Additional Information Data Protection

Additional Information Data Protection

 Para vèr este pagina en Español, clique aqui

1. Who is the person in charge of processing your data?

Remote Sites Opportunities Suppliers S.L. (hereinafter referred to as the Company). C/ Trinidad Grund 21 5º Of. 71, 29001, Málaga.

 Contact Data Protection Delegate: admin@escondite-takeaway.com

 

2. Why, and with what legitimacy, do we process your personal data?

Your data will be processed by the Company for:

a) Attention and management of the orders of The Hideaway.

The personal data collected by the Company will be processed, both automatically and, where appropriate, conventionally, to contact the user in order to attend and manage properly the orders made to "esconddite-takeaway.com". Likewise, the Company may process your data for future orders with the sole purpose of improving and, in turn, expediting the service. The treatment is legitimated in the execution of a contract.

At the time of data collection, the voluntary or mandatory nature of the data being collected will be indicated by means of asterisks. The refusal to provide data classified as obligatory will mean that the service for which they were requested will not be provided or will not be accessible.

Customers who place an order will receive an e-mail at the address indicated for the purpose of confirming the order with the order data, and therefore authorises the Company to send the aforementioned communication for these purposes in order to comply with the regulations.

 

b) Attention to complaints, claims or suggestions sent to esconddite-takeaway.com.

In order to be able to properly deal with any complaints, claims or suggestions you may send to ¨escondite-takeaway.com, the Company will use your data to reply, correct or add them based on the relationship derived from the product requested.

c) Compliance with general product safety regulations.

The Company must comply with certain legal obligations of control and supervision, imposed by the regulations on general product safety. Therefore, the Company may process your data for the sole purpose of complying with the regulations.

d) Sending satisfaction surveys.

The Company, based on a legitimate interest of the Company, may send you satisfaction surveys, in order to know the experience received as a customer and to be able to incorporate to our products and services the corresponding improvements based on the analysis of the same. In any case, in order not to prejudice your rights in data protection, you may oppose such processing through the channels provided for that purpose.

e) Carrying out profiling or segmentation activities for sending commercial communications.

For the personalization of the products that may interest you, the Company, based on the legitimate interest, may consult internal sources and an automated procedure may be followed in relation to common patterns. In addition, the Company will consult its historical behaviour in the orders it may have placed in the past. In any case, you may always oppose such processing through the channels provided for that purpose.

 

f) Commercial actions by the Company, of products, promotions and services in the catering sector.

The Company will send you, unless you inform us otherwise, commercial communications regarding its products, promotions or services similar to those of the catering sector (by post, mailing, fax, SMS, e-mail and any other telematic means), based on legitimate interest and in accordance with Article 21.2 of Law 34/2002, of 11 July, on information society services and electronic commerce, unless you indicate otherwise, by opposing them through the channels enabled for this purpose.

g) Tokenization of the card.

The Company manages its payments through a gateway that guarantees that transactions are carried out in a secure environment based on the PCI DSS (Payment Card Industry Data Security Standard) certified in version 3.0 level 1. Redsys, S.L. is the Company's payment processor, which guarantees that its users' transactions are carried out in a secure environment based on these regulations.

Compliance with the PCI-DSS regulations is required by international card brands (Visa, MasterCard, etc.) in order to regulate the security standards for information and identity of payment cards, as well as the mechanisms for handling, storing and managing credit and debit card data by financial institutions, merchants and integration companies providing payment services.

For the User who requests and authorizes a card "tokenization" process, the Company informs that all transactions made with the card through the Website, guarantee the encryption of data from its point of origin to the destination point. The Company does not keep any data of your bank card; it only keeps a token number and a transaction number that relates your user with the payment data. The processing of the data is based on the execution of a contract.

 

3. How long will we keep your data?

The Company will comply with the provisions of current regulations regarding the duty to delete personal information that has ceased to be necessary for the purpose or purposes for which it was collected, blocking it, in order to be able to meet any possible liabilities arising from the processing of data, and only for the duration of such liabilities. Once these periods have elapsed, this information will be definitively eliminated by means of secure methods.

 

4. To which recipients will your data be disclosed?

The Company may communicate your data for processing in the context of the purposes explained above.

On the other hand, in order to carry out all the purposes described above, the Company may rely on the collaboration of third party service providers who may have access to the personal data as a result of the execution of the contracted services.

In any case, the Company follows strict criteria for the selection of such third parties in order to comply with its data protection obligations and signs the corresponding data protection agreement with them, where these third parties are obliged to comply with their data protection obligations, and specifically, to comply with the legal, technical and organisational measures, to process the personal data for the agreed purposes, and the prohibition to process such personal data for other purposes or to transfer it to third parties.

5. How can you object to the processing of your data?

You may object at any time, for reasons related to your particular situation, to

- The processing of your data for direct marketing and profiling purposes.

- The processing of your data for sending and receiving satisfaction surveys.

You may object to the processing of your data by sending an e-mail to admin@escondite-takeaway.com. In this case, the Company will stop processing the data, except for compelling legitimate reasons or the exercise or defence of possible claims.

6. How can you revoke your consent?

The interested party may, from this moment and in any other subsequent moment, withdraw the consent given for the processing by means of an e-mail sent to admin@escondite-takeaway.com. 

7. What are your rights when you provide us with your data?

- You have the right to obtain confirmation as to whether or not the Company is processing personal data concerning you and, if so, to have access to your personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.

- Under certain circumstances, you may request that we limit the processing of your data, in which case we will only keep them for the exercise or defense of claims.

- You may request the portability of your data so that they are sent directly to the entity designated by you in a structured, commonly used, machine-readable format.

- You may exercise all the rights listed above before the Company through the following e-mail address: admin@escondite-takeaway.com

If you wish to make any kind of complaint, you may contact the Data Protection Officer by sending a request to the e-mail address established for this purpose: admin@escondite-takeaway.com. This request must contain the following information: name and surname of the user, address for notification purposes, photocopy of ID card or passport, and the request in which the request is specified. In the case of representation, it must be proved by means of a reliable document. Likewise, in the event that you consider it necessary, you may contact the Spanish Data Protection Agency at C/ Jorge Juan, number 6, 28001 Madrid.

Updated May 2020.