Data Controller:

JOGUINES GRAPAT, S.L. (hereinafter GRAPAT)

ADDRESS: C/ COLÓN, 75 CP - 17761 CABANES (GIRONA) CIF. B55290415

EMAIL: hola@grapat.eu

Last updated: February 2024

The Data Controller guarantees compliance to the LOPDGDD regulations (Organic Law 3/2018), Regulation (EU) 2016/679 and Law 34/2002.

This Privacy Policy sets out how we handle, store and share personal information collected through our website and online store. We are committed to safeguarding your privacy and guarantee the protection of your personal data. By using our website or making purchases on it, you agree to the processing of your data as described in this Privacy Policy. Which we detail below.

CATEGORY OF PERSONAL DATA:

We may collect the following personal information when you interact with us:

- Personally identifiable data, such as your name, address, email address, phone number, and other information that you voluntarily provide when you register, subscribe, or purchase our products.

- Account and payment data, including your user account details, purchase history, payment preferences, and other billing-related information.

- Information related to your application or candidature.

- Use and technology data, such as IP address, logs, device type, web browser used, pages viewed, approximate geographic location, and other data collected automatically by cookies or other tracking technologies.

Please bear in mind that, by providing us with your personal data, you guarantee its veracity and accuracy, committing to notify us of any changes or modifications to them. You are the only responsible for any loss or damage resulting from the communication of incorrect, inaccurate or incomplete information in the registration, enquiry, purchase or subscription forms.

If you do not provide the mandatory data that we request, we will not be able to fulfill your request or process your orders on our website.

PURPOSE OF PROCESSING:

We use the personal information we collect for the following purposes:

- Providing, maintaining, and improving our Services or Products.

- Personalize and tailor the user experience.

- Process transactions and send information related to your purchases or requests by any postal or electronic means: WhatsApp or similar, SMS, mail, telephone, etc.

- Communicate with you and answer to your inquiries and requests.

- Send marketing and promotional communications, provided that you have consented to or have an active relationship with us.

- Participate as a candidate in our selection processes.

- Comply with our legal obligations and resolve disputes.

LEGITIMACY FOR PROCESSING:

The processing of your personal data will be carried out in accordance with applicable law and will be based on the following legal bases:

Execution of a contract. The processing of your personal data is necessary for the execution of the contract between you and us in our online shop. For example, we use your data to process and ship your orders, manage payments, and ensure delivery of products you have purchased.

Compliance with legal obligations. We may need to process your personal data in order to comply with legal obligations to which we are subject. For example, we may be required to retain certain information for accounting or tax purposes.

Consent. In some cases, we will ask for your explicit consent before processing your personal data. We will inform you of the specific purpose for which we are asking your consent for and you will be free to give or refuse it. If you have given your consent, you will be able to withdraw it at any time, which will not affect the legitimacy of the processing carried out up to that point.

Legitimate Interests. We may process your personal data if necessary for our legitimate interests. For example, we may use your data to improve our products and services, personalize your shopping experience, perform statistical analysis, and carry out direct marketing activities, always within the framework of what we consider reasonable and in your interest.

Fulfilment of a public interest. In certain cases, we may need to process your personal data to meet a public interest. This may include fraud prevention, network and information security, as well as cooperation with authorities.

RECIPIENTS:

We may share your personal information with third parties in the following circumstances:

Service Providers: We may share information with third parties that help us provide and improve our services, such as payment processors, hosting service providers, analytics services, and other related service providers, carriers, etc.

Legal Compliance: We may reveal personal information if required to do so by law, regulation, or valid legal process.

Consent: If you have given your express consent, we may share your information with third parties for marketing and promotional purposes.

INCORPORATION OF THIRD-PARTY DATA:

If you provide us with personal data from third parties, you must ensure that you have the appropriate and legally valid consent of those people before sharing their data with us.

By providing third-party data, you declare and warrant that you have the express and valid consent of such individuals, and that you have informed them about how we will use their data in accordance with this privacy policy. You release us from any liability arising from any damage or claim due to the lack of adequate consent for the processing of such data.

PASSWORD SAFEKEEPING:

You are the only responsible for maintaining the confidentiality of the passwords associated with your account on our website. You'll need to create strong passwords and changed periodically. You must not share this information with third parties and you must take precautions to prevent unauthorized access to your account. GRAPAT will not be liable for any loss or damage resulting from the breach of custody of your passwords.

In the event of a suspected unauthorized access to your account or any unauthorized use of your passwords, you must immediately notify GRAPAT. We will never ask for your password except for the login process on our website.

RETENTION PERIODS:

The retention of your personal data will be subject to the following considerations:

Duration of the contractual relationship. If you have a registered user account, we will retain your personal data for as long as your account is active.

Compliance with legal obligations. We may retain certain personal information to comply with legal obligations, accounting or tax requirements.

Legitimate Interests. We will retain such data for as long as necessary to fulfill legitimate business purposes.

Consent. In the event that you have given your consent for any processing for specific purposes, we will retain your data until you decide to revoke your consent.

Curriculum vitae or selection processes. We will keep your data for one year.

At the end of the retention period, we will securely delete or anonymise them, unless required by law.

LINKS TO SOCIAL MEDIA:

We may include social media links to provide a more interactive shopping experience. Please note that these social media links may redirect you to external platforms over which we have no control.

When you click on such links and access social networks, your personal data may be collected and processed by third parties. These third parties operate in accordance with their own privacy policies and terms of use, so we encourage you to carefully review those policies before providing any personal data on those platforms.

We are not responsible for the privacy practices or the content of social networks that you may access through links on our Site.

EXERCISE OF RIGHTS:

¿What rights can you exercise??

- You can find out if we are processing your data or not.

- You can access your personal data.

- You can request the rectification of your data if they are inaccurate.

- You can request the deletion of your data if they are no longer necessary for the purposes for which they were collected.

- You can request the restriction of the processing of your data.

- You can address a complaint with the Spanish Data Protection Agency in www.aepd.es, if you believe that we didn’t attend to you correctly.

- You can revoke your consent for any processing for which you have consented.

If you change any data, you will need to notify it to us so that we can keep them up to date.

If you wish to exercise any of these rights or revoke any consent, please send a communication to the postal address C/ COLÓN, 75 CP - 17761 CABANES (GIRONA) SPAIN or to the hola@grapat.eu, providing an identification document such as DNI or equivalent.

INTERNATIONAL TRANSFERS:

In general, we do not make any international transfers outside the EU. However, as part of our business operations, we may transfer your personal data to recipients located in countries outside the European Economic Area (EEA). In these cases, we will ensure that appropriate safeguards are in place to protect them through standard contractual clauses approved by the European Commission or any other legally recognised measure to ensure adequate protection of your personal data during the transfer.

You can learn more at: hola@grapat.eu

SECURITY MEASURES:

We are committed to ensuring the security of your personal data and protecting them from unauthorized access, disclosure or alteration. To this end, we implement appropriate technical, administrative, and organizational measures to protect the confidentiality, integrity, and availability of your data.

Despite our best security best practices, you should keep in mind that no security measure is completely infallible. If you detect any vulnerabilities or suspect misuse of your personal data, we urge you to let us know immediately using the contact details provided at the top of our privacy policy.

COOKIES POLICY

Please see our Cookie Policy (link) to find out how we treat cookies and other information.

CHANGES TO THIS PRIVACY POLICY:

We reserve the right to make changes to this Privacy Policy at any time to accommodate legal or treatment changes. Changes to this policy will be notified by updating the "Last Updated" date at the top of this page. We encourage you to periodically review this Privacy Policy to be informed about how we protect the information we collect. Your continued use of our services following the posting of modifications will constitute your acceptance of such modifications.

In the event of significant changes in the way we process your personal data, you will be informed by means of a highlighted notice on our website or through other means of contact.