Last modification: September 23, 2021

Version 1.0

 

 

DATA PROTECTION POLICY

Thank you for visiting this website.

Please read carefully the Terms and Conditions contained in this document, since the use of this website implies the express and full acceptance of the same, in the version published at the time you access it. We recommend that you read this document carefully each time you access the website to check if there have been changes in the terms of use and leave it if you do not agree with such changes. If we believe that certain modifications are important, we will update the "Last Modified" date at the top of this page. You will be responsible for reviewing and familiarizing yourself with any modifications made.

IDENTIFICATION

In compliance with the duty of information contained in Article 10 of Law 34/2002, of July 11, of Services of the Information Society and Electronic Commerce with the current legislation on data protection, specifically, the Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights (LOPDDDGG) which makes fully effective the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (RGPD).

Data Controller: XOAN MANUEL TUBIO FERNÁNDEZ (hereinafter THE OBRADOIRO).

Commercial Name: XANECO - Obradoiro de Instrumentos Musicais

CIF: 33309845A

COMMUNICATION

To contact us for any question that refers to the treatment of personal data, we put at your disposal different means of contact that we detail below:


Phone: 982 393 278

E-mail: obradoiro@xaneco.gal

Registered Office: C/Abeladoira 1, San Fiz de Paz Outeiro de Rei, Lugo 27153

Website: https://xaneco.gal

All notifications and communications provided in this section shall be considered effective, for all purposes, when made through any of the means detailed above.

We understand that the privacy and security of your personal information is extremely important. Therefore, this policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.

 

What is the new Data Protection Regulation?


It is a new European regulation. This regulation unifies criteria of confidentiality and processing of personal data at EU level and adapts its management to new digital environments, such as the Internet and mobile applications. In this way, you will have more control over your data.

When will the new regulation be applicable?


The European Union adopted the regulation in 2016. Member States must apply it as of May 25, 2018.

What changes will it mean for you?


The European regulation adds new rights to those included in the current Spanish regulation. For this reason, we must update information available to you about our company's data protection measures. We will also request your authorization to process your data in some new cases. In this way, we will be able to offer you a service more adapted to your needs.

What measures have we taken to ensure the confidentiality, integrity and security of your data?

- We only ask for the minimum amount of information necessary, collecting only what we believe is essential to do business or for the specific transaction involved;

- We have established a series of confidentiality agreements with all our suppliers, personnel and collaborators;

- We have a specialized advisor who will not only assist us permanently in this matter but will also carry out periodic controls to ensure the correct compliance with these regulations;

- We have established a series of computer security measures that will protect us from possible external attacks;

- We have reviewed all our documentation so that it is adequate according to the new regulation;

- We have assessed the impact that our procedures may have on the protection of your personal data;

- We have trained our staff so that we can all act in a diligent and ethical manner, complying with all the requirements set forth in the new regulation.

Principles we will apply to your personal information

In the processing of your personal data, we will apply the following principles that comply with the requirements of the new European data protection regulation:

  • Principle of lawfulness, fairness and transparency: we will always require your consent for the processing of your personal data for one or more specific purposes that we will inform you in advance with absolute transparency.
  • Principle of data minimization: We will only request data strictly necessary in relation to the purposes for which we require them. As little as possible.
  • Principle of limitation of the retention period: the data will be kept for no longer than necessary for the purposes of processing, depending on the purpose, we will inform you of the corresponding retention period, in the case of subscriptions, we will periodically review our lists and delete those records inactive for a considerable time.
  • Principle of integrity and confidentiality: Your data will be treated in such a way as to ensure adequate security of personal data and to guarantee confidentiality. You should know that we take all necessary precautions to prevent unauthorized access or misuse of our users' data by third parties.

LEGAL BASES FOR THE COLLECTION AND USE OF INFORMATION

If you are an individual in the European Economic Area (EEA), our legal basis for collecting and using information depends on the personal information at issue and the context in which we collect it. Most of our information collection and processing activities are generally based on 1) a contractual need; 2) one or more legitimate interests of OBRADOIRO or a third party that are not overridden by your data protection interests or 3) your consent. Sometimes, we will have a legal obligation to collect your information or will need your personal information to protect your vital interests or those of another person.

PROCESSING

We will explain below how we collect, use, disclose, transfer and store your information. This Privacy Policy applies to personal information collected through our website. It is important that you check the Privacy Policy frequently to see if it has been updated.

All users who access our website will be able to view all of its content without the need to provide any personal information. Your personal data will only be collected when you voluntarily complete our form(s). In this case, the user guarantees the authenticity, accuracy and truthfulness of the information provided, undertaking to keep the personal data updated so that they respond, at all times, to your actual situation. The user will be solely responsible for false or inaccurate statements and the damages that they may cause. Through this means of communication you expressly agree to receive periodic communications only from the entity, which will keep the personal data received from users through the website in total secrecy, ensuring confidentiality, and take the necessary technical measures to prevent any alteration, loss, misuse, or unauthorized access to this data.

 

We also inform you that all data provided through electronic forms and / or by email are strictly necessary for the correct identification of the sender. This information will be treated with strict confidentiality and for the sole purpose of managing information requests, contracting our services and products and other purposes that are specified below. You are informed and give your full express consent to use your data for activities related to the corporate purpose of the entity.

The consent given, both for the processing and for the transfer of the data of the interested parties, is revocable at any time by communicating it to the email address obradoiro@xaneco.gal in the terms established in this Policy for the exercise of rights. This revocation will in no case be retroactive.

How we use your data

We may use your personal data in the following way: the information you provide may help us make decisions, respond to requests, improve services, detect new needs, generate promotions, understand your expectations and provide you with a better service. We may also use your information for the following purposes.

Specific reason: If you provide your personal information for a specific purpose, we will use it for the purpose for which it was provided. For example, if you contact us by email, we will use the personal information you provide to answer your question or resolve the problem, and we will respond to the email address from which the message was sent.

Internal purposes. We may use your personal information for internal purposes such as, but not limited to, relying on it to improve the content and functionality of the Services, better understand our customers' needs, improve the Services, protect, identify or address fraudulent activity, enforce our Terms of Service, manage your account and provide you with customer service, and generally manage the Services and our business, among other things.

Marketing Communications. Provided that we have your express consent (which will be obtained through an exclusive box present in our forms), we may use your personal data to contact you in the future to carry out commercial actions that may be of interest to you, always related to the products and / or services offered by EL OBRADOIRO. In any case, you will always have available the option to "stop receiving" these emails at the bottom of these messages or notify us by sending an email to the following address: obradoiro@xaneco.gal. However, you may continue to receive notices and e-mails as long as they are necessary and essential for the maintenance of our contractual transactions. In accordance with Law 34/2002, of July 11, 2002, of services of the information society and electronic commerce. (LSSICE) EL OBRADOIRO does not engage in SPAM practices and undertakes not to send commercial communications without properly identifying them.

Please note that even if you decide not to subscribe or unsubscribe from promotional or commercial electronic communications, EL OBRADOIRO may still need to contact you as a User with important information about transactions relating to your account and your purchases of products, booking activities or contracting other services.

Below, we explain in more detail what types of data are collected and processed and what their purposes are:

 

 

 CATEGORY

PURPOSE

 Visiting user

Usability and quality analysis to improve our services.

User who contacts us

 To respond to the user's requirements; to respond to any doubts, complaints, comments or concerns he/she may have regarding the information included on the website, the services provided through the website, the processing of personal data, questions concerning the legal texts included on the website, as well as any other queries you may have that are not subject to the terms and conditions of contract.

Registered User

 Processing and registration of users on our website to allow access and self-management of the user account by the user.

Ecommerce Customer

 Process, manage, send, bill and collect the sale of those products or services that have been purchased by the customer; manage commercial communications from the mailing list on a regular basis about news, publications, offers, promotions, events and other information.

 Order Requests

Process and manage those orders that have been requested by the customer.

 

The legal bases are linked to the purposes of the previous point.

 

 CATEGORY

LEGITIMIZING BASIS

  Visiting user

The consent given by accepting cookies or by continuing to browse our website. (GDPR Art. 6.1.a)

User who contacts us

 Our legitimate interest in answering the queries and requests of the interested party, justified by the interest shown in contacting and receiving information at a minimum intrusion in their privacy and the use of limited data and provided by the user himself. (GDPR Art. 6.1.a)

 Registered User

 Consent is requested when you register as a user on our website. The data subject may withdraw consent at any time. In no case will the withdrawal of consent condition the provision of other services. In case of failure to provide the necessary data it will not be possible to process the user registration. (GDPR Art. 6.1.a)

Ecommerce Customer

 Execution of a sales contract according to the terms and conditions stated in our general terms and conditions of sale on our website. In case of failure to provide the necessary data it will not be possible to carry out the contract; consent is requested when you subscribe to the mailing list. The interested party may withdraw consent at any time. In no case the withdrawal of consent will condition the provision of other services. (GDPR Art. 6.1.a, 6.1b and 6.1c)

Order Requests

Our legitimate interest in fulfilling orders requested by the customer. (GDPR Art. 6.1.a, 6.1b and 6.1c)

Mailing List User

 Consent requested from you when you subscribe to the mailing list. The data subject may withdraw consent at any time. In no case shall the withdrawal of consent condition the provision of other services. (GDPR Art. 6.1.a)

 

Data provided voluntarily by the data subject

 

 CATEGORY

COLLECTED DATA

 Visiting user

IP, navigation data..

User who contacts us

 

Data provided by the interested party (usually: name, surname, e-mail and a telephone number).

 Registered User

 First name, last name, address, date of birth, email, phone number.

Ecommerce Customer

Name, Surname, VAT number, shipping address, billing address, email, phone, phone number, bank card type and number, order details.

 Order Requests

Name, e-mail and phone number.

Mailing List User

First name, last name, e-mails

 

Possible consequences of not providing such data

 

 CATEGORY

CONSECUENCIAS

Visiting user

No consequences

User who contacts us

 If the user who contacts us does not provide us with his/her data, we will not be able to answer his/her query(s) properly.

 Registered User

  If a user who registers does not provide us with his/her data, we will not be able to complete the creation of his/her account in our system.

Ecommerce Customer

  If an Ecommerce customer does not provide us with their information, we will not be able to complete their purchase or fulfill our tax obligations.

 Order Requests

If a request is not accompanied by your information, we will not be able to fulfill your order.

Mailing List User

  If a user does not voluntarily sign up for our mailing list, we will not be able to send him the information he requests.

 

Possible transfers of data to third parties

 

 CATEGORY

POSIBLES CESIONES

Visiting user

No data is collected from the visiting user

User who contacts us

 We will not disclose to third parties personal data concerning this type of user without your consent.

 Registered User

  We will not disclose to third parties personal data concerning this type of user without your consent.

Ecommerce Customer

 We will not disclose to third parties personal data concerning this type of user without your consent, unless required by law or requested by a competent authority.

  Order Requests

  We will not disclose to third parties personal data concerning this type of user without your consent.

Mailing List User

We will not disclose to third parties personal data concerning this type of user without your consent.

 

International Transfers

 

 CATEGORY

INTERNATIONAL TRANSFERS

Visiting user

No data is collected from the visiting user

User who contacts us

  No transfer of personal data to a third country or international organization takes place.

 Registered User

  No transfer of personal data to a third country or international organization takes place.

Ecommerce Customer

  No transfer of personal data to a third country or international organization takes place.

 Order Requests

  No transfer of personal data to a third country or international organization takes place.

Mailing List User

  No transfer of personal data to a third country or international organization takes place.

 

Plazos de conservación

 

 CATEGORY

CONSERVATION PERIODS

 Visiting user

No visitor data is stored

User who contacts us

 They will be kept as long as necessary to fulfill the purpose of their collection.

Registered User

 They will be kept as long as necessary to fulfill the purpose of collection.

Ecommerce Customer

They will be kept for the duration of the relationship you have with us and, in any case, for the periods provided for in the applicable legal provisions, for example in accounting and tax matters, and for the time necessary to meet any liabilities arising from the treatment. We will delete your data when they are no longer necessary or relevant for the purposes for which they were collected or for as long as necessary to comply with current legislation unless you exercise your right to erasure.

Order Requests

 They will be kept for the time necessary to fulfill the purpose for which they were collected.

Mailing List User

 They will be kept until such time as the user requests their deletion.

 

OTHER ASPECTS RELATED TO THE TRANSFER OF DATA

As a general rule, the data you provide to us is not disclosed to third parties without your consent, unless legally required, for example: in the event of a subpoena or a request from a government agency, or if we believe in good faith that such action is necessary to a) comply with a legal obligation; b) to protect or defend our rights, interests or property, or those of a third party; c) to prevent or investigate potential wrongdoing in connection with the Services; d) to act in urgent circumstances to protect your personal safety; or e) to safeguard against legal liability.

STORAGE

We may store your data or transfer it to a third party who will store it in accordance with this Privacy Policy. We take steps we consider reasonable to protect personal data against loss, misuse, unauthorized use, unauthorized access, inadvertent disclosure, alteration and destruction. However, no network, server, database, Internet or e-mail transmission is completely secure or error-free. In the event of a breach of security of data in our custody, we will take all necessary measures to mitigate the consequences and will notify the Supervisory Authority of this fact, together with all relevant information for the documentation and communication of the incident.

CONSENTS

The consent of the interested party, in accordance with the data protection regulations, is a free communication by the interested party by which he/she accepts that his/her data be processed for a specific purpose, under certain conditions, of which he/she must be previously informed.

 

Can you modify or withdraw your consents at any time?

Of course you can. The information about the treatments you have consented to will always be accessible. You will be able to modify or withdraw it whenever you wish by sending us an e-mail.
Likewise, you can unsubscribe from our database whenever you wish by sending us an e-mail to:

obradoiro@xaneco.gal

AUTOMATED DECISIONS

THE OBRADOIRO does not make any decision based solely on the automated processing of your data.

STATISTIC STUDIES

The OBRADOIRO does not carry out studies for scientific, historical and statistical purposes in which case we will try to dissociate the data from the object of the study to preserve its confidentiality.

NOTICE OF VIOLATION OF PERSONAL DATA OR SECURITY BREACHES.

The violation of personal data involves a breach of security of the information systems of OBRADOIRO that causes or may cause the destruction, alteration, loss, unauthorized disclosure or access, accidental or not, to personal data transmitted, stored or processed in connection with the provision of our services. In the event that the personal data we store and/or process in THE OBRADOIRO are compromised in any way, we will proceed to notify in a timely manner to those affected, and in accordance with the provisions of Article 33 of the RGPD

DATA PROTECTION RIGHTS

Users may send a written communication to the registered office of OBRADOIRO or to the email address indicated in the heading of this Legal Notice, including in both cases a photocopy of your ID or other similar identification document, to request the exercise of the following rights:

- Right to request access to personal data: you may ask us if we are processing your data;

- Right to request its rectification (in case it is incorrect) or deletion (when the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed).

- Right to request the limitation or cancellation of their processing, in which case they will only be kept by us for the exercise or defense of claims;

- Right to object to the processing: We will stop processing the data in the manner you indicate, unless for compelling legitimate reasons or the exercise or defense of possible claims must continue to be treated;

- Right to data portability: in case you want your data to be processed by another firm, we will provide you with the portability of your data to any other company you indicate to us in a structured, intelligible and automated format.

 

 

These rights are very personal and shall be exercised by the interested party, with no other limitations than those provided for in the applicable legislation. However, the legal representative of the interested user may act when he/she is in a situation of incapacity or minority that makes it impossible for him/her to exercise these rights personally. The exercise of their rights will be made effective by the Data Controller within thirty days of receipt of the request. In the event that the Data Controller considers that it is not appropriate to accede to the request, he/she will inform you with reasons and within the period indicated in this section. In the cases in which, being appropriate the cancellation of the data, it is not possible its physical extinction, both for technical reasons and because of the computer support used, we will proceed to block them in order to prevent their use, until their complete elimination from the information systems.

PAYMENT SERVICE PROVIDERS

In accordance with article 6, paragraph 1, letter b of the GDPR, as part of the order process, the data provided by the user will be transferred together with the information about the order (name and surname, postal address, bank account number, bank code, credit card number -if applicable-, invoice amount, currency and transaction number) to our payment service provider. The transmission of the data will be carried out exclusively for the purpose of executing the payment through the payment service provider and only to the extent necessary for this purpose. The user may object to the processing of his data at any time by sending a message to the payment service provider. The respective data protection policies and contact options of the payment service providers can be found in the table at the end of this Data Protection Policy.

COLLECTION OF DATA FROM MINORS

THE OBRADOIRO does not authorize children under 14 years of age to provide their personal data, either by completing the web forms provided for the request of services, contact forms, or by sending emails. If we become aware that a child under the age of 14 has provided us with personal information, we will take steps to delete that information. If you believe that a child under the age of 14 has provided us with personal information, please email us at

obradoiro@xaneco.gal with the details and we will take steps to delete the information we have about that child.

PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA AND PERSONAL DATA RELATING TO CRIMINAL CONVICTIONS AND OFFENSES

When filling in the free text fields, it is not allowed to enter personal information concerning personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data intended to uniquely identify a natural person, data concerning health or data concerning the sex life or sexual orientations of a natural person, as well as personal data concerning criminal convictions and offences. In case of introducing any information related to the mentioned aspects in any of our forms or through e-mail, they will be immediately erased from our information systems without being able to attend the consultation made, since such data are not necessary or pertinent for the purposes determined in the treatments of this Web.

COMPLAINT TO THE SUPERVISORY AUTHORITY

If you consider that there is a problem with the way in which we are handling your data, you may address your complaints to the corresponding data protection authority, being the Spanish Data Protection Agency the one indicated in the case of Spain. (www.agpd.es)

XANECO - Obradoiro de Instrumentos Musicais has adapted this website to the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (RGPD), the Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), as well as with the Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE or LSSI).

© All rights reserved: XANECO - Obradoiro de Instrumentos Musicais


Scroll To Top