Privacy Policy
Applicable Regulations
Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND of the COUNCIL of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR EU 2016/679, and to the extent not contrary to the aforementioned Regulation, by the provisions of Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, hereinafter referred to as LOPDGDD 3/2018.
By providing us with your data, the customer and/or user declares to have read and understood this Privacy Policy, giving their unequivocal and express consent to the processing of their personal data in accordance with the purposes and terms expressed herein.
BASIC INFORMATION ON DATA PROTECTION
| Responsible | Estela Calzón Gago |
| Purpose | Contact the interested party, attend to information requests received, respond to queries raised, as well as send commercial communications about our services by letter, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means, provided that the interested party has consented to the processing of their personal data for this purpose. |
| Legitimation | Execution of a contract in which the interested party is a part or for the application at the request of the interested party of pre-contractual measures. Legitimate interest of the data controller. Consent of the interested party. |
| Recipients | Data will not be transferred to third parties, except legal obligation. |
| Rights | You have the right to access, rectify, and delete the data, as well as other rights, as indicated in the additional information, which you can exercise by contacting the data controller at info@lasantaservice.com |
| Additional information: | You can consult the additional and detailed information on Data Protection in the attached clauses available at https://lasantaservice.com/en/privacy-policy |
Additional Information on Data Protection
Data Controller:
- Identity: Estela Calzón Gago
- ID Number: 71019414Z
- Address: Carrer de Lluc, 14. 1A. 07817 Sant Jordi de ses salines, Ibiza
- Phone: (+34) 665 401 340
- Email: info@lasantaservice.com
PURPOSES AND LEGAL BASIS OF DATA PROCESSING
a) In general
The DATA COTROLLER processes the personal data provided by its customers and/or users for the following purposes:
- Purpose: o contact the data subject, address requests for information, respond to queries, provide requested services, carry out administrative, commercial, accounting, and tax management of the company, as well as send commercial communications about our services through mail, phone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means, provided that the data subject has consented to the processing of their personal data for this purpose.
- Legal basis for this processing: Execution of a contract in which the data subject is a party or for the application at the request of the data subject of pre-contractual measures. Legitimate interest. The consent of the data subject, which can be withdrawn at any time.
b) WEBSITE Electronic Forms
The DATA CONTROLLER processes the personal data provided by customers and/or users through the electronic data collection forms on the website for the purposes identified below:
Regarding the “Contact Form” (those that can be sent through the email addresses listed on the website):
- Purpose: To contact the data subject, address requests for information, respond to queries, and send commercial communications about our services through mail, phone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means, provided that the data subject has consented to the processing of their personal data for this purpose.
- Legal basis for this processing: The consent of the data subject, which can be withdrawn at any time.
When the data requested in the electronic form is necessary, the data controller will indicate its mandatory nature at the time of data collection from customers and/or users, and failure to provide them may result in the corresponding request not being attended to.
WHAT TYPE OF DATA DO WE PROCESS?
For the purposes mentioned in the previous section, we process the set of customer data, which can be divided into the following sources and categories:
a) Data provided directly by the customer and/or user: Data provided directly by the customer and/or user, either at the time of requesting the service through the completion of electronic data collection forms or in paper format provided for this purpose, as well as data provided throughout the contractual relationship through various means, such as information requests. The customer and/or user is responsible for the accuracy and updating of this data.
- Identifying Information (name and surname, NIF, NIE, passport, postal address, email, phone, mobile, manual, handwritten or digitized signature, image and/or voice, social media profiles, IP addresses, username, and password).
- Financial Data (banking information).
b) Data obtained from sources other than the customer and/or user: Data obtained from sources other than the customer and/or user, either with their consent or through any other legal authorization (legitimate interest, compliance with a legal obligation, etc.).
c) c) Data derived from the development of the commercial relationship: Data indirectly provided by the customer and/or user as a result of the provision of the contracted service and the maintenance of this activity. This category includes traffic data, browsing data through the public website or access to the private area, or other similar data.
RECORD OF PROCESSING ACTIVITIES
We inform you that the personal data obtained from the customer and/or user as a result of filling out the electronic forms on the website are part of the Record of Processing Activities (RAT) of the data controller, which will be updated periodically in accordance with the provisions of the GDPR EU 2016/679 and the LOPDGDD 3/2018.
RECIPIENTS
The personal data of the data subjects will be communicated to the following recipients:
a) In general:
- Providers of the data controller, acting as data processors, within the scope of the corresponding provision of services (lawyers, accounting and tax advisors, consultants, IT service providers – website hosting and email service).
- Competent authorities and organizations, to the extent necessary to fulfill legal obligations.
b) In relation to the “Contact Form” (or those that can be sent through the email addresses listed on the website):
- No data will be transferred to third parties, except when required by law.
Transfers to Third Countries
- There are no planned transfers of data to third countries without an adequate level of protection.
Retention Periods
Personal data will be retained as follows:
a) In general:
- Data will be retained until you request its deletion, and in any case, for the years necessary to fulfill legal obligations.
b) In relation to the “Contact Form” (or those that can be sent through the email addresses listed on the website):
- Personal data will be retained until the end of the relationship between the data controller and the customer and/or user, unless the data subject requests deletion earlier, or until the data subject withdraws consent at any time, without affecting the legality of processing based on consent before its withdrawal.
For these purposes, data subjects are reminded that they should inform the data controller, as the recipient of the communicated personal data, of any rectification or deletion of data concerning their representatives, authorized persons, and other contact persons.
Once the relationship is concluded, to the extent that the personal data of data subjects are relevant for the data controller’s liability towards customers and/or users, this data will be kept, duly blocked, available to the competent judicial authorities or public administrations, for the enforcement of liabilities arising from processing for the prescription period of such liabilities.
RIGHTS OF THE DATA SUBJECTS
Customers and/or users of the WEBSITE can exercise, to the extent applicable, the following rights before the data controller: access to personal data, rectification, erasure (right to be forgotten), restriction of processing, data portability, objection to processing, and not to be subject to automated individual decisions. When processing is based on consent, data subjects also have the right to withdraw it at any time.
Customers and/or users can exercise these rights by submitting a written and signed request to the postal address of the data controller located at Calle Parque Bujaruelo, 43 Bajo – 28924 Alcorcón, Madrid (Spain), or via email to info@lasantaservice.com attaching, in both cases, valid proof of identity, such as a photocopy of the ID/NIE or an equivalent document, and clearly indicating the right they wish to exercise.
Customers and/or users also have the right to lodge a complaint with the competent supervisory authority (Spanish Data Protection Agency) if they believe that the processing does not comply with current regulations or if they consider that their rights regarding the protection of their personal data have been violated, especially when they have not obtained satisfaction in the exercise of their rights, through the website https://www.aepd.es
These rights will be addressed by the data controller within 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received so requires. This is without prejudice to the obligation to retain certain data under legal terms and until the possible liabilities arising from potential processing or, where applicable, from a contractual relationship expire.
In addition to the above, and in relation to data protection regulations, users who request it have the possibility to organize the fate of their data after their death.
SENDING COMMERCIAL COMMUNICATIONS
In compliance with the provisions of the second final provision of Law 9/2014, of May 9, on Telecommunications, which amends Law 34/2002, of July 11, on information society services and electronic commerce, commercial communications made electronically must be clearly identifiable as such. The natural or legal person on whose behalf they are made must also be clearly identifiable, without prejudice to the provisions of regulations issued by Autonomous Communities with exclusive competences in consumer protection.
The customer and/or user who provides their contact information to the data controller by clicking the “SEND” button on the electronic data collection forms on the website and affirmatively checks the two consent boxes, “I accept the processing of my data for the purposes indicated in the basic data protection information” and “I give my consent to receive commercial communications about your services,” expressly and unequivocally authorizes the data controller to process their personal data for the purpose of sending commercial communications about our services through mail, phone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means.
The legal basis legitimizing this processing is the consent of the data subject, which can be revoked at any time.
In compliance with the provisions of Articles 21 and 22 of Law 34/2002, of July 11, on information society services and electronic commerce, the user may object to the processing of their data for promotional purposes and revoke the consent given for receiving commercial communications via email by simply notifying their intention to the data controller through a simple and free procedure, which consists of sending an email to the email address info@lasantaservice.com, indicando en el Asunto del mensaje “BAJA” o “NO ENVIAR”.
Los datos proporcionados se conservarán mientras se mantenga la relación comercial o durante los años necesarios para cumplir las obligaciones legales.indicating “UNSUBSCRIBE” or “DO NOT SEND” in the subject line of the message.
The data provided will be retained for as long as the commercial relationship is maintained or for the years necessary to fulfill legal obligations.
SOCIAL MEDIA POLICY
The data controller has profiles on the following internet social networks:
- Instagram: https://www.instagram.com/lasanta_catering/
In this case, the data controller is considered responsible for the processing of user data, which also includes followers, subscribers, fans, or simply individuals who make comments or inquiries through these channels.
In this regard, the data controller may use this profile to inform its users about news it deems appropriate for the services offered, or it may also share information or articles of current interest published by other users on social media.
Under no circumstances will the data controller use personal information of users without their consent for purposes other than those expected on the mentioned social network, requesting the user’s consent when necessary.
ACCURACY OF DATA PROVIDED BY DATA SUBJECTS
The customer and/or user is responsible for ensuring that the information they provide through the completion of electronic forms available on the WEBSITE or through emails sent to the various accounts under the internet domain lasantaservice.com is accurate. They are responsible for the accuracy of all the data they provide and must keep it updated to reflect a true and current situation. The customer and/or user is also responsible for any false or inaccurate information they provide and for any damages, inconveniences, or problems that may arise as a result, either for the data controller or for third parties.
SECURITY MEASURES
The data controller ensures that appropriate technical and organizational policies have been implemented on the WEBSITE to apply the security measures established by GDPR EU 2016/679 and LOPDGDD 3/2018 in order to protect the rights and freedoms of customers and/or users. They have also provided them with the necessary information to exercise these rights.
To protect individual rights, especially in relation to automated processing, and with the intention of being transparent with customers and/or users, the data controller has established a policy that includes a description of these processing activities, their purposes, their legitimacy, and the tools available to customers and/or users to exercise their rights.
The WEBSITE is built using the WordPress content management system with the Elementor plugin and has an active SSL encryption certificate for the entire domain, allowing users to securely transmit their personal data through the existing electronic forms.
The WEBSITE is hosted on servers provided by Grupo Loading Systems S.L., VAT Number: B53927950, with its registered office at Calle Gabriel Sijé, No. 14, Ground Floor, Orihuela, 03300 Alicante (Spain). The assigned IP address falls within the Spanish range.
All information will be stored and managed with due confidentiality, applying the necessary computer security measures to prevent unauthorized access or misuse of your data, its manipulation, deterioration, or loss.
However, the customer and/or user should be aware that the security of computer systems is never absolute. When personal data is provided over the Internet, this information may be collected without consent and processed by unauthorized third parties. The data controller disclaims any responsibility for the consequences of such acts that may have for the User if they voluntarily published the information.
ACCEPTANCE AND CONSENT
The customer and/or user declares that they have been informed of the conditions regarding the protection of personal data, accepting and consenting to the automated processing of their data by the data controller in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may contain specific provisions on the protection of personal data.
CHANGES TO THIS PRIVACY POLICY
The data controller reserves the right to modify this Privacy Policy to adapt it to legislative, jurisprudential changes, interpretations of the Spanish Data Protection Agency, as well as industry practices.
In such cases, the data controller will announce the changes on the websites with reasonable notice before they take effect.
This privacy policy may be supplemented by the Legal Notice, Cookie Policy, and General Terms and Conditions of Contracting that, where applicable, are included for certain products or services if such access involves any special provisions regarding the protection of personal data.
