PRIVACY AND DATA PROTECTION POLICY

Respecting the provisions set forth in the legislation in force, JG Photo Store undertakes to adopt the necessary technical and organizational measures, according to the appropriate security level for the risk of the data collected.

Laws incorporated in this privacy policy

This privacy policy is adapted to Spanish and European regulations in force regarding personal data protection on the internet. Specifically, it abides by the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, dated 27 April 2016, on the protection of natural persons regarding the processing of personal data and the free movement of these data (GDPR).
  • Organic Law 15/1999 dated 13 December, on the Protection of Personal Data (Protección de Datos de Carácter Personal – LOPD).
  • Royal Decree 1720/2007 dated 21 December, whereby approval is granted to the Rules for the development of Organic Law 15/1999 dated 13 December, on the Protection of Personal Data (Protección de Datos de Carácter Personal – RDLOPD).
  • Law 34/2002 dated 11 July, on Services of the Information Society and Electronic Trade (Servicios de la Sociedad de la Información y de Comercio Electrónico – LSSI-CE).

Identity of the party responsible for processing personal data

The party responsible for processing personal data collected at JG Photo Store is: CARBON CAT CONSULTING SL, with Fiscal ID Number (NIF) B86457280 and duly registered at the Madrid Business Registry (Registro Mercantil de Madrid) with the following record data: Item 10/1/416 Page 63 Date 30/04/2012, whose representative is Jorge García Rodríguez (hereinafter, also the “Controller”). His contact information is the following:

Address:
Calle Dr. Torres Feced 20 – 25
28770 Colmenar Viejo
Madrid
Contact phone number: 91 7722676
Contact e-mail: jorge@jgphotostore.com

Personal Data Recording

Personal data collected by JG Photo Store via the forms made available in its pages will be entered into an automated file under the responsibility of the Controller, and duly declared and registered before the General Registry of the Data Protection Agency (Registro General de la Agencia de Protección de Datos) which may be queried at the website of the Spanish Data Protection Agency (Agencia Española de Protección de Datos) at http://www.agpd.es, with the purpose of facilitating, streamlining and complying with the commitments undertaken between JG Photo Store and the User or in the maintenance of the relationship set forth in the forms completed by the latter, or to address a request or inquiry made by the User.

Principles applicable to the processing of personal data

Processing of Users’ personal data shall be subject to the principles gathered in article 5 of the GDPR:

  • Lawfulness, fairness and transparency principle: User consent will always be required after providing fully transparent information regarding the purposes for which personal data are collected.
  • Purpose limitation principle: Personal data will be collected for specific, explicit and legitimate purposes.
  • Data minimization principle: Personal data collected will only be those strictly necessary in relation to the purposes for which they are processed.
  • Accuracy principle: Personal data must be accurate and must always be up to date.
  • Principle on the limitation of the term of their conservation: Personal data shall only be kept in a form which permits the identification of the User during the time needed for the purposes for which they are processed.
  • Integrity and confidentiality principle: Personal data will be processed in a manner that ensures their security and confidentiality.
  • Proactive responsibility principle: The Controller shall be responsible for ensuring that the above principles are complied with.

Personal data categories

The data categories processed at JG Photo Store are only identifier data. Special categories of personal data as referred to in article 9 of the GDPR will not be processed in any case.

Legal ground for the processing of personal data

The legal ground for the processing of personal data is consent. JG Photo Store undertakes to obtain the explicit and verifiable consent of the User for processing his/her personal data for one or several specific purposes.

The User will have the right to withdraw his/her consent at any time. It will be equally easy to withdraw the consent as it is to give it. As general rule, withdrawing consent will not condition the use of the Website.

Whenever the User should or may provide his/her data via forms to submit queries, ask for information or because of reasons related to the Website contents, he/she will be informed in case he/she must complete any mandatory data because these are indispensable for the correct outcome of the operation performed.

Purpose for the processing of personal data

Personal data are collected and managed by JG Photo Store with the purpose of facilitating, streamlining and fulfilling the commitments agreed between the Website and the User or for maintaining the relationship established in the forms completed by the latter, or to address a request or a query.

Likewise, data may be used for a commercial purpose of customization, for operational and statistical purposes, and for activities pertinent to the corporate purpose of JG Photo Store, as well as for the extraction and storage of data and marketing surveys to adjust the Contents offered to the User, as well as to improve the quality, operation and browsing through the Website.

Whenever personal data are obtained, the User will be informed about the specific purpose or purposes of the personal data processing; that is, the use or uses to be given to the collected information.

Personal data retention periods

Personal data will only be retained for the minimum time needed for the purposes of their processing and, in any case, only for the following time: 2 years, or until the User requests their erasure.

Whenever personal data are obtained, the User will be informed about the time during which his/her personal data will be kept, or, whenever possible, the criteria used to determine said term.

Personal data recipients

Users’ personal data will not be shared with third parties.

In any case, whenever personal data are obtained, the User will be informed about the recipients or the categories of the recipients of the personal data.

Personal data of minors

Respecting the provisions set forth in article 8 of the GDPR and article 13 of the RDLOPD, only individuals over 14 years old may grant their consent for the lawful processing of their personal data by JG Photo Store. If the individual is younger than 14 years old, his/her parents or guardians’ consent will be needed for processing his/her data, and the processing will only be considered lawful provided it has been authorized by said parents or guardians.

Personal data secrecy and security

JG Photo Store undertakes to adopt the necessary technical and organizational measures, depending on the appropriate security level for the risk of the collected data, to ensure the security of the personal data and to prevent the destruction, loss or accidental or unlawful alteration of the personal data transmitted, stored or otherwise processed, or the unauthorized disclosure of, or access to, said data.

The Website has an SSL (Secure Socket Layer) certificate that ensures that personal data are transmitted in a secure and confidential manner, since the data transmission between the server and the User, and the feedback, is fully ciphered or encrypted.

Nevertheless, since JG Photo Store cannot guarantee the impregnability of the internet nor the total absence of hackers or others who may fraudulently access the personal data, the Controller undertakes inform the User without undue delay whenever a breach of the personal data security takes place and may probably entail a high risk for the rights and liberties of the physical individuals. Following the provisions set forth in article 4 of the GDPR, a personal data breach means a breach of security leading to the accidental or unlawful destruction, loss or alteration of the personal data transmitted, stored or otherwise processed, or the unauthorized disclosure of, or access to, said data.

Personal data will be treated as confidential by the Controller, who undertakes to inform about and guarantee by means of a legal or contractual obligation that such confidentiality is respected by his employees, associates, and any other person to whom access to the information may be made available.

Rights arising from the processing of personal data

The User has the following rights, recognized in the GDPR, before JG Photo Store, and may therefore exercise them before the Controller:

  • Right of access: It is the right of the User to obtain confirmation as to whether JG Photo Store is processing his/her personal data and, if it is, to obtain information about his/her specific personal data and the processing made or to be made by JG Photo Store, as well as, among others, about the information available regarding the origin of such data and the recipients of the disclosures made or expected to be made.
  • Right to rectification: It is the right of the User to have his personal data modified whenever they are inaccurate or, considering the purposes of the processing, whenever they are incomplete.
  • Right to erasure (“right to be forgotten”): It is the right of the User, as long as the legislation in force does not provide otherwise, to obtain the erasure of his/her personal data when they are no longer necessary for the purposes for which they were collected or processed; when the User has withdrawn his/her consent for the processing and it does not have another legal ground; when the User is opposed to the processing and there is no other legitimate reason to carry on with it; when personal data have been unlawfully processed; when personal data should be erased in compliance with a legal obligation; or when personal data have been obtained as the result of a direct offer of services by the information society to a minor under 14 years old. Besides erasing the data, the Controller, considering the available technology and the cost of its application, shall adopt reasonable measures to inform those responsible who are processing the personal data about the interested party’s request to erase any link to those personal data.
  • Right to restriction of processing: It is the right of the User to restrict the processing of his personal data. The User has the right to obtain the restriction of processing when he/she has contested the accuracy of his/her personal data; when the processing is unlawful; when the Controller no longer needs the personal data, but the User needs them to file claims; and when the User has opposed to the processing.
  • Right to data portability: If the processing is carried out by automated means, the User shall have the right to receive his/her personal data from the Controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller. Whenever it’s technically possible, the Controller shall transmit the data directly to such other controller.
  • Right to object: It is the right of the User to object to the processing of his/her personal data or to demand that their processing be stopped by JG Photo Store.
  • Right to not be subject to a decision solely based on automated processing, including profiling: It is the right of the User not to be subject to an existing decision based solely on automated processing, including profiling, unless otherwise provided by the legislation in force.

Hence, the User may exercise his/her rights by means of written communications addressed to the Controller with the reference “GDPR-www.jgphotostore.com”, specifying:

  • The User’s surname(s), last name(s) and a copy of his/her Identification Document. Whenever representation is admitted, the identification of the person representing the User will also be necessary via the same means, as well as the document accrediting the representation. The photocopy of the Identification Document may be substituted by any other legally valid method to accredit the identity.
  • Petition, with the specific motives for the request or information to which access is sought.
  • Address for notice purposes.
  • Date and petitioner’s signature.
  • Any documents accrediting the petition being made.

This request any other attached document may be sent to the following address and/or e-mail:

Postal address:
Calle Dr. Torres Feced 20 – 25
28770 Colmenar Viejo
Madrid
E-mail: jorge@jgphotostore.com

Links to third-party websites

The Website may include hyperlinks or links enabling access to third-party websites other than those of JG Photo Store, and which are therefore not operated by JG Photo Store. The owners of such websites will have their own data protection policies, and they will be, in each case, solely responsible for their own files and their own privacy practices.

Claims before control authorities

If the User believes there is a problem or a violation of the regulations in force regarding the way in which his/her personal data are being processed, he/she will be entitled to effective legal protection and to file a claim before a control authority, particularly, in the State where he/she has his/her usual residence, workplace, or place of the alleged violation. In the case of Spain, the control authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos) (http://www.agpd.es).

Acceptance and changes to this privacy policy

It is imperative for the User to have read and accepted the terms and conditions regarding personal data protection contained in this Privacy Policy, as well as to accept the processing of his/her personal data for the Controller to be able to do so in the form, during the terms and for the purposes stated. The use of the Website will imply the acceptance of its Privacy Policy.

JG Photo Store reserves the right to modify its Privacy Policy, at its own judgment, or motivated by legislative, jurisprudential or doctrinal reasons adopted by the Spanish Data Protection Agency (Agencia Española de Protección de Datos). Any changes or updates to this Privacy Policy will be explicitly notified to the User.

This Privacy Policy was updated on 31 May 2018 to conform to Regulation (EU) 2016/679 of the European Parliament and of the Council, dated 27 April 2016, on the protection of natural persons regarding the processing of personal data and the free movement of these data (GDPR).