Privacy policy
LA FONERIA informs the users of its website about its policy regarding the processing and protection of the personal data of its users and customers.
It guarantees, at all times, total compliance with the obligations set forth in the regulations on data protection and information society services. Namely, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR); Spanish Organic Law 3/2018 of 5 December on Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD); and Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSICE).
DATA CONTROLLER
LA FONERIA
Spanish tax ID no. (CIF): B04931812
Registered address: Carrer Les Piques, 41, Baixos - 25300, Tàrrega.
Registration details: Mercantile Register of Lleida, Volume 1.618, Folio 7, Sheet no. L-33.072, 1st inscription.
Telephone no.: (+34) 973 310 807
E-mail: info@lafoneria.com
PURPOSES OF THE DATA PROCESSING
The data provided by the User is used for the following purposes:
Purpose of the processing |
Legal justification for the processing |
To manage queries or requests made through the contact forms contained on the website. |
Legitimate interest of the Company in responding to requests for information via the website. Consent is given expressly at the time of data collection through the forms contained on the website. |
To send newsletters, commercial communications and promotions. |
Consent is given expressly at the time of data collection through the forms contained on the website. |
To manage incidents and maintain the website. |
Legitimate interest of the Company. |
DATA STORAGE PERIOD
Purpose of the processing |
Storage period |
To manage queries or requests made through the contact forms contained on the website. |
As long as necessary to manage your request. |
To send newsletters, commercial communications and promotions. |
Until the moment at which you unsubscribe. |
To manage incidents and maintain the website. |
As long as necessary to comply with the applicable statutory limitation periods. |
RECIPIENTS OF THE DATA
In order to serve the purposes outlined in this Privacy Policy, we must grant access to your personal data to certain third parties who help us provide the services we offer you (hereinafter, "Data Processors").
In order to execute a contract or provide a service to the Website Owner (for the purposes of data security, the "Data Controller"), the Data Processors must follow the instructions issued by the same and ensure the same levels of data security.
USER RIGHTS
The user has the right to:
- Request access to their personal data being processed and receive such information in writing by the means requested.
- Request the rectification of inaccurate personal data or, where appropriate, request its deletion when the data is no longer necessary for the purpose for which it was collected, among other reasons.
- Request the limitation of the processing of their data.
- Oppose the processing of their personal data, where appropriate. In this case, their data will no longer be processed where there are no legitimate reasons to do so.
- The portability of their data. The Data Subject has the right to receive the personal data if it has been provided in a structured, commonly used and machine-readable format, and to send it to another Data Controller, if the following requirements are met:
- The processing is based on consent or a contract.
- The processing is carried out by automated means.
- Withdraw the consent provided.
- File a complaint with the Spanish Data Protection Agency.
The User may exercise the aforementioned rights by sending a letter or email to the Data Controller, proving their identity with a scanned copy of their national ID card or equivalent document and specifying the right(s) that they wish to exercise.
ORIGIN OF THE DATA
The personal data must be provided by the Data Subject voluntarily. If certain data is not provided or if the Data Subject fails to answer questions that arise during the registration processes or through electronic forms, they may not be able to access certain services for which said data is required. In this case, the Data Controller must inform the Data Subject of the need to provide their personal data for the service to be provided.
The Data Controller ensures the confidentiality of their personal data and guarantees its security, adopting the necessary measures to prevent its alteration, loss, processing or unauthorised access.
INFORMATION PROVIDED BY THE DATA SUBJECT
Minors under 18 years of age may not disclose their personal data without the prior consent of their parent and/or legal guardian.
By entering its data in contact forms, the Data Subject expressly, freely and unequivocally accepts that this is required by the Data Controller to handle their request. It also acknowledges that the inclusion of data in the remaining fields is voluntary.
The Data Subject guarantees that the personal data provided is accurate and that they are responsible for communicating any modification to the same.
All data requested on the website is required in order to provide an optimal service to the Data Subject. If some of the requested data is not provided, there is no guarantee that the information and services provided by the Data Controller will be completely tailored to the needs of the Data Subject.
SECURITY MEASURES
In accordance with the provisions of the regulations in force on the protection of personal data, the Data Controller complies with all the provisions set forth in the GDPR and LOPDGDD concerning the processing of personal data under its responsibility. Likewise, it manifestly complies with the principles described in Article 5 of the GDPR and Article 4 of the LOPDGDD, guaranteeing that the data is processed lawfully, fairly and transparently in relation to the Data Subject and that it is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The Data Controller guarantees that it has implemented the appropriate technical and organisational policies in order to apply the security measures established by the GDPR and the LOPDGDD to protect the rights and freedoms of the Data Subject. It has also provided the Data Subject with the appropriate information so that they can exercise these rights should they wish to do so.
SECURITY BREACHES
The Data Controller will inform each and every person whose data may have been affected, as well as the corresponding authorities, of any security breach concerning the database used by this website or which affects any of our third-party services within 72 hours of the breach being detected.
APPLICABLE LEGISLATION AND JURISDICTION
The Website Owner reserves the right to bring any civil or criminal action it deems necessary for improper use of the website or the content hosted on it.
The relationship between the User and the Website Owner shall be governed by the regulations in force in Spain. In the event of any dispute concerning the interpretation and/or application of the regulations, the parties shall submit their disputes to the ordinary jurisdiction of the courts and tribunals that correspond according to law.