Privacy Policy
BLANC LLORET SL., with registered office at C/Tenerife 24, Sant Cugat del Vallès (CA) – 08195, CIF/NIF B70879259, (hereinafter, “Data Controller” or “Controller”) is constantly committed to protecting the online privacy of individuals while browsing and using the services of the Website https://blanclloret.com (hereinafter, “Portal” or “Website”).
This document describes all aspects related to the processing of users’ Personal Data (hereinafter, the “Data Subjects”) through the Website, in accordance with the provisions of Article 13 of EU Regulation No. 2016/679 (hereinafter, the “Regulation”). In accordance with the provisions of the Regulation, the processing carried out by the Controller through the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation and retention, data minimization, accuracy, integrity, and confidentiality.
1. Data controller
The Data Controller for the processing carried out through the Portal is Blanc Lloret SL., as defined above, and can be contacted using the contact details contained in the “Contacts” section (see Article 10).
2. Categories of personal data processed
Browsing/usage data
Information collected during the user’s visit to the Website (e.g., IP address, URI addresses, browsing history, information related to interactions with the site, information related to the user’s computing environment, browser type and language, operating system, location, date and time of the request). This information is not collected to be linked to identified data subjects, but by its very nature, through processing and association with data held by third parties, could allow users to be identified.
Data voluntarily communicated by the user:
Personal information voluntarily provided by the user through specific forms on the Website (e.g., registration, contact, comments, reviews, posts, etc.). This information may include, but is not limited to: identification data (name, surname, ID number, username, user ID, password, location, date and place of birth, etc.), personal image, contact and location data (home address, email address, telephone number, postal address, etc.);
Commercial data:
Information necessary for compliance with economic and tax obligations related to the provision of the Website services (for example, payment information, C.I.F., purchase history, information on the use of the product or service, credit and billing information, assistance requests, etc.);
Professional and usage data:
Information necessary for the user to submit professional applications through the Website (for example, job position filled/sought, educational history, resume, cover letter/references, specializations, certifications, professional certificates obtained, place and date of birth, gross annual salary, etc.).
Sensitive data:
These “special categories of personal data” provided for in Article 9 of the Regulation, i.e., personal information capable of revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data intended to uniquely identify a natural person, data concerning a person’s health, sex life or sexual orientation, are included.
Profiling data:
Personal information collected through cookies and other tracking tools for the purpose of automatically classifying users into categories or groups and performing evaluations and processing related to the user’s interests, preferences, habits, and behaviors.
Location or location (or mobility) data:
Information indicating the geographical position (latitude, longitude, altitude, direction of travel, time of position recording) of the terminal equipment (e.g., smartphone, computer) of a user of the Website service.
3. Purposes of the treatment
The Controller uses the Personal Data collected through this Website for the following purposes:
Provision of service:
Respond to requests for information received through the Website; provide content and services covered by the Website; send the user notifications and updates regarding the requested service;
Payments and billing:
Manage the economic and tax profile related to the sale of products/services through the Website.
Security assurance, fraud and abuse prevention, Debug:
Monitor and prevent fraudulent activity and ensure that systems and processes operate properly and securely.
Statistical analysis:
Evaluate the performance and effectiveness of advertisements viewed or interacted with by the user; evaluate the performance and effectiveness of content viewed or interacted with by the user; conduct market research to learn more about the audiences who visit the Website and view the advertisements presented; improve existing systems and software; and develop new services and products.
Basic Ads:
Presentation of “basic ads” displayed based on generic and impersonal characteristics (e.g., content viewed by the user, application used, approximate location, type of device used).
Direct marketing:
Send the user newsletters and other commercial communications by email and other traditional communication systems;
Profiling and personalized ads/content:
Automated creation of a profile based on the user’s interests, preferences, habits, and behaviors; presentation of “personalized content” based on the user’s profile; presentation of “personalized ads” based on the user’s profile.
Judicial protection:
Guarantee the Responsible Party the right to protect or exercise a right in court.
Legal obligation
Comply with a legal obligation to which the Controller is subject.
4. Legal basis for processing
The Controller uses the Personal Data collected through this Website for the following purposes:
Contract/Pre-contractual measures:
The processing of Personal Data is based on Art. 6 (1) (b) of the Regulation (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”);
Consent of the interested party:
The processing of personal data is based on Art. 6 (1) (a) of the Regulation (“[…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”). The consent granted by the user is freely and optionally available and does not affect the use of additional services on the website. The consent granted can always be revoked via the cookie preference selection form or by contacting the Controller using the contact information provided in the [Controller Contacts] section.
Legitimate interest of the Controller:
The processing of Personal Data is based on Art. 6 (1) (f) of the Regulation (“[…] processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party”);
Legal obligation:
The processing of Personal Data is based on Art. 6 (1) (c) of the Regulation: (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject”);
Protection of vital interests:
The processing of Personal Data is based on Art. 6 (1) (d) of the Regulation: (“[…] processing is necessary to protect the vital interests of the data subject or of another natural person”);
Public interest mission:
The processing of Personal Data is based on Art. 6 (1) (e) of the Regulation: (“[…] processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”).
Purposes of Treatment:
The Processing of Particular Categories of Personal Data is based on Article 9 (1) (h) of the Regulation: (“[…] processing is necessary for the purposes of preventive medicine or occupational medicine, assessment of a worker’s capacity for work, diagnosis, healthcare or social care or treatment or the management of healthcare or social care systems and services on the basis of Union or Member State law or pursuant to a contract with a healthcare professional, provided that the processing is carried out by a professional bound by professional secrecy or under his or her responsibility […]”)
5. Treatment modality
Processing is carried out through manual and/or automated methods, also with the help of IT and telematic technologies (e.g. CRM, management software and mailing list services), after applying appropriate technical and organizational security measures to ensure the security, integrity and confidentiality of Personal Data, in order to minimize the risks of destruction, loss, unauthorized access, modification and unauthorized disclosure, in accordance with the provisions of Articles 6 and 32 of the GDPR.
6. Transfer of personal data outside the EU/EEA
The Controller does not intend to transfer Personal Data outside the European Economic Area. However, if necessary to meet organizational/production needs (for example, by using cloud providers and/or services that require data transfers abroad), appropriate safeguards will be identified for the transfer of Personal Data to a third country. These safeguards, depending on the case, may include: verification of the existence of adequacy decisions by the European Commission, signature of standard contractual clauses and/or binding corporate rules, and verification of the adoption of any additional measures transposing Recommendation 01/2020 of the European Parliament and of the Council of 11 December 2020.
| Provider Name | Description | Provider Privacy Policy |
|---|---|---|
| WordPress | ||
| https://www.facebook.com/policy/cookies | ||
| Google Analytics | https://policies.google.com/privacy | |
| Google Ads | https://policies.google.com/privacy | |
| Google reCAPTCHA | https://policies.google.com/privacy | |
| https://help.instagram.com/519522125107875 | ||
| MailChimp | https://mailchimp.com/legal/privacy/ | |
| Stripe | https://stripe.com/privacy/ | |
| PayPal | https://www.paypal.com/uk/webapps/mpp/ua/privacy-full | |
| Elementor | ||
| Google Tag Manager for WordPress |
7. Conservation periods
The Controller retains Personal Data only for the periods of time necessary to achieve the purposes indicated in this document, that is, for the periods provided for by specific regulations.
In particular:
- Personal data processed for the purposes of “providing the service” will be retained for a period not exceeding 10 years;
- Personal data processed for the purposes of “Payments and Billing” will be retained for a period not exceeding 10 years (Article 2220 of the Civil Code).
- Personal data processed for direct marketing purposes will be retained for a period not exceeding two years, or until the data subject withdraws consent to processing, where applicable.
- The duration of persistence of individual cookies is indicated in the “Cookie Policy”;
- Without prejudice, in any case, to the possibility for the Controller to retain Personal Data for the period of time provided for and permitted by Italian law for the purposes of the “judicial protection” of its interests (arts. 2946 and 2947 paragraphs 1 and 3 of the Italian Civil Code).
After these retention periods, personal data will be deleted or anonymized, unless it is retained for other purposes based on appropriate legal grounds.
8. Recipients
The Personal Data collected by the Data Controller may be communicated or made accessible, for the purposes referred to above, to the following categories of subjects:
- Employees and collaborators who assist the Controller in processing operations, with prior express authorization for processing and the signing, where applicable, of confidentiality agreements;
- Subjects providing outsourcing services on behalf of the Controller, as Data Processors: cloud computing service providers, independent professionals, companies or professional firms that provide assistance and advisory activities to the Controller, or subjects delegated to carry out hosting and technical maintenance activities, including the maintenance of software, network equipment and electronic communication networks;
- Independent data controllers to whom communication of data is necessary for the provision of the service requested by the interested party.
- Independent data controllers for the achievement of their own purposes (with prior consent of the interested party);
- Public authorities, if such communication is required by law.
After these retention periods, personal data will be deleted or anonymized, unless it is retained for other purposes based on appropriate legal grounds.
9. Rights of the interested party
At any time, the data subject may access the information concerning him or her and request its rectification, deletion, restriction of processing, and portability. He or she may also object to the processing in whole or in part and have the right not to be subject to automated decision-making relating to individuals, including profiling.
To exercise the rights set forth in Articles 15 to 22 of the GDPR, the data subject may contact the Data Controller as indicated in the “Contact” section (see Article 10). The Data Controller is obliged to respond to the request within one month or to communicate a possible delay in responding in the case of numerous and/or complex requests (the extension may not exceed two months). In any case, the data subject always has the right to lodge a complaint with the competent supervisory authority (personal data protection supervisory authority), pursuant to Article 77 of the GDPR, if they consider that the processing of their personal data violates applicable law.
10. Contact
For more information about the processing of Personal Data carried out in execution of the contract, or to submit a request to exercise your rights, you can contact the Controller via the email address: hola@blanclloret.com