Skip to content
tienda@ferreteriamallorca.es 971 702 353

Privacy Policy

1. User Information

¿Who is responsible for the processing of your personal data?

Guillermo Sánchez Fábrega is responsible for the processing of the user’s personal data and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of April 27 (GDPR), and Organic Law 3/2018 of December 5 (LOPDGDD).

What type of data do we request and process?

Depending on the form or method of obtaining your data, we always request the minimum necessary to fulfill the detailed purposes in each case.

Why do we process your personal data and for what purpose?

Depending on the form where we have obtained your personal data, we will treat them confidentially to achieve the following purposes:

In the Contact form

  • Respond to inquiries or any type of request made by the user through any of the contact forms available on the website of the controller. (for the legitimate interest of the controller, art. 6.1.f GDPR)
  • Send advertising and commercial communications via email, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, that enables commercial communications. These communications will be made by the controller and will be related to its products and services or those of its collaborators or suppliers with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data. (by the consent of the interested party, 6.1.a GDPR)
  • Conduct statistical analysis and market studies. (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Newsletter form

Send informative newsletters, updates, online offers, and promotions. (by the consent of the interested party, 6.1.a GDPR)

In the Request a Quote form

  • Send commercial quotes for products and services. (for the execution of a contract or pre-contract, 6.1.b GDPR)
  • Send advertising and commercial communications via email, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, that enables commercial communications. These communications will be made by the controller and will be related to its products and services or those of its collaborators or suppliers with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data. (by the consent of the interested party, 6.1.a GDPR)

In the Curriculum form

Involve the interested party in personnel selection processes and analyze the applicant’s profile with the aim of selecting a candidate for the vacant position of the controller. (by the consent of the interested party, 6.1.a GDPR)

In the Comments form

Moderate and publish opinions about a publication on the website. (by the consent of the interested party, 6.1.a GDPR)

In the Ethical Channel or Whistleblowing form

Properly manage the ethical channel, processing the corresponding irregularities reported through it, and deciding on the appropriateness of initiating an investigation to detect possible crimes and prevent the imposition of any type of liability, as well as to prevent any conduct contrary to internal or external regulations of the entity. (for compliance with a legal obligation, 6.1.c GDPR)

In the User Registration form

Manage the user’s account to provide personalized access to the website and the interactive services it offers. (by the consent of the interested party, 6.1.a GDPR)

In the E-commerce form

  • Manage your online purchase or order, process payment, and proceed with shipping or activation based on the general contracting conditions. (for the execution of a contract or pre-contract, 6.1.b GDPR)
  • Manage, maintain, improve, or develop the services provided. (for the execution of a contract or pre-contract, 6.1.b GDPR)
  • Conduct satisfaction and quality surveys.
    (for the legitimate interest of the controller, art. 6.1.f GDPR)

In the Reservations form

  • Formalize reservations at the controller’s establishment.
    (for the execution of a contract or pre-contract, 6.1.b GDPR)
  • Send advertising and commercial communications via email, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, to customers, enabling commercial communications related to products or services similar to those that are initially contracted with the customer (art. 21.2 LSSI). (by the legitimate interest of the controller, art. 6.1.f GDPR)

Social Networks

  • Contact through Social Networks in order to maintain a relationship between the User and the Controller, which may include the following operations: – Process their requests and inquiries. – Inform about activities and events. – Inform about products and/or services. – Interact through official profiles. The user has a profile on the same social network and has decided to join the Controller’s social network, thus showing interest in the information published on it. Therefore, when requesting to follow our official page, the user provides consent for the processing of their data. The User can access the privacy policies of the social network at any time and configure their profile to ensure their privacy. Once the User becomes a follower or joins the Controller’s social network, they can publish comments, links, images, photographs, or any other type of content supported by it. The User, in all cases, must be the owner of the published content, have copyright and intellectual property rights, or have the consent of the affected third parties. – Sending commercial communications related to the activities of the companies in the Group, as well as external companies with which commercial collaboration or intermediation agreements have been established. (by the consent of the interested party, 6.1.a GDPR)

Instant Messaging

● Schedule appointments and meetings with the controller. (by the legitimate interest of the controller, art. 6.1.f GDPR)

● Send advertising and commercial communications via email, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, to customers, enabling
commercial communications related to products or services that are similar to those that were initially contracted with the customer (art. 21.2 LSSI). (by the legitimate interest of the controller, art. 6.1.f GDPR)

● Manage, maintain, improve, or develop the services provided. (for the execution of a contract or pre-contract, 6.1.b GDPR)

● Manage your online purchase or order, process payment, and proceed with shipping or

● Activation, based on the general conditions of contracting. (for the execution of a contract or pre-contract, 6.1.b GDPR)

● Send commercial quotes for products and services. (for the execution of a contract or pre- contract, 6.1.b GDPR)

● Send advertising and commercial communications via email, fax, SMS, MMS, social networks, or any other electronic or physical means, present or future, enabling commercial communications. These communications will be carried out by the controller and will be related to its products and services or its collaborators or providers, with whom it has reached some promotional agreement. In this case, third parties will never have access to personal data. (by the consent of the interested party, 6.1.a
GDPR)

● Respond to inquiries or any type of request made by the user through any of the contact forms made available on the controller’s website.
(by the legitimate interest of the controller, art. 6.1.f GDPR)

CCTV Surveillance

Purpose Security and access control, labor and internal activity control Legitimation Public interest in security and access control and Legitimate interest of the Controller based on Article 20.3 of the Workers’ Statute Conservation Up to a maximum of 30 days (by the consent of the interested party, 6.1.a GDPR)

Images and Recordings

● File with static and/or dynamic images. Includes publication in the media of the data controller or third parties. (by the consent of the interested party, 6.1.a GDPR) Customers and Providers Commercial management with customers and providers (by the legitimate interest of the controller, art. 6.1.f GDPR)

Customers and Providers

Commercial management with customers and providers (by the legitimate interest of the controller, art. 6.1.f GDPR)

Advertising Exclusion

Data management to prevent the sending of commercial communications to those who have expressed their refusal or opposition to receiving them. (for the fulfillment of a legal obligation, 6.1.c GDPR)

Commercial Advertising

Advertising and commercial prospecting management. Includes data from legitimate sources of public access. (by the legitimate interest of the controller, art. 6.1.f GDPR)

Rights of the Interested Parties

Attend to citizens’ requests in the exercise of the rights established by the GDPR (for the fulfillment of a legal obligation, 6.1.c GDPR) Web, App, and

Other Platforms Users

Identification data of users accessing the corporate
website. (by the legitimate interest of the controller, art. 6.1.f GDPR)

Training, Courses, Workshops, Activities, or Similar

Management of access and use conditions. (by the legitimate interest of the controller, art. 6.1.f
GDPR)

Wi-Fi Connection

  • Conduct statistical analyses and market studies. (by the legitimate interest of the controller, art. 6.1.f GDPR)
  • Conduct satisfaction and quality surveys. (by the legitimate interest of the controller,
    art. 6.1.f GDPR) (by the consent of the interested party, 6.1.a GDPR)

Legal Representatives and Contact Persons

In the event that you are a legal representative or contact person for any of the entities or individuals with whom the Foundation relates, the controller will process your data to monitor the development of the intended relationship. (by the consent of the interested party, 6.1.a GDPR)

How long will we keep your personal data?

They will be kept for no longer than necessary to maintain the purpose of the processing or as long as legal prescriptions dictate their custody, and when no longer necessary for this purpose, they will be deleted with adequate security measures to ensure the anonymization of the data or their complete destruction.

To whom do we provide your personal data?

No communication of personal data to third parties is foreseen unless it is necessary for the development and execution of the processing purposes, to our service providers related to communications, with whom the controller has signed the confidentiality and data processing agreements required by current privacy regulations.

Do we perform international transfers?

In accordance with Article 44 of the GDPR, authorization for the international transfer of data to a country that has not been declared as a country with an adequate level of protection can only be
granted if sufficient guarantees are obtained. Thus, it may be granted if the data controller provides a written contract, entered into between 10. exporter and importer of data, including the necessary guarantees to respect the protection of the interested parties and ensure the exercise of their rights.

It is possible that the data controller has services from providers with servers or locations in other places, and therefore, these transfers may occur. To consult the updated list of providers, please contact the controller or through ferreteriamarivent@gmail.com.

What are your rights?

The rights that the user has are:

  • Right to withdraw consent at any time.
  • Right of access, rectification, portability, and deletion of their data, and the right to limit or oppose its processing.
  • Right to file a complaint with the supervisory authority (www.aepd.es) if they believe that the processing does not comply with current regulations.

Contact information to exercise your rights:

Guillermo Sánchez Fábrega. Av. Joan Miró, 248, Local 1 – 07015 Palma (Illes Balears).

Email: ferreteriamarivent@gmail.com.

2. Mandatory or optional nature of the information provided by the user

Users, by checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, expressly and freely accept that their data is necessary to address their request by the provider, with the inclusion of data in the remaining fields being voluntary. The user guarantees that the personal data provided to the controller are truthful and assumes responsibility for communicating any changes to them.

The controller informs that all data requested through the website are mandatory, as they are necessary for the provision of an optimal service to the user. In case not all data is provided, it is not guaranteed that the information and services provided will be fully tailored to their needs.

If, by any means, you provide us with personal data of other people, the controller warns that you must do so with their consent and having informed them, in advance, of the details contained in this Privacy Policy.

Likewise, the controller undertakes to provide any third party whose data you have provided with the necessary information to ensure the exercise of their rights. to provide us with the information that may be relevant, in accordance with the provisions of Article 14 of the General Regulation.

3. Security Measures

That in accordance with the current regulations on the protection of personal data, the data controller is complying with all provisions of the GDPR and LOPDGDD regulations for the processing of personal data under their responsibility. It is manifestly in line with the principles described in Article 5 of the GDPR, whereby the data is processed lawfully, fairly, and transparently in relation to the data subject, and is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

The data controller guarantees that appropriate technical and organizational policies have been implemented to apply the security measures established by the GDPR and the LOPDGDD to protect the rights and freedoms of users. They have provided users with the necessary information to exercise these rights. For more information on privacy guarantees, you can contact the data controller through Guillermo Sánchez Fábrega. Av. Joan Miró, 248, Local 1 – 07015 Palma (Illes Balears). Email: ferreteriamarivent@gmail.com.

4. Validity

This privacy policy is valid from 08/11/2023. The data controller reserves the right to modify this policy to adapt it to future legislative or jurisprudential updates, or for other technical, operational, commercial, corporate reasons, etc. If, as a result of the changes, the rights