The company is engaged in the business of hosting and selling erotic toys.
Our data protection policy is built and communicated in accordance with applicable regulations, especially with regard to the European Union Regulation 2016/679 of the European Parliament and of the Council, relating to the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GDPR), and the Law 3/2018, of December 5, on Data Protection and Digital Rights Guarantee.
The Company has also adopted the necessary technical and organizational measures to ensure the confidentiality, security, and proper processing of personal data, preventing its alteration, loss, processing, or unauthorized access in accordance with the applicable regulations, taking effective measures and always adhering to the appropriate level of security based on the level of data processed. This work is carried out continuously, considering legislative or company developments.
This policy may vary over time due to possible legislative changes or other business management reasons. Whenever a change occurs, it will be immediately reflected on the website, and the corresponding communications will be made, if necessary.
Who is the DATA CONTROLLER for your data?
NUEVA ERA MIRSER, S.L., with CIF B93592350, and registered address at Glorieta Miguel Rubiales 4 LOCAL. 28039, Madrid (Madrid), Spain.
DATA PROTECTION OFFICER: Sergio Aparicio.
PURPOSE OF DATA PROCESSING AND DATA RETENTION
We process the information provided by our clients and other interested parties for the following purposes:
- CONTRACTUAL PURPOSES, regarding associates, suppliers, collaborators, and employees, to manage the provision of rights and obligations derived from the contractual relationship.
- CONSENT-BASED PURPOSES: For information purposes regarding the activities and actions of the company.
The Company will provide information and obtain the necessary consents for the commercial use of data.
- REGULATORY PURPOSES: To comply with legal and/or regulatory obligations.
- LEGITIMATE INTEREST-BASED PURPOSES, in accordance with Article 19 of the LOPDGDD (Organic Law 3/2018 of December 5) and Article 6.1.f) of the GDPR.
The data are processed as DATA CONTROLLER when collected and processed by us.
The data are processed as DATA PROCESSOR when the company processes the data to provide a service to a third party that is the data controller.
The provided personal data will be generally retained, with the exception of the provisions mentioned above:
- For the time necessary to fulfill the purpose for which they are collected or as required by the contractual relationship, including the time necessary, in accordance with applicable regulations, to fulfill the relevant obligations and actions that may arise from it.
- Until the data subject requests their deletion.
Afterwards, the data will be made exclusively available to Judges and Courts, the Public Prosecutor’s Office, or competent Public Authorities, especially data protection authorities, for the attention of potential liabilities arising from the processing, during the statute of limitations. Once this period has elapsed, the data will be deleted.
No profiling is carried out.
As DATA CONTROLLER, the legal basis for processing your data is based on:
- The contractual relationship and the performance of the contract signed with us.
- In case you have expressly given your consent, the legal basis is said consent.
- Legal legitimacy based on regulatory purposes.
- Legitimate interest, according to Article 19 of the LOGPGDD.
As DATA PROCESSOR, it is the responsibility of the entity that has contracted us as a service provider, as DATA CONTROLLER, to establish the legitimacy and processing model.
The data are communicated to our collaborators who provide services as subcontractors, legal firms, and other collaborators in charge of processing, as well as authorities and public entities that require them.
Regarding collaborators, the corresponding data processing agreement is signed with the recipient, as required by the General Data Protection Regulation.
INTERNATIONAL DATA TRANSFERS
The company does not generally carry out international data transfers. In the case of any transfer of your personal data to countries outside the EEA, the company will implement specific appropriate measures to ensure an adequate level of protection for your personal data.
- Any person has the right to obtain confirmation as to whether we are processing personal data concerning them or not.
- Interested parties have the right to access their personal data and request the correction of inaccurate data or, where appropriate, request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- In certain circumstances provided for in Article 18 of the GDPR, data subjects may request the limitation of the processing of their data, in which case we will only retain them for the exercise or defense of claims.
- Interested parties may object to the processing of their data for marketing purposes, including profiling. The company will cease processing the data, except for compelling legitimate reasons or the exercise or defense of possible claims.
- Under the right to data portability, interested parties have the right to obtain the personal data that concerns them in a structured, commonly used, and machine-readable format and to transmit it to another data controller.
EXERCISE OF GDPR RIGHTS BY THE USER
Through a written request addressed to the addresses indicated above.
The User guarantees that the personal data provided through the form are true, and undertakes to communicate any modification thereof. Similarly, the User guarantees that the information provided corresponds to their real situation, is up-to-date, and is accurate. In addition, the User undertakes to keep their data updated at all times, being solely responsible for the inaccuracy or falsity of the data provided and the damages that may be caused by it to NUEVA ERA MIRSER, S.L. as the portal owner.
COMPLAINT TO THE SPANISH DATA PROTECTION AGENCY
If you believe that the Company has not properly resolved your request, you can address the Spanish Data Protection Agency to request protection, whose details you can find at www.agpd.es.
CATEGORIES OF DATA
What categories of data do we process?
- Identifying data.
- Economic and payment data.
Generally, we do not process special categories of data under Articles 9 and 10
of the GDPR. If at any time we do, we will comply with the requirements of Articles 9 and 10, and explicit consent will be obtained.
The data received or collected are necessary to fulfill the indicated purposes and are treated confidentially in accordance with the privacy and security policies established by the company.
As DATA CONTROLLER, the personal data we process come from the information you provide when requesting services or resources from us, accessing our website, or establishing any type of relationship with us, directly or indirectly.
As DATA PROCESSORS, the data come from the DATA CONTROLLER, or we collect them on their behalf during the provision of the service contracted with the DATA CONTROLLER.