The SELLER collects on the WEBSITE personal data of its CLIENTS, including by means of cookies. The CLIENTS can deactivate the cookies following the instructions given by their browsers. You are given more information about our cookies policy in Article 15 of these General Conditions of Sale.
14.1 Responsible for the treatment:
The SELLER, Tempvs Templi, being the manager Consuelo Acevedo Jiménez, with DNI 34065631D, with fiscal address in C/ de l'Argenteria, 5, 07001 - Palma and telephone number 660554099
14.2 Obtaining your data:
The data that we have of you is the one that has facilitated to us initially and those that are generated during the relation and interactions.
14.3 Purposes of treatment:
The data collected by the SELLER will be used in order to process your orders made through the WEBSITE, manage the CLIENT's account, analyze your orders and send you emails for promotional purposes, newsletters, promotional offers and / or information about products and services similar to those acquired, except if the CLIENT does not wish to receive such communications from the SELLER.
CUSTOMERS can object to receiving promotional emails at any time by accessing their account or by clicking on the hyperlink provided for such purposes under each offer received by email, or by sending an email to the Data Protection Delegate.
14.4 Legal basis of the treatment:
The treatment of the CUSTOMER's personal data related to the maintenance of its relationship with the SELLER as a customer, is legitimized when necessary to comply with the contractual obligations derived from said relationship.
The treatment of the CLIENT's personal data to send promotional information about products and services of the SELLER similar to those that were initially hired with the CUSTOMER, responds to a legitimate interest of the SELLER and is authorized by the current regulations.
The data may be communicated, in whole or in part, to the service providers of the SELLER intervening in the order. For commercial purposes, the SELLER may transfer to its collaborators the names and coordinates of its CLIENTS, under the condition that they have given their prior agreement at the time of their registration on the WEBSITE. The SELLER will specifically ask the CLIENTS if they want their personal data to be disclosed. CUSTOMERS may change their mind at any time by contacting the SELLER. The SELLER may also ask its CLIENTS if they wish to receive commercial information from their collaborators.
14.6 International transfers:
The SELLER has contracted the services of technological suppliers located in countries that do not have regulations equivalent to European ("Third Countries"). These suppliers have subscribed with the SELLER the confidentiality and data treatment contracts required by the regulations for suppliers located in Third Countries, applying the guarantees and safeguards necessary to preserve the CLIENT's privacy. In particular, the [reference to adequate or appropriate guarantees, ie Privacy Shield, etc.]
14.7 Term of conservation:
The personal data will be kept as long as the CUSTOMER maintains the relationship with the SELLER and, after the termination of said relationship for any reason, during the legal limitation periods that are applicable. In this case, they will be treated for the sole purpose of proving compliance with the legal or contractual obligations of the SELLER. After 12 said limitation periods, the CLIENT's data will be deleted or, alternatively, anonymized.
In accordance with Regulation (EU) 2016/679 on Protection of Personal Data, the CLIENT benefits from a right of access, rectification, opposition (for legitimate reasons) and the removal, portability, and / or limitation of these personal information. Likewise, the CUSTOMER will also have the right to withdraw his consent at any time for treatments based on consent, without affecting the legality of the treatment based on the consent prior to its withdrawal. You can exercise these rights by sending an email to the address: email@example.com, or by sending an email to C / de l'Argenteria, 5, 07001, Palma de Mallorca. It is specified that the CUSTOMER must be able to justify his identity, either by scanning an identity card, or by sending a photocopy of it to the SELLER.
Likewise, the CLIENT may exercise these rights through his account registered on this website, by logging in and through the different options that you will find in his control panel.
Likewise, if the CUSTOMER considers that the processing of their personal data violates the regulations or their privacy rights, they may submit a claim:
- Before the Spanish Agency for Data Protection, through its electronic headquarters, or your postal address.
Responsible: Identity: Tempvs Templi - NIF: 34065631D Dir. Postal: c / de l'Argenteria, 5, 07001 Palma Telephone: 660554099 E-mail: firstname.lastname@example.org
ANNEX SECURITY MEASURES
INFORMATION OF GENERAL INTEREST
This document has been designed for the treatment of low risk personal data from which it can be inferred that it can not be used for the processing of personal data that includes personal data related to ethnic or racial origin, religious or philosophical political ideology, union affiliation, data genetic and biometric, health data, and data on sexual orientation of people as well as any other data treatment that entails high risk for the rights and freedoms of individuals.
Article 5.1.f of the General Data Protection Regulation (RGPD) determines the need to establish adequate security guarantees against unauthorized or illegal treatment, against the loss of personal data, destruction or accidental damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility (Article 5.2) to demonstrate that these measures have been implemented (proactive responsibility).
According to the type of treatment that you have shown when you have completed this form, the minimum minimum security measures that you should take into account are the following:
INFORMATION THAT SHALL BE KNOWN BY ALL STAFF WITH ACCESS TO PERSONAL DATA
All personnel with access to personal data must be aware of their obligations in relation to the processing of personal data and will be informed about these obligations. The minimum information that will be known by all the staff will be the following:
- DUTY OF CONFIDENTIALITY AND SECRET
- The access of unauthorized persons to personal data should be avoided, for this purpose it will be avoided: leaving personal data exposed to third parties (unattended electronic screens, paper documents in areas of public access, supports with personal data, etc.), this consideration includes the screens that are used for the visualization of images of the video-surveillance system. When you are absent from the workplace, the screen will be blocked or the session closed.
- Paper documents and electronic media will be stored in a secure place (cupboards or restricted access rooms) 24 hours a day.
- Documents or electronic media (cd, pen drives, hard drives, etc.) will not be discarded with personal data without guaranteeing their destruction.
- Personal data or any personal information will not be communicated to third parties, special attention will be given in not divulging protected personal data during telephone consultations, emails, etc.
- The duty of secrecy and confidentiality persists even when the worker's employment relationship with the company ends.
- RIGHTS OF THE DATA HOLDERS
All workers will be informed about the procedure to address the rights of the interested parties, clearly defining the mechanisms by which the rights can be exercised (electronic means, reference to the Delegate of Data Protection if there is one, postal address, etc.). ) taking into account the following:
- Upon presentation of their national identity document or passport, the holders of personal data (interested) may exercise their rights of access, rectification, deletion, opposition and portability. The person responsible for the treatment must respond to the interested parties without undue delay.
For the right of access , the interested parties will be provided with a list of the personal data they have available, along with the purpose for which they were collected, the identity of the recipients of the data, the conservation periods, and the identity of the person responsible. which can request the rectification suppression and opposition to the processing of the data.
For the rectification right will proceed to modify the data of the interested parties that were inaccurate or incomplete attending to the purposes of the treatment.
For the right of suppression the data of the interested parties will be suppressed when the interested ones express their refusal or opposition to the consent for the treatment of their data and there is no legal duty that prevents it.
For the right of opposition, the interested parties must state their refusal to process their data before the person in charge, who will stop processing them whenever there is no legal obligation to prevent it.
For the portability right, the interested parties must communicate their decision and inform the person responsible, as the case may be, about the identity of the new responsible person to whom they provide their personal data.
The person responsible for the treatment must inform all persons with access to personal data about the terms of compliance to meet the rights of the interested parties, the manner and procedure in which said rights will be met.
- SECURITY VIOLATIONS OF PERSONAL DATA
- When security breaches occur PERSONAL DATA, such as theft or improper access to personal data will be notified to the Spanish Agency for Data Protection within 72 hours about these security violations, including all the information necessary for the clarification of the facts that would have given rise to improper access to personal data. The notification will be made by electronic means through the electronic headquarters of the Spanish Agency for Data Protection at the address: https://sedeagpd.gob.es
- When the same computer or device is used for the processing of personal data and personal purposes, it is recommended to have several profiles or different users for each of the purposes. The professional and personal uses of the computer must be kept separate.
- It is recommended to have profiles with administration rights for the installation and configuration of the system and users without privileges or administrative rights for access to personal data. This measure will prevent access privileges or modify the operating system in case of cybersecurity attack.
- The existence of passwords for access to personal data stored in electronic systems will be guaranteed. The password will have at least 8 characters, a mixture of numbers and letters.
- When personal data are accessed by different people, for each person with access to personal data, a specific username and password will be available (unambiguous identification).
- The confidentiality of passwords must be guaranteed, preventing them from being exposed to third parties. For the management of passwords you can consult the privacy and security guide on the internet of the Spanish Agency for Data Protection and the National Institute of Cybersecurity. In no case will the passwords be shared nor annotated in common place and accessed by people other than the user.
DUTY OF SAFEGUARD
The following are the minimum technical measures to guarantee the safeguarding of personal data:
- UPDATING OF COMPUTERS AND DEVICES : The devices and computers used for the storage and processing of personal data must be kept up-to-date as possible.
- MALWARE : On computers and devices where the automated processing of personal data is carried out, an antivirus system will be available to guarantee the theft and destruction of personal information and data as much as possible. The antivirus system should be updated periodically.
- FIREWALL OR FIREWALL : To avoid undue remote access to personal data will be ensured to ensure the existence of an activated firewall on those computers and devices in which the storage and / or processing of personal data is made.
- ENCRYPTION OF DATA : When it is necessary to perform the extraction of personal data outside the site where it is processed, either by physical means or by electronic means, the possibility of using an encryption method to guarantee the confidentiality of the data should be assessed. personal in case of undue access to information.
- COPY OF SECURITY : Periodically a backup copy will be made in a second support different from that used for daily work. The copy will be stored in a secure place, different from that in which the computer is located with the original files, in order to allow the recovery of personal data in case of loss of information.
The security measures will be reviewed periodically, the review may be done by automatic mechanisms (software or computer programs) or manually. Consider that any computer security incident that has happened to any acquaintance can occur to you, and be warned against it.