This Privacy Policy provides users of this site www.eeclat.com with the fullest possible details on the processing by the Site of their personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Spanish legislation on the protection of personal data.

In accordance with the applicable legislation, this Privacy Policy also provides details on:

• • The nature of the personal data processed (as defined below)

• • The purposes and means of the processing of personal data

• • The identity and contact details of the controllers

• • The contact details of the data protection officer (DPO)

• • Any third parties involved in the processing operations

• • The period the personal data will be stored

• • A brief description of the security measures adopted to protect personal data

• • The existence of the data subject’s right to request from the controller access to and rectification or erasure of his/her personal data, right to limit the processing of the data concerning him/her or to oppose their processing, and the right to the portability of user data.

This Privacy Policy applies to the Site only and does not concern any website or platform to which the Site may link.

Users with fewer than 16 (sixteen) years old are unable to give consent to the processing of personal data without the authorization of the holder of parental responsibility.

PERSONAL DATA: PURPOSE OF THE PROCESSING

The term “personal data” means any information relating to users of the Site, including data that identify them personally, alone or in combination with other information.

Personal data are collected automatically through the Site or received through multiple sources: forms, chats, emails, apps, devices, social media and other means.

The Joint Controllers process personal data in connection with the following activities:

• Managing Site browsing

The Joint Controllers collect browsing data (which, according to the GDPR, do not fall under the special categories of data) using automatic means to enable and improve the user’s browsing of the Site (e.g. IP address, date/time of the visit and relative duration, any referring URLs, pages visited on the Site, device used and other information).

The processing of such personal data allows users to access the Site and make full use of its features and services. Browsing data may also be used to ensure the Site is functioning properly. From time to time, browsing data are processed anonymously for statistical purposes.

Browsing data are unlikely to allow identification of the relevant data subject. However, by their very nature, browsing data may allow identification of data subjects if associated with other information. The browsing data described above are stored only temporarily in accordance with applicable regulations. The legal basis for the processing of personal data in this case is the legitimate interest of the controller.

• MANAGING ORDERS

At the time of verification, the Site will ask users to provide personal data for the essential purpose of ensuring the management of orders and complying with existing contractual obligations with users (the data processed include, but are not limited to, first name, last name, email address, delivery address).

These personal data are also necessary to allow customer service to assist customers with any requests or questions before or after the sale (e.g. concerning the delivery status of the order or returns of products). Personal data relating to orders are kept for as long as necessary to fulfil contractual obligations and any accounting and tax obligations. The Joint Controllers may also verify that payment instruments used by customers for purchases on the Site (e.g. credit or debit cards, etc.) are valid, mainly to prevent fraud or to fulfil statutory anti-money laundering obligations. Since this activity is delegated to duly authorized third parties, the Joint Controllers do not process or store financial information relating to customers and payment instruments. Failure to transmit/provide the personal data requested at checkout will prevent users from completing an order on the Site. The legal basis for the processing of personal data in this case is Article 6(1)(b) of the GDPR (performance of a contract to which the data subject is party). 

Based on their legitimate interest (Article 6(1)(f) of the GDPR) in improving customer relations, the Joint Controllers will send customers who have made purchases on the Site email communications containing product suggestions, discounts, requests for feedback or other updates. Customers are free to object to any further email communication at any time (e.g. by clicking on the “unsubscribe” link at the foot of each email).

• Registering an account on the Site

When users decide to create and register a personal account on the Site, they are asked to provide personal data (e.g. date of birth, gender, etc.). The Site clearly indicates which personal data are (or are not) required to set up an account on the Site.

Users must provide true and accurate personal data at the time of registration and are encouraged to keep their personal data up to date by accessing their personal account to make any necessary changes.

• NEWSLETTER AND MARKETING COMMUNICATIONS

Site users can opt to receive newsletters and marketing communications.

The Joint Controllers collect users’ freely given, express, and unequivocal consent before sending them newsletters and marketing communications or, more generally, before undertaking dedicated marketing initiatives.

In these cases, in addition to their email address, users may be asked to provide personal data (e.g. gender, country of residence, etc.) to receive marketing communications and newsletters tailored to their user profile.

Users may at any time withdraw their consent to receive newsletters and marketing communications:

• • in their account settings

• • by clicking on the “unsubscribe” link at the bottom of an email;

• • by contacting our customer service representatives.