WEBSITE PRIVACY POLICY 

www.wedecor.es

I. PRIVACY POLICY AND DATA PROTECTION 

In accordance with applicable legislation, We Decor (hereinafter, the “Website”) undertakes to  adopt the necessary technical and organizational measures appropriate to the level of risk of  the data collected. 

Laws incorporated into this Privacy Policy 

This Privacy Policy is adapted to current Spanish and European regulations on the protection  of personal data on the internet, and specifically complies with: 

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April  2016 (General Data Protection Regulation, GDPR). 
  • Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and  the guarantee of digital rights (LOPD-GDD). 
  • Royal Decree 1720/2007 of 21 December approving the implementing regulation of  Spanish Organic Law 15/1999 on Personal Data Protection (RDLOPD). 
  • Law 34/2002 of 11 July on Information Society Services and Electronic Commerce  (LSSI-CE). 

Identity of the Data Controller 

The Data Controller for personal data collected on We Decor is Leixuri Barrena  Bengoechea, NIF: 78887814-E (hereinafter, the “Controller”). 

  • Address: Avenida Papa Negro 56, 2A, 28043 – Madrid 
  • Contact phone: +34 620 354 862 
  • Contact email: wedecorhs@gmail.com 

Personal Data Records 

In compliance with the GDPR and the LOPD-GDD, we inform you that personal data collected  by We Decor through forms on its pages will be incorporated into and processed in our file for  the purpose of facilitating, expediting and fulfilling commitments established between We  Decor and the User, maintaining the relationship established in the forms completed by the  User, or responding to a request or inquiry. Likewise, in accordance with the GDPR and LOPD 

GDD—and unless the exception provided for in Article 30.5 GDPR applies—a record of  processing activities is maintained specifying, according to their purposes, the processing  activities carried out and other circumstances established by the GDPR.

Principles applicable to the processing of personal data 

The processing of the User’s personal data will be subject to the following principles set out in  Article 5 GDPR and Articles 4 et seq. of Spanish Organic Law 3/2018: 

  • Lawfulness, fairness and transparency: the User’s consent will be required at all  times following fully transparent information about the purposes of the processing. 
  • Purpose limitation: data will be collected for specified, explicit and legitimate  purposes. 
  • Data minimization: only the data strictly necessary in relation to the purposes will be  processed. 
  • Accuracy: personal data must be accurate and kept up to date. 
  • Storage limitation: personal data will be kept only for as long as necessary for the  purposes of processing. 
  • Integrity and confidentiality: data will be processed in a manner that ensures their  security and confidentiality. 
  • Accountability: the Controller shall be responsible for compliance with all the above  principles. 

Categories of personal data 

The categories of data processed on We Decor are solely identifying data. No special  categories of data within the meaning of Article 9 GDPR are processed. 

Legal basis for processing 

The legal basis for processing personal data is consent. We Decor undertakes to obtain the  User’s express and verifiable consent for the processing of their personal data for one or more  specific purposes. 

The User has the right to withdraw consent at any time. Withdrawal shall be as easy as giving  consent. As a rule, withdrawing consent will not condition the use of the Website. Where the User must or may provide data through forms to make inquiries, request  information or for reasons related to the Website’s content, the User will be informed if any  fields are mandatory because they are essential for the proper performance of the requested  action. 

Purposes of processing 

Personal data are collected and managed by We Decor to facilitate, expedite and fulfill the  commitments established between the Website and the User, to maintain the relationship  established in the forms completed by the User, or to respond to a request or inquiry. Data may also be used for commercial, personalization, operational and statistical purposes  and for activities related to We Decor’s corporate purpose, as well as for the extraction, storage  and marketing studies in order to tailor the content offered to the User and improve the quality, operation and browsing of the Website. 

At the time personal data are obtained, the User will be informed of the specific purpose(s) of the processing. 

Data retention periods 

Personal data will be retained for the minimum time necessary for the purposes of  processing and, in any case, only for the following period: 12 months, or until the User  requests their deletion. 

At the time personal data are obtained, the User will be informed of the retention period or,  where this is not possible, the criteria used to determine it. 

Recipients of personal data 

Users’ personal data will be shared with the following recipients or categories of recipients: Leixuri Barrena Bengoechea, Avda Papa Negro 56, 2A, 28043 – Madrid. 

If the Controller intends to transfer personal data to a third country or international  organization, the User will be informed at the time of data collection of the third country or  international organization to which the data are intended to be transferred, as well as the  existence or absence of an adequacy decision by the European Commission. 

Personal data of minors 

In accordance with Article 8 GDPR and Article 7 of Spanish Organic Law 3/2018, only those  over 14 years of age may lawfully give consent to the processing of their personal data by We  Decor. If the User is under 14, parental or guardian consent is required; processing will only  be lawful to the extent such consent has been given. 

Confidentiality and security of personal data 

We Decor undertakes to adopt the technical and organizational measures appropriate to the  level of risk of the data collected to ensure the security of personal data and prevent their  destruction, loss or unlawful alteration, or unauthorized communication or access. The Website uses an SSL certificate (Secure Socket Layer) to ensure that personal data are  transmitted securely and confidentially, as the transmission between the server and the User is  fully encrypted

However, since We Decor cannot guarantee the invulnerability of the internet nor the total  absence of hackers or other persons fraudulently accessing data, the Controller undertakes to  notify the User without undue delay when a personal data security breach occurs that is  likely to result in a high risk to the rights and freedoms of natural persons (as defined in Article  4 GDPR). 

Personal data will be treated as confidential by the Controller, who undertakes to inform and  ensure—by legal or contractual obligation—that such confidentiality is respected by  employees, partners and any person to whom the information is made accessible. 

Rights arising from processing

The User has, vis-à-vis We Decor and the Controller, the following rights recognized by the  GDPR and Spanish Organic Law 3/2018: 

  • Right of access: to obtain confirmation of whether We Decor is processing their  personal data and, if so, access to such data and information about the processing  (including data origin and recipients). 
  • Right to rectification: to have inaccurate personal data corrected or incomplete data  completed. 
  • Right to erasure (“right to be forgotten”): to have personal data erased, inter alia,  when they are no longer necessary for the purposes collected; consent is withdrawn and  there is no other legal basis; the User objects and there are no overriding legitimate  grounds; the data have been unlawfully processed; erasure is required by a legal  obligation; or data were obtained in relation to the offer of information society services  to a minor under 14. 
  • Right to restriction of processing: when the accuracy of the data is contested;  processing is unlawful; the Controller no longer needs the data but the User needs them  for claims; or the User has objected to processing. 
  • Right to data portability: where processing is carried out by automated means, to  receive personal data in a structured, commonly used and machine-readable format and  transmit them to another controller; where technically feasible, the Controller will  transmit them directly. 
  • Right to object: to object to processing of personal data. 
  • Right not to be subject to a decision based solely on automated processing,  including profiling, except as otherwise provided by law. 

To exercise these rights, the User may send a written communication to the Controller with  the reference “GDPR-www.wedecor.es, specifying: 

  • User’s name and surname(s) and a copy of their ID document (or equivalent). Where  representation is admitted, identification of the representative and proof of  representation will also be required. 
  • The specific request and grounds, or the information to which access is sought. Address for notifications. 
  • Date and signature of the applicant. 
  • Any supporting documents. 

This request and any attached documents may be sent to: 

  • Postal address: Avenida Papa Negro 56, 2A, 28043 – Madrid 
  • Email: wedecorhs@gmail.com

Links to third-party websites 

The Website may include hyperlinks or links to third-party websites not operated by We Decor.  The owners of those websites have their own data protection policies and are responsible for  their own files and privacy practices. 

Complaints to the supervisory authority 

If the User considers that there is a problem or infringement of current regulations regarding  the processing of their personal data, they have the right to effective judicial protection and to  file a complaint with a supervisory authority, in particular in the Member State of their  habitual residence, place of work or place of the alleged infringement. In Spain, the  supervisory authority is the Spanish Data Protection Agency (AEPD): https://www.aepd.es/.

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY  POLICY 

It is necessary that the User has read and agrees with the terms on personal data protection  contained in this Privacy Policy and that they accept the processing of their personal data so  that the Controller may proceed in the manner, for the periods and for the purposes indicated.  Use of the Website implies acceptance of this Privacy Policy. 

We Decor reserves the right to modify this Privacy Policy at its own discretion or due to  legislative, case law or doctrinal changes by the Spanish Data Protection Agency. Changes or  updates will not be explicitly notified to the User. Users are recommended to periodically  review this page to be aware of the latest changes or updates. 

This Privacy Policy was updated to adapt to Regulation (EU) 2016/679 (GDPR) and Spanish  Organic Law 3/2018