Privacy Policy
PRIVACY POLICY AND TERMS AND CONDITIONS OF THE EIBARSTORE ONLINE STORE
At SD EIBAR, we are committed to protecting the privacy and proper use of the personal data we process and that you provide to us on this website.
Please read this policy carefully and make sure you understand and agree with it before providing us with your personal information. If you do not agree with this policy, do not use this website or its services or provide us with your information.
By accessing this site, using any of its services, or providing us with your data, whether online or offline, we will understand this as a clear affirmative action by which you give us your consent (when necessary) to process your data for the purposes indicated below.
Who is responsible for processing your data?
SD EIBAR
Postal address: IPURUA KALEA, 2 – 20600 EIBAR (GIPUZKOA)
Email: dpd@sdeibar.com
Telephone: 943 201 831
If you have any questions, complaints, or claims regarding the processing of your data, you can submit them directly to our DPO at the email address above before, where appropriate, submitting them to the Data Protection Agency. We will respond within a maximum of two months of receiving your complaint.
How did we obtain your data?
Obtained from the interested person himself.
You have provided them to us when requesting our services so that we can maintain contact and communication with you, and maintain the contractual relationship with you.
By providing us with your information, you guarantee that you are authorized to do so, and that the information is accurate, up-to-date, and does not violate any contractual restrictions or third-party rights. You are responsible for keeping your information and profile accurate and up-to-date, and SD EIBAR declines all liability should you fail to do so. You agree to
not to impersonate other Users by using their registration data to access the different services and/or content of the Website.
Obtained automatically when visiting our website:
When you visit this website, we collect information through cookies and other tracking and web analytics technologies. This means that data is sent from your browser to our servers to optimize our services and improve your user experience. This data may be collected and stored automatically by us or by third parties on our behalf. You can consult our cookie policy.
Communication of data by a person other than the interested party.
In the event that it is not the data subject themselves but a third party who provides us with their data (legal representatives of minors, or family members and friends of the data subject), the categories of data we process may be, depending on each specific case: Identification and contact data, and data derived from purchases made.
With respect to other people's data, you must respect their privacy and take special care when sharing or publishing their personal data. Only the data subject may authorize the processing of their personal data. It is the responsibility of anyone who provides third-party data to: a) obtain their prior and express consent to use it, and b) inform them of the processing we will carry out on their data. By accepting this privacy policy, you expressly guarantee that you have the authorization to share such data, exonerating us from any liability in the event of any claim by the data subject.
What type of data do we process?
The categories of data we process may be:
o Obtained from the interested party: identification data (name and surname, NIF), contact data (telephone, postal address, email address, billing or delivery address), commercial and economic data (information on the products requested, customer history, and those necessary for payment: bank, credit card...), online profile data (information, preferences and interests).
o Obtained automatically when visiting our website : user's IP address, date and time of visit, URL of the site the user came from, pages visited on our website, information about the browser used (browser type and version, operating system, etc.).
o Communicated by a third party: identification data (name and surname, NIF), contact data (telephone, postal address, email address, billing or delivery address)
Why do we process your data and what is the legal basis for processing it?
Summary table of purposes and their legal basis
The data you provide us, as well as all data generated during the development of the relationship we maintain with you, may be processed for different purposes and on different legal bases.
|
PURPOSE |
LEGAL BASIS |
|
Manage sales through the online store |
Contractual relationship |
|
Installation of non-technical cookies |
Consent |
|
Transfers arising from tax regulations/consumers and users |
Compliance with a regulation or legal obligation |
|
Send electronic communications to SD EIBAR partners/clients/subscribers about their activities, products and/or services. Installation of technical cookies. Conducting opinion/satisfaction surveys In the case of users of our website, or senders or recipients of an email: to manage requests made online, and to contact you |
Legitimate interest |
|
Providing the requested data is mandatory as it is essential to formalize and/or maintain the contractual or pre-contractual relationship and comply with the legal obligations arising from it. If you do not provide it, we will not be able to provide the service arising from said relationship. |
|
|
When the legitimation is based on consent, you may withdraw that consent at any time by sending us an email to that effect to dpd@sdeibar.com . This withdrawal does not affect the processing of your data for the other purposes described. When it is based on our legitimate interest, we consider the processing of your data to be proportionate and has a minimal impact on your privacy, but your interests, rights or freedoms will always prevail over our legitimate interest, so if you do not want us to process your data for these purposes, please send us an email to that effect to dpd@sdeibar.com . Specific information regarding legitimate interest as a legal basis for sending information via electronic communications about the Club's activities, products and/or services.We understand that this legitimate interest is foreseeable for the data subject, as it is expressly recognized in the GDPR, and the impact on data subjects is very limited. We have a procedure for sending commercial communications, in accordance with data protection regulations, and a weighting analysis of this legitimate interest, an extract of which you can request. Therefore, we consider the sending of electronic commercial communications to be proportionate and have a minimal impact on privacy. In any case, your interests, rights, and freedoms will always prevail over our interest. Therefore, if you do not wish us to process your data for these purposes, please send us an email to that effect at dpd@sdeibar.com. |
|
How long will we retain your data?
We will retain the personal data you provide us for as long as the contractual, pre-contractual, or commercial relationship is maintained, and once these relationships have ended, as long as the data subject does not request its deletion. Even if deletion is requested, we may retain it for as long as necessary, limiting its processing to:
- Comply with the legal/contractual obligations to which we are subject,
- and/or during the legal periods provided for the prescription of any liability on our part,
- and/or the exercise or defense of claims arising from the relationship maintained with the interested party.
In coordination with the above criteria, the deletion of personal data, whether in electronic or paper records, may be carried out at the organization's discretion, based on logistical and/or storage space needs that make it advisable to delete information or documentation.
To which recipients may we communicate your data?
We inform you that the data you provide us may be communicated to third parties for the fulfillment of purposes directly related to the legitimate functions of the transferor and transferee, such as:
- To banking entities that manage payment services: for the management of collections and payments for credits, purchases on the website, etc.
- To the companies that are in charge at any given time of the shipments and distribution of the products purchased in the online store for the management of said shipments
- To entities or organizations to which there is a legal obligation to communicate data (for example, Tax Administration for compliance with fiscal and tax obligations)
International Data Transfers
We will ensure that personal data is always processed and located within the European Economic Area. However, under certain circumstances, we may make international data transfers, for example, if necessary for the execution of a contract between the data subject and SD EIBAR, for example, if the purchaser resides outside the EU, or when using service providers located outside the European Union, who may have access to personal data, to provide services ancillary to our activity (hosting, housing, SaaS, remote backups, IT support or maintenance services, email managers, email and email marketing, file transfers, etc.).
These entities may be different and may vary over time, but we will endeavor to select entities either from countries with a level of data protection equivalent to that of Europe, or from countries with adequate safeguards to achieve that level, or based on one of the exceptions provided for this purpose in the GDPR.
What are your rights when you provide us with your data?
You may, where appropriate, exercise your rights of access, rectification, erasure, restriction of processing, and objection to processing, as well as other rights, by sending an email or using the postal address indicated at the beginning of this privacy policy. In both cases, you may request this by sending a written and signed request, including a copy of your ID card, passport, or other valid identification document. If your data changes, you must notify us at the same address. This entity declines all liability if you fail to do so.
Right of access: You can ask us what personal data we are processing and even request a copy of it.
Right to rectification : You can request that we rectify inaccurate personal data or complete incomplete data, including by means of an additional declaration.
Right to erasure (right to be forgotten): You can request that we erase your personal data when: it is no longer necessary for the purposes for which it was collected, you withdraw your consent, there has been unlawful processing of the data, or due to compliance with a legal obligation.
Right to restriction of processing: You can request that we restrict the processing of your data, in which case we will only retain it for the exercise or defense of legal claims.
Right to object: You may object to the processing of your data if such processing is based on the legitimate interest of the data controller or for advertising purposes.
Right to object to automated decisions : You may object to being subject to a decision based solely on the automated processing of your personal data, including profiling that produces legal effects on you or significantly affects you. This could include analyzing or predicting aspects related to your work performance, financial situation, health, personal preferences or interests, etc. In this case, we may create profiles based on your preferences if you do not object.
