Privacy Policy

Privacy and Data Protection Policy

In accordance with current legislation, Marta Navarro Piris (the „Data Controller“), owner of the website www.martanpiris.com (the „Website“), is responsible for processing the personal data of the user (the „User“) and undertakes to adopt the necessary technical and organisational measures to ensure a level of security appropriate to the risks associated with the data collected.

1.1. Laws incorporated in this Privacy Policy

This Privacy Policy complies with current Spanish and European legislation on the protection of personal data on the Internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
  • Regulation for the Implementation of Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).
  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

1.2. Identity of the Data Controller

The person responsible for processing the personal data of users collected on www.martanpiris.com is Marta Navarro Piris, whose VAT number is ES47779034F and whose contact details are as follows:

  • Address: C/ Bruc, 33, 08901, Hospitalet de Llobregat, Spain
  • Phone number: (+34)679844938
  • Email: translations@martanpiris.com

1.3. Registration of personal data

Pursuant to the provisions of the GDPR and the LOPD, the personal data collected by the Data Processor will be incorporated into their files and processed for the purpose of facilitating, accelerating and fulfilling the obligations established between the Data Processor and the User, or to maintain the relationship established through the forms filled out by the User, or to respond to a request or inquiry from the User. Likewise, in accordance with the provisions of the GDPR and the LOPD-GDD, unless the exception provided for in Article 30.5 of the GDPR applies, a register of processing operations will be kept which, according to their purposes, will specify the processing operations carried out and the other circumstances established in the GDPR.

Personal data for processing may be obtained by the data controller through various channels:

  • Voluntarily provided by the data subject, either through a web form, email or telephone, to request any type of information or formalisation and/or to purchase services.
  • From publicly accessible sources and/or public registers, if the Data Controller has a legitimate interest.

1.4. Principles governing the processing of personal data

The processing of the User’s personal data is subject to the following principles, established in Article 5 of the GDPR and in Articles 4 and following of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights:

  • Principle of lawfulness, fairness and transparency: The consent of the User is always required, after full and transparent information on the purposes for which the personal data are collected.
  • Principle of purpose limitation: Personal data must be collected for specified, explicit and legitimate purposes.
  • Principle of data minimisation: Only personal data that is strictly necessary for the purposes for which it is processed will be collected.
  • Principle of accuracy: Personal data must be accurate and kept up to date.
  • Principle of limited storage: Personal data shall be kept in a form that allows the identification of the user for no longer than is necessary for the purposes for which it is processed.
  • Principle of integrity and confidentiality: Personal data shall be processed in a manner that ensures its security and confidentiality.
  • Principle of proactive responsibility: The controller is responsible for ensuring that the above principles are complied with.

1.5. Categories of personal data

The categories of data processed by the Data Controller are exclusively identification data. Special categories of personal data within the meaning of Article 9 of the GDPR will not be processed under any circumstances.

1.6. Legal basis for processing personal data

Personal data is processed with the consent of the User. The Data Controller undertakes to obtain the express and verifiable consent of the User to the processing of their personal data for one or more specific purposes.

The User has the right to withdraw consent at any time. Withdrawing consent shall be as easy as giving it. As a general rule, withdrawal of consent shall not be conditional on the use of the Website.

In cases where the User is required or authorised to provide their data through forms in order to make enquiries, request information or for reasons related to the content of the Website, the User will be informed when the provision of such data is compulsory because it is essential for the correct operation development.

1.7. Purposes for which the personal data is used

The personal data will be collected and managed by Marta Navarro Piris in order to facilitate, expedite and fulfil the obligations established between the responsible party and the User, or to maintain the relationship established in the forms filled in by the latter, or to respond to a request or enquiry.

The data may also be used for commercial, personalisation, operational and statistical purposes, as well as for activities related to the business objectives of Marta Navarro Piris, as well as for the extraction and storage of data and marketing studies in order to adapt the content offered to the user and improve the quality, operation and navigation of the Website.

The User will be informed of the specific purpose(s) for which the personal data will be processed, i.e. the use(s) to which the information collected will be put, at the time the personal data is collected.

1.8. Retention periods for personal data

Personal data shall be kept only for the minimum time necessary for the purposes of their processing and, in any case, for as long as there is a mutual interest in maintaining the purpose of the processing. When they are no longer needed for that purpose, they will be deleted with appropriate security measures to ensure their destruction.

At the time of collection of the personal data, the user will be informed of the period of time for which the personal data will be kept or, if this is not possible, of the criteria used to determine this period of time.

1.9. Recipients of personal data

The personal data of the User will not be disclosed to third parties, except for the following cases:

  • Complying with the requirements of any applicable law or other regulatory, legal or judicial proceeding.
  • Identifying, preventing or resolving possible fraud, security or technological issues.
  • Communicating the data for the competent administrative or public authorities in the cases and for the purposes provided for by law.
  • Third-party service providers. Functions they may perform include fulfilling orders for products and services, sending postal mail and email, and providing data analysis, marketing or tax services. These third-party service providers have access to the personal information they need to perform their functions, but may not use it for any other purpose. They are also required to process personal information in accordance with this Privacy Notice and any applicable data protection legislation.

Except as described above, users will be notified when their information is shared with third parties so that they have the opportunity to opt out of having their information shared.

1.10. Personal data of children

In accordance with the provisions of Article 8 of the GDPR and Article 7 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights, only persons over the age of 14 may give their consent to the lawful processing of their personal data by Marta Navarro Piris. In the case of children under the age of 14, their data must be processed with the consent of their parents or legal guardians. Such processing will only be considered lawful if authorised by them.

1.11. Confidentiality and security of personal data

The Data Controller undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, so as to ensure the security of personal data and to prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised communication of or access to such data.

The Website has a Secure Socket Layer (SSL) certificate which ensures that personal information is transmitted securely and confidentially.

However, the Data Controller undertakes to inform the User immediately in the event of a breach of the security of personal data that is likely to cause a high risk to the rights and freedoms of natural persons, since the Website cannot guarantee the impregnability of the Internet or the total absence of hackers or others who may fraudulently access personal data. In accordance with Article 4 of the GDPR, a breach of security of personal data means any breach of security resulting in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or the unauthorised disclosure of or access to such data.

Personal data will be treated confidentially by the Data Controller. The Data Controller undertakes to inform its employees, partners and any other person to whom it makes the information available and to ensure, by means of a legal or contractual obligation, that this confidentiality is respected.

1.12. Rights relating to the processing of personal data

The User may exercise the following rights against the Data Controller, recognised in the GDPR and in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights:

  • Right of access: The User has the right to know whether or not personal data concerning them is being processed by Marta Navarro Piris and, in the latter case, to be informed of the origin of such data and of the recipients of the data, whether or not it is being processed.
  • Right to rectify: The user has the right to obtain the rectification of their personal data if it is found to be inaccurate or incomplete in relation to the purposes of the processing.
  • Right to erasure („right to be forgotten“): The right of the data subject, unless otherwise provided by law, to have their personal data deleted when it is no longer necessary for the purposes for which it was collected or processed; the data subject has withdrawn their consent to the processing and the processing has no other legitimate basis; the User objects to the processing and there is no other legitimate reason for the processing to continue; the personal data have been processed unlawfully; the personal data must be erased in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a child under the age of 14. In addition to erasure, the Data Controller shall take reasonable steps to inform the processors of the data subject’s request for erasure of any link to those personal data, taking into account available technology and the cost of implementation.
  • Right to restrict processing: The right of the User to restrict the processing of their personal data. The User has the right to obtain this if they dispute the accuracy of their personal data, if the processing is unlawful, if the Data Controller no longer needs the personal data but the User needs it to make a claim, and if the User has objected to the processing.
  • Right to data portability: Where processing is carried out by automated means, the User shall have the right to obtain from the Data Controller their personal data in a structured, commonly used and machine-readable format and to have it transferred to another controller. Where technically possible, the Data Controller shall transmit the data directly to that other controller.
  • Right to object: The User has the right to oppose the processing of their personal data or to ask Marta Navarro Piris to stop the processing of such data.
  • Right not to be subjected to a decision based solely on automated processing, including profiling: The user has the right not to be subjected to an individualised decision based solely on automated processing of their personal data, including profiling, unless otherwise provided for by law.

Accordingly, the User may exercise their rights by means of a written communication addressed to the Data Controller with the reference „GDPR www.martanpiris.com“, indicating:

  • Name and surname of the User and copy of their identity card. The same procedure will be used to identify the person representing the User and to identify the document authorising the representation. The copy of the identity card may be replaced by any other legally valid means of identification.
  • The request, stating the specific reasons or the information to be accessed.
  • Address for notifications.
  • Date and signature of the requester.
  • Any document in support of the request.

This request and any supporting documents may be sent to the following address or email address:

Address: C/ Bruc, 33, 08901, Hospitalet de Llobregat (Barcelona)

Email: translations@martanpiris.com

1.13. Links to third-party websites

The Website may contain hyperlinks or links that allow access to websites owned by third parties other than Marta Navarro Piris, and which are therefore not managed by Marta Navarro Piris. The owners of these websites have their own privacy policies and are responsible for their own files and privacy practices.

1.14. Complaints to the Data Protection Agency

In the event that the User considers that there is a problem or a breach of the regulations in force with regard to the processing of their personal data, they shall have the right to effective judicial protection and to lodge a complaint with a supervisory authority, particularly in the country in which they have their habitual residence, place of work or place of the alleged breach. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/).

2. Acceptance and modification of this policy

In order for the Data Controller to proceed in the manner, for the periods and for the purposes indicated, it is necessary for the User to have read and accepted the conditions of protection of personal data contained in this Privacy Policy and to consent to the processing of his/her personal data. Use of the Website implies acceptance of this Privacy Policy.

Marta Navarro Piris reserves the right to modify its Privacy Policy according to its own criteria or due to a legislative, jurisprudential or doctrinal change of the Spanish Data Protection Authority. The User will not be expressly notified of any changes or updates to this Privacy Policy. In order to be aware of any changes or updates, the User is advised to consult this page regularly.

This Privacy Policy has been updated to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights.