This text gathers the terms and conditions in which the owner of vitamina3d.com manages and protects the information given by the user when using the website, ensuring compliance with the Spanish regulation: Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales (LOPDGDD) and the rest of the applicable law in every moment that ensures the correct personal data processing.
In addition, this website also complies with the General Data Protection Regulation of the EU (GDPR EU 679) released on May 24th 2016 and applicable since May 25th 2018, having taken all the measures needed for that purpose.
When we gather user’s personal data, the owner of the website is committed to the following principles:
- Lawfulness, loyalty and transparency in all of our actions. We will never borrow, sell or do any kind of business with the users personal data.
- Personal data are only used for the specific, legitimate and explicit purpose for what they have been collected, always under the user consent.
- The collected personal data are adequate, relevant and limited to the strictly necessary.
- The personal data we have will be exact and updated at any time, according with what the users specify.
- We only keep the personal data for a limited period of time, enough to perform the tasks that need them.
In case of security violation, we will warn the authorities as soon as possible and make a report, fulfilling the requirements of the GDPR.
We are obliged to transfer personal data only under exceptional circumstances, such as a law requirement, or under the user’s explicit consent to third parties interested in them.
The responsible for de data processing is the owner of the website, who will prove the actions taken to ensure compliance with the GDPR to the corresponding authority when needed.
In order to protect the users’ personal data, the owner takes all the reasonable precautions and follows the best practices within the industry to avoid data loss, misuse, illicit access, disclosure, alteration or destruction.
Personal data are processed ensuring security. For that, our hosting company, Raiola Networks, offers safe servers and ensures their correct functioning. Moreover, the website vitamina3d.com uses https protocols in order to improve security during data transfer.
Users are responsible for the accuracy of the data transferred to the owner. They must be currently complete, correct, truthful and accurate. The user must also keep them updated. The owner is not responsible for any of these matters.
Every registered user, those who have left comments or those who have just visited our website, can exercise any of the following rights at any time:
- Right of access. To know if we store personal data or information concerning the user and, if it is the case, get access to that information.
- Right to rectification. Correct or modify wrong, inaccurate or incomplete personal data.
- Right to object. Oppose to the use of personal data for a purpose different than the one agreed or booked.
- Right to restriction of usage. The users can ask us not to use their data for a limited period of time or until further notice. Those data can be kept, modified or erased if the user asks for.
- Right to erasure (Right to oblivion). The users can ask us to erase from our database all the information they have provided us, or those data they consider inadequate or excessive (except those data we are obliged to keep for administrative, legal or security reasons, in compliance with the LOPDGDD and the GDPR).
- Right to data portability. The user can ask the controller for his/her personal data in a structured, commonly used and machine-readable format and transmit them to a third party.
- Automated individual decision-making, including profiling. The user has the right not to be object to a decision based only on automated processing, including profiling, in order to make a decision that can concern him/her.
How to exercise your rights
In order to exercise rights, the user can do it at any time by filling the form available in our Contact page with the subject “Data management and privacy”.
He/she must use the email address he/she used to register in our website and identify himself/herself by means of his/her DNI, NIE, passport or a legal identification document not expired.
In that message, the user will tell us which actions we must take according to his/her rights and we will proceed as soon as possible. According to the GDPR, we must answer within a month since the user sends the request.
If we do not answer in less than a month, the answer is unsatisfactory or we are not showing compliance with the regulations, the user can make a claim to the Spanish Data Protection Agency (Agencia Española de Protección de Datos).
We also inform that, in case of complex rights request or if we are somehow overwhelmed by the amount of requests to be dealt, we have the right to an extension of 3 months of the limit. If it is the case, we will inform the applicant we need more time to answer accurately.
Data collection and processing
If we need any personal data concerning the user, we will ask for his/her consent, checking a field enabled for that purpose. We always get user personal data from direct channels, never from third parties. These channels are described in the following sections.
Direct user personal data
Direct channels to collect the necessary information so we can provide our services properly and allow the users to participate in our site:
- Contact forms or email to any of our addresses. In these cases, we ask for name, surname and email address to be in touch in order to answer the doubts or requests.
- When the user leaves a comment in one of our pages, we can use his/her data to manage comments and prevent spam, identifying the user for security reasons. According to the law, kids under 14 years old cannot leave comments.
- Purchases and shipping. We may ask for name, surname, shipping address, email, and telephone number to complete the order and shipping properly, as well as to be in touch while the process is carried out.
- Account. When the user creates an account in our site, all the data from the previous points may be asked to verify users and to speed up those processes. That information is fully accessible for the user, who is free to modify and update it at any time.
- Bills. For instance, if the user asks for, we need some personal data to make a bill and his/her consent to store them. We will keep data for 6 years, which is the legal period.
Second plane services
Through services that are run in second plane for the website’s functioning:
- Google ReCaptcha. It is a spam detection system. Read more.
- Google Analytics. A tool for statistical analysis. Read more.
- Cookies. Used to ensure the correct functioning of the website and to get a better understanding of users behaviour and improve our site. They would not be identifying data. For further details, read our Cookies policy.
Third-party links and social networks
Social networks sharing
The articles of our blog can be shared in different social networks (Facebook, Twitter and LinkedIn) and Whatsapp. For that purpose, we use Sassy Social Share plugin, which allows the users to share a post by clicking the corresponding button. Neither us nor this plugin track users data.
Lithophanes involve sending us images to print them. In this case, we may keep the pictures between 1 and 2 weeks in case there are any complain and we have to do again the lithophanes. After that period of time, we will erase the files from our database. The user can always ask us to erase them before that period.
The data we collect will not be considered, according to the GDPR (article 9) and to the LOPDGDD, as sensitive data, since we never ask for information about health, racial or ethnic origin, religious or philosophical beliefs, political opinions, union membership, sexual life, sexual orientation, genetic data, biometric data or information about any administrative or criminal offence.
Where the data are sent?
In compliance with the LOPDGDD and the UE GDPR, we inform the users that the data transferred to use via a contact form or email, will be stored in a digital file owned by the responsible of this website.
The collection and processing of the user’s data are meant to resolve all the requests about the content of this site. The fields marked with an asterisk are mandatory. Otherwise, the request cannot be completed.
To use the contact form, the user must check the privacy acceptance checkbox. This means that the user gives his/her consent to store the data in the digital file.
We urge the users not to include sensitive data (described in the previous point) in the contact form or any other contact channel. Therefore, if the user does it, he/she must get in touch immediately with us to erase that information from our database. He/she must send an email to firstname.lastname@example.org.
In any case, the user can exercise his/her rights by sending an email to the same email address, indicating name, surname and a copy of a lawful identifying document. The subject of the email must be “GDPR rights”.
In our site we use Google reCAPTCHA for spam detection and Google Analytics for statistical analysis.
Spam detection system
Spam protection is legitimate according to GDPR – article 6; point 1-f and essential to offer our services properly to our users.
This site uses Google reCAPTCHA, a system that can analyse the users behaviour in order to determine if there is a person or a bot behind. We use it in our contact forms and the articles comments system to prevent our site from spam attacks and automatic spyware.
We also use Akismet in the comments system, which may store the comment content and the user’s information that comes with it (email, name and surname) for 2 week at least. Then, it is automatialy erased. You can read more about Akismet and GDPR here and in the Automattic’s Legal notice.
We use Google Analytics for statistical purposes, such as to count the number of visitors of our website, the most visited pages and posts, or the preferred language. These data are always anonymous since the IP is hidden. We do not share these data with third-parties.
This system installs cookies in the user’s browser, always under his/her previous consent.
How long do we keep your data?
If you leave a comment, the comment itself and its metadata are stored indefinitely in order to recognize and approve successive comments automatically, instead of keeping them in a moderation queue.
If the user registers in our site, we also store the personal data you introduce in your profile. The user can modify or erase this information at any time (except for the profile user name). The web administrators can also see and edit that information. Those data will be stored in our database indefinitely or until the user asks for its elimination.
The data needed to make a bill or check will be preserved for 6 years after the ending of an annual audit. If the user asks for their erasure, we will make those data anonymous or we will proceed to erase the information from sites of public access.
Remember that we may have to store some data for administrative, legal or security reasons, according to the restrictions in GDPR Article 23 and the applicable law.