PRIVACY POLICY

  1. Identification of the Data Controller

CAVAS J HILL, SL is RESPONSIBLE for the processing of the USER’s personal data and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR) and Organic Law 3/2018 of 5 December (LOPDGDD).

You can contact the Responsible through the e-mail address cavashill@cavashill.com.

The address for the purpose of claims shall correspond to the address indicated as the registered office of the company.

  1. Purposes of processing

  1. Respond to the questions that the interested party sends to the person in charge.

Retention period: The data will be retained until the issue raised by the data subject is resolved. Subsequently, if necessary, the information will be kept blocked for the legally established periods of time.

Legal Basis: Legitimate Interest of the Data Controller and Consent of the Data Subject.

  1. To manage the subscription of the interested party to his Cavas Hill Club account, as well as to his Client account.

Retention period: The data will be retained as long as the data subject does not revoke the consent given. Subsequently, if necessary, the information will be kept blocked for the legally established periods of time.

Legal basis: Consent of the data subject.

  1. Process orders, requests for products or services made by the user.

Retention period: The data will be processed for as long as there is an interest on the part of the data subject, based on the existing contractual relationship. Subsequently, if necessary, the information will be kept blocked for the legally established periods of time.

Legal basis: Contractual relationship.

  1. To send to the interested party commercial communications about our products that may be of interest (newsletter).

Retention period: The data will be retained as long as the data subject does not revoke the consent given. Subsequently, if necessary, the information will be kept blocked for the legally established periods of time.

Legitimate basis: Express consent of the interested party.

  1. Recipients of your data

The Controller contracts with third party data processors in order to provide its services. With the exception of these entities, your data will not be disclosed to other third parties. If for any reason it is necessary to communicate such data to third parties, you will be informed in advance and, where appropriate, your consent will be requested and the purposes of the communication and the identity of the third party to whom the data will be communicated will be specified.

All of the above, with the exception of those cases in which a legal requirement makes it necessary to communicate such data to a third party.

  1. Rights

The persons who provide us with their data have the following rights in relation to them:

  1. Right of access
  2. Right of rectification or suppression
  3. Right to limitation of processing
  4. Right to portability
  5. Right of opposition
  6. Right to revoke consent

  1. Right of access: Any person has the right to obtain from the Controller confirmation of whether or not personal data concerning him/her are being processed and, if so, the right of access to personal data.
  2. Right of rectification: This is the right to obtain the rectification of personal data held by us concerning you.

  1. Right of deletion: This is the right to obtain the deletion of your personal data.

  1. Right to limitation of processing: This is the right for your data to cease to be subject to the corresponding processing operations when any of the following conditions are met:

  • When you have exercised your rights of rectification or opposition and the Controller is in the process of determining whether the request is admissible.

  • If the data processing was unlawful, which implies the deletion of the data, but you do not want your data to be deleted by the Controller.

  • When the data is no longer necessary for the processing, it implies the deletion of the data, but you want the Data Controller to limit the processing of the data and to keep it in order to formulate, exercise or defend yourself against claims.

  1. Right to portability: This is the right to obtain from the Data Controller, in the event of automated processing of your data, a copy of your data in a structured, commonly used and machine-readable format or to have such copy transmitted directly to the Data Controller indicated by you. Please note that this right shall not apply to:
    • The data of third parties that you have provided to the Responsible.
    • The data concerning him/her, but which have been provided to the Data Controller by third parties.
  2. Right of opposition: This is the right to object to your personal data being processed. As far as the processing carried out by the Controller is concerned, you may object to the sending of commercial communications both from the Controller and from third parties.

If you would like more information about your rights, we suggest you visit the website of the Spanish Data Protection Agency.

The exercise of these rights may be made by sending an email to cavashill@cavashill.com, or a letter to C/ Bonavista, 2 – 08734 Moja-Olèrdola – Barcelona, clearly indicating which right you wish to exercise and providing a copy of your identity document to prove your identification. You may also contact us by postal mail at the registered office of the Responsible Party listed in point 1 of this Privacy Policy.

Additionally, we inform you about the possibility of filing a complaint before the competent Control Authority, in this case, the Spanish Data Protection Agency, especially in case you have not obtained satisfaction in the exercise of your rights. You can contact the Spanish Data Protection Agency through their telephone numbers 901 100 099 and 912 663 517 or by visiting them at their address C/ Jorge Juan, 6. 28001 – Madrid.

  1. Safety measures

The Controller guarantees the user that the processing carried out complies with all the provisions of the aforementioned data protection regulations, GDPR and LOPDGDD, and that the data are processed lawfully, fairly and transparently in relation to the data subject and are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Likewise, the Responsible Party guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of the USERS and has communicated the appropriate information to them so that they can exercise them.

  1. Origin and accuracy of the data

All the data collected comes from the data subject. The User, by accepting this Privacy Policy, declares and undertakes to guarantee the truthfulness and accuracy of the data provided, as well as to be the legitimate owner of such data.

Likewise, the User undertakes to keep his/her data updated at all times, and to promptly inform the Responsible Party of any significant modification, such as the change of ownership of his/her bank account, or the modification of his/her e-mail account provided through the relevant forms hosted on the CAVAS HILL website.

In this sense, the User shall be solely responsible for the failure to comply with the above, exonerating CAVAS HILL from any liability with respect to such data that the User has not previously communicated.