Privacy and Data Protection Policy

Privacy and Data Protection Policy

1. Identity of the Data Controller

Through this legal notice and privacy policy, JOYERÍA LÓPEZ ROMERO, S.L. with Tax ID B36153963 and address at C/. Carballeira da Botica, Nº 5, local B5, 36365 Lalín (Pontevedra), Spain, hereinafter THE PROVIDER, states the following: It informs users who visit the website of its Privacy Policy, and describes what data it collects, how it uses them, and users' options regarding these data, including how to access and update them.

The use of the website and any of the services incorporated in it implies full acceptance of the conditions stated in this privacy policy.

2. Data Collection and Consent

In compliance with Law 15/1999, of December 13, on the Protection of Personal Data (LOPD), Royal Decree 1720/2007, of December 21, which approves the Regulation implementing Organic Law 15/1999, of December 13, on the protection of personal data, and the General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council of April 27, 2016, we inform that the personal data requested in our forms, or that may be provided through our email addresses, will be included in our Processing Activity Records.

Likewise, when a user completes any of the forms with the personal data requested, under the GDPR, they must grant unequivocal and explicit consent, which is revocable and without retroactive effects.

We inform you that all personal data will be treated with the utmost confidentiality and in accordance with current regulations on the protection of personal data.

The owner is not responsible for the processing of personal data on web pages that the user may access through the various links contained on our website.

This website is governed by regulations exclusively applicable to the Spanish State, to which both national and foreign persons who use this website are subject.

3. Legal Basis for Processing Personal Data

We inform you that all personal data will be treated with the utmost confidentiality, and in accordance with the new European regulations on the protection of personal data, the applicable legislation for the collection and processing of personal data is as follows:

  • Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD).
  • Royal Decree 1720/2007, of December 21, which approves the Regulation implementing Organic Law 15/1999, of December 13, on the protection of personal data.
  • Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).
  • Royal Decree-Law 5/2018, of July 27, on urgent measures for the adaptation of Spanish Law to European Union regulations on data protection

Our databases comply with the requirements of the GDPR regarding the content of the Registry of Processing Activities, and with the corresponding security measures. If users do not feel protected in their personal rights, they may file a complaint with the Spanish Data Protection Agency.

4. Purposes of Processing

The data we request are adequate and necessary for the purpose for which they are collected, they will not be used for a purpose different from that for which they have been granted, and in no case will they be transferred to third parties without the consent of the owner.

The user is not obliged to provide us with their personal data, however, they are absolutely necessary to be able to carry out the services we offer.

In accordance with Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, the purpose for which personal data is collected is:

- To provide information about the products offered on this website of JOYERÍA LOPEZ ROMERO S.L.

- To manage your purchases, orders, or requests that you make to us.

Unless specifically stated otherwise, it will be considered necessary to fill in all the fields of each form, for which the user will have to provide us with their true, accurate, complete, and updated data.

The user will be solely responsible for any damage or harm, direct and indirect, that they may cause to the owner or any third party, by filling out the forms with false, inaccurate, incomplete, or outdated data, or with third-party data.

5. Right of Access, Rectification, Erasure (Right to be Forgotten), Portability, Limitation, and Opposition of the User's Personal Data

In accordance with the rights of the data subject contained in Chapter III of the Regulation, the user has the right to access the information that concerns them, collected in the records of the website owner, rectify it if it is erroneous, cancel it or oppose its processing, in the terms established by the Law, by contacting JOYERÍA LOPEZ ROMERO, through the following means:

  • Email: web@joyerialopezromero.com
  • Postal mail: C/. Carballeira da Botica, Nº 5, local B5, 36365 Lalín (Pontevedra), Spain, attaching a photocopy of your ID card or document proving your identity.
  • The user must indicate which right they wish to exercise before the data controller.

It is important that, to keep personal data updated, you always inform the website owner if there has been any modification. Otherwise, the owner is not responsible for the veracity of the data.

If the user does not expressly cancel their personal data from THE PROVIDER's Records, it is understood that the right holder remains interested in having them incorporated in the records, as long as it is appropriate for the purpose for which they were obtained and as long as the user considers it appropriate.

The content of the exercise of the Data Subject's Rights includes the following:

To exercise the Right of Access, any user has the right to be confirmed about the information available about their personal data. The user will have the right to obtain a copy of the personal data being processed, and may even be provided with remote access to them.

Regarding the right of rectification, the possibility is offered to rectify personal data that are inaccurate and that concern the owner. The interested party will have the right to complete the personal data that are incomplete, as long as it is not attributable to the website owner.

The right of cancellation, the user requests that their personal data be deleted from the database of the owner. The Right to be Forgotten is not considered an autonomous or differentiated right from the classic rights of the interested party, but it is the consequence of the application of the right to erase personal data. As such, it is a manifestation of the rights of cancellation or opposition in the online environment. Therefore, the user will have the power to request the deletion of their personal data in a technological environment, through the so-called right to be forgotten.

The right of opposition, the right holder requests the registry controller to cease processing their personal data.

6. Security of Personal Data

The security measures required by the European Regulation (GDPR) establish that those responsible for and in charge of processing must take appropriate technical and organizational measures, in order to guarantee the level of risk assumed in the processing of personal data.

This means that, on this website, the protection of personal data by design and by default has been duly taken, with the application of forms in the collection of personal data, requesting the user's consent and acceptance of this privacy policy.

With these technical and organizational measures, the owner is offering full compliance with the GDPR, in order to guarantee the processing of personal data for each of the specified purposes.

7. Commercial Communications by Email

In compliance with Article 21 of the Law on Information Society Services and Electronic Commerce (Law 34/2002, of July 11, on Information Society Services and Electronic Commerce), which prohibits the sending of commercial communications by means of email that have not previously been expressly authorized by the recipients.

In accordance with the new European Regulation (GDPR) 2016/279 of the European Parliament and of the Council of April 27, 2016, if the user wishes to receive commercial information, they must give their explicit and unequivocal consent, through our website, or through the following means:

  • Email: web@joyerialopezromero.com
  • Postal mail: C/. Carballeira da Botica, Nº 5, local B5, 36365 Lalín (Pontevedra), Spain, attaching a photocopy of your ID card or document proving your identity.

8. Modification of this Confidentiality Policy

THE PROVIDER reserves the right in the future to modify its data protection policy according to its criteria, or due to a legislative change, jurisprudence, or in business practice. If it introduces any modification, the new text will be published on this same page, where the user may have knowledge of the data protection policy. In any case, the relationship with the user will be governed by the rules provided at the precise moment when the website is accessed and, consequently, it is mandatory to read them each time you provide us with your data through our website.

The use of the Web attributes to whoever makes use of it the condition of user, who accepts these Conditions of which they have had the opportunity to take knowledge.