Privacy Policy

Última modificación: 25 de mayo de 2023

Versión: 1.0

Privacy Policy

Thank you for visiting this website.

Please read carefully the Terms and Conditions contained in this document, since the use of this website implies the express and full acceptance of the same, in the version published at the time you access it. We recommend that you read this document carefully each time you access the website to check if there have been changes in the terms of use and leave it if you do not agree with such changes. If we believe that certain modifications are important, we will update the "Last Modified" date at the top of this page. You will be responsible for reviewing and familiarizing yourself with any modifications made.

LAWS INCORPORATED INTO THIS PRIVACY POLICY

This policy is adapted to the following standards, which are currently in force, both in Spain and in Europe:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

IDENTIFICATION

In compliance with the duty of information contained in article 10 of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce with the current legislation on data protection, specifically, Organic Law 3/2018, of 5 December, on the protection of personal data and guarantee of digital rights (LOPDDGG), which makes fully effective the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

Data Controller: Guadalupe Gómez Fernández (hereinafter THE COMPANY)

Trade Name: As Miguiñas do Cebreiro

CIF 33325158K

COMMUNICATION

To contact us for any question regarding the processing of personal data, we provide you with the following means of contact:

Telephone: 626 517 876

E-mail: asmiguinasdocebreiro@gmail.com

Registered Office: Via Romana 16 – 27670 Pedrafita do Cebreiro (Lugo), España

Website: www.asmiguinasdocebreiro.com

All notifications and communications provided in this section shall be considered effective, for all purposes, when made by any of the means listed above.

We understand that the privacy and security of your personal information is extremely important. That is why this policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.

Principles applicable to the processing of personal data

The processing of the User's personal data shall be subject to the following principles set out in article 5 of the RGPD and in article 4 and following of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights:

Principle of lawfulness, fairness and transparency: the consent of the User shall be required at all times after full and transparent information on the purposes for which the personal data are collected.
Purpose limitation principle: personal data will be collected for specified, explicit and legitimate purposes.
Principle of data minimisation: the personal data collected will be only that which is strictly necessary for the purposes for which it is processed.
Principle of accuracy: personal data must be accurate and always up to date.
Principle of limitation of the storage period: personal data shall only be kept in a form that allows the identification of the User for the time necessary for the purposes of their processing.
Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures their security and confidentiality.
Proactive accountability principle: the Controller shall be responsible for ensuring that the above principles are complied with.

What measures have we taken to ensure the confidentiality, integrity and security of your data?

We only ask for the minimum amount of information necessary, collecting only what we believe to be essential for doing business or for the specific transaction concerned;
We have established a series of confidentiality agreements with all our suppliers, staff and partners;
We have a specialised consultancy that will not only assist us on a permanent basis in this matter but will also carry out periodic controls to ensure correct compliance with these regulations;
We have put in place a series of computer security measures that will protect us from external attacks;
We have reviewed all our documentation so that it is adequate as required by the new regulation;
We have assessed the impact that our procedures may have on the protection of your personal data;
We have trained our staff so that we can all act in a diligent and ethical manner, complying with all the requirements of the new regulation.

Principles we will apply to your personal information

In processing your personal data, we will apply the following principles that comply with the requirements of the new European data protection regulation:

Principle of legality, fairness and transparency:We will always require your consent to the processing of your personal data for one or more specific purposes, which we will inform you about in advance in full transparency.
Principle of data minimisation:We will only request data that is strictly necessary in relation to the purposes for which we require it. As little as possible.
Principle of limitation of the retention period:data will be kept for no longer than is necessary for the purposes of processing, depending on the purpose, we will inform you of the relevant retention period, in the case of subscriptions, we will periodically review our lists and delete those records which have been inactive for a considerable period of time.
Principle of integrity and confidentiality:Your data will be treated in a way that ensures adequate security of personal data and guarantees confidentiality. You should be aware that we take all necessary precautions to prevent unauthorised access to or misuse of our users' data by third parties.

LEGAL BASES FOR THE COLLECTION AND USE OF INFORMATION

If you are an individual in the European Economic Area (EEA), our legal basis for collecting and using information depends on the personal information in question and the context in which we collect it. Most of our information collection and processing activities are generally based on: (1) a contractual need; (2) one or more legitimate interests of THE COMPANY or a third party that is not overridden by your data protection interests or 3) your consent. Sometimes we will have a legal obligation to collect your information or we will need your personal information to protect your vital interests or those of another person.

TREATMENTS

We will explain below how we collect, use, disclose, transfer and store your information. This Privacy Policy applies to personal information collected through our website. It is important that you check the Privacy Policy frequently to see if it has been updated.

All users accessing our website will be able to access all of its content without the need to provide any personal information. Your personal data will only be collected when you voluntarily fill in our form(s). In this case, the user guarantees the authenticity, accuracy and truthfulness of the information provided, undertaking to keep the personal data updated so that they correspond, at all times, to their real situation. The user shall be solely responsible for any false or inaccurate statements and for any damages that they may cause. By means of this means of communication you expressly agree to receive periodic communications only from the entity, which will keep the personal data it receives from users through the website in total secrecy, guaranteeing its confidentiality, and will adopt the necessary technical measures to avoid any alteration, loss, misuse or unauthorised access to this data.

We also inform you that all data provided through electronic forms and/or by e-mail are strictly necessary for the correct identification of the sender. This information will be treated with strict confidentiality and for the sole purpose of managing requests for information, contracting our services and products and other purposes that are specified below. You are informed and give your full express consent to use your data for activities related to the corporate purpose of the entity.

The consent given, both for the processing and for the transfer of the data of the interested parties, may be revoked at any time by communicating it to the following e-mail address asmiguinasdocebreiro@gmail.com in the terms established in this Policy for the exercise of rights. This revocation shall in no case be retroactive.

How we use your data

We may use your personal data in the following ways: the information you provide may help us make decisions, respond to requests, improve services, identify new needs, generate promotions, understand your expectations and provide you with a better service. We may also use your information for the following purposes.

Process your order and provide you with your products and services

To process your order for the products and services you have purchased from us and to keep you informed of their progress;
Provide you with the relevant product or service.

Billing and Customer Service

To bill or collect payment from you for the use of our products and services;
Contact you if the billing information you provided is out of date, is about to expire or we are unable to accept payment;
Contact you if the billing details you have provided are out of date, about to expire or if we are unable to accept payment;

Service information messages

We will contact you to keep you updated with information about the products and services you have with us.

Other steps:

Specific reason: If you provide your personal data for a particular purpose, we will use it for the purpose for which it was provided. For example, if you contact us by e-mail, we will use the personal data you provide to answer your question or resolve the problem, and we will respond to the e-mail address from which the message was sent.

Fines internos. We may use your personal data for internal purposes such as, but not limited to, relying on it to improve the content and functionality of the services, better understand our customers' needs, improve the services, protect, identify or address fraudulent activity, enforce our terms of service, manage your account and provide you with customer service, and generally manage the services and our business, among other things.

Commercial communications. Provided that we have your express consent (which will be obtained through an exclusive box on our forms), we may use your personal data to contact you in the future to carry out commercial actions that may be of interest to you, always related to the products and/or services offered by the company. In any case, you will always have the option to "stop receiving" these e-mails at the bottom of these messages or to notify us by sending an e-mail to the following address: asmiguinasdocebreiro@gmail.com. However, you may continue to receive notices and e-mails as long as they are necessary and essential for the maintenance of our contractual transactions. In accordance with Law 34/2002, of 11 July, on information society services and electronic commerce (LSSICE), the following terms and conditions apply. THE COMPANY does not engage in SPAM practices and undertakes not to send commercial communications without duly identifying them.

Please note that even if you choose not to subscribe or unsubscribe from promotional or commercial electronic communications THE COMPANY may still need to contact you as a User with important transactional information regarding your account and your purchases of products, booking of activities or contracting of other services.

In the following, we explain in more detail what types of data are collected and processed and for what purposes:

CATEGORY	PURPOSE
Visiting user	Usability and quality analysis to improve our services.
User contacting us	Respond to the user's requirements; respond to any doubts, complaints, comments or concerns they may have regarding the information included on the website, the services provided through the website, the processing of personal data, questions regarding the legal texts included on the website, as well as any other queries they may have that are not subject to the terms and conditions of contract.
Request for Appointments/Reservations	Process and manage those appointments/bookings that have been requested by the user.

The legal bases are linked to the purposes of the previous point.

CATEGORY	LEGITIMISING BASIS
Visiting user	Consent given by accepting cookies or by continuing to browse our website (GDPR Art. 6.1.a).
User contacting us	Our legitimate interest in responding to the enquiries and requests of the data subject, justified by the interest shown in contacting and receiving information with minimal intrusion of privacy and the use of limited data provided by the user (GDPR Art. 6.1.a).
Request for Appointments/Reservations	Our legitimate interest in handling the appointments/bookings requested by the customer (GDPR Art. 6.1.a, 6.1b and 6.1c).

Data provided voluntarily by the data subject

CATEGORY	DATA COLLECTED
Visiting user	IP, browsing data.
User contacting us	Data provided by the data subject (normally: name, surname, e-mail and a telephone number)
Request for Appointments/Reservations	Nombre, e-mail y teléfono.

Possible consequences of not providing such data

CATEGORY	CONSEQUENCES
Visiting user	No consequences
User contacting us	We will not disclose personal data concerning this type of user to third parties without your consent.
Request for Appointments/Reservations	We will not disclose personal data concerning this type of user to third parties without your consent.

Possible transfers of data to third parties

CATEGORY	POSSIBLE TRANSFERS
Visiting user	No data is collected from the visiting user
User contacting us	We will not disclose personal data concerning this type of user to third parties without your consent.
Request for Appointments/Reservations	We will not disclose personal data concerning this type of user to third parties without your consent.

International Transfers

CATEGORY	International Transfers
Visiting user	No data is collected from the visiting user
User contacting us	No transfer of personal data to a third country or international organisation takes place.
Request for Appointments/Reservations	No transfer of personal data to a third country or international organisation takes place.

Possible transfers of data to third parties

CATEGORY	CONSERVATION PERIODS
Visiting user	No visitor data is stored
User contacting us	They will be kept for the time necessary to fulfil the purpose for which they were collected.
Request for Appointments/Reservations	They will be kept for the duration of your relationship with us and, in any case, for the periods provided for in the applicable legal provisions, for example in accounting and tax matters, and for the time necessary to meet possible liabilities arising from the processing. We will delete your data when they are no longer necessary or relevant for the purposes for which they were collected.

OTHER ASPECTS RELATED TO THE TRANSFER OF DATA

As a general rule, the information you provide to us is not disclosed to third parties without your consent, except as required by law, for example: in the case of a subpoena or a request from a government agency, or if we believe in good faith that such action is necessary a) to comply with a legal obligation; b) to protect or defend our rights, interests or property, or those of a third party; c) to prevent or investigate potential wrongdoing in connection with the Services; d) to act in urgent circumstances to protect your personal safety; or e) to protect against legal liability.

STORAGE

We may store your data or transfer it to a third party who will store it in accordance with this Privacy Policy. We take steps we believe are reasonable to protect personal data against loss, misuse, unauthorised use, unauthorised access, inadvertent disclosure, alteration and destruction. However, no network, server, database, Internet or e-mail transmission is completely secure or error-free. In the event of a breach of security of data in our custody, we will take all necessary measures to mitigate the consequences and will notify the Supervisory Authority of this fact, together with all relevant information for the documentation and reporting of the incident.

CONSENTS

The data subject's consent, in accordance with the provisions of data protection legislation, is a free communication by the data subject whereby he/she accepts that his/her data be processed for a specific purpose, under certain conditions, of which he/she must be previously informed.

Can you modify or withdraw your consents at any time?

Of course you can. The information about the treatments you have consented to will always be accessible. You can change or withdraw it at any time by sending us an e-mail.
You can also unsubscribe from our database at any time by sending us an e-mail to: asmiguinasdocebreiro@gmail.com

AUTOMATED DECISIONS

THE COMPANY does not take any decision based solely on the automated processing of your data.

STATISTICAL STUDIES

THE COMPANY does not carry out studies for scientific, historical and statistical purposes, in which case it will endeavour to dissociate the data from the object of the study in order to preserve its confidentiality.

NOTICE OF PERSONAL DATA BREACHES OR SECURITY BREACHES.

The breach of personal data is a breach of the security of information systems of THE COMPANY which causes or is likely to cause the accidental or unintentional destruction, alteration, loss, unauthorised disclosure of or access to personal data transmitted, stored or processed in connection with the provision of our services. In the event that the personal data we store and/or process on the THE COMPANY are compromised in any way, we will notify those concerned in a timely manner, and in accordance with the provisions of Article 33 of the GDPR.

DATA PROTECTION RIGHTS

Users may send a written communication to the registered office of THE COMPANY or to the e-mail address indicated in the heading of this Legal Notice, including in both cases a photocopy of their ID card or other similar identification document, to request the exercise of the following rights:

Right to rectification of personal data. You have the right to rectify information stored about you if it is inaccurate. If the information we store needs to be updated, or you believe it may be inaccurate, you may update it at any time.
Right of access to personal data. You have the right to request a copy of the personal data we hold about you.
Right to data portability. You have the right to transport the data you have provided to us in certain circumstances.
Right to object to the use of personal data. You have the right to object to the processing of your personal information.
Right of cancellation. We endeavour to process and retain your data only for as long as we need to. You also have the right to request the deletion of your personal data stored by us. This data will be blocked and accessible only by certain persons in the event that we need it in order to respond to a complaint or to meet our obligations.
Right of limitation. You have the right to request the restriction of the processing of your data so that we can store your data, but not use it.

In addition to the specific means established for each right, you may exercise your rights of access, rectification, cancellation, opposition, limitation and portability, as well as revoke the consents given, by writing with a photocopy of your ID card and with the reference "Data Protection", to the postal or e-mail address given in the heading of this Policy.

These rights are very personal and shall be exercised by the interested party, with no other limitations than those provided for in the applicable legislation. However, the legal representative of the user concerned may act when the latter is in a situation of incapacity or minority that makes it impossible for him/her to exercise these rights personally. The exercise of their rights shall be made effective by the Data Controller within thirty days of receipt of the request. In the event that the Data Controller considers that it is not appropriate to accede to the request, he/she shall inform you, stating the reasons, within the period indicated in this section. In those cases in which, although the cancellation of the data is appropriate, it is not possible to physically delete them, either for technical reasons or due to the computer support used, we will block the data in order to prevent their use, until they are completely deleted from the information systems.

SOCIAL NETWORKS

Social Networks are part of the daily life of many Internet users, and for them we have created different profiles of our company in them.

The COMPANY informs that through its social networks it will publish events, competitions, acts, programmes or any other type of advertising information about its activities, and the user accepts to be the recipient of this information by the mere fact of becoming our "friend" or "follower" in the corresponding social network.

All users have the opportunity to join the pages or groups that we have on different social networks and to stop receiving this information on their social network profiles, you must stop following the COMPANY in them.

However, you should bear in mind that in order to register with a social network, a user must accept the contractual relationship in the social network environment concerned, and be in accordance with its privacy policies, so we recommend that you carefully read its terms of use and privacy policies, and make sure you configure your preferences regarding the processing of data.

COLLECTION OF DATA FROM MINORS

Our website is not intended for children under the age of 16. We do not knowingly collect information (including Personal Data) about children or others who are not legally permitted to use our services. If we become aware that we have collected Personal Data from a child under the age of 16, we will promptly delete it, unless we are legally obligated to retain such data. Contact us if you believe that we have inadvertently or unintentionally collected information from a child under the age of 16 by sending an e-mail to us at the e-mail address: asmiguinasdocebreiro@gmail.com.

PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA AND PERSONAL DATA RELATING TO CRIMINAL CONVICTIONS AND OFFENCES

When filling in the free text fields, it is not permitted to enter personal information relating to personal data revealing ethnic or racial origin, political opinions, religious or philosophical convictions, or trade union membership, and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data relating to health or data relating to the sex life or sexual orientations of a natural person, as well as personal data relating to criminal convictions and offences. In the event of entering any information relating to the aforementioned aspects in any of our forms or by e-mail, they will be immediately deleted from our information systems without being able to deal with the query made, as such data are not necessary or relevant for the purposes determined in the processing of this website.

IMAGES ON THE WEBSITE

The company, through its website, provides information on numerous events, activities, etc., which involve the participation of the public. On some occasions, the information provided is accompanied by photographs or videos in which images of identified or identifiable persons can be seen which, as part of the dissemination of the news or event, are not intentionally disseminated. If you recognise yourself in any of these photographs and do not wish to appear in them, please let us know by sending an e-mail to the following address asmiguinasdocebreiro@gmail.comattaching a copy of a document accrediting their identity, and referring to the section of the website in which the image or video in which they appear can be found. In the case of minors under 16 years of age, the request must be made by the minor's father, mother or legal guardian.

COMPLAINT TO THE SUPERVISORY AUTHORITY

In the event that you feel that your rights have been disregarded by our entity, you may file a complaint with the Spanish Data Protection Agency, by any of the following means:

Electronic headquarters: www.agpd.es

Postal address: Agencia Española de Protección de Datos C/ Jorge Juan, 6 28001-Madrid

By telephone: Telf. 901 100 099 Telf. 91 266 35 17

Making a complaint to the Spanish Data Protection Agency does not entail any cost and the assistance of a lawyer or solicitor is not necessary.

Guadalupe Gómez Fernández has adapted this website to the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (RGPD), Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), as well as Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE or LSSI).