Política de privacidad

Website Privacy Policy

I. PRIVACY POLICY

In compliance with current legislation, Flor de Agua (hereinafter, also the Website) is committed to adopting the necessary technical and organizational measures, according to the appropriate level of risk of the data collected.

Laws incorporated into this privacy policy

This privacy policy is adapted to the current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following regulations:

Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
Royal Decree 1720/2007, of December 21, which approves the Development Regulation of Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the person responsible for personal data processing

The person responsible for the processing of the personal data collected in Flor de Agua is: Sonia Girard, with NIF: Y8075103R (hereinafter, the Data Controller).

Contact information:

Address: C/Bailén, 217, 1st floor, 1B
Phone: +34 604 22 66 75
Email: contacto@flordeagua.art

Registration of Personal Data

In compliance with the provisions of the GDPR and LOPD-GDD, we inform you that the personal data collected by Flor de Agua, through forms provided on its pages, will be incorporated and processed in our file for the purpose of facilitating, streamlining, and fulfilling the commitments established between Flor de Agua and the User, or maintaining the relationship established in the forms they complete, or addressing a request or inquiry. Furthermore, in accordance with the GDPR and LOPD-GDD, unless the exception in Article 30.5 of the GDPR applies, a record of processing activities is kept, specifying the activities carried out and the other circumstances established in the GDPR.

Principles applicable to personal data processing

The processing of the User’s personal data will be governed by the following principles, as outlined in Article 5 of the GDPR and Articles 4 and onwards of Organic Law 3/2018, of December 5, on Personal Data Protection and the Guarantee of Digital Rights:

Lawfulness, fairness, and transparency: The User’s consent is required, and they must be fully informed about the purposes for which their personal data is collected.
Purpose limitation: Personal data will only be collected for specific, legitimate, and explicit purposes.
Data minimization: Only the data strictly necessary for the purposes for which it is processed will be collected.
Accuracy: Personal data must be accurate and kept up to date.
Storage limitation: Personal data will only be retained for the time necessary to fulfill its processing purposes.
Integrity and confidentiality: Personal data will be processed in a manner that ensures its security and confidentiality.
Accountability: The Data Controller is responsible for ensuring that the above principles are met.

Categories of personal data

The categories of data processed at Flor de Agua are only identification data. No special categories of personal data, as defined in Article 9 of the GDPR, are processed.

Legal basis for personal data processing

The legal basis for processing personal data is the User’s consent. Flor de Agua commits to obtaining the User's explicit and verifiable consent for the processing of their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawing consent is as easy as giving it. Generally, withdrawing consent will not affect the use of the Website.

Purpose of data processing

The personal data is collected and managed by Flor de Agua for the purpose of facilitating, streamlining, and fulfilling the commitments between the Website and the User or maintaining the relationship established in the forms they complete or addressing a request or inquiry.

Additionally, the data may be used for commercial purposes such as personalization, operations, and statistical activities related to Flor de Agua’s business, as well as data extraction, storage, and marketing studies to tailor the content offered to the User and to improve the quality, functionality, and navigation of the Website.

Retention periods for personal data

Personal data will only be kept for the minimum time necessary to fulfill the purposes of processing and, in any case, for the following period: 18 months, or until the User requests its deletion.

Recipients of personal data

The User’s personal data will not be shared with third parties.

However, if personal data is shared with third parties, the User will be informed about the recipients or categories of recipients.

Personal data of minors

In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, of December 5, on Personal Data Protection and the Guarantee of Digital Rights, only individuals over 14 years old can give lawful consent for the processing of their personal data by Flor de Agua. For individuals under 14 years old, parental or guardian consent is required, and this will only be considered lawful if it has been authorized.

Confidentiality and security of personal data

Flor de Agua commits to adopting the necessary technical and organizational measures to ensure the security of the personal data, preventing accidental or unlawful destruction, loss, or alteration of the data, or unauthorized access to or disclosure of such data.

The Website has an SSL certificate (Secure Socket Layer), ensuring that personal data is transmitted securely and confidentially, as the transmission of data between the server and the User is fully encrypted.

User rights regarding personal data

The User has the following rights under the GDPR and Organic Law 3/2018:

Right of access: The right to obtain confirmation of whether Flor de Agua is processing their personal data and, if so, information on their specific personal data and the processing Flor de Agua has carried out or is carrying out.
Right to rectification: The right to modify personal data that is inaccurate or incomplete.
Right to erasure ("right to be forgotten"): The right to obtain the erasure of personal data when it is no longer necessary for the purposes it was collected for.
Right to restriction of processing: The right to limit the processing of personal data.
Right to data portability: The right to receive personal data in a structured, commonly used, and machine-readable format.
Right to object: The right to object to the processing of personal data.
Right not to be subject to automated decisions: The right not to be subject to decisions based solely on automated processing, including profiling.

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary for the User to have read and agreed to the conditions regarding the protection of personal data in this Privacy Policy and accept the processing of their personal data for the purposes indicated. The use of the Website will imply acceptance of the Privacy Policy.

Flor de Agua reserves the right to modify its Privacy Policy, according to its own criteria, or due to legislative changes or guidelines from the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. It is recommended that the User periodically review this page for the latest changes or updates.

This Privacy Policy was updated to comply with Regulation (EU) 2016/679 of the European Parliament and Council, of April 27, 2016, on the protection of natural persons concerning the processing of personal data and the free movement of such data (GDPR).