This privacy policy applies to the processing of personal data of customers and/or users of https://esenziashop.es , hereinafter, the WEBSITE, owned by the commercial company ESENZIA ENTERPRISE 2019, SL, in forward, the RESPONSIBLE FOR THE TREATMENT.

Applicable regulations

Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT and of the COUNCIL, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which Directive 95/46/EC (General Data Protection Regulation) is repealed, hereinafter GDPR EU 2016/679, and insofar as it does not contradict the aforementioned Regulation, by the provisions of Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, hereinafter LOPDGDD 3/2018.

By providing us with their data, the client and/or user declares that they have read and are aware of this Privacy Policy, giving their unequivocal and express consent to the processing of their personal data in accordance with the purposes and terms expressed herein.

Basic information on data protection

BASIC INFORMATION ON DATA PROTECTION
Responsible	ESENZIA ENTERPRISE 2019, SL
purpose	Respond to the requests for information received, answer the questions raised, subscribe to the informative newsletter to receive the latest news, offers and special promotions of our articles and/or products, attend to the orders of the clients and/or users of the online store, provide customer service, as well as send commercial communications about our articles and/or products by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other equivalent electronic means of communication, as long as the interested party has consented to the processing of their personal data for this purpose.
Legitimation	Execution of a contract in which the interested party is a party or for the application at his request of pre-contractual measures. Legitimate interest of the person responsible. Consent of the interested party.
Recipients	No data will be transferred to third parties, except legal obligation.
Rights	You have the right to access, rectify and delete the data, as well as other rights, indicated in the additional information, which you can exercise by contacting the address of the Data Controller at atencionalcliente@esenziashop.es
Additional Information	You can consult additional and detailed information on Data Protection in the attached clauses found at https://esenziashop.es/politica-de-privacidad

 

Additional information on data protection

The data controller is:

• Identity: ESENZIA ENTERPRISE 2019, SL
• IF: B16837858
• Address: C/ Ciudad de Montilla Block 3, 1º 4 - 41008 Seville (Spain)
• Telephone: (+34) 622 13 00 17
• Email: atencionalcliente@esenziashop.es

Data Protection Officer

The DATA CONTROLLER does not have a Data Protection Officer.

Purposes and legal basis of the treatment

1. a) In general

The DATA CONTROLLER treats the personal data provided by its clients and/or users for the following purposes:

• Purpose : attend to the requests for information received, answer the questions raised, subscribe to the informative newsletter to receive the latest news, offers and special promotions of our articles and/or products, attend to the orders of customers and/or users of the online store, provide customer service, carry out administrative, commercial, accounting and fiscal management, as well as send commercial communications about our articles and/or products by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other equivalent means of electronic communication, as long as the interested party has consented to the processing of their personal data for this purpose.
• Legal basis that legitimizes this treatment: Execution of a contract in which the interested party is a party or for the application at his request of pre-contractual measures. Legitimate interest. The consent of the interested party, which may be withdrawn at any time.

1. b) Electronic forms WEBSITE

The DATA CONTROLLER treats the personal data provided by customers and/or users through the electronic forms for collecting personal data on the WEBSITE for the purposes identified below:

In relation to the "Contact Form" and other queries (those that can be addressed through the email accounts listed on the WEBSITE) :

• Purpose : Contact the interested party, respond to the requests for information received and answer the questions raised, provide customer service, as well as send commercial communications about our articles and / or products by letter, telephone, email, SMS / MMS , WhatsApp, Telegram or by other equivalent means of electronic communication, as long as the interested party has consented to the processing of their personal data for this purpose.
• Legal basis that legitimizes this treatment: Execution of a contract in which the interested party is a party or for the application at his request of pre-contractual measures. The consent of the interested party, which may be withdrawn at any time.

In relation to the "Newsletter Subscription Form" :

• Purpose : Allows the user to subscribe to the informative newsletter to receive the latest news, offers and special promotions of our articles and/or products by email.

• Legal basis that legitimizes this treatment: The consent of the interested party, which may be withdrawn at any time.

Regarding the “Create an account form” :

• Purpose: Allows the user to register to access the online store of the website, as well as to send commercial communications about promotions of our articles and/or products by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other means of communication. equivalent electronic communication, as long as the interested party has consented to the processing of their personal data for this purpose.

• Legal basis that legitimizes this treatment: Execution of a contract in which the interested party is a party or for the application at his request of pre-contractual measures. The consent of the interested party, which may be revoked at any time.

In relation to the "Login Form" :

• Purpose: Allows the registered user to access the online store with their username and password to purchase the items and/or products that are made available to them.

• Legal basis that legitimizes this treatment: Execution of a contract in which the interested party is a party or for the application at his request of pre-contractual measures.

In relation to the “Buy as a guest form” :

• Purpose : Allows the user, without having to register previously, to purchase the items and/or products that are made available to them in the online store.

• Legal basis that legitimizes this treatment : Execution of a contract in which the interested party is a party or for the application at his request of pre-contractual measures.

In relation to the "Live Chat Form - Online customer service platform "WhatsApp Web " :

• Purpose : Provides the user with direct communication with the DATA CONTROLLER through WhatsApp Web, an instant messaging application installed on the website.

• Legal basis that legitimizes this treatment : The consent of the interested party, which may be withdrawn at any time.

When the data requested in the electronic forms are necessary, the DATA CONTROLLER will indicate said mandatory nature at the time of collecting data from clients and/or users and not providing them will imply that the corresponding request cannot be met.

What type of data do we process?

For the purposes set forth in the previous section, the Client's data set is processed, which can be divided into the following sources and categories:

1. a) Data provided directly by the client and/or user: data provided directly by the client and/or user, either at the time of requesting the service through the completion of electronic forms for the collection of personal data or in paper format enabled for this purpose as well as those provided throughout the contractual relationship through different means, such as claims or requests for information filed with the Customer Service Department. The client and/or user is responsible for its veracity and updating.

• Identification Data (name and surname, NIF, NIE, passport, postal address, email, telephone, mobile, manual, handwritten or digitized signature, social network profiles, IP addresses, username and password)

• Economic Data (bank details)

1. b) Data obtained from sources other than the client and/or user himself: data obtained from sources other than the client and/or user, either by having his consent or by any other legal authorization (legitimate interest, compliance with a legal obligation …).

1. c) Data derived from the development of the commercial relationship: data provided indirectly by the client and/or user as a result of the provision of the contracted service and the maintenance of this activity. This category includes traffic data, the history of payments or items and/or products purchased, browsing data through the public Web page or access to the private area or others of a similar nature.

Record of processing activities

We inform you that the personal data obtained from the client and/or user as a result of completing the existing electronic forms on the WEBSITE form part of the Treatment Activities Registry (RAT) of the DATA CONTROLLER, which will be updated periodically from time to time. in accordance with the provisions of the GDPR EU 2016/679 and the LOPDGDD 3/2018 .

Recipients

The personal data of the interested parties will be communicated to the recipients indicated below:

1. a) In general:

• The providers of the DATA CONTROLLER as data processors, within the framework of the corresponding provision of services (lawyers, accounting and tax advice, consultants, transport agencies and information technology service providers – website hosting and service of e-mail-).

• The competent authorities and bodies, to the extent necessary to comply with legal obligations.

1. b) In relation to the "Contact Form" and with other inquiries (those that can be addressed through the email accounts that appear on the WEBSITE ), with the "Newsletter Subscription Form" , with the "Form Create an account” , with the “Login Form” , with the “Buy as Guest Form” and with the “Live Chat Form - WhatsApp Web online customer service platform ” :

• No data will be transferred to third parties, except legal obligation.

Transfers to third countries

• Data transfers to third countries are not foreseen, without an adequate level of protection.

Conservation periods

Personal data will be kept:

1. a) In general:

• The data will be kept as long as you do not request its deletion, and in any case, during the years necessary to comply with legal obligations.

1. b) In relation to the "Contact Form" and with other inquiries (those that can be addressed through the email accounts that appear on the WEBSITE ), with the "Newsletter Subscription Form" , with the "Form Create an account” , with the “Login Form” , with the “Buy as Guest Form” and with the “Live Chat Form - WhatsApp Web online customer service platform ” :

• Personal data will be kept until the end of the relationship between the DATA CONTROLLER and the client and/or user, unless the latter previously requests their deletion, or until the interested party withdraws the consent granted at any time, without that this affects the legality of the treatment based on the consent prior to its withdrawal.

For these purposes, the interested party is reminded that they must transfer to the DATA CONTROLLER as recipient to whom they communicate personal data, any rectification or deletion of the data of their representatives, authorized persons and other contact persons.

Once the relationship is concluded, to the extent that the personal data of the interested parties are relevant for the purposes of the responsibility of the DATA CONTROLLER towards the clients and/or users, these data will be kept, duly blocked, at the disposal of the authorities. courts or the competent public administrations, for the demand of the responsibilities derived from the treatment for the period of prescription of the same.

Rights of the interested parties

Clients and/or users of the WEBSITE may exercise before the DATA CONTROLLER, to the extent applicable, the following rights: access to personal data, rectification, deletion (right to be forgotten), limitation of treatment, portability of data, opposition to treatment and not being subject to automated individual decisions and, when the treatment is based on consent, the right to withdraw it at any time.

Clients and/or users may exercise these rights by written and signed request sent to the postal address of the DATA CONTROLLER located at C/ Ciudad de Montilla Block 3, 1º 4 - 41008 Seville (Spain) or through the email address e-mail atencionalcliente@esenziashop.es, attaching, in both cases the interested party, proof of legally valid identity, such as a photocopy of the NIF/NIE or equivalent document, and clearly indicating the right they wish to exercise.

Clients and/or users will also have the right to file a claim with the competent Control Authority (Spanish Agency for Data Protection) if they observe that the treatment does not comply with current regulations or consider that their rights regarding data protection have been violated. of your personal data, especially when you have not obtained satisfaction in the exercise of your rights, through the WEB page https://www.aepd.es

These rights will be addressed by the DATA CONTROLLER within a period of 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received so requires. All this without prejudice to the duty to keep certain data in the legal terms and until the possible responsibilities derived from a possible treatment, or, where appropriate, from a contractual relationship, prescribe.

In addition to the above, and in relation to data protection regulations, Users who request it, have the possibility of organizing the destination of their data after their death.

Sending commercial communications

In compliance with the provisions of the second final provision of Law 9/2014, of May 9, on Telecommunications, which modifies Law 34/2002, of July 11, on services of the information society and electronic commerce, Commercial communications made electronically must be clearly identifiable as such, and the natural or legal person on whose behalf they are made must also be clearly identifiable, without prejudice to the provisions of the regulations issued by the Autonomous Communities with exclusive powers over consumption.

The client and/or user, who provides their contact information to the DATA CONTROLLER by clicking on the "SEND" button on the electronic forms for collecting personal data on the website and affirmatively checking the two boxes for obtaining consent. existing, "I accept the processing of my data according to the purposes indicated in the basic data protection information" and "I give my consent to receive commercial communications of your articles and/or products", manifestly authorizes and grants your express, free and unequivocally to the DATA CONTROLLER to process your personal data for the purpose of sending you commercial communications about your articles and/or products by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other equivalent electronic means of communication.

The legal basis that legitimizes this treatment is the consent of the interested party, which may be revoked at any time.

In compliance with the provisions of articles 21 and 22 of Law 34/2002, of July 11, on services of the information society and electronic commerce, the user may oppose the processing of their data for promotional purposes and revoke the consent given to the reception of commercial communications via email with the simple notification of his will to the PROVIDER through a simple and free procedure, consisting of sending an email to the email address atencionalcliente@esenziashop.es , indicating in the Subject of the message “LOW” or “DO NOT SEND”.

The data provided will be kept as long as the commercial relationship is maintained or during the years necessary to comply with legal obligations.

social media policy

The DATA CONTROLLER has profiles on the following Internet social networks:

• Facebook
• instagram

In this case , it is considered responsible for the processing of the data of its users, also understood as followers, subscribers, fans, or simply people who make comments or queries through these channels.

In this sense, the RESPONSIBLE FOR THE TREATMENT could use this profile to inform its users of news that it deems appropriate for the purpose of the services offered, or perhaps it could also share information or current articles published by other users of social networks.

In no case will it use users' personal information without their consent to have relationships other than those expected in the aforementioned social network, requesting the user's own consent where appropriate.

Veracity of the data provided by the interested parties

The client and/or user is responsible for the information provided by filling in the electronic forms that are made available on the WEBSITE or by sending emails to the different existing accounts under the domain in Internet @esenziashop.es is true, answering for the accuracy of all the data that it communicates and will keep it updated so that it reflects a real situation, being responsible for false or inaccurate information that it provides and for the damages, inconveniences and problems that could be caused to the RESPONSIBLE FOR THE TREATMENT or to third parties.

Security measures

The DATA CONTROLLER guarantees that he has implemented the appropriate technical and organizational policies on the WEBSITE to apply the security measures established by GDPR UE 2016/679 and LOPDGDD 3/2018 in order to protect the rights and freedoms of customers. and/or users and has communicated the appropriate information so that they can exercise them.

The DATA CONTROLLER, in order to protect individual rights, especially in relation to automated processing and with the desire to be transparent with clients and/or users, has established a policy that includes all such processing, the purposes pursued by the latter , the legitimacy of the same and also the instruments available to the client and/or user so that they can exercise their rights.

The WEBSITE is developed with the Shopify e-commerce platform and with the Booster plugins: EU Cookie Bar GDPR, Loox Product Reviews & Photos, Order Deadline, Releasit Cash On Delivery Fee, Sendcloud, Sendvio: Email Marketing & SMS, Shopify Mail, SMSBump SMS Marketing by Yotpo, WhatsApp app by SuperLemon, and has an SSL encryption certificate activated for the entire domain, which allows the user to securely send their personal data through the existing electronic forms for collecting personal data.

All information will be kept and managed with due confidentiality, applying the necessary computer security measures to prevent access or improper use of your data, its manipulation, deterioration or loss.

However, the client and/or user must take into account that the security of computer systems is never absolute. When personal data is provided over the Internet, such information may be collected without your consent and processed by unauthorized third parties. The RESPONSIBLE FOR THE TREATMENT declines, any type of responsibility for the consequences of these acts may have for the User, if he published the information voluntarily.

Acceptance and consent

The client and/or user declares that they have been informed of the conditions on the protection of personal data, accepting and consenting to their automated processing by the DATA CONTROLLER in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may contain particular conditions with specific provisions regarding the protection of personal data.

Changes to this privacy policy

THE DATA CONTROLLER reserves the right to modify this Privacy Policy to adapt it to new legislation, jurisprudence, interpretation of the Spanish Agency for Data Protection, as well as industry practices.

In such cases, the DATA CONTROLLER will announce the changes introduced on the websites with reasonable anticipation of their implementation.

This privacy policy may be complemented by the Legal Notice, Cookies Policy and the General Conditions of Contract that, where appropriate, are collected for certain products or services, if said access implies any specialization in the matter of protection of personal data. .