PRIVACY POLICY
- RESPONSIBLE FOR THE WEBSITE:
NOOTKA KAYAK SL
Domain: www.nootka-kayak.com
Company: NOOTKA KAYAK SL
Address: Passeig Marítim 80, Platja de les Anquines, 08870 Sitges (Barcelona) – SPAIN
Contact Mail: info@nootka-kayak.com
Contact Phone: 938 100 256 – 609 252 412
COMPANY ID.: B65014169
In compliance with the current regulations on personal data protection and as responsible for this website we inform users that we have created a safe and reliable space and therefore we want to share our principles regarding your privacy:
- We never ask for personal information unless it is really necessary to provide you with the services or information you require.
- We never share personal information about our users with anyone, except to comply with the law or with your express permission.
- We never use your personal information for any purpose other than that expressed in this privacy policy.
Please note that this Privacy Policy may change depending on legislative or self-regulatory requirements, so users are advised to visit it periodically. It will be applicable in the event that users decide to fill in any of its contact forms where personal data is collected.
This website has been adapted to the requirements of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR), as well as to Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE) and to the laws on Retail Trade and Consumer Protection.
The person responsible for this website, as well as the person responsible for the processing of personal data, is identified in the Legal Notice section of this website.
For the purposes of the provisions of the aforementioned General Data Protection Regulation, the personal data sent to us, through the website forms or user registrations, will be treated as «Web Users» or «Web Customers» data, as appropriate.
For the processing of our users’ data, we implement all the technical and organisational security measures established in the legislation in force.
- PRINCIPLES WE WILL APPLY TO YOUR PERSONAL DATA
In processing your personal data, we will apply the following principles that are in line with the requirements of the European data protection regulation:
- Principle of lawfulness, fairness and transparency: we will always require your consent to the processing of your personal data for one or more specific purposes which will be informed in advance with absolute transparency.
- Principle of data minimisation: we will only request data that is strictly necessary in relation to the purposes for which we require it. As little as possible.
- Principle of limitation of the storage period: the data will be kept for no longer than necessary for the purposes of processing, depending on the purpose, we will inform you of the corresponding storage period, in the case of subscriptions, we will periodically review our lists and delete those records inactive for a considerable time, as far as physically or digitally possible.
- Principle of integrity and confidentiality: your data will be treated in a way that ensures adequate security of personal data and guarantees confidentiality. You should be aware that we take all necessary precautions to prevent unauthorised access or misuse of my users’ data by third parties.
- HOW WE PROCESS YOUR PERSONAL DATA?
The personal data that we process on this website comes from the contact form, the purchase form, the registered user registration form and any other form that may be introduced in the future and that requests any of your personal data.
- WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?
Any person has the right to obtain confirmation as to whether or not this entity is processing personal data concerning him or her and also to:
- Request access to personal data relating to the data subject.
- Request its rectification or erasure
- Request the restriction of its processing
- Object to the data processing
- Request data portability
Data subjects may have access to their personal data, as well as request the rectification of inaccurate data or, where appropriate, request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected. In certain circumstances, data subjects may request the limitation of the processing of their data, in which case it will only be kept for the exercise or defence of claims or for legal obligations required of us by the public administration or the law in force.
In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. The party responsible for this website will cease to process the data, except for compelling legitimate reasons, or the exercise or defence of possible claims. As a data subject, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and to transmit it to another data controller when:
- The processing is based on consent
- The data have been provided by the data subject.
- The processing is carried out by automated means.
In exercising your right to data portability, you have the right to have personal data transmitted directly from controller to controller where this is technically feasible.
Data subjects also have the right to effective judicial protection and the right to lodge a complaint with the supervisory authority, in this case the Spanish Data Protection Agency (AEPD), if they consider that the processing of personal data concerning them is in breach of the Regulation.
- FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
When a user connects to this website to, for example, request information from the owner, subscribe to a mailing list, purchase products or services, etc., they are providing personal information for which the owner of the website (identified at the beginning) is responsible. This information may include personal data such as your name, physical address, e-mail address, telephone number, and other information. By providing this information, you consent to your information being collected, used, managed and stored by the controller, only as described in the Legal Notice and in this Privacy Policy.
On this website there are different systems for capturing personal information and we process the information provided by interested parties for the following purposes for each capture system (forms):
- Contact form: We request the following personal data: Name, Email, Telephone, in order to respond to users’ requests. For example, we may use this data to respond to your request and answer any queries, complaints, comments or concerns you may have regarding the information included on the website, the services provided or products advertised through the website, the processing of your personal data, questions regarding the legal texts included on the website, as well as any other queries you may have that are not subject to the Terms and Conditions of Purchase. We inform you that the data you provide us with will be located on servers within the EU.
- Purchase form: We request the following personal data: Name, Email, Telephone, ID and Address, economic-financial data to be able to make the payment in the purchase process.
- Customer Registration Form: We request the essential data to be able to manage orders as a customer: Name, email, telephone, ID number, billing address and shipping address.
There are other purposes for which we process your personal data:
- To ensure compliance with the terms of use and applicable law. This may include the development of tools and algorithms that help this website to ensure the confidentiality of the personal data it collects.
- To support and improve the services offered by this website.
- To manage social media. Our company has a presence on social networks. The processing of ata that is carried out on people who become followers on social networks of the official pages of the company, will be governed by this section. As well as by those conditions of use, privacy policies and access regulations that belong to the social network in each case and previously accepted by the system administrator. Your data will be processed for the purposes of correctly managing your presence on the social network, informing you of the company’s activities, products or services. As well as for any other purpose that the regulations of the social networks allow. Under no circumstances will I use the profiles of followers on social networks to send advertising on an individual basis.
In accordance with the provisions of the European General Data Protection Regulation (GDPR) 2016/679 and the national personal data protection law LOPDGDD 3/2018, our company (see Legal Notice) will be responsible for the processing of data corresponding to Users of the website.
Our company does not sell, rent or transfer personal data that can identify the user, nor will it do so in the future, to third parties without prior consent. However, in some cases we may collaborate with other professionals. In such cases, users will be asked for their consent, informing them of the identity of the collaborator and the purpose of the collaboration. This will always be carried out with the strictest security standards.
- LEGITIMACY FOR THE PROCESSING OF YOUR DATA
The legal basis for the processing of your data is consent (GDPR 6.1.a), or if applicable, the contractual relationship between the user and the controller (GDPR 6.1.b). To contact or perform any action involving the processing of personal data on this website, consent to this privacy policy is required. The prospective or commercial offer of products and services is based on the consent requested, without in any case the withdrawal of this consent conditions the execution of the subscription contract or actions prior to its revocation as the purchase of items. The legal basis that legitimises purchases is the regulations of commerce and consumption, both digital and retail.
- PERSONAL DATA CATEGORIES
The categories of data processed are identification data and payment data in the purchase process. No specially protected categories of data are processed.
- HOW LONG WILL WE KEEP YOUR DATA?
The personal data provided will be kept until their deletion is requested by the interested party and as long as the regulations oblige us to keep them in order to guarantee the legal fulfilment of our obligations. Once the legal retention periods have expired, they will be blocked so that they are only available to the authorities that may require them, and once the legal blocking period has elapsed, they will be deleted from the system.
- TO WHOM WILL YOUR DATA BE DISCLOSED?
No other data communications are made to third parties apart from those necessary to comply with the legal obligations required by the Public Administrations, to be able to fulfil the contract with the user or to execute the service or process that the user requires, for example, if the purchase process requires the shipment of products, we are obliged to transmit your identification data to the transport company to be able to send your order and to the financial entity that manages the payment.
- DATA SECRECY AND SECURITY
The responsible party undertakes to use and process the personal data of users, respecting their confidentiality and to use them in accordance with their purpose, as well as to comply with its obligation to store them and adapt all measures to prevent alteration, loss, unauthorised processing or access, in accordance with the provisions of current data protection legislation.
This website includes an SSL certificate. This is a security protocol that ensures that your data is transferred in an integral and secure manner, i.e. the transmission of data between a server and web user, and in feedback, is fully encrypted or encrypted.
The controller cannot guarantee the absolute impenetrability of the Internet and, therefore, the violation of the data through fraudulent access by third parties, although it does apply all measures within its power to eliminate, mitigate or attenuate its impact as much as possible.
With respect to the confidentiality of processing, the controller will ensure that any person who is authorised by the company to process user data (including its staff, collaborators and service providers) will be under an appropriate obligation of confidentiality (whether a contractual or legal duty).
When a Security Incident occurs, the Controller shall, upon becoming aware of it, notify the User without undue delay and shall provide timely information related to the Security Incident as soon as it becomes known or when reasonably requested by the User.
- ACCURACY AND VERACITY OF THE DATA
As a user, you are solely responsible for the veracity and correctness of the data you submit to our website, exonerating the manager of this website from any liability in this regard.
Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the forms in which it is requested.
- ACCEPTANCE AND CONSENT
The user declares to have been informed of the conditions on the protection of personal data, accepting and consenting to the processing of the same by the responsible party in the manner and for the purposes indicated in this privacy policy.
- REVOCABILITY
The consent given, both for the processing and for the transfer of the data of data subjects, may be revoked at any time by communicating it to the data controller under the terms established in this Policy for the exercise of the rights of access, rectification, deletion and portability of their data, limitation or opposition to its processing or withdrawal of the consent given and all the rights provided for in the GDPR 2016/679 and in the LOPDGDD 3/2018. This revocation shall in no case be retroactive.
- CHANGES TO THE PRIVACY POLICY
The responsible party reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as to industry practices. In such cases, the responsible party will announce on this page the changes introduced reasonably in advance of their implementation.
- COMMERCIAL MAILINGS
In accordance with the LSSICE 34/2002, the company does not engage in SPAM practices, and therefore does not send commercial e-mails by electronic means that have not been previously requested or authorised by the user. Consequently, in each of the forms on the website, the user has the possibility of giving their express consent to receive the newsletter, regardless of the commercial information requested.
In accordance with the provisions of Law 34/2002 on Information Society Services and electronic commerce, the responsible party undertakes not to send commercial communications without duly identifying them.
- INFORMATION AND CONSENT CLAUSE AND EXERCISE OF RIGHTS
The personal data collected by this website will be included in our information system and processed according to our register of processing activities, Customer Management or Web Users as appropriate, owned by the RESPONSIBLE identified at the beginning of this clause, and will be processed at all times under the guidelines of the GDPR 2016/679 and the LOPDGDD 3/2018. The purposes of the use of the data, explicitly described in each section of the website, may be the following: possibility of communication, by email in response to questions asked by the user, request for information of interest, product purchase procedures and to enable this procedure according to current regulations. You may exercise any of the legal rights: access, rectification, deletion and portability of your data, the limitation or opposition to its processing or withdraw the consent given by sending a registered letter or any other means that proves the identity of the sender, and that leaves a record of its receipt to the RESPONSIBLE, attaching a copy of the ID card.
This Privacy Policy has been updated in March 2021.