I. PRIVACY POLICY AND DATA PROTECTION

In compliance with current legislation, El Raco de la Xara (hereinafter also referred to as “the Website”) commits to adopting the technical and organizational measures necessary according to the appropriate level of security for the data collected.

Laws Incorporated into This Privacy Policy This privacy policy is adapted to current Spanish and European regulations on the protection of personal data online. Specifically, it complies with the following laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR).
  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
  • Royal Decree 1720/2007, of December 21, approving the regulations implementing Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller The controller of personal data collected on El Raco de la Xara is Teodoro Pozo Rodriguez, with NIF: 01913347T (hereinafter referred to as the “Data Controller”). The contact information is as follows:

Registration of Personal Data In compliance with the GDPR and LOPD-GDD, we inform you that personal data collected by El Raco de la Xara through forms on its pages will be incorporated and processed in our file to facilitate, expedite, and fulfill the commitments established between El Raco de la Xara and the User or to maintain the relationship set forth in the forms completed by the User or to respond to their requests or inquiries. In accordance with the GDPR and LOPD-GDD, unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities will be maintained, specifying the processing activities carried out and other circumstances required by the GDPR.

Principles Applied to Personal Data Processing The processing of the User’s personal data will be governed by the following principles as set out in Article 5 of the GDPR and Article 4 and following of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights:

  • Principle of lawfulness, fairness, and transparency: User consent will be required at all times, after providing completely transparent information about the purposes for which personal data is collected.
  • Purpose limitation principle: Personal data will be collected for specific, explicit, and legitimate purposes.
  • Data minimization principle: Only the strictly necessary personal data will be collected for the purposes for which it is processed.
  • Accuracy principle: Personal data must be accurate and kept up to date at all times.
  • Storage limitation principle: Personal data will only be stored in a form that allows User identification for as long as necessary for the purposes of its processing.
  • Integrity and confidentiality principle: Personal data will be processed in a way that ensures its security and confidentiality.
  • Proactive accountability principle: The Data Controller will be responsible for ensuring that the above principles are met.

Categories of Personal Data The categories of data processed by El Raco de la Xara are only identifying data. In no case are special categories of personal data processed as defined in Article 9 of the GDPR.

Special categories of personal data include those revealing ethnic or racial origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

For the processing of special categories of personal data, explicit User consent will be required for one or more specific purposes.

Legal Basis for Personal Data Processing The legal basis for the processing of personal data is consent. El Raco de la Xara agrees to obtain the User’s explicit and verifiable consent for processing their personal data for one or more specific purposes.

The User has the right to withdraw consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, withdrawal of consent will not condition the use of the Website.

Whenever the User needs to provide personal data via forms for inquiries, requests for information, or reasons related to the Website’s content, the User will be informed if any of these data are mandatory due to their essential nature for fulfilling the operation.

Purposes of Processing Personal Data Personal data is collected and managed by El Raco de la Xara to facilitate, expedite, and fulfill the commitments established between the Website and the User or to maintain the relationship established in the forms that the User completes or to respond to a request or inquiry.

Likewise, the data may be used for commercial purposes, personalization, operational and statistical analysis, and activities related to the corporate purpose of El Raco de la Xara, as well as for data extraction, storage, and marketing studies to adjust the content offered to the User and improve the quality, functionality, and navigation of the Website.

When personal data is obtained, the User will be informed of the specific purpose(s) of the data processing; that is, the use(s) that will be made of the collected information.

Personal Data Retention Periods Personal data will only be retained for the minimum time necessary for its processing and, in any case, only during the following period: [specified period] or until the User requests its deletion.

When personal data is obtained, the User will be informed of the period during which the personal data will be retained or, if not possible, the criteria used to determine this period.

Recipients of Personal Data The User’s personal data will not be shared with third parties.

In any case, when personal data is obtained, the User will be informed about the recipients or categories of recipients of the personal data.

In cases where the Data Controller intends to transfer personal data to a third country or international organization, the User will be informed at the time of data collection about the third country or international organization to which the data is to be transferred, and whether or not an adequacy decision by the Commission exists.

Personal Data of Minors In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, only those over the age of 14 may legally consent to the processing of their personal data by El Raco de la Xara. If the User is under the age of 14, parental or guardian consent will be required for data processing, and this processing will only be deemed lawful to the extent that such authorization has been obtained.

Confidentiality and Security of Personal Data El Raco de la Xara commits to adopting the necessary technical and organizational measures, according to the level of security appropriate to the risk, to ensure the security of personal data and prevent its accidental or unlawful destruction, loss, alteration, or unauthorized communication or access.

The Website uses an SSL (Secure Socket Layer) certificate, ensuring that personal data is securely transmitted and kept confidential through fully encrypted communication between the server and the User.

However, given that El Raco de la Xara cannot guarantee the absolute invulnerability of the internet or the total absence of hackers or others who may fraudulently access personal data, the Data Controller commits to notify the User without undue delay when a data security breach occurs, likely involving a high risk to the rights and freedoms of natural persons. According to Article 4 of the GDPR, a personal data breach is any security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to transmitted, stored, or otherwise processed personal data.

Personal data will be treated as confidential by the Data Controller, who commits to ensuring and legally or contractually obligating that this confidentiality is respected by their employees, partners, and any person to whom the information is made available.

Rights Derived from the Processing of Personal Data The User has rights over El Raco de la Xara and may therefore exercise the following rights before the Data Controller as recognized by the GDPR and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights:

  • Right of access: The right to obtain confirmation of whether El Raco de la Xara is processing their personal data and, if so, access specific information regarding their data and processing.
  • Right of rectification: The right to have inaccurate or incomplete personal data modified.
  • Right to erasure (“right to be forgotten”): The right to have personal data deleted under certain conditions, such as when data is no longer necessary for its original purpose, if the User has withdrawn consent, or if the processing was unlawful.
  • Right to restriction of processing: The right to limit data processing under certain conditions, such as challenging data accuracy or if the processing is unlawful.
  • Right to data portability: The right to receive personal data in a structured, commonly used format and transmit it to another data controller.
  • Right to object: The right to object to personal data processing or to stop processing by El Raco de la Xara.
  • Right not to be subject to a decision based solely on automated processing, including profiling: The right to avoid decisions based solely on automated processing, except where permitted by law.

To exercise these rights, the User may submit a written request to the Data Controller, including at least:

  1. Name, surname(s), and a copy of the User’s ID. In cases where representation is accepted, the identity of the representative must be verified.
  2. Request with specific details.
  3. Address for receiving notifications.
  4. Supporting documents if necessary.

Exercise of Rights

The request and any accompanying documents should be sent to the address or email provided below:

The response to the request will be provided within one month from receipt. This period may be extended by an additional two months depending on the complexity and volume of requests. In such cases, the User will be informed of the extension and the reasons for it.

Right to Withdraw Consent

The User may withdraw their consent at any time, without affecting the legality of any processing based on consent prior to its withdrawal. To withdraw consent, the User may send a request to the Data Controller using the contact details provided above.

Complaint to the Supervisory Authority

If the User believes their data protection rights have been violated or that their request to exercise their rights has not been adequately addressed, they may file a complaint with the Spanish Data Protection Agency (AEPD), accessible at the following link: www.aepd.es.

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

By using this Website, the User confirms that they have read and agreed to the terms of this Privacy Policy. El Raco de la Xara reserves the right to modify this Privacy Policy to adapt to changes in legislation, jurisprudence, or industry practices.

In the event of changes, the Data Controller will notify the User by clearly indicating the modifications made in a visible location on the Website or, if applicable, by email. Any modifications to the Privacy Policy will take effect as soon as they are published on the Website.

For all inquiries related to this Privacy Policy, the User may contact El Raco de la Xara at the provided email: elracodelaxara@gmail.com.