PRIVACY OF YOUR DATA AND LEGAL NOTICE

For lasenor.com the confidentiality and security of your personal data is of great importance.

The objective of the privacy policy is to inform you about the treatment of the personal data that you provide us or that we can obtain when you navigate through our web site or mobile lasenor.com, of the eventual transfer to third parties and of the rights and options that you have to control your personal data and protect your privacy in a clear, simple and transparent way.

LASENOR EMUL, S.L., whose registered office is located at Carretera C-55, km. 5,3 08640 Olesa de Montserrat P.O. BOX 76 Barcelona, is responsible for the processing of personal data collected on the Site, in accordance with the applicable regulations on personal data and, in particular, EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights, as well as any other obligations that may apply.

I. What is personal data?

Personal data is any information relating to a person that allows his or her identification directly or indirectly by reference to one or more elements that are specific to him or her, such as his or her surname, first name, postal or e-mail address or by reference to an identification number, such as an order number or even an IP address, etc.

II. Why does lasenor.com collect my personal data?
lasenor.com collects and uses your data in order to:

• Enable you to create an account on our Site;
• Manage your access to your account on the Site;
• Send you an invitation email to our daily sales;
• Process and manage orders placed;
• Ensure the delivery of the products and services you order;
• Send you quotes within the framework of our travel and holiday sales;
• Ensure the security of online transactions, prevent fraud, payment incidents and manage charges, in particular through the automated processing of your data;
• Manage the relationship with users in the context of requests for information or complaints that you send us through our Site;
• Trace and manage the collection and recall of products;
• Manage and optimize your customer experience through a better understanding of our users;
• Provide a personalized shopping experience, as close as possible to their tastes and preferences;
• Perform statistical analysis to develop management, measurement and reporting tools with a view to adapt and improve our commercial and marketing activities;

Subject to your consent, to:
• Send you information about special offers, news and events, through the media you have selected;
• Offer you a personalized interface or a personalized presentation of our offers in our emails;
• Retain your bank card details (excluding CVV) to facilitate your future purchases;

III. When may we collect your personal data?

We may collect your personal data during:

• The creation of your account on our Site, either directly when you complete the account creation form on the Site or, at your request, through a Google Account.
• Placing orders on the Site;
• Payment for your order;
• Your consent to receive certain commercial communication from us by email and/or through notifications on your smartphone;
• An interaction with us through the Site or through a private message on social networks, your communications with our Service User Relations through the Site, by phone or email;
• Your browsing on our Site by means of cookies or similar technologies (hereinafter, “Cookies” as defined in the Cookie Policy, which follows below) or when you click on advertisements relating to our sales;

IV. What personal data may we collect?

1- As part of our activities, we may collect some data directly from you for the purposes detailed in point
II of this policy.

The information we collect is:

• The personal data you provide to us when you create your user account, such as your identity, your email address, your password and your date of birth;
• Your contact details (name, email) in case you subscribe to our blog or submit;
• Your contact details, in particular, your addresses for billing and delivery of your orders;
• Your personal preferences regarding the products we sell on our Site;
• Information relating to your orders, such as the products and services you order;
• Information relating to your means of payment when you place an order on our Site (your bank details are not transmitted unencrypted, payments are made through a secure payment platform and supplemented by control measures, to ensure the security of purchases made on the Site and to fight against fraud).
• The information that you may have to communicate to our Customer Relations Department in the context of the management of your requests for information or complaints;
• The information you enter when you leave a review of a product or service on our Site;

2- To ensure the security of payments during transactions on the Site, prevent fraud and protect you in the context of distance selling, we also collect data and carry out automated processing of this data for the purpose of managing and/or having orders handled by one of our suppliers to check the accuracy of the information provided when placing an order on our Site. If the payment of an order is the subject of a report, our fraud prevention service will carry out an individual verification of the said report.

3- Finally, we may collect information relating to the use of our Site, in particular your browsing (IP address, pages, products and services visited or searched for, links clicked, etc.) in order to build a commercial profile about you to analyze or predict aspects such as your personal preferences or interests and to send you commercial communications tailored to your preferences or interests, as well as to personalize our Site or services. Similarly, we may collect data relating to the queries about the emails we send you for statistical and market research purposes. Some of this information may be collected through cookies installed on your device during your navigation on our Site. For more information on cookies, please refer to point XI of this policy (this point is subject to your consent).

V. What are the legal bases that govern the processing of your data?

lasenor.com treats your personal data in line with the following legislative measures:

Execution of the contract (article 6.1.b GDPR): the processing of your data is necessary for the execution of the contract entered into between you and lasenor.com when you create an account on the Site, when you place an order, in order to ensure the payment, delivery and follow-up of your orders and to manage your dealings betwee our Customer Relations and users;

Legitimate interest (Article 6.1.f GDPR): lasenor.com may well have a legitimate interest in processing your data. For example, this is the case for lasenor.com during product returns, the recovery of unpaid orders or when it analyzes user navigation to improve offers and services, to carry out statistical studies on the products and/or services it markets and to protect digital supports (websites, applications, etc.);

Consent (article 6.1.a GDPR): lasenor.com carries out processing after obtaining your express consent, which you can withdraw at any time.

Fulfillment of legal obligations (article 6.1.c GDPR): lasenor.com may carry out processing in the framework of the fulfillment of its legal obligations. This is the case of possible procedures of withdrawal or collection of products or even of the accounting treatment of your orders.

VI. Who are the recipients of your personal data?

The employees of lasenor.com process your personal data. We make sure that only authorized personnel of lasenor.com can access your personal data when it is necessary for the management of our commercial relationship or our legal obligations.

We may also have to communicate your personal data to:

• Our subsidiaries, acting as subcontractors for the management and shipment of your orders. They may also receive your personal data for the management of marketing campaigns;
• Subcontractors such as:

– Our hosting and site maintenance providers and dematerialized solutions for personal data collection;
– Our payment service providers;
– Our fraud prevention and anti-fraud providers;
– Our logistics providers;
– Our transportation providers;
– Our marketing solution providers;
– Our providers of market research management and communication through social networks;
– Our customer service providers;

lasenor.com may also be obliged to communicate your data to third parties in order to comply with legal, regulatory, conventional obligations or to respond to requests from legally authorized authorities.

VII. Transfer of data abroad
Some recipients of your personal data may be located outside the European Economic Area.

Any transfer of your data outside the European Economic Area is carried out by adopting appropriate safeguards (i.e. Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), Codes of Conduct or Certification Mechanisms), including contractual, technical and organizational measures, in accordance with applicable personal data protection regulations.

VIII. How long do we keep your data?
lasenor.com has defined the terms of conservation of your personal data in accordance with its legal obligations.

The data of your bank card will be kept for a maximum period of 15 months after the payment of your order. In case you have chosen to store your credit card details on our Site, the data of your bank card will be stored for a maximum period of 15 months after the payment of your order.

IX. What are your rights and how can you exercise them?
In accordance with the regulations in force, in particular the GDPR, you have the right to access and rectify your personal data, as well as the right to request their deletion, to oppose their processing and to obtain the limitation of processing for legitimate reasons or portability insofar as applicable and not to be subject to automated decisions.

These rights can be exercised directly to lasenor.com indicating the right to be exercised and attaching a document proving your identity (DNI/NIE or analogous document such as a passport):

• By email at the following address: lasenor@lasenor.com
• By post at the following address: Carretera C-55, km. 5,3 08640 Olesa de Montserrat P.O. BOX 76 Barcelona.

You will receive a reply within one (1) month from the date of receipt of your request.

X. Contact details of the data protection officer (DPO) and right to file a complaint.

For any questions relating to the collection and processing of your data by lasenor.com on the Site, you can contact our data protection officer by email at the following address: lasenor@lasenor.com

As well as with the Spanish Data Protection Agency (AEPD):
C/Jorge Juan, 6
28001 Madrid
Tel. +34 91 266 3517
Fax +34 91 455 5699
Website: https://www.aepd.es/

In addition, you can find the contact details of other European bodies you can contact on the following website of the European Data Protection Board (ECDC): https://edpb.europa.eu/about-edpb/board/members_es