At foodizlovers.com we hereby undertake to ensure your personal information is protected and not used improperly.
By providing us with your personal information and using our website, it is our understanding that you have read and understood the terms related to the personal data protection information explained.
Foodizlovers.com hereby undertakes to comply with national and European laws in effect on personal data protection and aims to process your data legally, faithfully and transparently.
Scope of application
This document applies to foodizlovers.com as concerns the development of its product sale promotion activities through its website foodizlovers.com
Who is the data controller?
Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data defines the data controller as follows:
“Data controller” or “controller”: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The data controller liable for your personal data is:
- Business name: GURUX ENTERTAINMENT S.L. (hereinafter “GURUX”).
- Registered address: c/ Ganduxer 127. 08022 Barcelona (Spain)
- Email: email@example.com
- Tax identification no.: B-62824198
- Registered with the Trade Register of Barcelona: Volume 34430, Folio 80, Page B 246406
- Website: foodizlovers.com (hereinafter the “Website” or the “Webpage”)
What is the purpose of collecting your personal information?
The main reason we collect your personal information is to respond to queries or questions you may ask through the contact form found in the Contact section of our website.
What is the legal basis for processing personal information?
The basis for processing your personal information is user consent to the processing of their data for the purposes indicated in the paragraph above.
Who can we disclose your personal information to?
To companies which provide us with other types of services such as: information technology (data storage and processing), consulting services, etc.
These third parties only have access to the personal information they need to complete such services. They are required to keep your personal information confidential and may not use it in any other way other than as we have requested.
In any case, GURUX is liable for the personal information you provide to us and we request any companies with which we share personal information to apply the same level of information protection as we do.
Moreover, your personal information will be available to the public administrations, judges and courts to respond to any liability deriving from the processing.
International Data Transfers.
The personal information we collect remains in Spain.
How long will we save your personal data?
We only save your personal information to the extent we need it to be able to use it for the purposes for which it was collected and in accordance with the legal basis of the processing thereof pursuant to applicable laws.
We shall keep your personal information as long as there is a contractual and/or commercial relationship with you or until you exercise your right of deletion and/or restriction of processing of your data.
In these cases, we will keep the information duly blocked without using it in any way as long as it may be necessary to file or defend ourselves from claims or it may lead to any type of judicial, legal or contractual liability due to the processing thereof which must be handled and for which the recovery thereof may be necessary.
What are your rights and how can you exercise them?
Data protection laws set forth that you may contact the data controller to exercise your rights of access, rectification, objection, deletion, restriction of processing, portability and not to be subject of profiling.
These rights are characterized as follows:
- You may exercise them free of cost.
- If any requests are manifestly ungrounded or excessive (repetitive, for example), the controller may:
- Charge a fee in proportion to the administrative costs incurred.
- Refuse to act.
- Requests must be answered within a period of one month; however, when considering the complex nature and number of requests, this period may be extended for another two months.
- The controller is required to inform you of the means for exercising these rights. These means must be accessible and this right may not be denied solely because you choose another means.
- If the request is submitted electronically, the information will be provided through such means whenever possible unless the data subject requests otherwise.
- If the data controller denies the request, it must inform the data subject within one month of the reasons for such non-action and inform the data subject of their right to file a complaint with the Supervisory Authority.
- You may exercise your rights directly or through your legal representative.
- It is possible for the processor to process your request on behalf of the data controller if both have established such provision in the contract or legal document binding them to each other.
Right of access: The right of access means you may address the data controller to determine whether or not they are processing your personal data.
Right of rectification: The right of rectification means you may have your personal data corrected when they are inaccurate without undue delay by the data controller.
Considering the purposes of processing, you have the right to have any of your incomplete data completed including through an additional declaration.
You must indicate on your request which data you refer to and the correction requested. Moreover, when necessary, you must attach the documentation proving the inaccuracy or incomplete nature of your data to the request form.
Right of objection: The right of objection means you may object to the controller processing your personal data in the following situations:
- When they are processed based on a mission of public interest or legitimate interest, including for profiling.
- When the purpose of processing is direct marketing, including profiling as stated above.
Right of deletion: The right of deletion may be exercised with the controller by requesting your personal data be deleted in any of the following circumstances:
- When your personal data are no longer necessary for the purposes for which they were collected or processed in another manner.
- When the processing of your personal data was based on the consent granted to the controller and you withdraw such consent as long as said processing is not based on another legitimate cause.
- The controller’s processing was based on a legitimate interest or compliance with a mission of public interest and no other reasons prevail to legitimize the processing of your data.
- Your personal data are object of direct marketing including profiling related to such marketing.
- When your personal data have been illegally obtained.
Nonetheless, this right is not unlimited meaning it may be feasible not to delete them when the processing is necessary to exercise freedom of expression and information, to comply with a legal obligation, to comply with a mission of public interest or to exercise public powers granted to the controller for reasons of public interest in the scope of public health, for the purposes of records of public interest, the purposes of scientific or historical research or for statistical purposes or to formulate, exercise or defend oneself from complaints.
The data controller will be required to block the data when rectification or deletion are required.
Data blocking consists of identifying and reserving it, adopting technical and organizational measures to prevent the processing thereof including visualization except to make the data available to judges and courts, the Public Prosecutor or competent Public Administrations, in particular data protection authorities, to enforce any liability deriving from the processing and only for the period of prescription thereof.
Following such period, the data must be destroyed.
Right to restriction of processing: This right consists of being able to restrict the processing of your data by the controller; however, there are two possibilities for any such restriction:
You may request that any processing of your data be suspended:
- When you challenge the accuracy of your personal data for a period allowing the controller to verify the accuracy thereof.
- When you have objected to the processing of your personal data by the controller based on a legitimate interest or mission of public interest for a period allowing the controller to verify whether such reasons prevail over yours.
You may request the controller save your data:
- When the is illegal and you object to the erasure of your personal data and request a restriction of the use thereof instead.
- When the data controller no longer needs the personal data for the purposes of processing yet the data subject needs them to formulate, exercise or defend themselves from complaints.
Where can you exercise your rights?
In order to exercise your rights, GURUX makes the following means available to you:
- Through a signed written request to GURUX, proving your identity.
- Through an email to: firstname.lastname@example.org attaching a scanned copy of your national identity document or other document proving the requesting party’s identity.
You may file a complaint with the Spanish Data Protection Agency, especially when you are not satisfied with the response to the exercise of your rights. For more details, please go to the website www.agpd.es
Copyright © GURUX ENTERTAINMENT S.L. All rights reserved, 2020.