Privacy Policy

Information in compliance with personal data protection regulations

 

In Europe and Spain, there are data protection regulations designed to protect your personal information, which our organization is required to comply with.

Therefore, it is very important to us that you fully understand what we are going to do with the personal data we request from you.

This way, we will be transparent and give you control over your data, with simple language and clear options that will allow you to decide what we do with your personal information.

Please, if you have any questions after reading this information, do not hesitate to ask us.

Thank you very much for your cooperation.

 

  • WhoWho are we?
  • Our name: MAGDALENAS LÁZARO SA

 

  • Our Tax ID Number: A50122035

 

  • Our main activity: Wholesale marketing

 

  • Our address: C/ Báscula 7, 50461 – Alfamén (Zaragoza)

 

  • Our contact number: 976 626 065

 

  • Our contact email address: info@mrbrownie.com

 

  • Our website: https://www.mrbrownie.com

 

  • For your confidence and security, we inform you that we are a company registered in the following Commercial Registry/Public Registry:

 

We are at your disposal, please do not hesitate to contact us.

 

  • What will we use your data for?

In general, your personal data will be used to interact with you and provide you with our services.

They may also be used for other activities, such as sending you advertising or promoting our activities. 

 

  • Why do we need to use your data?

Your personal data is necessary for us to interact with you and provide you with our services. In this regard, we will provide you with a series of checkboxes that will allow you to clearly and easily decide how your personal information will be used. 

 

  • Who will have access to the information we request?

In general, only duly authorized personnel from our organization will have access to the information we request from you.

Similarly, entities that need access to your personal information in order for us to provide our services may also have access to it. For example, our bank will have access to your data if payment for our services is made by card or bank transfer.

Likewise, those public or private entities to which we are obliged to provide your personal data in order to comply with any law will also have access to your information. For example, the Tax Law requires us to provide the Tax Agency with certain information on economic transactions that exceed a certain amount.

In the event that, apart from the cases mentioned above, we need to disclose your personal information to other entities, we will first ask for your permission through clear options that will allow you to decide on this matter.

 

  • How will we protect your data?

We will protect your data with effective security measures based on the risks involved in using your information.

To this end, our organization has approved a Data Protection Policy and conducts annual checks and audits to verify that your personal data is secure at all times.

 

  • Will we send your data to other countries?

There are countries in the world that are safe for your data and others that are not so safe. For example, the European Union is a safe environment for your data. Our policy is not to send your personal information to any country that is not safe from the point of view of data protection.

In the event that, in order to provide you with the service, it is essential to send your data to a country that is not as secure as Spain, we will always ask for your permission in advance and apply effective security measures to reduce the risks of sending your personal information to another country.

 

  • How long will we keep your data?

We will retain your data for the duration of our relationship and for as long as we are required to do so by law. Once the applicable legal deadlines have expired, we will proceed to delete it in a secure and environmentally friendly manner.

 

  • What are your data protection rights?

You may contact us at any time to find out what information we hold about you, correct it if it is incorrect, and delete it once our relationship has ended, if this is legally possible.

You also have the right to request the transfer of your information to another entity. This right is called "portability" and can be useful in certain situations.

To exercise any of these rights, you must submit a written request to our address so that we can identify you.

At our offices, we have specific forms for requesting these rights and we offer our assistance in completing them.

To learn more about your data protection rights, you can visit the website of the Spanish Data Protection Agency (www.aepd.es).

 

  • Can you withdraw your consent if you change your mind at a later date?

You may withdraw your consent if you change your mind about the use of your data at any time.

For example, if you were previously interested in receiving advertising about our products or services but no longer wish to receive such advertising, you can notify us by filling out the form to object to processing available at our offices.

 

  • If you believe that your rights have been violated, where can you file a complaint?

If you believe that your rights have been disregarded by our organization, you can file a complaint with the Spanish Data Protection Agency through any of the following means:

  • Electronic headquarters: www.aepd.es
  • Mailing address:

Spanish Data Protection Agency
C/ Jorge Juan, 6
28001-Madrid

  • By telephone:

Tel. 901 100 099

Tel. 91 266 35 17

Filing a complaint with the Spanish Data Protection Agency is free of charge and does not require the assistance of a lawyer or solicitor.

 

  • Will we create profiles about you?

Our policy is not to create profiles of users of our services.

However, there may be situations in which, for service provision, commercial, or other purposes, we need to create information profiles about you. An example would be the use of your purchase or service history to offer you products or services tailored to your tastes or needs.

In such cases, we will implement effective security measures to protect your information at all times from unauthorized persons who may attempt to use it for their own benefit.

 

  • Will we use your data for other purposes?

Our policy is not to use your data for purposes other than those we have explained to you. However, if we need to use your data for other activities, we will always ask for your permission in advance through clear options that will allow you to decide on the matter.

 

OUR COMMITMENT TO PERSONAL DATA PROTECTION: "INFORMED PEOPLE AND PROTECTED DATA"

The Management / Governing Body of MAGDALENAS LÁZARO SA (hereinafter, the data controller) assumes full responsibility and commitment to the establishment, implementation, and maintenance of this Data Protection Policy, ensuring the continuous improvement of the data controller with the aim of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and Spanish regulations on the protection of personal data (Organic Law, specific sectoral legislation, and its implementing regulations).

MAGDALENAS LÁZARO SA's Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for complying with the regulatory and jurisprudential framework governing said Policy, and is able to demonstrate this to the competent supervisory authorities.

In this regard, the data controller shall be governed by the following principles, which shall serve as a guide and frame of reference for all its staff in the processing of personal data:

  1. Data protection by design: the controller shall implement appropriate technical and organizational measures, such as pseudonymization, at both the time of determining the means of processing and at the time of the processing itself, designed to effectively apply data protection principles, such as data minimization, and to integrate the necessary safeguards into the processing.

 

  1. Data protection by default: the controller shall implement appropriate technical and organizational measures to ensure that, by default, only personal data that are necessary for each specific purpose of the processing are processed.

 

  1. Data protection throughout the information lifecycle: measures to ensure the protection of personal data shall apply throughout the entire information lifecycle.

 

  1. Lawfulness, fairness, and transparency: personal data will be processed lawfully, fairly, and transparently in relation to the data subject.

 

  1. Purpose limitation: personal data shall be collected for specified, explicit, and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes.

 

  1. Data minimization: personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

 

  1. Accuracy: personal data shall be accurate and, where necessary, kept up to date; every reasonable step shall be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

 

  1. Limitation of storage period: personal data will be kept in a form that allows the identification of data subjects for no longer than is necessary for the purposes of processing personal data.

 

  1. Integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

 

  1. Information and training: one of the keys to ensuring the protection of personal data is the training and information provided to staff involved in processing it. Throughout the information lifecycle, all staff with access to data will be properly trained and informed about their obligations in relation to compliance with data protection regulations.

 

The Data Protection Policy of MAGDALENAS LÁZARO SA is communicated to all personnel responsible for data processing and made available to all interested parties.

Consequently, this Data Protection Policy involves all personnel responsible for data processing, who must be familiar with it and accept it as their own, with each member being responsible for applying it and verifying the data protection regulations applicable to their activity, as well as identifying and contributing any opportunities for improvement they deem appropriate with the aim of achieving excellence in relation to compliance.

This Policy will be reviewed by the Management/Governing Body of MAGDALENAS LÁZARO SA as often as deemed necessary to ensure that it complies at all times with the provisions in force regarding the protection of personal data.