1.- Responsible for the processing of personal data

The data controller within the framework of this Privacy Policy is Maialen Apaolaza Echeberría NIF 72504728B (hereinafter, “LAZA CLOTHING”).

The interested party may contact him to resolve his doubts regarding this Policy or for questions related to the processing of his personal data by contacting: Data Protection Officer, Calle Catalina de Erauso, 11-2C - 20010 Donostia - San Sebastián, or via email: info@lazaclothing.com

2.- Applicable legislation

• - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016
• - Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.

3.- Definitions

• a.- Personal data: All information about an identified or identifiable natural person (“the interested party”); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, psychic, economic, cultural or social of said person;
• b.- Interested party: It is the natural person of whom personal data is held that identifies or makes it identifiable. LAZA CLOTHING clients fall under the definition of "Interested" for the purposes of applying this Policy.
• c.- Responsible for the treatment: It is the natural or legal person, public authority, service or other body that, alone or together with others, determines the purposes and means of data processing.
• d.- Treatment: It is any operation or set of operations carried out on personal data or sets of personal data, whether by automated procedures or not, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of authorization of access, collation or interconnection, limitation, suppression or destruction.

4.- Categories of data subject to treatment and sources from which they come:

4.1.- Data categories:

The personal data of the client that LAZA CLOTHING may process within the framework of this Privacy Policy correspond to the following categories: (i) Identification and contact data (eg, name, surnames, identity document, postal address and electronics, telephone, etc.); (ii) Economic and financial data; (iii) information about payments made with cards or other means of payment; (iv) Geolocation data and geographical location; (v) Internet browsing data (eg, IP address, visits to web pages, connections to Wi-Fi networks, etc.); (vi) Behavioral habits on our website, in the LAZA CLOTHING applications that the client uses; (vii) Identification and ownership data of the accounts that the client has open in Spanish credit institutions.

4.2.- Sources of origin of the data:

The personal data that we process may come from the following sources: i) The client himself, who provides his data in the requests he makes or in the scope of the formalization and development of his contractual or pre-contractual relations with LAZA CLOTHING; ii) The management, development and maintenance of contractual or pre-contractual relationships between the client and LAZA CLOTHING; iii) Sources accessible to the public; iv) Other external sources, such as social networks, geomarketing tools, Internet browsing data, connectivity, etc.

5.- Duty of confidentiality LAZA CLOTHING as data controller, its data processors, as well as all persons involved in any phase thereof, will be subject to the duty of confidentiality, and personal data will be treated in such a way that adequate security of the same is guaranteed, including protection against unauthorized or illegal treatment and against loss, destruction or accidental damage, through the application of appropriate technical or organizational measures.

6.- Purpose of personal data processing

The treatment by LAZA CLOTHING of the personal data of its clients pursues the following purposes:

6.1.- Registration as a customer; management and resolution of your requests; maintenance, development and control of the business relationship:

These purposes encompass different activities of processing the client's personal data, which are necessary to ensure the correct establishment of the business relationship with LAZA CLOTHING and the adequate provision to the client of the corresponding services and products.

6.2.- Compliance with the legal obligations attributed to LAZA CLOTHING:

Eventually, LAZA CLOTHING must carry out certain treatments in compliance with the legal obligations and regulations of community law to which it is subject and which, by way of example, may result in the following actions:

• Respond, if applicable, to requests for information made by the Administrations, authorities and competent public bodies.
• Communicate to the Administrations, authorities and competent public bodies the client's data that proceed in compliance with the regulatory obligations incumbent on LAZA CLOTHING (eg, to the Tax Agency).

6.3.- Sending commercial communications about products and services of LAZA CLOTHING:

LAZA CLOTHING considers it to be in the interest of both parties to be able to send the client commercial communications regarding offers, rebates and discounts on products and services similar to those contracted by the client with LAZA CLOTHING. These communications may be generic or personalized, that is, adjusted to the specific profile and commercial or credit situation of the client, for which, before sending it, and for the preparation of said profile, LAZA CLOTHING may process the client's data of the available for the management of the products and services contracted by the client.

Unless the client indicates otherwise, the aforementioned communications may be received through the following channels: postal mail; Email; Mobile messaging (SMS and Push); Telephone; social media.

 

7.- Data retention time:

The client's personal data will be kept while the client's contractual or pre-contractual relationship with LAZA CLOTHING is maintained. Once the contractual or pre-contractual relationship has ended, the data will be blocked in accordance with the provisions of current regulations, which means that they will be available only at the request of judges and courts, the Public Prosecutor or the competent public administrations during the legal prescription periods, for the fulfillment of possible responsibilities derived from the treatment. After these periods, the data will be deleted.

8.- Legitimation for data processing:

The data processing referred to in section 6.1 of this Privacy Policy, whose purpose is to register the interested party as a client of LAZA CLOTHING, the management and resolution of their requests, and the maintenance, development and control of the relationship of existing business between LAZA CLOTHING and the client, are legitimated in the correct execution of the contractual or pre-contractual relations established by the client with LAZA CLOTHING.

In the case of the treatments mentioned in section 6.2 of this Policy, which are motivated by the fulfillment of the legal obligations attributed to LAZA CLOTHING, the basis of legitimacy of such treatments lies in the need to comply with said legal obligations.

The data processing referred to in section 6.3 of this Privacy Policy, for the offer to the client of products and services of LAZA CLOTHING similar to those contracted by the client, are based on the satisfaction of the legitimate interest of the client and of LAZA CLOTHING.

9.- Recipients to whom the data will be communicated:

The treatment of the personal data of the client, to comply with the purposes previously detailed in this Privacy Policy based on the legitimate basis specified for each purpose, may imply that they are communicated by LAZA CLOTHING to third parties, such as: Administrations, authorities and public bodies.

10.- Rights of data owners:

The data protection regulations give the client the following rights in relation to the processing of their data:

• Right of access: Know what type of data we are treating and the characteristics of the treatment we are carrying out.
• Right of rectification: To be able to request the modification of your data because they are inaccurate or not true.
• Right of portability: To be able to obtain a copy in an interoperable format of the data that is being processed.
• Right to limitation of treatment in the cases included in the law.
• Right to object to automated decision-making.
• Right of deletion: Request the deletion of your data when the treatment is no longer necessary.
• Right of opposition: Request the cessation of sending commercial communications in the terms indicated above.
• Right to revoke the consent given.
• Right to file a claim with the control authority (in Spain, the Spanish Agency for Data Protection).

11.- Exercise of rights:

In order to exercise the rights, it will be necessary in all cases to identify the interested party by means of a DNI or similar document.

If the client wishes to obtain an electronic copy of the data provided by him to LAZA CLOTHING, he can request that it be sent in a data file in a standardized format to his email address.

LAZA CLOTHING will do everything possible so that the customer's data is always up to date. However, the responsibility for the accuracy of the data provided to LAZA CLOTHING at all times depends on the client himself, hence, if there is any change in the data referred to, the client must contact LAZA CLOTHING through the means of contact established in this Privacy Policy to proceed with its rectification. LAZA CLOTHING declines all responsibility in the event that the interested party fails to notify the changes.

LAZA CLOTHING makes the following means of contact available to interested parties for any request or query related to the protection of their personal data and the exercise of their rights:

• - By email to: info@lazaclothing.com
• - By postal mail addressed to the LAZA CLOTHING Data Protection Officer at Calle Catalina de Erauso, 11-2C, 20010 Donostia-San Sebastián

To learn more about the rights of the interested party or if they wish to file a claim with the competent supervisory authority, you can consult the website of the Spanish Agency for Data Protection (AEPD) at www.agpd.es.

12.- Security measures for the protection of personal data:

LAZA CLOTHING has adopted the necessary technical and organizational measures in accordance with the level of risk of data processing and its impact on the rights of individuals to guarantee the security of personal data processing and which are required at all times. by applicable law.