DATA PROTECTION POLICY
This is the data protection policy of Shop in calm SL It refers to the data it processes in the exercise of its commercial activity in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council , of April 27, 2016) and Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights (LOPDGDD).
Who is responsible for the processing of personal data?
The person responsible for the processing of personal data is Shop in calm SL (hereinafter Shop in calm), with CIF B67687038, address at Calle Penya Bisbalenca, 22B of La Bisbal d'Empordà (CP 17100), telephone 655 99 71 58, email info @ shopincalm.com and website www.shopincalm.com. Figure registered in the Mercantile Registry of Girona, Sheet GI-68948 Volume 3349 Folio 166.
For what purpose do we process the data?
At Shop in calm we process personal data for the following purposes.
. We answer the queries of the people who contact us by email, contact forms on our website and by telephone. We process this data solely for this purpose.
Services to clients
. We register new customers and additional data that may be generated as a result of the business relationship with customers. In the contracting process, essential data is requested, which may include bank details (current account number or credit card number) which, if necessary, will be communicated to banking entities that manage the collection (they can only be use for this purpose). The commercial relationship entails other treatments, such as incorporating the data into accounting, billing, or information to the Tax Administration. By accessing the customer area of our website, it is possible to manage your own data, purchase products, check billing, access promotions and discounts or find out the status of queries or claims that have been made through this channel. Access to the customer area provides us with information on the activity of the user of this service.
Information about our products.
While there is a contractual relationship with its customers, Shop in calm uses their contact information to communicate information related to this relationship, information that may circumstantially include references to our products, whether of a general nature or more specifically referring to the characteristics and needs of the customer. .
Other information about our products.
With the explicit authorization of the client, once the contractual relationship has ended, the contact details are kept to send advertising related to our products, general or specific information, according to the interests of the client. This information will be sent to whoever, despite not being a customer, asks us for it or accepts it by filling out our forms.
Management of the data of our suppliers
. We register and process the data of the suppliers from whom we obtain services or goods. They can be the data of people who act as freelancers and also data of representatives of legal entities. We obtain the essential data to maintain the commercial relationship, we use it solely for this purpose and we make our own use of this kind of relationship.
Users of our website.
What is the legal legitimacy for data processing?
The data processing that we carry out has different legal grounds, depending on the nature of each processing.
In compliance with a pre-contractual relationship.
This is the case of the data of possible clients or suppliers with whom we have relations prior to the formalization of a contractual relationship, such as the preparation or study of budgets.
In compliance with a contractual relationship.
This is the case of relationships with our customers and suppliers and all the actions and uses that these relationships entail.
In compliance with legal obligations.
Data communications to the Tax Administration are established by regulations governing commercial relations. The case of having to communicate data to judicial bodies or to security forces and bodies may also occur in compliance with legal regulations that require collaboration with these public bodies.
Based on consent.
When we send information about our products, we process the contact details of the recipients with their authorization or explicit consent. The browsing data that we can obtain through cookies is obtained with the consent of the person who visits our website, consent that can be revoked at any time by uninstalling these cookies.
To whom are the data communicated?
As a general criterion, we only communicate data to administrations or public powers and always in compliance with legal obligations. In the issuance of invoices to clients, the data can be communicated to banking entities. In justified cases, we will communicate the data to the security forces and bodies or to the competent judicial bodies. No data transfers are made outside the European Union (international transfer).
In another sense, for certain tasks we obtain the services of companies or people who provide us with their experience and specialization. On some occasions these external companies must access personal data that is our responsibility. It is not exactly a transfer of data, but a processing order. Services are only contracted from companies that guarantee compliance with data protection regulations. At the time of contracting, their confidentiality obligations are formalized and their performance is monitored. This may be the case of data hosting services, information services or legal, accounting, tax or labor advice.
How long do we keep the data?
We comply with the legal obligation to limit the data retention period to the maximum. For this reason, they are kept only for the time necessary and justified by the purpose for which they were obtained. In certain cases, such as the data that appears in the accounting documentation and invoicing, the tax regulations oblige to keep them until the responsibilities in this matter prescribe. In the case of data that is processed based on the consent of the person concerned, they are kept until this person revokes their consent.
What rights do people have in relation to the data we process?
As provided in the General Data Protection Regulation, the people whose data we process have the following rights:
Know if they are treated.
Anyone has, first of all, the right to know if we process their data, regardless of whether there has been a prior relationship.
To be informed at the collection.
When the personal data is obtained from the interested party, at the time of providing them, they must have clear information on the purposes for which they will be used, who will be responsible for the treatment and the rest of the aspects derived from this treatment.
Very broad right that includes the right to know precisely what personal data is processed, what is the purpose for which it is processed, the communications to other people that will be made (if applicable) or the right to obtain a copy or to know the expected period of conservation.
To ask for rectification.
It is the right to have inaccurate data that is processed by us rectified.
To request the deletion.
In certain circumstances there is the right to request the deletion of the data when, among other reasons, they are no longer necessary for the purposes for which they were collected and that justified the treatment.
Request the limitation of treatment.
Also in certain circumstances the right to request the limitation of data processing is recognized. In this case, they will cease to be processed and will only be kept for the exercise or defense of claims, in accordance with the General Data Protection Regulations.
In the cases provided for in the regulations, the right to obtain one's own personal data in a commonly used structured format that is machine-readable is recognized, and to transmit it to another data controller, if the person concerned so decides.
To oppose the treatment.
A person can allege reasons related to their particular situation, reasons that will lead to their data not being processed to the degree or extent that may cause them harm, except for legitimate reasons or the exercise or defense of claims.
Not to receive commercial information.
We immediately respond to requests not to continue sending commercial information to people who have previously authorized it.
How can rights be exercised or defended?
The rights that we have just listed can be exercised by sending a written request to Shop in calm SL at the postal address Calle Penya Bisbalenca, 22B of La Bisbal d'Empordà (CP 17100), or by sending an email to firstname.lastname@example.org , indicating in all cases "Protection of personal data".
If a satisfactory response has not been obtained in the exercise of rights, it is possible to file a claim with the Spanish Agency for Data Protection, through forms or other channels accessible from its website www.aepd.es.