Privacy Policy

This policy sets out in detail how your personal data and the information you provide to Nicolás Cunto, hereinafter "GORRION", are treated in order to protect your privacy in accordance with the provisions of Regulation (EU) 2016/679, General Data Protection Regulation -hereinafter, RGPD-.

This is the index, so you can easily locate the different sections of this policy:

ACCEPTANCE AND CONSENT

By accepting this Privacy Policy, you give your express, informed, free and unequivocal consent for the Data you provide, and to which the security, technical and organizational measures provided for in current regulations are applied, to be processed by GORRION as the data controller.

Likewise, by providing your data through electronic channels, you guarantee that you are over 14 years of age and that the data provided are true, accurate, complete and up to date. For these purposes, you confirm that you are responsible for the veracity of the data provided and that you will keep said information appropriately updated so that it reflects your real situation, making yourself responsible for any false or inaccurate data that you may provide, as well as for any direct or indirect damages that may arise.

WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

Title : Nicholas Cunto
NIF : Z1040706F
Address : Carrer de Còrsega 650, Àtic B, 08026, Barcelona, Spain.
Email : info@soygorrion.com
Website : www.soygorrion.com

WHAT PERSONAL DATA IS COLLECTED ON THIS WEBSITE?

In accordance with the GDPR, only data that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is available may be processed, which in turn must be: specific, explicit and legitimate (information on these purposes is provided below).

GORRION collects and processes the personal data detailed below, the collection of which will depend on the different services requested on this website:

Identification data: name and surname and ID number.

Contact information : email, address and telephone number.

Contractual and billing data: data on contractual transactions, purchased services, payment data.

Browsing data : IP address, device type and ID, browser type, domain through which you access the Website, browsing data, activity on the Website. To clearly and precisely know the cookies we use, you can consult the Cookies Policy .

HOW ARE THESE PERSONAL DATA COLLECTED? CAPTURE SYSTEMS

GORRION collects your personal information through different forms (contact, blog comments, subscription and purchase), but you will always be informed at the time of collection, through information clauses, about the person responsible for the processing, the purpose and legal basis thereof, the recipients of the data and the retention period of your information, as well as the way in which you can exercise your rights in terms of data protection.

In any case, in the following sections, reference is made to these elements.

In addition, GORRION uses social media to offer content and interact with you. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social media have their own privacy policies that explain how they use and share your information, so I recommend that you consult them before using them, to confirm that you agree with the way your information is collected, processed and shared.

Through this website, GORRION collects personal information related to your browsing through the use of cookies . To clearly and precisely understand the cookies it uses, what their purposes are and how you can configure or disable them, please consult the Cookie Policy .

FOR WHAT PURPOSES ARE YOUR DATA PROCESSED?

After telling you what data is collected and through what means of capture, we detail the purpose for which said information is used.

First of all, this website has different forms. In each of them, the information collected will be used in the following way:

Contact form : for queries, suggestions or professional contact. In this case, the email address will be used to send the information that the user requires through the website.

Comment form , to be able to comment on the posts published on the blog. The name and email address will be required, although only the name will be published with the comment. These comments will be used exclusively for moderation and publication .

Subscription form for our Newsletter: where the email address will be provided. This data will be used exclusively to send you the Newsletter and keep you updated on news and special offers, exclusive for subscribers of www.soygorrion.com.

Purchase form : We also process data to manage the purchase of our products through the Website, including order management, payment and all operations related to the purchase of the chosen product. This includes sending follow-up emails, responses, invoices, receipts, etc. The data requested will be the name, surname, ID, address, email, telephone number and payment details.

ON WHAT LEGAL BASIS ARE THESE DATA PROCESSED?

GORRION processes your personal data on the following legal bases:

The execution of a contract with GORRION, for the contracting and management of products and/or services.
The application of pre-contractual measures, to respond to your request for information or send commercial information that refers to products similar to those that were the subject of the contract; as well as to manage your reservation for certain products that have this option enabled.
User consent in relation to the sending of commercial communications (including the Newsletter); either via email or cookies.
The legitimate interest of the data controller to be able to offer the customer service requested by the latter, and to protect the Users of the website www.soygorrion.com from abuse and fraud in the use of my products and/or services.
HOW LONG IS DATA KEPT?

GORRION will only retain your information for the period of time necessary to fulfill the purpose for which it was collected, comply with the legal obligations imposed on it and address any potential liabilities that may arise from fulfilling the purpose for which the data was collected.

Specifically, the following time periods are established depending on the type of data involved:

Customer Data: As a general rule, we will retain your personal information as long as there is a contractual relationship between us or you do not exercise your right to erasure and/or restriction of processing.

In any case, the information will be blocked without any use beyond its conservation, and only as long as it may be necessary for the exercise or defense of claims or some type of legal liability that may have to be addressed may arise. The most common legal deadlines are:

4 years: Law on Violations and Sanctions in the Social Order (obligations regarding membership, registration, deregistration, contributions, payment of salaries, etc.); Arts. 66 et seq. General Tax Law (accounting books, etc.).
5 years: Art. 1964 of the Civil Code (personal actions without special term).
6 years: Art. 30 of the Commercial Code (accounting books, invoices, etc.).
10 years: Art. 25 of the Law on the Prevention of Money Laundering and Financing of Terrorism.

Subscriber data : From the moment the user subscribes until they unsubscribe.

Data of potential non-subscribing clients : the data will be kept in all cases for the duration of the established commercial relationship and, once concluded, for two years, being deleted after this period if a contractual relationship has not been formalized or at the time you request us to do so.

WHAT ARE YOUR RIGHTS REGARDING THE USE OF YOUR DATA? HOW CAN YOU EXERCISE THEM?

The Law grants you a series of rights as the owner of the personal data processed by GORRION, which are the following:

Right of access to your personal data.
Right to request rectification of inaccurate data.
Right to request deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Right to request limitation of the processing of your data, in which case GORRION will only retain them for the exercise or defense of claims.
Right to object to the processing of your data.
Right to request the portability of your personal data to another controller when technically possible.
Right not to be subject to automated individual decisions.

You also have the option to unsubscribe from any of the subscription services provided by GORRION.

These rights are characterized by the following:

Its exercise is free of charge, unless the requests are manifestly unfounded or excessive (e.g. repetitive in nature), in which case I may charge a fee proportional to the administrative costs incurred or refuse to act.
You can exercise your rights directly or through your legal or voluntary representative.
We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline may be extended by another two months.
We are obliged to inform you about the means to exercise these rights, which must be accessible and we cannot deny you the exercise of the right for the sole reason of choosing another means. If the request is submitted by electronic means, the information will be provided by these means whenever possible, unless you request otherwise.
If we do not process the request, we will inform you, within one month at the latest, of the reasons for our failure to act and the possibility of filing a complaint with a Control Authority.

In order to facilitate the exercise of these rights, we provide you with a link to the website of the Spanish Data Protection Agency where you can find additional information, as well as links to the application form for each of the rights: https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos

Likewise, the consent given, both for the processing and for the transfer of the data of the interested parties, is revocable at any time by communicating it to GORRION in the terms established in this section. This revocation will in no case be retroactive.

To exercise your rights, GORRION provides you with the following means:

By means of a written and signed request addressed to Nicolás Cunto, Carrer de Còrsega 650, Àtic B, 08026, Barcelona (Spain), indicating as Ref. Exercise of GDPR Rights.

By sending a scanned and signed form to the email address info@soygorrion.com, indicating Exercise of GDPR Rights in the subject.

In both cases, you must prove your identity by attaching a copy of your ID or equivalent document, in order to verify that we are only responding to the interested party. If you submit your application through a legal representative, you must also provide a document proving representation.

Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may file a claim with the national supervisory authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.

TO WHICH RECIPIENTS WILL YOUR DATA BE COMMUNICATED?

In general, we do not share your personal information, except for those transfers that must be made based on legal obligations imposed. In the event that it is transferred to a third party, you will be informed in advance and your consent will be requested.

Although this is not a transfer of data per se, in order to provide you with the requested service, third-party companies, acting as our suppliers, may access your information to carry out the service we have contracted them to provide (for example, web development and maintenance company, hosting company, payment processing services, order processing, analysis, marketing campaign management, website management, and email distribution and other similar service providers). These managers access your data following our instructions and cannot use it for a different purpose and maintaining the strictest confidentiality.

Likewise, your personal information will be available to Public Administrations, Judges and Courts, to address any potential liabilities arising from the processing.

In compliance with the principles of information and transparency, we inform you of the third parties that may access your data as data processors :

BanaHosting : provides web hosting and email provider services. It is operated by the Banahosting group of companies, based in the United States, which has adopted standard contractual clauses for data processing approved by the European Commission. You can consult their privacy policy at the following link: https://www.banahosting.com/es/privacy-policy

Shopify : provides the shopify.com web platform and is responsible for data processing for Europe Shopify International Ltd. Attn: Data Protection Officer c/o Intertrust Ireland 2nd Floor 1-2 Victoria Buildings Haddington Road Dublin 4, D04 XN32 Ireland. You can access their privacy policy here: https://www.shopify.com/legal/privacy

Microsoft Corporation : provides email provider services through the Microsoft Outlook tool. This company is located in Redmond, Washington, United States, and has adopted standard data processing clauses approved by the European Commission. You can consult its privacy policy at the following link: https://privacy.microsoft.com/en-us/privacystatement

Sendinblue , a Simplified Joint Stock Company (Société par actions simplifiée): an email marketing provider registered with the Paris Trade and Companies Register under number 498 019 298 and with its registered office at 55 rue d'Amsterdam, 75008 Paris, France. You can consult their privacy policy at https://en.sendinblue.com/legal/privacypolicy/

Paypal: online payment processing platform, used for the payment of my services. This platform is operated by PayPal (Europe) S.à.rl et Cie, SCA, 22-24 Boulevard Royal L-2449, Luxembourg. You can consult their privacy policy here: https://www.paypal.com/es/webapps/mpp/ua/privacy-full?locale.x=es_ES#16

Google Drive : a tool dedicated to storing a backup copy of files in the cloud and accessing them easily. This service is provided by Google, Inc., whose data controller in the European Economic Area and Switzerland is Google Ireland Limited, a company established and operating under the laws of Ireland (with registration number: 368047). You can consult its privacy policy here: https://policies.google.com/privacy?hl=en

Google Analytics: web analysis tool. This service is provided by Google, Inc., whose data controller in the European Economic Area and Switzerland is Google Ireland Limited, a company established and operating under the laws of Ireland (registration number: 368047). You can consult their privacy policy here: https://policies.google.com/privacy?hl=en

Meta Pixel: tool used to obtain information from Website Users for marketing purposes. This service, in Europe, is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour Dublin 2, Ireland. You can consult their privacy policy here https://www.facebook.com/privacy/policy?section_id=0-WhatIsThePrivacy

Administralia : Accounting and tax consultancy located in c/ Pau Claris 167, 2nd floor 2nd floor, A
08037 Barcelona, Spain. Responsible: Ermengol Sanmartí Giménez and with whom a contract has been signed for the processing of personal data to ensure compliance with European data protection regulations (GDPR).

SEGMENTATION AND PROFILING

The registration of personal data provided at the time of subscription, interaction with the website and any other data provided during navigation, including information provided by cookies in relation to browsing habits, will be used to be segmented or categorized for the purpose of applying them to the activity related to the management of general administration, information, analysis of proposals requested by Users/clients, statistical study of the services and content used, tastes and preferences, and surveys or forms.

Profiling, through the analysis of your automated individual decisions, consists of the use of your Personal Data to evaluate certain personal aspects, such as the analysis and prediction of your economic situation, personal preferences, interests, behaviour, location, movements and attitudes. The logic applied to obtain these profiles is the use of statistical procedures and the consequences of this processing of your data through profiling are the sending of personalised communications of interest to you.

The legal basis for the processing of your data for the purposes indicated and the creation of automated individual decisions by creating profiles is the consent granted by checking the box “I agree to receive personalized commercial communications” in the subscription forms, or by expressly accepting advertising cookies.

The data used in profiling and shown to advertisers is not data that allows Users to be identified, but rather will only show in a graph the type of audience, their age, country, gender, etc.

SOCIAL PLUGINS

On www.soygorrion.com you have links to the social networks Instagram, Facebook and Twitter. If you click on them, you will be redirected to these applications, outside of our Website, so the privacy policies of these social networks will be applicable:

Instagram and Facebook (Meta): https://www.facebook.com/help/instagram/519522125107875

Twitter: https://twitter.com/es/privacy

HOW DO WE PROTECT YOUR INFORMATION?

GORRION is committed to protecting your personal information; to this end, it uses reasonably reliable and effective physical, organizational and technological measures, controls and procedures aimed at preserving the integrity and security of your data and guaranteeing your privacy.

In the case of contracts that we sign with suppliers, clauses are included that require them to maintain the duty of confidentiality with respect to personal data to which they have had access by virtue of the order placed, as well as to implement the technical and organisational security measures necessary to guarantee the permanent confidentiality, integrity, availability and resilience of the systems and services for processing personal data.

This website includes an SSL certificate. This is a security protocol that ensures that your data travels in an integral and secure manner; that is, the transmission of data between a server and the web user, and in feedback, is completely encrypted.

However, absolute security cannot be guaranteed and no security system is impenetrable, so if any information being processed and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Control Authority and, where appropriate, notify those Users who may have been affected so that they can take appropriate measures.

CHANGES IN THE PRIVACY POLICY

GORRION reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as to industry practices. In such cases, we will notify you through the website or through other means, so that you can be aware of the new privacy conditions introduced.

This Privacy Policy was last updated on 01/30/2024.