Privacy Policy

  • PRIVACY POLICY

From ISAAC ROMERO ESTERAS we understand that it is essential to maintain a transparent relationship with you, therefore, below is our Privacy Policy.
our Privacy Policy, so that at all times you are properly informed about how we collect and securely treat any information you provide us.
how we collect and securely treat any information you provide us.
Your data will be treated in accordance with current legislation and, in particular, in accordance with the provisions of the
Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with regard to the protection of personal data and the free
processing of personal data and on the free movement of such data. Also with regard to the Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data.
December, on the Protection of Personal Data and Guarantee of Digital Rights.
A careful reading of our Privacy Policy will provide you with the necessary information to know how we will use the data you provide us with.
we will give to the data you provide us.

 

  • WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

If you, or an authorised person, have provided us with your data, we inform you that ISAAC ROMERO ESTERAS, CIF:
44822578V is responsible for the treatment of the same. This data will be treated in accordance with the provisions of
current regulations on personal data protection.
It is possible that there are others responsible for the treatments that we make, in that case we will always inform who is
the person responsible for the processing of the same, as well as their identification data.
The Web Site may include hyperlinks or links that allow access to web pages of third parties other than
www.leatherartisanlab.com, and which are therefore not operated by ISAAC ROMERO ESTERAS. The owners of these websites
will have their own data protection policies, being themselves, in each case, responsible for their own processing and privacy practices.
for their own data processing and privacy practices.
From ISAAC ROMERO ESTERAS we commit ourselves to the fulfilment of the obligation of secrecy of personal data and the duty to keep them safe.
personal data and its duty to protect them. For that reason we adopt the necessary measures to avoid its alteration, loss,
treatment or unauthorised access in accordance with established in the Regulation.

 

  • WHERE DO WE INFORM?

From ISAAC ROMERO ESTERAS we inform through the web page www.leatherartisanlab.com in the section
corresponding to the privacy policy. More information in “Legal Warning“.

 

  • WHAT PERSONAL DATA DO WE PROCESS?

The personal data we process are:
– Those that you decide to provide voluntarily.
– The data derived from the communications that you maintain with us.
– The information corresponding to your own browsing in the case of Online Services, (IP address or information derived from cookies or similar devices
derived from cookies or similar devices (you can see our Cookies Policy on the web).
– Information that is available in publicly accessible sources, to which we can legitimately access.
access.
– The data derived from the contractual or pre-contractual relationship you have with us, including your image,
always informing you in this case of the possibility of capturing your image.
– The data that third parties provide us with about you, having a legitimate basis for it or having obtained your consent for it.
consent to do so.
– The data of third parties that you provide us, with the prior consent of the third party in question.
You can find more information in the activity log section of this privacy policy.

 

  • HOW DO WE TREAT THE DATA?

In ISAAC ROMERO ESTERAS we treat your personal data always in strict compliance with current legislation.
In addition, we inform you that we have the appropriate technical and organisational measures to ensure an optimal level of security.
of security, guaranteeing that only those people who have authorisation will have access, that we will keep them intact, avoiding any
integrity, avoiding any intentional or accidental loss and that we have reinforced the systems and services of data processing.
systems and services.
However, due to the fact that ISAAC ROMERO ESTERAS cannot guarantee the impregnability of the Internet or the total absence of hackers or other
of hackers or others who fraudulently access personal data, so it undertakes to communicate without undue delay when a breach of personal data occurs.
without undue delay when there is a breach of security of personal data that is likely to involve a high risk to the rights and freedoms of individuals.
the rights and freedoms of natural persons. In accordance with the provisions of Article 4 of the GDPR, a personal data breach is defined as any breach of
breach of security of personal data means any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data.
accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication of or access to such data.
access to such data.

The operations, management and technical procedures that we carry out in an automated or non-automated way and that make it possible to collect, store, modify, transfer and
and other actions on personal data, are considered as personal data processing.
considered as processing of personal data.

 

  • WHAT IS THE LEGITIMACY OF THE PROCESSING?

The basis for the legitimacy of the processing of Personal Data will be the one resulting from the contractual or pre-contractual relationship,
the employment relationship or any other that is required for the processing of data, such as express consent.

 

  • HOW DO WE MANAGE ELECTRONIC COMMUNICATIONS?

In accordance with the provisions of Law 34/2002 of July 11, 2002, on Information Society Services and Electronic Commerce, and Directive 2002/58/EC, we inform you that you may receive communications and information of an electronic nature.
Electronic Commerce, and the Directive 2002/58/CE, we inform you that you can receive communications and information of a commercial nature by means of this
commercial communications and information through this electronic communication system (e-mails, automated response messages of forms and other
forms and other communication systems) when you have given us your consent or when it is a question of commercial
commercial communications concerning products or services similar to those previously provided by the data controller.
responsible for the processing of your data.
In the event that you do not wish to receive communications and information of this nature, you can notify us by this
same way indicating in the subject “LOW COMMERCIAL COMMUNICATIONS” so that your personal data will be removed from our database.
from our database. Your request will be acted upon within 1 month of being sent. In the event that we do not
express reply from you, we will understand that you accept and authorise our company to continue sending the aforementioned communications.
communications.

In the case of receiving such communications by these means, we inform you that the messages are addressed exclusively to the addressee and may contain privileged or confidential information.
recipient and may contain privileged or confidential information. If you are not the indicated addressee, we notify you that
unauthorised use, disclosure and/or copying is prohibited under current legislation.

 

  • HOW LONG DO WE KEEP YOUR DATA?

The personal data relating to individuals that ISAAC ROMERO ESTERAS collects by any means will be kept for as long as the interested party does not
will be kept as long as the interested party does not request their deletion. Likewise, they will be kept for as long as the relationship that originated the
the relationship that originated the processing of the data is maintained, respecting in any case the legal periods of conservation. At the end of this period,
the personal data will be deleted from all ISAAC ROMERO ESTERAS systems.

 

  • WILL YOUR DATA BE COMMUNICATED TO THIRD PARTIES?

There will be no assignment, transmission or transfer of personal data, except for those already reported, other than as a result of a legal
legal obligation. If by requirement of the Public Administration or the Autonomous Institutions in the scope of the functions expressly attributed to them by law, we are
functions expressly attributed to them by law, we are asked for your data, these will be transmitted.
If there is an assignment, transmission or transfer of personal data outside of the above-mentioned cases, you will be
previously informed so that, if necessary, you can give us your consent.
But in order to be able to organize ourselves correctly, to have good operations and procedures that guarantee a good management,
from ISAAC ROMERO ESTERAS it may be necessary to hire the services of consultants, professionals, or other service companies to process data
service companies to process data under our instructions.
This treatment on behalf of third parties is regulated in a contract in writing or in some other form legally admitted and that allows us to accredit their
that allows accrediting its conclusion and content, expressly specifying that the data processor will process the data according to our instructions.
will process the data in accordance with our instructions and will not apply or use them for any purpose other than that stated in the said contract,
nor communicate them, not even for their conservation, to other persons.

 

  • WHAT ARE YOUR RIGHTS?

The data protection regulations give you the following rights:

– Right of access: This is the User’s right to obtain confirmation as to whether or not ISAAC ROMERO ESTERAS is processing his or her personal data and, if so, to obtain information about his or her specific personal data.
processing or not their personal data and, if so, to obtain information on their specific personal data and on the processing that ISAAC ROMERO ESTERAS is
personal data and of the processing that ISAAC ROMERO ESTERAS has carried out or is carrying out, as well as, among other things, the information available on the origin of said
information available on the origin of said data and the recipients of the communications made or planned for the same.
of the same.
– Right of rectification: This is the User’s right to have his or her personal data modified if they prove to be.

– Right of deletion (“the right to be forgotten”): This is the User’s right, unless otherwise provided for by the legislation in force, to obtain the deletion of his or her personal data when they are no longer
otherwise, to obtain the deletion of his or her personal data when they are no longer necessary for the purposes for which they were collected or
purposes for which they were collected or processed; the User has withdrawn his or her consent to the processing and there is no other legal
other legal basis; the User objects to the processing and there is no other legitimate reason to continue with the processing; the personal data have been processed for the purposes for which they were collected or processed; the User has withdrawn his or her consent to the
the personal data have been processed unlawfully; the personal data must be deleted in compliance with a legal obligation; or the personal data must be deleted in
compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a third party.
information society services to a person under 14 years of age. In addition to the deletion of the data, the Data Controller, taking into account the available technology, will
controller, taking into account the technology available and the cost of its implementation, shall take reasonable measures to inform data controllers that are
reasonable steps to inform controllers who are processing the personal data of the data subject’s request for the erasure of any link to those
deletion of any link to such personal data.
inaccurate or, taking into account the purposes of the processing, incomplete.

– Right to limitation of processing: This is the User’s right to limit the processing of his/her personal data.
The User has the right to obtain the limitation of processing when he/she contests the accuracy of his/her personal data;
the processing is unlawful; the Controller no longer needs the personal data, but the User needs it to make claims; and when the Controller no longer needs the personal data.
need it to make claims; and when the User has objected to the processing.
– Right to data portability: In the event that the processing is carried out by automated means, the User shall have the right to receive from the Data Controller the right to receive from the Data Controller the personal data concerning him/her.
User shall have the right to receive from the Data Controller his or her personal data in a structured, commonly used and machine-readable format and to
and machine-readable format, and to transmit it to another data controller. Whenever technically
possible, the Controller shall transmit the data directly to that other controller.
– Right to object: This is the User’s right to prevent the processing of his or her personal data or to stop the processing of his or her personal data.
personal data or to cease the processing of such data by ISAAC ROMERO ESTERAS.

– Right not to be subject to a decision based solely on automated processing, including profiling: This is the User’s right not to be subject to an individualized decision based solely on automated processing, including profiling.
profiling: This is the right of the User not to be subject to an individualized decision based solely on the existing automated
automated processing of his or her personal data, including profiling, unless otherwise provided for by applicable law.
legislation in force provides otherwise.
If you want more information regarding the processing of your data, rectify those that are inaccurate, oppose and / or limit any processing that you consider not
any processing that you consider unnecessary, or request cancellation of the processing when the data is no longer necessary, you can write to us at
necessary, you may write to ISAAC ROMERO ESTERAS at C/ Sabaceda no 9 bajo, 36950 – Moaña (Pontevedra)
or by e-mail to [email protected].
– This communication must include the following information: Name and surname of the user, the request, address and accrediting data.
address and accrediting data.

– The exercise of rights must be carried out by the user himself. However, they may be executed by an authorized
person authorized as legal representative of the authorized person. In such a case, documentation must be provided to prove this
documentation that accredits this representation of the interested party must be provided.
Likewise, we would like to inform you that you can withdraw the consent given without affecting the lawfulness of the processing already carried out, by sending your request to
already carried out, by sending your request to the same address indicated in the previous paragraph. In this case, you must enclose with your
In this case, you must attach a copy of your ID card or document proving your identity to your request.
In case you consider that there is a problem or infringement of the regulations in force in the way in which your personal data are being treated, you will have the right to
your personal data, you have the right to effective judicial protection and the right to lodge a complaint with a supervisory authority,
in particular, in the State where you have your habitual residence, place of work or place of the alleged infringement. In the case of
of Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/) – C/ Jorge Juan, 6
28001-Madrid – FAX: 914483680- TELF: 901 100 099- E-mail: [email protected]

 

  • WHAT IS THE PURPOSE AND THE BASIS OF LEGITIMACY FOR THE DATA PROCESSING AND HOW LONG WILL THE DATA BE KEPT?

The purposes of the data processing carried out by any or all of the above listed Data Controllers are detailed below.


PROCESSING ACTIVITY: Tax and accounting accounting

PURPOSE OF PROCESSING: Processing necessary for the compliance with tax and accounting obligations.

BASIS OF LEGITIMACY: Contractual relationship.
Legal obligation for the responsible.
Prevailing legitimate interests of the responsible party or third parties.

STORAGE PERIOD: 5 years from the end of the contract.
The time necessary to meet legal obligations.


PROCESSING ACTIVITY: Contact management

PURPOSE OF PROCESSING: Processing of data in order to be able to
to maintain communications with the interested parties.

BASIS OF LEGITIMACY: Contractual relationship
Overriding legitimate interests of the responsible party or third parties.
Express consent of the data subject.

STORAGE PERIOD: 5 years from the end of the contract
contract.
Until cancellation and/or opposition by the holder.
Until the relevant loss of its use.


PROCESSING ACTIVITY: Communication information and notifications.

PURPOSE OF PROCESSING: Dissemination of activities and notifications of relevant information related to the related to the entity’s activity.

BASIS OF LEGITIMACY: Overriding legitimate interests of the data controller or third parties.
Express consent of the interested party.

STORAGE PERIOD: Until cancellation and/or opposition by the owner.


PROCESSING ACTIVITY: Customer management.

PURPOSE OF PROCESSING: Processing of data necessary for the maintenance of the commercial/contractual relationship with customers, invoicing, after-sales service, sending promotions and advertising and customer loyalty.

BASIS OF LEGITIMACY: Contractual relationship.
Commercial relationship.

STORAGE PERIOD: 5 years from the end of the contract.
The term legally established by the specific regulations.


PROCESSING ACTIVITY: Sending advertising.

PURPOSE OF PROCESSING: Sending commercial information, notifications about acts and events of interest, offers, information about products and services, to customers and/or potential customers.

BASIS OF LEGITIMACY: Express consent of the interested party.

STORAGE PERIOD: Until the cancellation and/or opposition by the owner.
Until the relevant loss of use.


PROCESSING ACTIVITY: E-commerce.

PURPOSE OF PROCESSING: Elaboration and management of orders and purchases made through web platforms.

BASIS OF LEGITIMACY: Contractual relationship.
Commercial relationship.

STORAGE PERIOD: 5 years from the end of the contract.
The term legally established by the specific regulations.


PROCESSING ACTIVITY: Supplier management.

PURPOSE OF PROCESSING: Analysis, valuation, contracting, order management and supplier payment management.

BASIS OF LEGITIMACY: Contractual relationship.

STORAGE PERIOD: 5 years from the end of the contract.
The term legally established by the specific regulations.


PROCESSING ACTIVITY: Order management.

PURPOSE OF PROCESSING: Management and traceability of orders placed through the different distribution channels of the manager.

BASIS OF LEGITIMACY: Contractual relationship.
Commercial relationship.

STORAGE PERIOD: Until the end of the contractual relationship.


PROCESSING ACTIVITY: Web management.

PURPOSE OF PROCESSING: Manage inquiries, contacts and complaints received through the website.

BASIS OF LEGITIMACY: Express consent of the interested party.

STORAGE PERIOD: Until the cancellation and/or opposition by the holder
holder.
Until the relevant loss of its use.


PROCESSING ACTIVITY: Billing.

PURPOSE OF PROCESSING: Issuance of invoices to customers, remittances and direct debits, collections and preparation of lists.

BASIS OF LEGITIMACY: Contractual relationship.
Legal obligation for the responsible party.

STORAGE PERIOD: The time required to meet legal obligations.

 

  • ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary that the User has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, as well as to accept the processing of personal data
contained in this Privacy Policy, as well as to accept the processing of his/her personal data in order for the Data Controller to be able to proceed
Responsible for the treatment can proceed in the form, during the periods and for the purposes indicated. The use of the
of the Website will imply the acceptance of the Privacy Policy of the same.
ISAAC ROMERO ESTERAS reserves the right to modify its Privacy Policy, according to its own criteria, or
motivated by a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Agency. Changes or updates to this
updates to this Privacy Policy will not be explicitly notified to the User. It is recommended that the User
consult this page periodically to be aware of the latest changes or updates.
This Privacy Policy was updated to adapt to the Regulation (EU) 2016/679 of the European Parliament and of the
Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
data and on the free movement of such data (GDPR) and to the Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and the Guarantee of Personal
Personal Data and guarantee of digital rights.
This Privacy Policy document has been revised dated : 22/04/24