Privacy Policy and Data Protection
Last updated: October 1, 2023
Commitment to Data Security
At Sunmarket Wellness SL (hereinafter, Sunmarket), we are committed to implementing all necessary technical and organizational measures to ensure the security of personal data. We adapt to the level of risk of such data and comply with current Spanish and European regulations on data protection.
Applicable Laws
Our privacy policy complies with the following regulations:
- Regulation (EU) 2016/679 (GDPR): General Data Protection Regulation of the European Union.
- Organic Law 3/2018 (LOPD-GDD): Personal Data Protection and Guarantee of Digital Rights.
- Royal Decree 1720/2007: Regulation for the development of the LOPD.
- Law 34/2002 (LSSI-CE): Services of the Information Society and Electronic Commerce.
Identity of the Data Controller
- Company Name: SUNMARKET WELLNESS SL
- NIF: B97238372
- Address: Av. Maestro Rodrigo 99, 46015 Valencia, Spain
- Phone: (+34) 961 1040660
- Email: [email protected]
- Data Protection Officer (DPO): [email protected]
Record of Personal Data
Personal data collected through forms and other means will be treated confidentially and will be included in our treatment activity records, complying with current regulations.
Principles of Data Processing
At Sunmarket, the processing of personal data is based on the following principles:
- Lawfulness, fairness, and transparency: We process data lawfully, fairly, and transparently.
- Purpose limitation: We collect data for specified, explicit, and legitimate purposes.
- Data minimization: We only request data that is strictly necessary.
- Accuracy: We keep data up to date.
- Storage limitation: We retain data for the necessary time.
- Integrity and confidentiality: We ensure the security and confidentiality of the data.
- Accountability: We comply with all legal obligations.
Categories of Processed Data
We process identifying personal data, such as:
- First and last name
- Postal and email address
- Phone number
- Payment information (when necessary)
We do not collect specially protected data or special categories of personal data.
Legal Basis for Processing
The legal basis for processing your data is:
- Consent: By providing your data, you agree to this privacy policy.
- Execution of a contract: When you purchase our products or services.
- Compliance with legal obligations: To comply with applicable legislation.
- Legitimate interests: To improve our products and services.
Purposes of Processing
Your personal data will be used for the following purposes:
- Management of the contractual relationship: Processing orders, payments, and product delivery.
- Customer service: Resolving inquiries and providing support.
- Commercial communications: Sending you information about our products and promotions (with your consent).
- Service improvement: Conducting analysis and market research.
- Legal compliance: Managing tax and administrative obligations.
Retention Periods
We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected:
- Contractual data: During the term of the contract and subsequently for the time necessary to fulfill legal obligations (e.g., 5 years according to tax legislation).
- Commercial communications: Until you request its deletion or revoke your consent.
- Browsing data: As specified in our Cookie Policy.
Recipients of the Data
Your data may be shared with:
- Public Administrations: When required by law.
- Transport companies: For product delivery (e.g., GLS, DHL, Rhenus).
- Service providers: Data processors providing services on our behalf (hosting, maintenance, marketing).
All our suppliers comply with data protection regulations and are located within the European Economic Area or in countries with adequate levels of protection.
Protection of Minors' Data
Only individuals over the age of 14 can consent to the processing of their personal data. For individuals under 14 years of age, consent from parents or legal guardians is required.
Security of Personal Data
We implement technical and organizational measures to ensure the security of your data:
- SSL encryption: Secure communications on our website.
- Access control: Restricted access to personal data.
- Backups: We perform periodic backups.
- Training: Our staff is trained in data protection.
In case of a security breach, we will notify the competent authorities and affected individuals as soon as possible.
User Rights
You have the right to:
- Access: Know what personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Deletion: Request the deletion of your data when no longer necessary.
- Limitation of processing: Restrict the use of your data in certain circumstances.
- Portability: Receive your data in a structured, commonly used format.
- Opposition: Object to the processing of your data.
- Not to be subject to automated decisions: Including profiling.
To exercise these rights, you can contact us at [email protected] or [email protected], attaching a copy of your ID or equivalent document.
Employee Obligations
Our staff:
- Is committed to confidentiality and data protection.
- Has signed confidentiality agreements.
- Receives continuous training on data protection.
- Reports any security incidents to the DPO.
Video Surveillance and Audio Recording
For security and labor control reasons, our facilities are equipped with video surveillance systems that record image and sound. These recordings are used exclusively for the indicated purposes and are retained for a maximum of 30 days, unless legally required to retain them longer.
Call Recording
Telephone calls may be recorded for:
- Improving service quality.
- Security and incident resolution.
- Training our staff.
Recordings will be retained for a maximum of 30 days.
Data Processing on WhatsApp
By communicating with us through WhatsApp, you accept the processing of your data in accordance with this policy. Conversations and exchanged data are used exclusively to:
- Manage and formalize contractual relationships, including orders and agreements.
- Address inquiries and requests, providing support and follow-up.
- Maintain a relevant history for claims, warranties, and post-sale follow-up.
Retention Period: We will retain WhatsApp conversations for as long as necessary to fulfill the mentioned purposes and to address potential legal liabilities, not exceeding a period of 5 years from the last interaction. This period is established considering the applicable legal limitation periods for contractual and claims matters.
After this period, conversations and data will be securely deleted, ensuring their confidentiality and privacy.
Collaboration with Transport Companies
For product delivery, we collaborate with transport companies such as GLS, DHL, Rhenus, among others. We guarantee:
- Limited use: They only use your data for delivery.
- Regulatory compliance: They comply with data protection laws.
- Confidentiality and security: They adequately protect your data.
- Data deletion: They do not retain your data longer than necessary.
Use of Cookies
We use our own and third-party cookies to enhance the user experience. We have a cookie blocker provided by CookieYes, which allows users to manage their preferences. For more information, please consult our Cookie Policy.
Update of the Privacy Policy
Sunmarket reserves the right to modify this policy to adapt to legislative or jurisprudential changes. We will notify any significant changes through our website or via email.
International Data Transfers
In case of transferring data to third countries or international organizations, we guarantee that appropriate protective measures are applied in accordance with current regulations.
Links to Other Websites
Our website may contain links to other sites. We are not responsible for the privacy policies and practices of those sites. We recommend reading the privacy policies of each website you visit.
Location and Management of the Web Server
Our web server is located in Spain and is managed by Arsys. We comply with the security and data protection regulations of the European Union.
Privacy Impact Assessments
We conduct periodic privacy impact assessments to ensure compliance with regulations and continuously improve our practices.
Review of Contracts with Third Parties
We regularly review contracts with third parties (suppliers, data processors) to ensure compliance with data protection regulations.
Review and Audit
We conduct internal audits and periodic reviews of our data protection policies and procedures to ensure their effectiveness and compliance.
Contact and Inquiries
If you have any questions or inquiries about our Privacy Policy, you can contact us at:
- Email: [email protected]
- Phone: (+34) 961040660
- DPO: [email protected]
Acceptance and Consent
By providing your personal data, you declare that you have been informed of the conditions regarding the protection of personal data, accepting and consenting to the processing of your data by Sunmarket in the manner and for the purposes indicated.
Additional Information
- Complaints: If you believe your rights have been violated, you can file a complaint with the Spanish Agency for Data Protection (AEPD).
- Confidentiality: Sunmarket guarantees confidentiality in the processing of your personal data.
Sunmarket Wellness SL appreciates your trust and is committed to protecting your privacy and personal data.