Privacy Policy
FANTASY NAILS EUROPE SL (the “Company”) is an Organization in which personal data processing activities take place, which gives it significant responsibility in the design and organization of procedures so that they are aligned with legal compliance in this matter.
In the exercise of these responsibilities and in order to establish the general principles that must govern the processing of personal data in the Company, this Personal Data Protection Policy is approved, which is notified to its Employees and made available to all its stakeholders.
1. PURPOSE
The Personal Data Protection Policy is a proactive Responsibility measure that aims to ensure compliance with the applicable legislation in this area and, in relation to it, respect for the right to honor and privacy in the processing of personal data of all persons who interact with the Company.
Pursuant to the provisions of this Personal Data Protection Policy, the Principles governing data processing in the organization are established, as well as the procedures and organizational and security measures that the persons affected by this Policy undertake to implement within their area of responsibility. To this end, management will assign responsibilities to the personnel involved in data processing operations.
2. SCOPE OF APPLICATION
This Personal Data Protection Policy will apply to the Company, its directors, managers and employees, as well as to all persons who have a relationship with it, expressly including service providers with access to data (“Data Processors”).
3. PRINCIPLES OF PROCESSING PERSONAL DATA
As a general principle, the Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate this (Principle of "proactive responsibility"), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of "risk approach").
In relation to the above, FANTASY NAILS EUROPE SL will ensure compliance with the following Principles:
➔ Legality, loyalty, transparency and limitation of purpose. Data processing must always be reported to the affected party, through clauses and other procedures; and it will only be considered legitimate if there is consent for the processing of data (with special attention to that given by minors), or there is another valid legitimacy and the purpose of the same is in accordance with the Regulations.
➔ Data minimization. The data processed must be adequate, relevant and limited to what is necessary in relation to the purposes of the processing.
➔ Accuracy. The data must be accurate and, where necessary, up-to-date. In this regard, the necessary measures will be taken to ensure that personal data that are inaccurate with respect to the purposes of the processing are deleted or rectified without delay.
➔ Limitation of the retention period. The data will be kept in a way that allows the identification of the interested parties for no longer than necessary for the purposes of the processing.
➔ Integrity and Confidentiality. The data will be treated in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.
➔ Data transfers. The purchase or obtaining of personal data from illegitimate sources or in cases where such data has been collected or transferred in violation of the law or its legitimate origin is not sufficiently guaranteed is prohibited.
➔ Hiring of suppliers with access to data. Only suppliers that offer sufficient guarantees to apply appropriate technical and security measures in data processing will be chosen for contracting. The appropriate Agreement in this regard will be documented with these third parties.
➔ International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.
➔ Rights of affected parties. The Company will facilitate the exercise of the rights of access, rectification, deletion, limitation of processing, opposition and portability by those affected, establishing internal procedures for this purpose, and in particular the models for their exercise that are necessary and appropriate, which must satisfy, at least, the legal requirements applicable in each case.
The Company will promote that the principles included in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all contracts and obligations formalized or assumed and (iv) in the implementation of all systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.
4. WORKERS' COMMITMENT
Employees are informed of this Policy and declare that they are aware that personal information is an asset of the Company, and in this regard they adhere to it, committing to the following:
Carry out the data protection awareness training that the Company makes available to you.
Apply the user-level security measures that apply to your job, without prejudice to the responsibilities in their design and implementation that may be attributed to you based on your role within FANTASY NAILS EUROPE SL.
Use the established formats for the exercise of Rights by those affected and inform the Company immediately so that the response can be effective.
Inform the Company, as soon as it becomes aware, of deviations from the provisions of this Policy, in particular “Violations of personal data security”, using the format established for this purpose.
5. CONTROL AND EVALUATION
An annual verification, evaluation and assessment will be carried out, or whenever there are significant changes in data processing, of the effectiveness of the technical and organisational measures to ensure the security of the processing.
ADDITIONAL INFORMATION ON DATA PROTECTION
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
Identity: FANTASY NAILS EUROPE SL
Postal Address: PASAJE GRAHAM BELL, 10 - PTA - MALAGA, 29590
Telephone: 952 42 59 22
Email: info@fantasynails.es
FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
At FANTASY NAILS EUROPE SL we process the information provided by our users to respond to their queries and comments, as well as, where appropriate, to maintain contact to inform them about our products/services.
HOW LONG WILL WE KEEP YOUR DATA?
The personal data provided will be kept in any case as long as there is a business relationship, and for the maximum period established in the applicable regulations from the end of this.
WHAT IS THE LEGITIMATION FOR THE PROCESSING OF YOUR DATA?
The legal basis for the processing of your data is the provision of your consent by checking the checkbox, which you may revoke at any time.
TO WHICH RECIPIENTS WILL YOUR DATA BE COMMUNICATED?
Your data will not be disclosed to third parties. No transfers to third countries are planned.
WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?
Any person has the right to obtain confirmation as to whether or not FANTASY NAILS EUROPE SL is processing personal data concerning them.
Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, interested parties may request that the processing of their data be limited, in which case we will only retain them for the exercise or defence of claims.
In certain circumstances and for reasons relating to their particular situation, interested parties may object to the processing of their data. FANTASY NAILS EUROPE SL will stop processing the data, except for legitimate and compelling reasons, or the exercise or defence of possible claims.
Furthermore, in certain circumstances and when technically feasible, data subjects have the right to have their personal data transmitted directly to another controller at their request.
To exercise these rights, please send a letter to: PASAJE GRAHAM BELL, 10 - PTA - MALAGA, 29590, info@fantasynails.es, accompanied by a copy of your ID.
Likewise, you can contact the Spanish Data Protection Agency, especially if you have not obtained satisfaction in the exercise of your rights.
In the exercise of these responsibilities and in order to establish the general principles that must govern the processing of personal data in the Company, this Personal Data Protection Policy is approved, which is notified to its Employees and made available to all its stakeholders.
1. PURPOSE
The Personal Data Protection Policy is a proactive Responsibility measure that aims to ensure compliance with the applicable legislation in this area and, in relation to it, respect for the right to honor and privacy in the processing of personal data of all persons who interact with the Company.
Pursuant to the provisions of this Personal Data Protection Policy, the Principles governing data processing in the organization are established, as well as the procedures and organizational and security measures that the persons affected by this Policy undertake to implement within their area of responsibility. To this end, management will assign responsibilities to the personnel involved in data processing operations.
2. SCOPE OF APPLICATION
This Personal Data Protection Policy will apply to the Company, its directors, managers and employees, as well as to all persons who have a relationship with it, expressly including service providers with access to data (“Data Processors”).
3. PRINCIPLES OF PROCESSING PERSONAL DATA
As a general principle, the Company will scrupulously comply with the legislation on the protection of personal data and must be able to demonstrate this (Principle of "proactive responsibility"), paying special attention to those treatments that may pose a greater risk to the rights of those affected (Principle of "risk approach").
In relation to the above, FANTASY NAILS EUROPE SL will ensure compliance with the following Principles:
➔ Legality, loyalty, transparency and limitation of purpose. Data processing must always be reported to the affected party, through clauses and other procedures; and it will only be considered legitimate if there is consent for the processing of data (with special attention to that given by minors), or there is another valid legitimacy and the purpose of the same is in accordance with the Regulations.
➔ Data minimization. The data processed must be adequate, relevant and limited to what is necessary in relation to the purposes of the processing.
➔ Accuracy. The data must be accurate and, where necessary, up-to-date. In this regard, the necessary measures will be taken to ensure that personal data that are inaccurate with respect to the purposes of the processing are deleted or rectified without delay.
➔ Limitation of the retention period. The data will be kept in a way that allows the identification of the interested parties for no longer than necessary for the purposes of the processing.
➔ Integrity and Confidentiality. The data will be treated in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.
➔ Data transfers. The purchase or obtaining of personal data from illegitimate sources or in cases where such data has been collected or transferred in violation of the law or its legitimate origin is not sufficiently guaranteed is prohibited.
➔ Hiring of suppliers with access to data. Only suppliers that offer sufficient guarantees to apply appropriate technical and security measures in data processing will be chosen for contracting. The appropriate Agreement in this regard will be documented with these third parties.
➔ International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.
➔ Rights of affected parties. The Company will facilitate the exercise of the rights of access, rectification, deletion, limitation of processing, opposition and portability by those affected, establishing internal procedures for this purpose, and in particular the models for their exercise that are necessary and appropriate, which must satisfy, at least, the legal requirements applicable in each case.
The Company will promote that the principles included in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all contracts and obligations formalized or assumed and (iv) in the implementation of all systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.
4. WORKERS' COMMITMENT
Employees are informed of this Policy and declare that they are aware that personal information is an asset of the Company, and in this regard they adhere to it, committing to the following:
Carry out the data protection awareness training that the Company makes available to you.
Apply the user-level security measures that apply to your job, without prejudice to the responsibilities in their design and implementation that may be attributed to you based on your role within FANTASY NAILS EUROPE SL.
Use the established formats for the exercise of Rights by those affected and inform the Company immediately so that the response can be effective.
Inform the Company, as soon as it becomes aware, of deviations from the provisions of this Policy, in particular “Violations of personal data security”, using the format established for this purpose.
5. CONTROL AND EVALUATION
An annual verification, evaluation and assessment will be carried out, or whenever there are significant changes in data processing, of the effectiveness of the technical and organisational measures to ensure the security of the processing.
ADDITIONAL INFORMATION ON DATA PROTECTION
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
Identity: FANTASY NAILS EUROPE SL
Postal Address: PASAJE GRAHAM BELL, 10 - PTA - MALAGA, 29590
Telephone: 952 42 59 22
Email: info@fantasynails.es
FOR WHAT PURPOSE DO WE PROCESS YOUR PERSONAL DATA?
At FANTASY NAILS EUROPE SL we process the information provided by our users to respond to their queries and comments, as well as, where appropriate, to maintain contact to inform them about our products/services.
HOW LONG WILL WE KEEP YOUR DATA?
The personal data provided will be kept in any case as long as there is a business relationship, and for the maximum period established in the applicable regulations from the end of this.
WHAT IS THE LEGITIMATION FOR THE PROCESSING OF YOUR DATA?
The legal basis for the processing of your data is the provision of your consent by checking the checkbox, which you may revoke at any time.
TO WHICH RECIPIENTS WILL YOUR DATA BE COMMUNICATED?
Your data will not be disclosed to third parties. No transfers to third countries are planned.
WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE US WITH YOUR DATA?
Any person has the right to obtain confirmation as to whether or not FANTASY NAILS EUROPE SL is processing personal data concerning them.
Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, interested parties may request that the processing of their data be limited, in which case we will only retain them for the exercise or defence of claims.
In certain circumstances and for reasons relating to their particular situation, interested parties may object to the processing of their data. FANTASY NAILS EUROPE SL will stop processing the data, except for legitimate and compelling reasons, or the exercise or defence of possible claims.
Furthermore, in certain circumstances and when technically feasible, data subjects have the right to have their personal data transmitted directly to another controller at their request.
To exercise these rights, please send a letter to: PASAJE GRAHAM BELL, 10 - PTA - MALAGA, 29590, info@fantasynails.es, accompanied by a copy of your ID.
Likewise, you can contact the Spanish Data Protection Agency, especially if you have not obtained satisfaction in the exercise of your rights.