Effective date: 12th of November 2023
This text gathers the terms and conditions in which the owner of vitamina3d.com manages and protects the information given by the user when using the website, ensuring compliance with the Spanish regulation: Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales (LOPDGDD) and the rest of the applicable law in every moment that ensures the correct personal data processing.
Furthermore, this website also complies with the General Data Protection Regulation of the EU (GDPR EU 679) released on May 24th, 2016, and applicable since May 25th 2018, having taken all the measures needed for that purpose.
1. Our duties
When we gather user’s personal data, the owner of the website is committed to the following principles:
- Lawfulness, loyalty and transparency in all of our actions. We will never borrow, sell or do any kind of business with the users personal data.
- Personal data are only used for the specific, legitimate and explicit purpose for what they have been collected, always under the user consent.
- The collected personal data are adequate, relevant and limited to the strictly necessary.
- The personal data we have will be exact and updated at any time, according with what the users specify.
- We only keep the personal data for a limited period of time, enough to perform the tasks that need them.
In case of security violation, we will warn the authorities as soon as possible. We will also present a report, fulfilling the requirements of the GDPR.
We are obliged to transfer personal data only under exceptional circumstances, such as a law requirement. We may also do it, always under the user’s explicit consent, to third parties interested in them.
The responsible for de data processing is the owner of the website, who will prove the actions taken to ensure compliance with the GDPR to the corresponding authority when needed.
To protect the users’ personal data, the owner takes all the reasonable precautions and follows the best practices within the industry to avoid data loss, misuse, illicit access, disclosure, alteration or destruction.
Personal data are processed, ensuring security. For that, our hosting company, Raiola Networks, offers safe servers, and ensures their correct functioning. Moreover, the website vitamina3d.com uses https protocols to improve security during data transfer.
2. Users’ obligations
Users are responsible for the accuracy of the data transferred to the owner. They must be currently complete, correct, truthful and accurate. The user must also keep them updated. The owner is not responsible for any of these matters.
3. Users’ rights
Every registered user, those who have left comments or those who have just visited our website, can exercise any of the following rights at any time:
- Right of access. Obtain confirmation from the controller if he stores personal data or information concerning the user and, if it is the case, get access to that information.
- Right to rectification. Correct or modify wrong, inaccurate or incomplete personal data.
- Right to object. Oppose to the use of personal data for a purpose different from the one agreed or booked.
- Right to restriction of usage. The users can ask us not to use their data for a limited period of time or until further notice. Those data can be kept, modified or erased if the user asks for.
- Right to erasure (Right to oblivion). The users can ask us to erase from our database all the information they have provided us, or those data they consider inadequate or excessive (except those data we are obliged to keep for administrative, legal or security reasons, in compliance with the LOPDGDD and the GDPR).
- Right to data portability. The user can ask the controller for his/her personal data in a structured, commonly used and machine-readable format and transmit them to a third party.
- Automated individual decision-making, including profiling. The user has the right not to be objected to a decision based only on automated processing, including profiling, in order to make a decision that can concern him/her.
How to exercise your rights
The user must use the email address he/she used to register in our website and identify himself/herself by means of his/her DNI, NIE, passport or a legal identification document not expired.
The user will tell us which actions we must take according to his/her rights, and we will proceed as soon as possible. According to the GDPR, we must answer within a month since the user sends the request.
If we do not answer in less than a month, the answer is unsatisfactory, or we are just not showing compliance with the regulations, the user can make a claim to the Spanish Data Protection Agency (Agencia Española de Protección de Datos).
We also inform that, in case of complex rights request or if we are somehow overwhelmed by the amount of requests to be dealt, we have the right to an extension of 3 months of the limit. If it is the case, we will inform the applicant we need more time to answer accurately.
4. Data collection and processing
If we need any personal data concerning the user, we will ask for his/her consent, checking a field enabled for that purpose in order to store the data. We always get user personal data from direct channels, never from third parties. Those channels are:
Third party links
Where the data are sent?
In compliance with the LOPDGDD and the UE GDPR, we inform the users that the data transferred to use via a contact form or email, will be stored in a digital file owned by the responsible of this website.
The collection and processing of the user’s data are meant to resolve all the requests about the content of this site. The fields marked with an asterisk are mandatory. Otherwise, the request cannot be completed.
In order to use the contact form, the user must mark the box in which he/she accepts the use of those data, which means that the user gives his/her consent to store the data in the digital file. We urge the users not to include sensitive data (described in the previous point) in the contact form or any other contact channel, as they are not needed for any purpose in this website.
Spam detection system
This site uses Google ReCaptcha, a system that can analyse the user’s behaviour in order to determine if there is a person or a bot behind. With this system, we prevent our site from spam attacks and automatic spyware, legitimately according to GDPR – article 6; point 1-f.
5. How long do we keep your data?
The data needed to make a bill or check will be preserved for 6 years after the ending of an annual audit. If the user asks for their erasure, we will make those data anonymous or we will proceed to erase the information from sites of public access.
Remember that we may have to store some data for administrative, legal or security reasons, according to the restrictions in GDPR Article 23 and the applicable law.