Collection, processing and use of personal data
On 25 May 2016 the General Data Protection Regulations (GDPR) came into force, which will replace the current regulations and will come into force on 25 May 2018:
BAUDESSON is an organisation that processes personal data and is responsible for designing and organising procedures that are in line with legal compliance in this area.
In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, it approves this Personal Data Protection Policy, which it notifies its employees and makes available to all its stakeholders.
The Personal Data Protection Policy is a measure of proactive responsibility that aims to ensure compliance with applicable legislation in this area and in relation to it, respect for the right to honour and privacy in the processing of personal data of all persons who are related to The Company. In accordance with the provisions of this Personal Data Protection Policy, the Principles governing the processing of data in the organisation are established and, consequently, the procedures and organisational and security measures to be adopted by the persons affected by the same. This Policy undertakes to apply it within its area of responsibility. To this end, the Management will assign responsibilities to the personnel involved in data processing operations.
2. Scope of application
This Personal Data Protection Policy shall apply to the Company, its directors, managers and employees, as well as to all persons related to it, with the express inclusion of service providers with access to the data («Data Processors»)
3. Principles of personal data processing
As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate this (Principle of «proactive responsibility»), paying special attention to those processing operations that may pose a greater risk to the rights of those affected (Principle of «risk approach»). In relation to the above, BAUDESSON will ensure compliance with the following Principles:
Legality, loyalty, transparency and purpose limitation. The processing of data must always be communicated to the data subject, by means of clauses and other procedures; and it will only be considered legitimate if there is consent for the processing of the data (with special attention to that provided by minors), or it has another valid legitimacy and the purpose of the processing is in accordance with the Regulations.
Data minimization. The data processed must be adequate, relevant and limited to what is necessary in relation to the purposes of the processing.
Accuracy. The data must be exact and, if necessary, updated. In this respect, the necessary measures must be taken to ensure that personal data that are inaccurate in relation to the purposes of the processing are deleted or rectified without delay.
Limitation of the storage period. The data shall be kept in such a way as to allow identification of the data subjects for a period not exceeding that necessary for the purposes of the processing.
Integrity and confidentiality. The data shall be processed in a way that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, through the implementation of appropriate technical or organisational measures.
Transfer of data. It is prohibited to acquire or obtain personal data from illegitimate sources or in cases where such data has been collected or transferred in breach of the law or its legitimate origin is not sufficiently guaranteed.
Contracting suppliers with access to the data. Only those suppliers who offer sufficient guarantees to apply the appropriate technical and security measures in the processing of the data will be selected for contracting. Due agreement will be documented with these third parties. International data transfers.
International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable legislation.
Rights of the affected parties. The Company will facilitate the exercise of the rights of access, rectification, cancellation, limitation of processing, opposition and portability to those affected, establishing for this purpose the internal procedures, and in particular the models for their exercise that are necessary and appropriate, which must comply, at least, with the legal requirements applicable in each case.
The Company shall promote the principles contained in this Personal Data Protection Policy to be taken into account (i) in the design and implementation of all working procedures, (ii) in the products and services offered (iii) in all contracts and obligations they enter into or assume and (iv) in the implementation of any systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.
4. Commitment of the workers
Employees are informed of this Policy and declare that they are aware that personal information is an asset of the Company, and in this sense they adhere to it, committing themselves to the following:
* Carry out awareness training on Data Protection that the Company makes available to them
* Apply user-level security measures that apply to their work, without prejudice to the design and implementation responsibilities that may be attributed to them according to their role within BAUDESSON.
* Use the formats established for the exercise of rights by those affected and inform the Company immediately so that the response is effective.
* Inform the Company, as soon as it becomes aware, of any deviations from the provisions of this Policy, in particular «Infringements of the security of personal data», using the format established for this purpose.
5. Monitoring and evaluation
The effectiveness of the technical and organisational measures to ensure the security of the processing shall be verified, evaluated and assessed annually, or whenever significant changes occur in the processing of the data.
The data processing currently carried out in the Shop is as follows: – New Customer» section:
-To be able to make online purchases in our Store, it will be necessary to register as a Registered Customer. For this purpose, BAUDESSON, as the person responsible for the file, will request a series of personal data through a registration form. These data, together with the data derived from the purchases made, will be processed in order to allow online purchases and to attend to your orders. Likewise, BAUDESSON may process your data in order to contact the Registered Users in the event that any type of incident should arise during the processing of the order or in the collection management, being able to obtain new data or confirm those already obtained when this is necessary for the fulfilment of the corresponding contract, for the prevention of fraud or for the carrying out of surveys on the quality of the products and services. In addition, BAUDESSON may process your personal data related to purchases made in the Store to create profiles for commercial and advertising purposes, as well as to offer you products and services that may be of interest to you, marketed under BAUDESSON
By checking the box «I want to receive communications by e-mail or equivalent means», you expressly consent that BAUDESSON may send you these commercial communications by e-mail or equivalent means (SMS or MMS).
Additionally, during such registration, your consent may be requested for a number of other purposes not directly related to the purchase. In the event that you do not agree to these additional treatments, please check or uncheck the box assigned to the effect as appropriate.
Likewise, by sending us your data through the forms provided or by e-mail to the corresponding mailboxes, you declare that the information and data provided are accurate and true, and that the User is over 16 years of age. The services of the Shop are not aimed at children under 16 years of age, so we do not have parental consent in any case.
BAUDESSON will keep your data for the periods of time legally established for each case and without prejudice to your right of cancellation.
Communication or transfer of data
The data collected on the Website may be communicated to other companies of the BAUDESSON Group, commercial relations for the retail sale of textile equipment and fashion, footwear, accessories, cosmetics, hygiene, household products, consumer electronics and other products . and consumer services marketed by BAUDESSON, for the same purposes as specified in this Data Protection Policy.
Exercise of the rights of access, rectification, cancellation and opposition
Users may at any time exercise their rights of access, rectification, cancellation and opposition to the processing of their data, as well as revoke their consent under the terms of the law, by writing to the postal address indicated or to the following e-mail address: email@example.com and in any case attaching a copy of the document proving their identity.