INFORMATION ON DATA PROTECTION
We inform you in accordance with current Spanish and European regulations regarding the protection of personal data on the Internet and in compliance with the regulations listed below,
– Regulation (EU) 2016/679, General Data Protection,
– Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights,
– Royal Decree 1720/2007, of December 21, which approves the Regulations for the development of Organic Law 15/1999, of December 13, on the Protection of Personal Data,
– Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce.
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
Below we indicate the information regarding the person responsible for processing your data and how to contact them to exercise your rights:
– Holder: Romina Rollhauser
– VAT Numner/ BTW -identificatienummer: NL002513700B83
– Registered office: Caspar Fagelstraat 76 – 2613 GX, Delft, Netherlands
– Email: firstname.lastname@example.org
– Website: www.rominarollhauser.com
WITH WHAT PURPOSE DO WE TREAT THE DATA WE COLLECT FROM YOU ON OUR WEB PAGE?
On our website we collect and process your personal information in general to manage the relationship we maintain with you, the main purposes being those that we have identified below:
- For the contracting of services offered on our website such as illustrations for children’s book, illustrations for magazines/editorial purposes, sales of illustrations, merchandising ,we will use your data for management, contracting, billing and loyalty.-
- In the case of subscription to our website, its newsletter or any similar service, your data will be used to manage lists of subscribers and users, as well as to send the corresponding information.
– In the case of requesting our guides and other useful tools offered on our website, your data will be used in order to complete the necessary records and forms to obtain said information. – When requests for information, suggestions and claims that you can send us are made, your data will be used in order to manage them.
– Your data will also be used to keep you informed about events, offers, products and services that may be of interest to you through different communication channels as long as you have given your consent.
– In the case of promotions, raffles, advertising, etc., your data will be used to facilitate access to them.
– If you want to collaborate with US or perform any service for OUR WEB PAGE, your data will be used to manage the derived relationship.
– In the case of suppliers, your information will be used to manage the existing business relationship and to comply with billing requirements.
Below we also inform you about the legal basis applicable to the processing of personal data:
“Article 6 GDPR: The treatment will only be lawful if at least one of the following conditions is met:
a) the interested party gave their consent to the processing of their personal data for one or more specific purposes;
b) the treatment is necessary for the execution of a contract in which the interested party is a party or for the application at the request of the latter of pre-contractual measures;
c) the treatment is necessary for the fulfillment of a legal obligation applicable to the data controller;
d) the processing is necessary to protect the vital interests of the data subject or of another natural person;
e) the treatment is necessary for the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the data controller;
f) the treatment is necessary for the satisfaction of legitimate interests pursued by the data controller or by a third party, provided that the interests or fundamental rights and freedoms of the interested party that require the protection of personal data do not prevail over said interests, in particular when the interested party is a child.
ON WHAT IS THE LEGITIMATION BASED IN DATA PROCESSING?
The legitimation is based on the user’s consent to subscribe to our website, without which it will not be possible to access the free or paid content of it.
Likewise, your consent for the use of your personal data will have a contractual nature when they are collected in compliance with a contract or a provision of services offered by our website.
The legal obligations of invoicing and taxation imply our legitimate interest for the processing of your personal data for purposes aimed at complying with them.
WHAT KIND OF DATA WILL BE COLLECTED AND USED?
In order to provide you with the contracting and provision of the services offered on our website or any other contracting channel, we collect the following data:
Ø Names and surnames.
Ø ID/ VAT number, when necessary for billing.
Ø Email address.
Ø Telephone number.
Ø Bank details required to process payments.
These data are necessary for the contracting of our services, not being a communication that constitutes a legal requirement, but a communication of a contractual nature.
HOW DO WE COLLECT YOUR INFORMATION?
We collect your personal information through different means, but you will always be informed in advance, generally at the time of collecting your data, through informative clauses about the data controller, the purpose and legal basis thereof, the recipients of the data and the period of conservation of your information, as well as the way in which you can exercise the rights that assist you in terms of data protection.
In general, the personal information we process is limited to identification data (name and surname, date of birth, address, ID, telephone and email), contracted services and payment and billing data.
In cases of professional or labor collaboration, we collect academic and professional data in order to meet the obligations arising from the maintenance of the employment relationship or, where appropriate, the professional relationship.
The person in charge of this website also uses social networks, and this is another way of reaching you. The information collected through the messages and communications that you publish may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies explaining how they use and share your information, so it is recommended that you consult them before using them, to confirm that you agree with the way in which your information is used. it is collected, processed and shared.
Our website collects personal data and information through the contact forms available on it and through the comments posted, which will be publicly visible.
WHAT RESPONSIBILITY DOES THE USER HAVE?
By providing us with your data through electronic channels, the user guarantees that they are over 14 years of age and that the data provided to the person in charge of this website is true, accurate, complete and up-to-date. For these purposes, the user confirms that he is responsible for the veracity of the data communicated and that he will keep said information conveniently updated so that it responds to his real situation, being responsible for the false and inaccurate data that he may provide, as well as for the damages and damages, direct or indirect, that may arise.
HOW LONG DO WE KEEP YOUR INFORMATION?
The person in charge of this web page only keeps your information for the period of time necessary to fulfill the purpose for which it was collected, to comply with the legal obligations that are imposed on us and to attend to the possible responsibilities that could derive from the fulfillment of the purpose. why the data was collected. This refers mainly to the provision of the services advertised on this website or that may be requested by its users.
In the event that you collaborate professionally with us, or want to become part of our staff and opt for one of our jobs, the data provided will become part of our job bank and will be kept for the duration of the selection process. and for a maximum of one year or until you exercise your right of deletion.
If at any time we have collected your data to address you as a potential user of our services or to respond to a request for information made by you, said data will be kept for a maximum of one year from its collection, and will be deleted after said period. period if a contractual relationship has not been formalized or at the time you request it.
In any case, and as a general rule, we will keep your personal information as long as there is a contractual or professional collaboration relationship that binds us or you do not exercise your right to suppress and/or limit the treatment, in which case, the information will be blocked without giving you use beyond its conservation, as long as it may be necessary for the exercise or defense of claims or some type of liability that had to be addressed could arise.
In particular, any user data published on the web page or social networks related to OUR WEB PAGE will be kept from the moment the user gives their informed consent until the moment of its revocation.
Likewise, the data related to invoicing will be kept for a period of 6 years from the date of the last entry made in the accounting book, for the purposes of the provisions of the Code of Commerce.
TO WHOM DO WE COMMUNICATE YOUR DATA?
In general, the person in charge does not share your personal information, except for those transfers that we must make based on imposed legal obligations.
Although it is not a transfer of data, in order to provide the requested service, it may be that third-party companies, which act as our suppliers, access your information to carry out the service that we have contracted for them. These managers access your data following our instructions and without being able to use it for a different purpose and maintaining the strictest confidentiality.
Likewise, your personal information will be available to the Public Administrations, Judges and Courts, for the attention of possible responsibilities arising from the treatment.
Analytics: Google Analytics and Facebook Pixel.
Email marketing: Klaviyo
Platforms and means of payment: Paypal and Stripe.
INTERNATIONAL DATA TRANSFERS
OUR WEBSITE is built using WordPress software, owned by the company AUTOMATTIC INC., based in the United States, so there is data transfer. However, this company is adhered to the Privacy Shield, being able to verify it in this link. In addition, the company itself lists below the privacy principles to which it adheres, coinciding with the GDPR, including strict guidelines on the provision of user information to governments, and which you can check at this link.
Our website uses the automation and email marketing services of Klaviyo Inc. based in the United States and the United Kingdom, so there may be data transfer. This company is adhered to the Privacy Shield, being able to verify it in this link. This company is committed to not making any data transfer outside the European Union, in compliance with the RGPD. You can check the standards used at this link.
Our website uses the automation and email marketing services of HubSpot Inc. based in the United States, so there is data transfer. This company is adhered to the Privacy Shield, being able to verify it in this link. This company is certified with the TRUSTe Privacy Practices Certification seal. You can check the standards used at this link.
Our website also uses the automation and email marketing services of Mailchimp (The Rocket Science Group) based in the United States. You can find additional information about the guidelines related to GDPR compliance at this link.
Additionally, we want to mention that the Privacy Shield is not an indicator of full compliance with the RGPD, since this agreement was invalidated by the CJEU on July 16, 2020. This is so, because US companies may be forced to give in data from Europe to the American authorities. so that the companies adhering to this agreement do not transfer their data to third parties, but they could transfer it to the American authorities.
WHAT ARE YOUR RIGHTS REGARDING THE PROCESSING OF YOUR DATA AND HOW CAN YOU EXERCISE THEM?
The regulations on data protection allow you to exercise your rights of access, rectification, deletion and portability of data and opposition and limitation to its treatment, as well as not being the subject of decisions based solely on the automated treatment of your data, when appropriate.
These rights are characterized by the following:
– Its exercise is free, except in the case of manifestly unfounded or excessive requests (eg, repetitive nature), in which case the Controller may charge a fee proportional to the administrative costs incurred or refuse to act.
– You can exercise your rights directly or through your legal representative or volunteer.
- Our duty is to respond to your request within one month, although, if the complexity and number of requests are taken into account, the term can be extended for another two months.
- Our obligation is to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of choosing another means. If the request is submitted by electronic means, the information will be provided by these means whenever possible, unless you request otherwise.
- If the person in charge of this web page does not process the request, it will inform you, no later than one month, of the reasons for its non-action and the possibility of claiming before a Control Authority In order to facilitate the exercise of these rights, we provide the links to the application form for each of them:
- Exercise right of access form
- Exercise right of rectification form
- Exercise right of opposition form
- Exercise right of opposition form deletion (right “to be forgotten”)
- Form for exercising the right to limitation of treatment
- Form for exercising the right to portability
- Form for exercising not to be subject to automated individual decisions To exercise your rights, the Controller makes the following means available to you:
- 1. By written and signed request addressed to the Responsible, (email@example.com) Ref. Exercise of Rights LOPD.
- 2. Sending the scanned and signed form to the email address (firstname.lastname@example.org) indicating in the subject Exercise of LOPD Rights. In both cases, you must prove your identity by attaching a photocopy or, where appropriate, a scanned copy, of your DNI/ ID or equivalent document in order to verify that we only respond to the interested party or their legal representative, and in this case, you must provide a document accrediting the representation. Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you can file a claim with the national control authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, for these purposes. 6-28001 Madrid. You can get more information on the official website of this organization.
HOW DO WE PROTECT YOUR INFORMATION?
The responsable is committed to protecting your personal information. Reasonably reliable and effective physical, organizational and technological measure, controls and procedures are used, aimed at preserving the integrity and security of your data and guaranteeing your privacy.
All our computers are password protected to prevent unauthorized access.
Likewise, OUR WEBSITE is protected by an SSL certificate that guarantees the encryption of the data transmitted between the browser and the server. In addition, it is protected with a web firewall application (https://www.wordfence.com/) to prevent any computer attack.
In the case of the contracts that we sign with our suppliers, we include clauses in which they are required to maintain the duty of secrecy regarding the personal data to which they have had access by virtue of the order made, as well as to implement the security measures necessary to guarantee the confidentiality, integrity, availability and permanent resilience of the personal data processing systems and services.
All these security measures are reviewed periodically to ensure their suitability and effectiveness . However, absolute security cannot be guaranteed and there is no security system that is impenetrable, therefore, in the event that any information subject to treatment and under our control is compromised as a result of a security breach, we will take the adequate measures to investigate the incident, notify the Control Authority and, where appropriate , those users who may have been affected so that they take the appropriate measures.