Free shipping and returns to Spain

Privacy Policy

Privacy Policy

DATA CONTROLLER

The Data Controller is SECRETOS TEXTIL, SL, Avda Valencia 15, 46891, Palomar Valencia.

Privacy Principles

We are committed to continuously working to ensure the privacy of your personal data and to providing you with the most complete and clear information possible at all times. We encourage you to read this section carefully before providing us with your personal data.

If you are under fourteen years of age, please do not provide us with your information without your parents' consent.

In this section, we inform you about how we process the data of individuals associated with our organization. Starting with our principles:

– We do not request personal information unless it is necessary to provide the services you request.

– We never share personal information with anyone except to comply with the law, to provide you with the service, or with your express authorization.

– We will never use your personal data for purposes other than those expressed in this privacy policy.

– Your data will always be treated with a level of protection appropriate to data protection legislation, and we will not subject it to automated decision-making without expressly informing you.

We have drafted this privacy policy taking into account the requirements of current data protection legislation:

– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).

– Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD).

– Royal Decree 1720/2007, of December 21 (RLOPD).

Due to changes in processing criteria, in order to facilitate understanding or adapt it to current legislation, we may modify this privacy policy. We will update the date so you can check its validity.

Treatments we perform

TREATMENT OF ATTENTION TO PEOPLE'S RIGHTS (ARCO)

Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.

General Data Protection Regulation.

Purposes of the Treatment: Respond to requests in the exercise of the rights established by the General Data Protection Regulation: the right to access, rectification, deletion, restriction, portability, and objection to automated decision-making.

Collective: Individuals who request it (employees, customers, suppliers, contact persons)

Data Categories: Name and surname, address, signature and telephone number.

Recipient Categories: Personal data may be communicated to the Supervisory Authority (Spanish Data Protection Agency) within the framework of an investigation for the protection of rights initiated by the interested party.

International Transfers: No international transfers of data are planned.

Deletion Period: They will be kept for a period of five years from the date of the request.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF EMPLOYEES

Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.
Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute Law.
Purposes of the Treatment: – Management of contracted personnel.
– Personnel records. Time tracking. Training. Pension plans. Occupational risk prevention.
– Issuance of staff payroll.
– Management of union activity.
Collective: Employees
Data Categories: – Name and surname, DNI/CIF/Identification document, personnel registration number, Social Security/Mutual Society number, address, signature and telephone number.
– Special categories of data: health data (sick leave, work-related accidents, and disability status, excluding diagnoses), union membership, for the sole purpose of paying union dues (if applicable), union representative (if applicable), and attendance certificates for both yourself and third parties.
– Personal characteristics data: Sex, marital status, nationality, age, date and place of birth, and family information. Family circumstances data: Registration and discharge dates, licenses, permits, and authorizations.
– Academic and professional data: Qualifications, training and professional experience.
– Detailed employment and administrative career information. Incompatibilities.
– Attendance control data: date/time of entry and exit, reason for absence.
– Economic and financial data: Payroll data, credits, loans, guarantees, tax deductions, salary reductions from the previous job (if applicable), legal withholdings (if applicable), other withholdings (if applicable). Bank details.
Categories of Recipients: – Entity entrusted with management of occupational risks.
– General Treasury of Social Security.
– Trade union organizations.
– Financial institutions.
– State Tax Administration Agency.
– Main contractors to whom we provide services as subcontractors.
International Transfers: No international transfers of data are planned.
Deletion Period: Data will be retained for the time necessary to fulfill the purpose for which it was collected and to determine any potential liabilities that may arise from said purpose and the processing of the data.
The financial data from this processing activity will be retained in accordance with the provisions of General Tax Law 58/2003 of 17 December.
Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF SECURITY BREACH NOTIFICATION

Legal Basis: GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.

General Data Protection Regulation. Articles 33 and 34

Purposes of the Treatment: Management and evaluation of security breaches that occur in our organization.

Collective: Variable: Employees, Clients, Suppliers, Contact Persons (will depend on the security breach)

Data Categories: Variable. (Depends on the security breach)

Recipient Categories: – Spanish Data Protection Agency.

– State Security Forces and Corps.

International Transfers: No international transfers of data are planned.

Deletion Period: They will be retained for the time necessary to fulfill the purpose for which they were collected and to determine any potential liabilities that may arise from said purpose and the processing of the data. The provisions of the archives and documentation regulations will apply.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF CONTACTS

Legal Basis: Consent of the interested party

Purposes of the Treatment: Respond to your request, send you information, and track your request.

Collective: Contact persons, clients, suppliers

Data Categories: Name and surname, telephone number, email address

Recipient Categories: Data transfers to third parties are not contemplated.

International Transfers: No international transfers of data are planned.

Deletion Period: Contact information will be retained for an indefinite period, or until the data subject requests its deletion.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF CANDIDATES SELECTION PROCESSES (HR)

Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Purposes of the Treatment: Staff selection and job placement.

Collective: Candidates submitted for job placement procedures.

Data Categories: – Name and surname, DNI/CIF/identification document, personnel registration number, address, signature and telephone number.

– Personal characteristics data: Sex, marital status, nationality, age, date and place of birth, and family data.

– Academic and professional data: Qualifications, training and professional experience.

– Employment details.

Recipient Categories: No data transfers to third parties are planned.

International Transfers: No international transfers of data are planned.

Deletion Period: They will be retained for the time necessary to fulfill the purpose for which they were collected and to determine any potential liabilities that may arise from said purpose and the processing of the data.

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF SUPPLIERS

Legal Basis: GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.

Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute Law.

Law 58/2003, of December 17, General Tax Law.

Purposes of the Treatment: – Acquisition of products and/or services that we need to develop our activity.

– Control of subcontractors if applicable.

Collective: – Suppliers.

– Workers of our suppliers.

Data Categories: – Name and surname, DNI/NIF/Identification document, address, signature and telephone number.

– Employment details: job title. Occupational safety training.

– Economic, financial and insurance data: Banking data.

Recipient Categories: – Financial institutions. (Payment of bills)

– State Tax Administration Agency.

International Transfers: No international transfers of data are planned.

Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine any potential liabilities that may arise from said purpose and the processing of the data, in accordance with Law 58/2003, of December 17, General Tax Law,

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

TREATMENT OF CUSTOMERS.

Legal Basis: GDPR: 6.1.a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

GDPR: 6.1.b) Processing necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

GDPR: 6.1.c) Processing necessary for compliance with a legal obligation applicable to the data controller.

Royal Legislative Decree 2/2015, of October 23, approving the revised text of the Workers' Statute Law.

Law 58/2003, of December 17, General Tax Law.

Purposes of the Treatment: Supply of our products/services

Collective: Customers

Data Categories: – Name and surname, DNI/NIF/Identification document, address, signature and telephone number.

– Economic, financial and insurance data: Banking data

Recipient Categories: – Financial institutions.

– State Tax Administration Agency.

International Transfers: No international transfers of data are planned.

Deletion Period: They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine any potential liabilities that may arise from said purpose and the processing of the data, in accordance with Law 58/2003, of December 17, General Tax Law,

Security Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data Protection Regulation.

YOUR RIGHTS

You have the right to request a copy of your personal data, to rectify inaccurate data or complete it if it is incomplete, or, where appropriate, to delete it when it is no longer necessary for the purposes for which it was collected.

You also have the right to restrict the processing of your personal data and to obtain your personal data in a structured and machine-readable format.

You may object to the processing of your personal data in certain circumstances (in particular, where we do not have to process it to meet a contractual or other legal requirement, or where the purpose of the processing is direct marketing).

Once you have given us your consent, you may withdraw it at any time. At that point, we will stop processing your data or, where appropriate, stop processing it for that specific purpose. If you choose to withdraw your consent, this will not affect any processing that has taken place while your consent was valid.

These rights may be limited; for example, if we have to disclose data about another person to fulfill your request, or if you ask us to delete certain records we are required to keep due to a legal obligation or a legitimate interest, such as defending against legal claims. Or even in cases where the right to freedom of expression and information must prevail.

You can contact us by any of the means indicated in the Data Controller section of this privacy policy, providing a copy of a document that proves your identity (usually your ID).

Another of your rights is not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or affects you.

In the event of any violation of your rights, such as our failure to respond to your request, you have the right to file a complaint with the Data Protection Supervisory Authority. This may be the authority in your country (if you live outside of Spain) or the Spanish Data Protection Agency (if you live in Spain).

Links to third-party websites.

Our website may occasionally contain links to other websites. It is your responsibility to ensure you read the data protection policy and legal terms applicable to each site.

Third-party data.

If you provide us with third-party data, you are responsible for informing them in advance, as provided for in Article 14 of the GDPR.