as follows:
o Website: www.agpd.es
Agencia Española de Protección de Datos C/ Jorge Juan, 6
28001 Madrid Spain
+34 901 100 099
+34 91 266 35 17
You can submit a complaint to the Spanish Data Protection Agency free of charge and you do not need the assistance of a solicitor or lawyer.
Do we build profiles about you?
Our policy is not to build any profiles about the users of our services.
However, there may be situations when we need to develop information profiles about you in order to provide a service, commercial or otherwise. An example would be where we use your purchase or service history to offer products or services tailored to your tastes or needs.
In such cases, we will apply effective security measures to protect your data at all times against unauthorised persons intending to use it for their own benefit.
Do you use your data for other purposes?
Our policy is not to use your data for any purposes other than those that we have explained. However, if we need to use your data for another purpose, we will always ask your permission beforehand, providing you with clear options that will allow you to make a decision.
DATA PROTECTION POLICY
The management board/governing body of BALCON DE JANDIA, S.L. (hereinafter referred to as the “data controller”) assumes full responsibility for and provides its full commitment to drafting, implementing and maintaining this Data Protection Policy, ensuring continuous improvement on the part of the data controller with a view to achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016) and with Spanish legislation on the protection of personal data (Spanish Organic Law, specific sector legislation and the implementing regulations).
The BALCON DE JANDIA, S.L. Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for ensuring compliance with the regulatory framework and case law that governs the Policy, and is able to prove this before the competent supervisory authorities.
The data controller is governed by the following principles that should serve as a guide and frame of reference for all of its staff, with regard to the protection personal data:
- Data Protection by design: when determining the means of processing and during processing itself, the data controller shall apply appropriate technical and organisational measures, such as pseudonymisation, designed to effectively implement the principles of data protection, such as processing the minimum amount of data required and incorporating the necessary guarantees into the processing.
- Data protection by default: the data controller shall apply appropriate technical and organisational measures with a view to ensuring that, by default, only personal data necessary for each specific purpose of processing is processed.
- Data protection in the data life cycle: measures to ensure that personal data is protected must be applied during the complete life cycle of the data.
- Lawfulness, fairness and transparency: the personal data must be processed in a lawful, fair and transparent manner in relation to the data subject.
- Purpose limitation: personal data must be collected for specific, explicit and legitimate purposes only, and must not be subsequently processed in any way that is incompatible with those purposes.
- Data minimisation: personal data must be adequate, relevant and restricted to what is necessary for the purposes for which it is processed.
- Accuracy: personal data must be accurate and updated where necessary; all reasonable steps must be taken to ensure that personal data which is inaccurate with regard to the purposes for which it is processed is rectified or erased without delay.
- Limiting the retention period: personal data must not be stored in any way that allows the data subject to be identified for any no longer than is necessary for the purposes of the processing of personal data.
- Integrity and confidentiality: personal data must be processed in such a way as to ensure adequate security of the personal data, including protection against unauthorised or unlawful processing, loss, destruction and accidental damage, by applying appropriate technical and organisational measures.
- Information and training: one of the keys to ensuring the protection of personal data is providing training and information to staff involved in processing the data. During the life cycle of the data, all staff with access to the data must be properly trained on and informed about their obligations in terms of compliance with data protection legislation.
The BALCON DE JANDIA, S.L. Data Protection Policy is distributed to all staff under the authority of the data controller and made available to anyone interested.
Consequently, the present Data Protection Policy involves all staff under the authority of the data controller, who must be familiar with the policy and take ownership of it; every single one of them is responsible for applying and verifying data protection regulations in their course of their work, as well as identifying and creating opportunities for improvement as appropriate with a view to achieving excellence in compliance.
This policy will be reviewed by the management board/governing body of SUBMARINE SAFARIS,
S.L. as often as necessary to ensure compliance with the provisions in force on the protection of personal data.
Information in compliance with personal data protection legislation
What are cookies and why do we use them?
A cookie is a small data file that is stored by your browser each time you visit our website.
Cookies are useful because they remember your activity on our website, so when you visit again, they can identify you and configure the content based on your browsing habits, identity and preferences.
Cookies are harmless. They do not contain any malicious code such as viruses, trojans or worms that could damage your device, but they are relevant when it comes to protecting your data, since they collect certain personal information (browsing habits, identity, preferences, etc.).
What information does a cookie store?
Cookies do not routinely collect special categories of personal data (sensitive data). The data saved includes technical information, personal preferences and custom content.
What kind of cookies are there?
In general, there are five types of cookies:
o Functional cookies:
This is the most basic type of cookie. It allows users to browse through a website platform or application, and use the different options or services provided, such as monitoring data traffic and communication, identifying the session, accessing areas with restricted access, remembering the items of an order, completing the purchasing process, performing a request to register or take part in an event, applying security during navigation, storing content to distribute videos or sound files, and sharing content via social networks.
o Custom cookies:
This type of cookie allows users to access our services with some general predefined settings on the user’s device, such as the language, the type of browser used and the location where you are accessing the service.
o Analytical cookies:
These allow user behaviour to be tracked and analysed across websites that are linked. The information collected through this type of cookie is used to measure activity on websites, applications and platforms, and to create browsing profiles of users, so improvements can be made based on the analysis of how users use the services.
o Advertising cookies:
These allow adverts included on a website, application or platform used to provide the services to be managed as efficiently as possible, based on criteria such as the content published or frequency at which adverts are displayed.
o Behavioural advertising cookies:
These allow adverts included on a website, application or platform used to provide the services to be managed as efficiently as possible. These cookies store information about the behaviour of users, obtained by continuously monitoring your browsing habits, allowing us to build up a specific profile about you and show you relevant adverts.
Which cookies are our own and which are used by third parties?
o First-party cookies:
These are generated and managed by the same party responsible for providing the service requested by the user.
o Third-party cookies:
These are generated by entities other than our own (external services or suppliers, such as Google).
What kind of cookies does our website use?
Functional cookies, first-party cookies
What can I do about cookies?
Cookies can be accepted, blocked or deleted, as desired. You can do this by adjusting your browser settings.
To find out how to manage or block cookies, please see the relevant user guide for your browser:
o Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-10
o Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
o Chrome: https://support.google.com/chrome/answer/95647?hl=en
o Safari: https://www.apple.com/uk/legal/privacy/en-ww/cookies/
You can also delete cookies that you have saved in your browser through your browser settings.