Data controller: MÓNICA CORDERA, S.L. (hereinafter, "the Data Controller", "the Controller", or "CORDERA").
Representative: Mónica Cordera
Tax Identification Number (NIF): B32426157
Registered office: Calle Picavia, 5, 2oD, 15004, A Coruña
E-mail address: email@example.com
Business activity: fashion and accessories
PERSONAL DATA PROCESSED
However, CORDERA may carry out periodic checks to verify this fact, adopting the corresponding diligence measures in accordance with data protection regulations.
CORDERA will process the following data categories:
1. Identification data: name, surname and national identity card number or equivalent document for natural person or of the representative of the legal entity.
2. Contact data: e-mail address, telephone number, identification data (as mentioned above), postal address, etc.
3. Economic and financial data: bank details (credit card, bank account number) or any other data necessary for invoicing purposes.
4. Details of the corresponding service.
5. Data provided through contact channels provided on the website (via telephone or e-mail).
6. Browsing data.
PURPOSES AND LEGAL BASIS FOR PROCESSING
CORDERA will collect and process the User's personal data in order to manage their relationship. In particular, the main purposes identified are the following:
- Management of the User 's registration platform.
- Management and contracting of the services offered by the Data Controller, including the placing and management of orders on the website.
- Channeling requests for information, suggestions, and complaints that the User may file against CORDERA.
- Communicating with CORDERA's users or potential users, whether through the website, social media or by any other means. This communication includes the sending of communications on advertising, emails from the contact form, news and novelties of special interest and relevance for information purposes, or CORDERA's newsletter.
- Management of the labor relationship, with regards to employees.
- Management of the commercial relationship maintained with suppliers.
- Management of personnel selection.
- Computer maintenance of the website and associated services.
- For marketing and advertising purposes.
CORDERA collects the User's personal data by different means, but always informing at the time of collection by means of informative clauses about the controller of the processing, the purpose and legal basis of the processing, the recipients of the data and the period of conservation of your personal data, as well as the way to exercise your rights in terms of data protection.
In general, the personal data that CORDERA processes are limited to identification data (name and surname, date of birth, address, identity document, telephone number and e- mail address) for the management of the contracted services and the management of invoicing.
In case of personnel management and selection, we collect academic and professional data in order to meet the obligations arising from the maintenance of the employment relationship or, where appropriate, to become part of our staff.
CORDERA's processing is carried out on the basis of:
1. Data provided to contract a service:
(a) Consent to register as a user of the website and create a personal account.
2. Data provided for the management and contracting of the services offered by CORDERA, including the placing and management of orders on the website:
(a) Consent to request the contract of the services.
(b) Execution of a contract to manage the contracting of the service or sale contracted with CORDERA.
3. Data provided to channel requests for information, suggestions and complaints by the User:
(a) Consent of users or customers who contact CORDERA to request information, suggestions, or complaints.
4. Data provided for the IT maintenance of the website and associated services, to analyze the use and quality of the services and their potential improvement:
(a) CORDERA's legitimate interest, to ensure the proper functioning of its main means of commerce, as well as to guarantee the best possible service to its users and customers.
5. Data provided for marketing and advertising purposes:
(a) Consent that users give, for example, through cookies, when they save an item of clothing in favorites, by subscribing to the newsletter, etc.
(b) Legitimate interest of CORDERA, as this information is useful for the creation of content, as well as to improve the user's experience, providing the information that best suits their preferences.
All consents obtained for the aforementioned purposes are independent and the User may revoke only one of them without affecting the others.
CORDERA does not share personal data of its clients or users of the website and social networks, except for those cases in which it is strictly necessary to comply with a legal obligation or for the execution of the service contract with the users.
In order to provide the requested service, third parties acting as suppliers of MÓNICA CORDERA, S.L. may have access to personal information in order to carry out the service for which they have been contracted, acting as data processors (legal and accounting assistance, auditors, destruction of documents/information and information technology service providers, for example, data hosting and email service). It should be emphasized that the above shall not be considered as a transfer of personal data. These providers will access your personal data in accordance with the instructions of CORDERA and will not use it for any other purpose, keeping your personal information strictly confidential. CORDERA undertakes to select suppliers who comply with the current regulatory framework for the protection of personal data.
The competent authorities and bodies, to the extent necessary to comply with legal obligations, will also be considered recipients for these purposes.
In the development and fulfillment of the contracted services, international data transfers may occur when, in order to carry out the above communications, personal data must be transferred to any of these recipients that are not within the European Economic Area and, therefore, do not comply with European regulations on data protection. In these cases, CORDERA will use the Standard Contractual Clauses adapted by the European Commission as a guarantee for transfers made to countries that do not have a European Commission adequacy decision. However, third parties that CORDERA shares certain personal data with must have previously accredited the adoption of adequate technical and organizational measures for the correct protection of such data.
CORDERA will only keep your personal data for the period of time necessary to fulfil the purpose for which they were collected, to comply with legal obligations and to attend to possible responsibilities that may arise from the fulfilment of the purpose for which the data were collected.
If CORDERA collects your data in order to contact you as a User of its services or to respond to any request for information made by you, your personal data will be kept for a maximum period of 2 years. Likewise, they will also be deleted whenever the User requests so.
In the specific cases of "registration form" to request the registration of the User as a purchaser of CORDERA, "contact form" and other consultations, and "newsletter form", the personal data will be kept until the User requests the deletion of his or her data.
In any case, and as a general rule, CORDERA will keep your personal data for as long as there is a contractual relationship that links it to you or you do not exercise your right to suppression and/or limitation of processing, in which case, the information will be blocked without being used beyond its conservation, while it may be necessary for the exercise or defense of claims or any type of responsibility may arise that needs to be attended.
RIGHTS OF INTERESTED PARTIES
Users of the website may exercise the following rights before CORDERA, insofar as they are applicable: the right to access by the data subject, the right to rectification, the right to erasure or the right to be forgotten, the right to restriction of processing, the right to data portability, the right not to be subject to an automated individual decision- making, and the right to object.
In accordance with current legislation, these rights must always be free of charge, except in the case of manifestly unfounded or excessive requests. In this case, CORDERA may charge a fee proportional to the administrative costs incurred or refuse to act. Furthermore, they must be exercised directly by the interested party or through their legal representative or volunteer.
CORDERA must reply to your request within one month, although, depending on the complexity and number of requests, this period may be extended by up to two months. In the event of not acting on your request, CORDERA will inform you, within one month at the latest, of the reasons for its failure to act and the possibility of lodging a complaint with the Spanish Data Protection Agency.
You must be provided with all the necessary information on the means of exercising these rights, which must be accessible. You may not be denied the exercise of the right simply because you choose a different means. If the request is made by electronic means, the information should be provided by electronic means where possible, unless you ask us to do otherwise.
Users may exercise these rights by duly identifying themselves with their ID card and by sending a letter or e-mail to the addresses indicated in the "Data controllers" section. The request must be signed, and the subject line must indicate "Exercise of GDPR Rights".
In case you wanted to exercise any of these rights, you may use the following application forms:
(a) Right of access by the data subject
(b) Right to rectification
(c) Right to erasure ("right to be forgotten")
(d) Right to restriction of processing
(e) Right to data portability
(f) Right to object
(g) Right not to be subject to an automated individual decision-making
RESPONSIBILITY OF THE USER
By providing their data to CORDERA through electronic channels, the User guarantees to be over 18 years of age and that the data provided to CORDERA are true, exact, complete and up to date. To this effect, the User takes responsibility for the veracity of the data communicated and for keeping this information suitably updated so that it corresponds to reality, taking responsibility for any false or inaccurate provided data, as well as for any damages, direct or indirect, that may arise.
CORDERA informs you that the necessary technical and organizational security measures have been implemented to guarantee the security of your personal data and to avoid its alteration, loss and unauthorized processing and/or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed, whether these arise from human action or from the physical or natural environment. All in accordance with the provisions of the GDPR.
Likewise, CORDERA has established additional measures in order to strengthen the confidentiality and integrity of the information in its organization and to continuously maintain the supervision, control and evaluation of the processes to ensure respect for data privacy.