In compliance with current legislation, Bahía Índigo (hereinafter also the Website) undertakes to adopt the necessary technical and organizational measures, according to the appropriate level of security for the risk of the collected data.
This privacy policy is adapted to current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following regulations:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (LOPD-GDD).
Royal Decree 1720/2007, of 21 December, which approves the Regulation for the development of Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).
Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).
The data controller of the personal data collected on Bahía Índigo is: Sara Toro Aguilar Toro, with Tax ID: Y7463694R (hereinafter, Data Controller).
Their contact details are as follows:
Address:
Contact phone: 662681005
Contact email: esbahiaindigo@gmail.com
In compliance with the GDPR and the LOPD-GDD, we inform you that the personal data collected by Bahía Índigo through the forms provided on its pages will be incorporated into and processed in our file in order to facilitate, expedite, and fulfill the commitments established between Bahía Índigo and the User, or maintain the relationship established in the forms that the User completes, or to address a request or inquiry from the User.
Additionally, in accordance with the GDPR and the LOPD-GDD, unless the exception set forth in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying, according to their purposes, the processing activities carried out and other circumstances established in the GDPR.
The processing of the User’s personal data shall be subject to the following principles as set out in Article 5 of the GDPR and Articles 4 and following of Organic Law 3/2018:
Lawfulness, fairness, and transparency: The User’s consent will always be required following fully transparent information regarding the purposes of data collection.
Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes.
Data minimization: The collected data will be strictly necessary in relation to the purposes for which they are processed.
Accuracy: Personal data must be accurate and kept up to date.
Storage limitation: Data will only be stored in a form that permits the identification of the User for as long as necessary.
Integrity and confidentiality: Data will be processed securely and confidentially.
Accountability: The controller will be responsible for compliance with all the above principles.
The categories of data processed at Bahía Índigo are solely identifying data. Under no circumstances are special categories of personal data processed, as defined in Article 9 of the GDPR.
The legal basis for the processing of personal data is consent. Bahía Índigo undertakes to obtain express and verifiable consent from the User for the processing of their personal data for one or more specific purposes.
The User has the right to withdraw their consent at any time. Withdrawal of consent shall be as easy as giving it. As a general rule, withdrawal of consent will not affect the use of the Website.
When the User is required to provide their data via forms to make inquiries, request information, or for reasons related to the content of the Website, they will be informed if the completion of any of them is mandatory because they are essential for the proper development of the operation carried out.
Personal data is collected and managed by Bahía Índigo in order to facilitate, expedite, and fulfill the commitments established between the Website and the User, or maintain the relationship established in the forms completed by the User, or to respond to a request or inquiry.
The data may also be used for commercial purposes related to customization, operations, statistics, and activities inherent to Bahía Índigo’s corporate purpose, as well as for the extraction, storage of data, and marketing studies to adapt the Content offered to the User, and to improve the quality, operation, and navigation of the Website.
At the time the personal data is obtained, the User will be informed about the specific purpose(s) of the processing — that is, the intended use(s) of the collected information.
Personal data will be retained only as long as strictly necessary for the processing purposes or until the User requests deletion.
At the time of data collection, the User will be informed of the specific retention period or the criteria used to determine it.
User data will not be shared with third parties.
At the time of data collection, the User will be informed about the recipients or categories of recipients of the data, if any.
In accordance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only individuals over the age of 14 may lawfully give their consent to the processing of personal data by [Company/Individual Name]. If the User is under 14 years of age, the consent of parents or guardians is required.
[Company/Individual Name] undertakes to implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, and to protect against destruction, loss, alteration, unauthorized access, or disclosure.
The Website uses an SSL (Secure Socket Layer) certificate to ensure that data is transmitted securely and confidentially, encrypted between the server and the User.
However, [Company/Individual Name] cannot guarantee complete invulnerability of the internet or the absence of hackers. In case of a data breach likely to result in a high risk to personal rights and freedoms, the Data Controller undertakes to notify the User without undue delay.
All data will be treated confidentially by the Data Controller and shared only with employees, partners, or agents bound by confidentiality obligations.
The User has the following rights under the GDPR and Organic Law 3/2018:
Right of access: To know whether Bahía Índigo is processing personal data and access those data.
Right to rectification: To request correction of inaccurate or incomplete data.
Right to erasure (right to be forgotten): To request the deletion of personal data when they are no longer needed, consent is withdrawn, or data has been unlawfully processed, among other conditions.
Right to restriction of processing: To request that data processing be limited under certain circumstances.
Right to data portability: If processing is carried out by automated means, the User may receive their data in a structured, commonly used format and transmit it to another controller.
