PRIVACY POLICIES
This privacy policy applies to the processing and protection of the personal data of clients and/or users of https://esenziashop.es/en, hereinafter, the WEBSITE, owned by the commercial company ESENZIA ENTERPRISE 2019, SL, hereinafter, the CONTROLLER RESPONSIBLE FOR THE TREATMENT.
Applicable regulations
Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT and the COUNCIL, of 27 April, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and which repeals Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR EU 2016/679.
And insofar as it does not contradict the aforementioned Regulation, as provided in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, hereinafter LOPDGDD 3/2018.
By providing us with their data, the client and/or user declares that they have read and are aware of this Privacy Policy, giving their unequivocal and express consent to the processing of their personal data according to the purposes and terms expressed here.
Basic information on data protection
BASIC INFORMATION ON DATA PROTECTION |
|
Controller |
ESENZIA ENTERPRISE 2019, SL |
Purpose |
|
Legitimation |
Execution of a contract involving the interested party and their requests of pre-contractual measures. Legitimate interest of the person responsible. Consent of the interested party. |
Recipients |
No data will be transferred to third parties, except legal obligation. |
Rights |
You have the right to access, rectify and delete the data, as well as other rights, indicated in the additional information, which you can exercise by contacting the address of the Data Controller at atencionalcliente@esenziashop.es |
Additional Information |
You can consult additional and detailed information on Data Protection in the attached clauses found at https://esenziashop.es/politica-de-privacidad |
Additional information on data protection
The person responsible for the treatment is:
- Identity: ESENZIA ENTERPRISE 2019, SL
- I.F.: B16837858
- Address: C / SAN ELOY, 25, 41001, Seville (Spain)
- Email: atencionalcliente@esenziashop.es
Data Protection Officer
The CONTROLLER does not have a Data Protection Officer.
Purposes and legal basis of processing
- a) In general terms
The DATA CONTROLLER processes the personal data provided by their clients and/or users for the following purposes:
- Purpose :
- Respond to requests for information received.
- Respond to possible raised queries.
- Subscribe to the newsletter to receive the latest news, offers and special promotions of our articles or products.
- Assist our customer and/or used orders from the online store.
- Provide customer service.
- Carry out administrative, commercial, accounting and tax management services.
- Send commercial communications by letter, phone, email, SMS/MMS, WhatsApp, Telegram or other means of electronic communication as long as the interested party has consented to the processing of their personal data for this purpose.
- Legal basis that legitimizes this processing: Execution of a contract involving the interested party and their requests of pre-contractual measures. Legitimate interest. The consent of the interested party, may be withdrawn at any time.
- b) Electronic forms from the WEBSITE
The CONTROLLER processes the personal data provided by clients and/or users through the electronic forms for collecting personal data existing on the WEBSITE for the purposes identified below:
Regarding the “Contact Form” and other queries (those that can be directed through the email accounts listed on the WEBSITE) :
- Purpose :
- Respond to the requests for information received.
- Respond to possible raised queries.
- Subscribe to the newsletter to receive the latest news, offers and special promotions of our articles or products.
- Respond to the requests from our customers or users of the online store.
- Provide customer service, as well as send commercial communications by letter, phone, email, SMS/MMS, WhatsApp, Telegram or other means of electronic communication as long as the interested party has consented to the processing of their personal data for this purpose.
- Legal basis that legitimizes this processing: Execution of a contract involving the interested party and their requests of pre-contractual measures. The consent of the interested party may be withdrawn at any time
Regarding the “Newsletter Subscription Form” :
- Purpose : Allows the user to subscribe to the informative newsletter in order to receive in their email the latest news, offers and special promotions of our articles and/or products.
- Legal basis that legitimizes this treatment: The consent of the interested party, which may be withdrawn at any time.
In relation to the “Create an account form” :
- Purpose: Allows the user to sign up on the online store of the website, as well as send commercial communications about promotions of our articles and/or products by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other means of equivalent electronic communication, as long as the interested party has consented to the processing of their personal data for this purpose.
- Legal basis that legitimizes this processing: Execution of a contract involving the interested party and their requests of pre-contractual measures. The consent of the interested party may be withdrawn at any time.
In relation to the “Login Form” :
- Purpose: Allows the registered user to access the online store with their username and password to purchase the articles and/or products to purchase the articles and/or products available
- Legal basis that legitimizes this processing: Execution of a contract involving the interested party and their requests of pre-contractual measures.
In relation to the “Buy as Guest Form” :
- Purpose : Allows the user, without having to register previously, to purchase the articles and/or products available in the online store.
- Legal basis that legitimizes this processing : Execution of a contract in which the interested party is a party or for the application at their request of pre-contractual measures.
Regarding the “Live Chat Form - Online customer service platform “WhatsApp Web ” :
- Purpose : Provide the user with direct communication with the DATA CONTROLLER through WhatsApp Web, an instant messaging application installed on the website.
- Legal basis that legitimizes this processing : The consent of the interested party, which may be withdrawn at any time.
In the event that the data requested from the electronic forms is necessary, the DATA CONTROLLER will indicate its mandatory nature at the very moment of collecting this data from the clients and/or users. Not providing this data will imply that the requested application cannot be fulfilled.
What type of data do we process?
In order to carry on with the purposes previously exposed, the treatment we do of our customer's data can be divided in the following sources and categories:
- a) Data provided directly by the client and/or user: data provided directly by the client and/or user.Including through the completion of electronic forms for collecting personal data at the time of requesting the service. As well as, in paper format enabled for this purpose as well as those provided throughout the contractual relationship through different means such as, for example, complaints or requests for information filed with the Customer Service. The client and/or user is responsible for its veracity and updating.
- Identification Data (name and surname, ID, passport, postal address, email, telephone, cell phone number, handwritten or digital signature, social network profiles, IP addresses, username and password)
- Economic Data (banking data)
- b) Data obtained from sources other than the client and/or user: data obtained from sources other than the client and/or user, either by having their consent or by any other legal authorization (legitimate interest, compliance with a legal obligation…).
- c) Data derived from the development of the commercial relationship: data provided indirectly by the client and/or user as a result of the provision of the contracted service and the maintenance of this activity. This category includes traffic data, payment history or history of items and/or products purchased, navigation data through the public Web page or access to the private area, or others of a similar nature.
Record of treatment activities
We inform you that the personal data obtained from the client and/or user as a result of completing the electronic forms existing on the WEBSITE are part of the Record of Processing Activities (RAT) of the CONTROLLER, which will be updated periodically. in accordance with the provisions of the RGPD EU 2016/679 and the LOPDGDD 3/2018 .
Recipients
The personal data of the interested parties will be communicated to the recipients indicated below:
- a) In general terms:
- The suppliers of the CONTROLLER as data processors of the corresponding provision of services (lawyers, accounting and tax advisors, consultants, transport agencies and I.T. service providers - website hosting and service of e-mail-).
- The competent authorities and organizations, in order to comply with legal obligations.
- b) In relation to the “Contact Form” and other queries (those that may be directed through the email accounts listed on the WEBSITE ), made with the “Newsletter Subscription Form”, with the “Form Create an account”, with the “Log in form”, with the “Buy as a guest form” and with the “Live chat form - Online customer service platform WhatsApp Web ”:
- No data will be transferred to third parties, except legal obligation.
Transfers to third countries
- Data transfers to third countries are not planned without an adequate level of protection.
Data retention
Personal data will be kept:
- a) In general terms:
- The data will be kept as long as you do not request its deletion, and in any case, for the years necessary to comply with legal obligations.
- b) In relation to the “Contact Form” and other queries (those that can be directed through the email accounts listed on the WEBSITE ), with the “Newsletter Subscription Form”, with the “Form Create an account”, with the “Log in form”, with the “Buy as a guest form” and with the “Live chat form - WhatsApp Web online customer service platform ” :
- The personal data will be kept until the end of the relationship between the DATA CONTROLLER and the client and/or user, unless the latter previously requests their deletion, or until the interested party withdraws the consent granted at any time, without any effect over the legality of the treatment based on consent prior to its withdrawal.
For these purposes, the interested party is reminded that they must transfer to the DATA CONTROLLER - as recipient to whom personal data is communicated - any rectification or deletion of the data of their representatives, authorized persons and other contact persons.
Once the relationship has concluded these data my be kept to the extent that the personal data of the interested parties is relevant for the purposes of the responsibility of the DATA CONTROLLER towards clients and/or users. These data will be kept, properly blocked, at the disposal of the judicial authorities or the competent public administrators, in case they demand the responsibilities derived from the treatment during the time when the services were provided.
Rights of interested parties
Clients and/or users of the WEBSITE may exercise before the DATA CONTROLLER, to the extent applicable, the following rights:
- access to personal data
- rectification
- deletion (right to be forgotten),
- limitation of processing,
- portability of data
- opposition to processing and not being subject to automated individual decisions and, when processing is based on consent, the right to withdraw it at any time.
Clients and/or users may exercise these rights by means of a written and signed request sent to the postal address of the CONTROLLER located at C/ Ciudad de Montilla Block 3, 1º 4 - 41008 Seville (Spain) or through the email address atencionalcliente@esenziashop.es, attaching, in both cases, by the interested party, a legal proof of identity, such as a photocopy of the ID or equivalent document, and clearly indicating the right they wish to exercise.
Clients and/or users will also have the right to file a claim with the competent Control Authority (Agencia Española de Protección de Datos) if they observe that the treatment does not comply with current regulations or they consider that their rights regarding protection have been violated. Especially, when you have not obtained satisfaction in the exercise of your rights, through the WEB page https://www.aepd.es
These rights will be attended to by the DATA CONTROLLER within a period of 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received so requires. All of this without prejudice to the duty to retain certain data in accordance with legal terms and until the possible responsibilities arising from possible processing or, where applicable, from a contractual relationship.
In addition to the above, and in relation to data protection regulations, users who request it, have the possibility of organizing the destination of their data after their death.
Sending commercial communications
In compliance with the provisions of the second final provision of Law 9/2014, of May 9, on Telecommunications, which modifies Law 34/2002, of July 11, on information society services and electronic commerce:
Commercial communications made electronically must be clearly identifiable as such. The natural or legal person on whose behalf they are made must also be clearly identifiable, without prejudice to the provisions of the regulations issued by the Autonomous Communities with exclusive powers over consumption.
The client and/or user, who provides their contact information to the CONTROLLER by clicking on the “SEND” button of the electronic forms for collecting personal data existing on the website and affirmatively checks the two boxes for obtaining consent: “I accept the processing of my data according to the purposes indicated in the basic data protection information” and “I give my consent to receive commercial communications about your articles and/or products”, clearly authorize and grant their express, free and fair consent unequivocally to the CONTROLLER to process their personal data in order to send they commercial communications about they articles and/or products by letter, telephone, email, SMS/MMS, WhatsApp, Telegram or by other equivalent means of electronic communication.
The legal basis that legitimizes this processing is the consent of the interested party, which may be revoked at any time.
In compliance with the provisions of articles 21 and 22 of Law 34/2002, of July 11, on information society services and electronic commerce, the user may oppose the processing of their data for promotional purposes and revoke the consent given to receive commercial communications via email with the simple notification of their will to the PROVIDER through a simple and free procedure, The aforementioned procedure consists in sending an email to the email address atencionalcliente@esenziashop.es, indicating in the Subject of the message “UNSUBSCRIBE” or “DO NOT SEND”.
The data provided will be kept as long as the commercial relationship is maintained or for the years necessary to comply with legal obligations.
Social media policy
The CONTROLLER has profiles on the following Internet social networks:
In this case, it is considered responsible for the processing of its users' data, including followers, subscribers, fans, or simply people who make comments or queries through these channels.
In this sense, the CONTROLLER could use this profile to inform its users of news that it considers appropriate for the purpose of the services offered. Perhaps it could also share information or current articles published by other users of social networks.
In no case will it use users' personal information without their consent to have relationships other than those expected on the aforementioned social network, requesting, where appropriate, the user's own consent.
Veracity of the data provided by the interested parties
The client and/or user is responsible for the veracity of information provided by completing the electronic forms available on the WEBSITE or by sending emails to the different accounts that exist under the domain in Internet @esenziashop.es. The client and/or user is also responsible for the accuracy of all the data communicated and will keep it updated so that it reflects a real situation, being responsible for false or inaccurate information provided and for any damages, inconveniences and problems that may cause to the CONTROLLER RESPONSIBLE FOR THE TREATMENT or to third parties.
Security measures
The CONTROLLER guarantees that it has implemented on the WEBSITE the appropriate technical and organizational policies to apply the security measures established by the RGPD EU 2016/679 and the LOPDGDD 3/2018 in order to protect the rights and freedoms of clients and/or users. The CONTROLLER has communicated the appropriate information to them so that they can exercise the aforementioned rights and freedoms.
In order to protect individual rights, especially in relation to automated treatments and with the desire to be transparent with clients and/or users, the DATA CONTROLLER has established a policy that includes all of said treatments, the purposes pursued by the latter, their legitimacy and also the instruments available to the client and/or user so that they can exercise their rights.
The WEBSITE is developed with the Shopify e-commerce platform and with the Booster plugins: EU Cookie Bar GDPR, Loox Product Reviews & Photos, Order Deadline, Releasit Cash On Delivery Fee, Sendcloud, Sendvio: Email Marketing & SMS, Shopify Mail, SMSBump SMS Marketing by Yotpo, WhatsApp app by SuperLemon, and has an SSL encryption certificate activated for the entire domain, which allows the user to securely send their personal data through existing electronic forms for collecting personal data.
All information will be saved and managed with due confidentiality, applying the necessary computer security measures to prevent access or improper use of your data, its manipulation, deterioration or loss.
However, the client and/or user must keep in mind that the security of computer systems is never absolute. When personal data is provided over the Internet, said information could be collected without your consent and processed by unauthorized third parties. The CONTROLLER declines any type of responsibility for the consequences of these acts for the User, if they published the information voluntarily.
Acceptance and consent
The client and/or user declares to have been informed of the conditions regarding the protection of personal data, accepting and consenting to the automated processing thereof by the CONTROLLER in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may contain particular conditions with specific provisions regarding the protection of personal data.
Changes to this privacy policy
THE CONTROLLER reserves the right to modify this Privacy Policy to adapt it to new legislation, jurisprudence, interpretation of the Agencia Española de Protección de Datos, as well as industry practices.
In such cases, the DATA CONTROLLER will announce the changes introduced on the websites with reasonable advance notice of their implementation.
This privacy policy may be complemented by the Legal Notice, Cookies Policy and the General Contracting Conditions that, where appropriate, are collected for certain products or services, if said access involves any specialization in matters of personal data protection.