en_GB
en_GB es_ES ca fr_FR
  • 0

    • Privacy policy

    ÒPTICA GRÀCIA is committed to protecting the privacy of users accessing this website and/or any of its services.

    The use of the website and/or of any of the services offered by ÒPTICA GRÀCIA implies acceptance by the user of the provisions contained in this Privacy Policy and that his or her personal data will be treated as stipulated in this Privacy Policy.

    Please note that although there may be links from our website to other websites or social networks, this Privacy Policy does not apply to the websites of other companies or organisations to which the website is redirected. ÒPTICA GRÀCIA does not control the content of third party websites, nor does it accept any responsibility for the content or privacy policies of these websites.

    Information on data processing (Regulation (EU) 2016/679 and LO 3/2018)

    Data controllerMÒNICA GRÀCIA TERRAFETA
    VAT NO: 40521883T
    Av. Cavall Bernat,1, 17250 Platja d'Aro
    Email:     info@opticagracia.es
    Purpose of processingTo offer and manage our optical and optometric services.
    LegitimationConsent obtained from the data subject when requesting information from us.
    Execution of the service contract when you contract with us.
    AddresseesThe data will not be communicated to third parties, unless required by law or necessary to fulfil the purpose of the processing.
    Human rightsData subjects are entitled to exercise their rights of access, rectification, limitation of processing, erasure, portability and objection by sending their request to our address.
    Data retention periodFor as long as the business relationship continues or for as many years as necessary to comply with legal obligations.
    ComplaintInterested parties may contact the AEPD to file any complaint they deem appropriate.
    Additional informationAdditional detailed information can be found below in the "Privacy Questions".

    Questions about privacy

    In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we provide you with the following information on the processing of your personal data:

    Who is responsible for the processing of your data?

    Identity: MÒNICA GRÀCIA TERRAFETA
    NIF: 40521883T
    Address: Av. Cavall Bernat,1, 17250 Platja d'Aro
    Tel: 972817035
    Email: info@opticagracia.es

    For what purposes do we process your personal data?

    • We process the information provided to us in order to manage our services.
    • If you contact us via the contact form on our website, we will process your enquiry in order to deal with it.
    • We may also use your data to inform you about our activities, products or services where you are already our customer or, alternatively, where you have given us your consent to do so.
    • When you enter our premises, your image may be recorded by video surveillance cameras for security control purposes.
    • If you send us a CV, we will process the data for the purpose of managing the CV database for recruitment purposes.

    How long will we keep your data?

    • The personal data provided will be kept for as long as you are a user of our services or wish to receive information, given that you can object to the processing of your data for promotional purposes, when you provide them to us or at any time thereafter, by sending an e-mail to info@opticagracia.es, and thereafter, for the periods established to comply with our legal obligations, which in the case of accounting and tax documentation for commercial purposes will be 6 years, in accordance with art. 30 of the Commercial Code, and for tax purposes will be 4 years, in accordance with articles 66 to 70 of the General Tax Law.
    • The images captured by the video surveillance system shall be kept for one month.
    • In the case of CVs, the data will be kept for one year.

    What is the legitimacy for the processing of your data?

    For the management of the contractual relationship with the data subject, the data will be processed on the basis of the performance of the contract or within the framework of the pre-contractual relationship.

    For the sending of commercial information we will base the treatment on your consent, although if you are already our customer, we may send you information about our products and services, always providing a simple and free means to unsubscribe, in accordance with the provisions of article 21.2 of Law 34/2002, of 11 July, on services of the information society and electronic commerce.

    With regard to information sent by minors under 16 years of age, it will be an essential requirement that the information be sent with the consent of the minor's parent, guardian or legal representative in order for the personal data to be processed. If this is not the case, the legal representative of the minor will inform us as soon as he/she becomes aware of it.

    Regarding the capture of images by the video surveillance system, the legitimation is given by the legitimate interest of preserving the security of persons and property.

    To which recipients will your data be communicated?

    The data will not be communicated to third parties, unless required by law or necessary to fulfil the purpose of the processing.

    What are your rights when you provide us with your data?

    • Any person has the right to obtain confirmation as to whether or not we are processing their personal data.
    • Interested parties have the right to access to their personal data, as well as to request the rectification of the inaccurate data or, where appropriate, to request that it be deleted. deletion when, among other reasons, the data are no longer required for the purposes for which they were collected.
    • In certain circumstances, interested parties may request the limitation of processing We will only keep your data in this case for the purpose of exercising or defending claims.
    • Also, in certain circumstances and for reasons related to their particular situation, the persons concerned may be able to object to treatment of your data. In this case, we will stop processing the data, except for compelling legitimate reasons or for the exercise or defence of possible claims.
    • Interested parties also have the right to portability of their data.
    • Any data subject has the right to not be the subject of a decision based on automated processing aloneincluding profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way.
    • Finally, data subjects have the right to lodge a complaint with the competent supervisory authority.

    How can you exercise your rights?

    By sending a letter with a copy of a document that identifies you to our physical or e-mail address.

    How did we obtain your data?

    The personal data that we process comes from the data subject. The interested party guarantees that the personal data provided are true and is responsible for communicating any changes to them. The data marked with an asterisk are obligatory in order to be able to provide the requested service.

    What data do we process?

    The categories of data that we may process in the provision of our services are:

    • Data of an identifying nature.
    • Postal or e-mail addresses.

    In the case of the video surveillance system:

    • Image.

    In the case of curricula, too:

    • Personal characteristics.
    • Academics and professionals

    The data is limited, as we only process the data necessary for the provision of our services and the management of our business.

    Do we use cookies?

    We use cookies while browsing our website with the user's consent.

    You can configure your browser to be notified of the use of cookies and to prevent their use. Please visit our cookies policy.

    What security measures do we apply?

    We apply the security measures established in article 32 of the GDPR, therefore, we have adopted the necessary security measures to ensure a level of security appropriate to the risk of the data processing we carry out, with mechanisms that allow us to guarantee the confidentiality, integrity, availability and permanent resilience of the processing systems and services.

    Some of these measures include:

    • Information on data processing policies to staff.
    • Carrying out regular backups.
    • Data access control.
    • Regular verification, evaluation and assessment processes.