Privacy policy

https://laiaossorio.com

I. PRIVACY POLICY AND DATA PROTECTION

Privacy Policy

In compliance with current legislation, Laia Ossorio (hereinafter also referred to as the Website) is committed to adopting the necessary technical and organizational measures, based on the appropriate level of security for the risk of the data collected.

Laws Covered by this Privacy Policy

This privacy policy is adapted to the current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and the Council, dated April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
  • Royal Decree 1720/2007, of December 21, which approves the Development Regulation of Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The data controller for the personal data collected on Laia Ossorio is: Laia Ossorio Garcia, with NIF: 53337250C (hereinafter, Data Controller). Her contact information is as follows:

  • Address: C/De les Pedreres 30, 3º 08004 Barcelona
  • Contact Phone: 661172877
  • Contact Email: info@laiaossorio.com

Register of Personal Data

In compliance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by Laia Ossorio, through the forms provided on its pages, will be incorporated into and processed in our file to facilitate, expedite, and fulfill the commitments established between Laia Ossorio and the User, or to maintain the relationship established in the forms filled out by the User, or to respond to a request or query from the User. Furthermore, in accordance with the GDPR and LOPD-GDD, unless the exception provided for in Article 30.5 of the GDPR applies, a register of processing activities is maintained, specifying, according to its purposes, the processing activities carried out and the other circumstances established in the GDPR.

Principles Applicable to the Processing of Personal Data

The processing of the User’s personal data will adhere to the following principles as set forth in Article 5 of the GDPR and Article 4 and following of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights:

  • Lawfulness, fairness, and transparency: The User’s consent will always be required, with complete and transparent information regarding the purposes for which personal data is collected.
  • Purpose limitation: Personal data will be collected for specific, legitimate, and determined purposes.
  • Data minimization: Only the personal data strictly necessary for the purposes of the processing will be collected.
  • Accuracy: Personal data must be accurate and kept up to date.
  • Storage limitation: Personal data will only be kept in a form that allows identification of the User for as long as necessary for the purposes of processing.
  • Integrity and confidentiality: Personal data will be processed in a manner that ensures its security and confidentiality.
  • Accountability: The Data Controller will be responsible for ensuring that the above principles are met.

Categories of Personal Data

The categories of data processed by Laia Ossorio are limited to identifying data. In no case will special categories of personal data as defined in Article 9 of the GDPR be processed.

Legal Basis for the Processing of Personal Data

The legal basis for processing personal data is consent. Laia Ossorio is committed to obtaining the User’s explicit and verifiable consent for the processing of their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. Withdrawing consent will be as easy as giving it. In general, withdrawal of consent will not affect the use of the Website.

In cases where the User must or may provide their data through forms to make inquiries, request information, or for reasons related to the Website’s content, they will be informed if the completion of any form is mandatory because the data is essential for the proper performance of the operation.

Purposes of Data Processing

Personal data is collected and managed by Laia Ossorio to facilitate, expedite, and fulfill the commitments established between the Website and the User or to maintain the relationship established in the forms filled out by the User, or to respond to a request or query.

Likewise, the data may be used for commercial purposes of personalization, operations, and statistics, as well as activities related to the corporate objectives of Laia Ossorio, including data extraction, storage, and marketing studies to tailor the Content offered to the User, and to improve the quality, performance, and navigation of the Website.

When personal data is collected, the User will be informed about the specific purpose(s) of the processing for which their personal data will be used.

Retention Period of Personal Data

Personal data will only be retained for the minimum time necessary for the purposes of processing and, in any case, only for the following period: 18 months, or until the User requests its deletion.

When personal data is collected, the User will be informed about the retention period or, when this is not possible, the criteria used to determine the retention period.

Recipients of Personal Data

The User’s personal data will be shared with the following recipients or categories of recipients:

  • Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Google Analytics (Service of Google LLC), located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

If the Data Controller intends to transfer personal data to a third country or international organization, the User will be informed about the third country or international organization to which the data is to be transferred, as well as the existence or absence of an adequacy decision by the Commission.

Personal Data of Minors

In compliance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights, only individuals over 14 years of age may provide valid consent for the processing of their personal data by Laia Ossorio. If the individual is under 14 years old, consent from the parents or guardians is required, and such consent will only be deemed lawful if authorized by the parents or guardians.

Confidentiality and Security of Personal Data

Laia Ossorio is committed to adopting the necessary technical and organizational measures, according to the appropriate level of security based on the risk of the data collected, to ensure the security of personal data and prevent accidental or unlawful destruction, loss, alteration, or unauthorized access to or disclosure of personal data.

The Website is equipped with an SSL certificate (Secure Socket Layer), ensuring that personal data is transmitted securely and confidentially, with all data transmission between the server and the User, and in feedback, being fully encrypted.

However, since Laia Ossorio cannot guarantee the absolute security of the internet or the total absence of hackers or others who may gain fraudulent access to personal data, the Data Controller is committed to notifying the User without undue delay if a personal data security breach occurs that is likely to pose a high risk to the rights and freedoms of individuals. According to Article 4 of the GDPR, a personal data breach is any breach of security that leads to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access to personal data.

Personal data will be treated as confidential by the Data Controller, who is committed to informing and ensuring, through legal or contractual obligations, that this confidentiality is respected by its employees, associates, and any persons who have access to the information.

Rights Derived from the Processing of Personal Data

The User has the following rights regarding Laia Ossorio and may exercise these rights before the Data Controller as recognized in the GDPR and Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights:

  • Right of Access: The User’s right to obtain confirmation of whether Laia Ossorio is processing their personal data and, if so, to receive information about their specific personal data and the processing that Laia Ossorio has conducted or will conduct.
  • Right of Rectification: The User’s right to modify their personal data if it is inaccurate or, considering the purposes of the processing, incomplete.
  • Right of Deletion (“Right to be Forgotten”): The User’s right to request the deletion of their personal data when the data is no longer necessary for the purposes for which it was collected or processed, the User has withdrawn their consent, or the data was processed unlawfully.
  • Right to Limit Processing: The User’s right to limit the processing of their personal data.
  • Right to Data Portability: The User’s right to receive their personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller.
  • Right to Object: The User’s right to object to the processing of their personal data.
  • Right Not to Be Subject to Automated Decisions: The User’s right not to be subjected to automated decision-making, including profiling, unless authorized by law.

The User may exercise these rights by sending a written communication to the Data Controller at the following address:

Links to Third-Party Websites

The Website may include hyperlinks or links to third-party websites that are not operated by Laia Ossorio. These websites will have their own data protection policies, and they are responsible for their own files and privacy practices.

Complaints to the Supervisory Authority

If the User believes there is a problem or violation of applicable regulations concerning the way their personal data is processed, they have the right to seek judicial protection and file a complaint with a supervisory authority, particularly in the country of their habitual residence, place of work, or the location of the alleged infringement. In Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/).

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies
cancel

Subscribe to our newsletter and get 10% off your first online order.

× Chat