PRIVACY POLICY

1. DATA OF THE DATA CONTROLLER

-Company Name: JEFA SNEAKERS SHOP (hereinafter, the "Company" or the "Responsible").

-Registered Office: Calle Apodaca, nº 8, local 1 (Madrid)

-NIF: 01921924K

-Telephone: 634 461 098

Email for communications regarding data protection: jefasneakersshop@gmail.com

1.1. Applicable regulations 

Our Privacy Policy has been designed in accordance with the General Data Protection Regulation of the EU 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and which repeals Directive 95/46/CE (General Data Protection Regulation), and Organic Law 3/2018 of December 5, on Data Protection of Personal Character and Guarantee of Digital Rights.

By providing us with your data, you declare that you have read and are aware of this Privacy Policy, giving your unequivocal and express consent to the processing of your personal data in accordance with the purposes and terms expressed herein.

The Company may modify this Privacy Policy to adapt it to new legislation, jurisprudence or interpretation of the Spanish Agency for Data Protection. These privacy conditions may be complemented by the Legal Notice, Cookies Policy and the Purchase Terms that, where appropriate, are collected to place orders, assuming such access is a specialty in terms of protection of personal data when certain information is required. additional information for the proper management of said order.

2.- PRINCIPLES IN ACCORDANCE WITH THE EUROPEAN DATA PROTECTION REGULATION

We undertake to treat the personal data (hereinafter the "data") provided in accordance with the following principles contained in the General Data Protection Regulation (RGPD):

• Legality: We will only collect your Personal Data for specific, explicit and legitimate purposes, and we will not process your Personal Data in a way that is incompatible with those purposes.
• Legality: in accordance with article 6 of the General Data Protection Regulation, your personal data will be managed as long as you express your express consent for the processing of said data as a form of externalization of your will and free and informed consent. Your personal data may be necessary to formalize a contract, agreement or service, to which the interested party is a party, to comply with legal obligations, to protect the vital interests of the interested party and another natural person, to fulfill a mission of public interest or in the exercise of public powers conferred on the person responsible for the treatment or that satisfies the legitimate interests pursued by the person responsible for the treatment when these do not violate the fundamental rights and freedoms of the interested party or the protection of personal data of the interested party.
• Loyalty and transparency: in accordance with article 5 of the General Data Protection Regulation as a manifestation of transparency and that proof of this is that the interested party is informed of the existence of the treatment operation and its purposes.
• Data minimization: we limit the collection of personal data to what is strictly relevant and necessary for the purposes for which it was collected.
• Limitation of Purpose: We will only collect your personal data for specific, explicit and legitimate purposes, and that we maintain in the way we process it.
• Accuracy: We will keep your personal data accurate and up to date.
• Data Security: we apply the appropriate technical and organizational measures to guarantee the adequate level of security taking into account the risks and nature of the data in order to prevent them from being disclosed or that unauthorized personnel access them, or in the event of any loss or alteration. In short, any form of illicit treatment.
• Any person who, having generated their consent for the collection of data, wishes to request any management regarding the treatment, is recognized and may exercise: the right of access, rectification, opposition, deletion, limitation of treatment, portability and not to be object of individualized decisions. Its exercise will be free and said request will be corrected within a month to be extended for another two months taking into account exceptional circumstances such as, for example, the number of requests, complexity, or others of a similar nature.
• Principle of limitation of the conservation period: the data will be kept for the necessary time and for the purposes of the treatment without undue delay, and during which, the data of the users and clients will be available to them when they request it.

3. PURPOSE OF THE PROCESSING OF PERSONAL DATA

The treatment we carry out of your personal data responds to the following purposes:

- Provide you with information related to the products through the catalog that is made available to the user.

-To carry out, in case of buying an item through the website, for the management of the order, monitoring it for its correct delivery, post-sale customer service, as well as for the payment thereof.

-To manage social networks. The Controller has a presence on social networks. If you become a follower on the Owner's social networks, the processing of personal data will be governed by this section, as well as by those conditions of use, privacy policies and access regulations that belong to the social network that is appropriate in each case and that you have previously accepted .

-In the event that the user expressly accepts through the corresponding box, to send a newsletter with the aim of sending communications about new collections, offers, or other news that may be of interest to the user, while this do not revoke your consent, for which a simple and free means will be made available to you. Likewise, a discount code will be sent periodically through this channel, as long as the user who has authorized it does not decide to revoke said authorization.

3.1. Period of Conservation of your data 

We will keep your personal data from the moment you give us your consent until you revoke it or request the limitation of the treatment. In such cases, we will keep your data in a blocked manner during the legally required periods in each case (contractual relations, tax or accounting matters...), only at the disposal of any requirement notified by a Public or Judicial Authority.

Regarding the data collected for the purpose of sending the newsletter, unless the user revokes the consent in advance, we will keep the information for said purpose for two years, being subsequently deleted and it being necessary to collect the data again through the channel enabled, with the express authorization of the user.

3.2 Customer Restricted Access Area Policy

The Responsible will facilitate the user who registers the introduction of the necessary access data, these being the name of the account, the usernames and the passwords. For security reasons, the user will receive an email to activate their account and be able to access the application . The user will be responsible in any case for the custody of their access codes, for which they will be exclusively responsible for any damages that may arise from improper use of the same, as well as their loss or any other circumstance that could pose a risk of access to use it by unauthorized third parties. Users must notify the company immediately so that it proceeds to block and replace it.

The Responsible reserves the right to freely accept or reject the registration request of any user. The data entered by users must be accurate, current, truthful and will be processed and treated in compliance with current legislation on the protection of personal data.

4. LEGITIMATION AND DATA COLLECTED

The legitimacy for the treatment of your data is the express consent granted by means of a positive and affirmative act (fill in the corresponding form and check the acceptance box of this policy or call or send an email providing your data for a consultation) at the time to provide us with your personal data, both to request information and to place an order.

4.1. Consent to process your data 

By filling in the forms, checking the "I accept the Privacy Policy" box and clicking to send the data, or by sending emails to the Company through the accounts set up for this purpose, the User declares to have read and expressly accepted this privacy policy, and grants its unequivocal and express consent to the processing of your personal data in accordance with the indicated purposes.

4.2. Data categories 

The data collected through the contact form refers to the category of identifying data, such as: Name, Telephone, Email, as well as the IP address from where you access the data collection form. In the authorization that you leave us to send the newsletter, we will only request your name and email data, since no other type of data is necessary for the purpose for which they are requested.

In case of placing an order, we will also request the address, as necessary and essential information to be able to correctly process the order and send it to the client.

5. SECURITY MEASURES

Within our commitment to guarantee the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to guarantee the security of personal data and prevent its alteration, loss, treatment or unauthorized access, taking into account the state of the technology, the nature of the data stored and the risks to which they are exposed, according to Art. 32 of the GDPR EU 679/2016. 

All the data is stored on secure servers where the corresponding backup copies are made that allow the information to be available at all times for the correct execution of the order and the adequate continuity of the business.

6. ASSIGNMENT OF DATA

The data strictly necessary to deliver the order made by the user may be transferred, the recipients being the courier companies with which agreements are maintained. In any case, the signing of the corresponding contracts is guaranteed with these providers which, based on article 28 of the GDPR, guarantee the adequate treatment of data and the limitation of the treatment exclusively for the purpose of delivery of the orders.

Outside of the foregoing, no international assignments or transfers of data collected through this website are foreseen, except for those authorized by tax, commercial and telecommunications legislation, as well as in those cases in which a judicial authority notifies us. require.

7. RIGHTS OF THE USER

Any interested party has the right to obtain confirmation as to whether we are processing personal data that concerns them or not. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. For reasons related to their particular situation, the interested parties may oppose the processing of their data. The Responsible will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

We also remind you that, if you are a customer, you can revoke your consent or oppose the sending of commercial communications by any means and at any time, by sending an email to jefasneakersshop@gmail.com .     

If you consider that your request has not been dealt with correctly or your data is not being treated properly, you can address your claims to the Spanish Agency for Data Protection , the control body on the matter in Spain.

Below, we provide you with extended information on the aforementioned rights, with direct access to their exercise using the links of the Spanish Agency for Data Protection:

A)-RIGHT OF ACCESS

Article 15 of the General Data Protection Regulation recognizes the right of the interested party to know if their personal data is being processed or not and the purposes of the treatment, the categories of data, the recipients, the origin of the data, the conservation period and the criteria for determining said term. Thus, the person in charge of the treatment will provide a copy of the personal data subject to treatment by electronic format upon presentation of the request.

They may also request the person in charge: rectification, deletion or limitation of data and treatment.

In order to make it easier for the user to exercise said right, we provide the form that must be completed for your request through the following link:

https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf

B)-RIGHT OF RECTIFICATION AND DELETION

Articles 16 and 17 of the General Data Protection Regulations establish that in terms of rectification and deletion of personal data that the client or user requests the rectification of their personal data because they consider it inaccurate or that they be completed or deleted because they are not necessary for the purposes for which they were collected and processed.

In order to make it easier for the user to exercise said right, we provide the form that must be completed for your request through the following link:

https://www.aepd.es/media/formularios/formulario-derecho-de-rectificacion.pdf

https://www.aepd.es/media/formularios/formulario-derecho-de-supresion.pdf

C)- RIGHT TO LIMITATION OF PROCESSING

The interested party shall have the right to obtain from the data controller the limitation of the data processing whenever they contest the accuracy of the personal data. That is, the data may only be processed, with the exception of its conservation, with the consent of the interested party, for the exercise or defense of claims, to protect the rights of another natural or legal person or for reasons of public interest of the Union or of a particular Member State . In addition, this will be informed by the person in charge before the lifting of said limitation.

In order to make it easier for the user to exercise said right, we provide the form that must be completed for your request through the following link:

https://www.aepd.es/media/formularios/formulario-derecho-de-limitacion.pdf

1. D) -RIGHT TO DATA PORTABILITY

Article 20 of the General Data Protection Regulation recognizes the right of the interested party to receive the personal data that concerns them, that is, it is transmitted directly from person in charge to person in charge whenever technically possible, in a structured, commonly used and readable format. without being prevented by the person in charge to whom they were provided, when the consent has been expressly outsourced or through a contract.

In order to make it easier for the user to exercise said right, we provide the form that must be completed for your request through the following link:

https://www.aepd.es/media/formularios/formulario-derecho-de-acceso.pdf

8. CONFIDENTIALITY

The personal data that may be collected will be treated with absolute confidentiality, the Company committing to keep it secret and guaranteeing the duty to keep it, adopting all the necessary measures to avoid its alteration, loss and treatment or unauthorized access, in accordance with what is established in the applicable legislation.

To this end, the Responsible Party guarantees that it will maintain the corresponding confidentiality commitments signed with any person who may be involved in any phase of the processing of the personal data collected.

9. INTERNATIONAL DATA TRANSFERS

International Data Transfer is understood as the communication of your personal data to countries located outside the European Union, and more specifically outside the European Economic Area (EEA). There are exceptions from countries outside this European space that are not considered an international transfer as the recipients are countries that the European Commission for Data Protection considers appropriate for complying with European data protection standards.

In the event that the Company transfers personal information outside the EEA, either because the storage of the data is hosted on a server outside the borders of the EEA, or for any other reason, it ensures that the regulatory contractual clauses of said international transfer, making sure that the provider that can host or process personal information complies with the minimum security standards and principles contained in the GDPR.