DETAILED INFORMATION
ON THE PRIVACY POLICYD

INDEX

  1. Purpose of the Privacy Policy
  2. Definitions
  3. Identity of the Controller
  4. Applicable laws and regulations
  5. Principles applicable to the processing of personal data
  6. Data processing activities carried out
  7. Necessary and updated information
  8. Personal data of minors
  9. Technical and organisational security measures
  10. Rights of the interested parties
  11. Complaints to the Supervisory Authority
  12. Acceptance and changes to the Privacy Policy

1.- OBJECTIVE OF THE PRIVACY POLICY
The purpose of this "Privacy and Data Protection Policy" is to make known the conditions governing the collection and processing of personal data by BODEGAS RUBIO 1893 S.L., making every effort to safeguard the fundamental rights, honour and freedom of the people whose personal data is processed, in compliance with the regulations and laws in force governing the Protection of Personal Data according to the European Union and the Spanish Member State, and specifically those expressed in the section "Processing Activities" of this Privacy Policy.

Therefore, in this Privacy and Data Protection Policy, users of the http://www.luisfelipe.es/ website are informed of all the details of interest to them regarding how these processes are carried out, for what purposes, that other entities may have access to their data and what the rights of the users are.

2.- DEFINITIONS
"Personal data": any information about an identified or identifiable natural person ("the Website user"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier or one or more elements specific to that person's physical, physiological, genetic, mental, economic, cultural or social identity.

"Processing" means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction.

"Limitation of processing": the marking of personal data kept for the purpose of limiting their processing in the future.

"Profiling": any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects of a natural person, in particular to analyse or predict aspects relating to that natural person's professional performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.

"Pseudonymisation": the processing of personal data in such a way that they can no longer be attributed to a data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organisational measures designed to ensure that personal data are not attributed to an identified or identifiable natural person.

"File" means any structured set of personal data, accessible according to specific criteria, whether centralised, decentralised or dispersed in a functional or geographical manner.

"controller' or 'processor': the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing; where Union law or the law of the Member States determines the purposes and means of the processing, the controller or the specific criteria for his nomination may lay them down in Union law or in the law of the Member States

"Processor" or "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

"Recipient': the natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a specific investigation in accordance with Union or Member States' law are not considered as recipients; the processing of such data by these public authorities will be in accordance with the data protection rules applicable to the purposes of the processing.

"Third party" means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct authority of the controller or processor.

"Consent of the data subject": any free, specific, informed and unequivocal expression of will by which the data subject accepts, either by a declaration or by clear affirmative action, the processing of personal data concerning him/her.

"Breach of security of personal data": any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or in the unauthorised disclosure of or access to such data;

"genetic data" means personal data concerning inherited or acquired genetic characteristics of a natural person which provide unique information on the physiology or health of that person, obtained in particular through the analysis of a biological sample from that person

"Biometric data": personal data obtained from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person which enable or confirm the unique identification of that person, such as facial images or dactyloscopic data.

"Health-related data" means personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her state of health.

"Main establishment": (a) in the case of a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing are taken in another establishment of the controller in the Union and that other establishment has the power to implement those decisions, in which case the establishment which has taken those decisions is considered to be the principal establishment (b) in the case of a processor with establishments in more than one Member State, the place of his central administration in the Union or, where there is no central administration, the establishment of the processor in the Union where the main processing activities are carried out in the context of the activities of an establishment of the processor in so far as the processor is subject to specific obligations under this Regulation.

"Representative': a natural or legal person established in the Union who, having been appointed in writing by the controller or processor in accordance with Article 27 of the GPMR, represents the controller or processor in respect of his respective obligations under this Regulation.

"Undertaking': a natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations regularly engaged in an economic activity.

"Supervisory authority: an independent public authority established by a Member State in accordance with Article 51 of the GPRS. In the case of Spain it is the Spanish Data Protection Agency.

"Cross-border processing": (a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, if the controller or processor is established in more than one Member State, or (b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

"Information society service" means any information society service, that is to say, any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.

3.- IDENTITY OF THE CONTROLLER
The Data Controller is the natural or legal person, public or private, or administrative body, who alone or jointly with others determines the purposes and means of the processing of personal data; in the event that the purposes and means of the processing are determined by the law of the European Union or the Spanish Member State.
In the aspects expressed in this Privacy and Data Protection Policy, the identity and contact details of the Data Controller are:

BODEGAS RUBIO 1893 S.L. - CIF B21429170
PALOS DE LA FRONTERA, 14. 21700, LA PALMA DEL CONDADO (Huelva), España
Email: info@luisfelipe.es- Teléfono: 959400743

4.- APPLICABLE LAWS AND REGULATIONS
This Privacy and Data Protection Policy is developed on the basis of the following data protection laws and regulations:
5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
Personal data collected and processed through this website will be treated in accordance with the following principles:
6.- DATA PROCESSING ACTIVITIES
The data processing activities carried out through the website are detailed below, specifying each of the following sections:

MAIN TREATMENT ACTIVITIES
These are those data processing activities whose purposes are necessary and essential for the provision of services.
  1. Users of the website
    • Activity: Management of web users
    • Purposes: Management of information requests
    • Legal basis: Express consent
    • Data processed: Contact details
    • Provenance: From the interested party himself
    • Conservation: 1 year
    • Recipients: No data will be passed on to third parties unless legally obliged to do so
      International transfers: not carried out
  2. Management of the online shop
    • Activity: Management of online shop users
    • Purposes: Sales management of the online shop
    • Legal basis: Express consent
    • Data processed: Contact and invoicing data
    • Provenance: From the interested party himself
    • Shelf life: 5 years from last purchase
    • Recipients: No data will be passed on to third parties unless legally obliged to do so
      International Transfers: Not carried out

7.- NECESSARY AND UPDATED INFORMATION
All the fields marked with an asterisk (*) on the Website forms must be completed, so that the omission of any of them could make it impossible to provide the services or information requested.

You must provide true information, so that the information provided is always updated and does not contain errors, and you must inform the person responsible for the processing as soon as possible of any modifications and corrections to your personal data that may occur by sending an e-mail to: info@luisfelipe.es.

Likewise, by clicking on the "I accept" button (or equivalent) on the aforementioned forms, you declare that the information and data you have provided on them are accurate and true, and that you understand and accept this Privacy Policy.

8.- DATA OF MINORS
In compliance with the provisions of Article 8 of the RGPD and Article 7 of the LOPD/GDD, only those over 14 years of age may give their consent to the processing of their personal data in a lawful manner by BODEGAS RUBIO 1893 S.L.

Therefore, minors under 14 years of age may not use the services available through the Website without the prior authorisation of their parents, guardians or legal representatives, who will be solely responsible for all the acts carried out through the Website by the minors in their charge, including the completion of the telematic forms with the personal data of said minors and the marking, if applicable, of the boxes that accompany them.

9.- TECHNICAL AND ORGANISATIONAL SECURITY MEASURES
The Data Controller adopts the necessary organisational and technical measures to guarantee the security and privacy of your data, to avoid its alteration, loss, unauthorised processing or access, depending on the state of technology, the nature of the data stored and the risks to which it is exposed.

The following measures, among others, are noteworthy:
On the other hand, the Data Controller has taken the decision to manage the information systems in accordance with the following principles:


10.- RIGHTS OF THE INTERESTED PARTIES
The current data protection legislation protects the user in a series of rights in relation to the use given to his data. Each and every one of these rights are unipersonal and non-transferable, that is, they can only be carried out by the owner of the data, after verifying his or her identity.

The rights of the Website users are detailed below:



The Website user may exercise any of the aforementioned rights by contacting the Data Processing Manager and identifying the user beforehand using the following contact information:

Person in charge:BODEGAS RUBIO 1893 S.L.
Address:PALOS DE LA FRONTERA, 14. 21700, LA PALMA DEL CONDADO (Huelva), España
Telephone:959400743
E-mail:info@luisfelipe.es
Website:http://www.luisfelipe.es/

The application form can be downloaded from our website under the link Exercise of Rights

11.- RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY
Users are informed of their right to file a complaint with the Spanish Data Protection Agency if they consider that a breach of data protection legislation has been committed with regard to the processing of their personal data.
Contact information for the supervisory authority:

Agencia Española de Protección de Datos (Spanish Data Protection Agency)
Email: 
info@aepd.es
Telephone:912663517
Website: https://www.aepd.es
Address:C/. Jorge Juan, 6. 28001, Madrid (Madrid), España

12.- ACCEPTANCE AND CHANGES TO THE PRIVACY POLICY
It is necessary that the user of the Website has read and agrees with the data protection conditions contained in this Privacy Policy, as well as accepting the processing of their personal data so that the Data Controller can proceed with it in the manner, time and purpose indicated.

The Data Controller reserves the right to modify this Privacy Policy, at its own discretion, or as a result of a change in legislation, case law or doctrine of the Spanish Data Protection Agency. The changes or updates made to this Privacy Policy that affect the purposes, conservation periods, transfer of data to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.

Version dated 13 October 2020