Privacy Policy

I. PRIVACY AND DATA PROTECTION POLICY

In compliance with current legislation, Diana Davila (hereinafter also referred to as the “Website”) undertakes to adopt the necessary technical and organizational measures, in accordance with the appropriate level of security to the risk of the data collected on the website dianadavilafotografia.com.

Laws incorporated in this privacy policy

This privacy policy is adapted to the current Spanish and European regulations on the protection of personal data on the Internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD).
  • Royal Decree 1720/2007, of December 21, approving the Regulations implementing Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the data controller

The controller of the personal data collected on dianadavilafotografia.com is: Diana Davila (hereinafter, the “Data Controller”).

Contact details:

Address: Tuscany, Italy

Email: dianadavilagonzales@gmail.com

Record of personal data

In compliance with the GDPR and the LOPD-GDD, we inform you that the personal data collected by Diana Davila through the forms on the website will be incorporated into our file for the purpose of facilitating, expediting, and fulfilling the commitments established between Diana Davila and the User, or for maintaining the relationship established in the forms completed by the User, or to respond to a request or inquiry.

Likewise, in accordance with the GDPR and LOPD-GDD (except where the exception in Article 30.5 of the GDPR applies), a record of processing activities is maintained, specifying, according to their purpose, the processing activities carried out and the other circumstances established in the GDPR.

Principles applicable to the processing of personal data

The processing of User personal data will be subject to the following principles set forth in Article 5 of the GDPR and Articles 4 and subsequent of Organic Law 3/2018:

  • Lawfulness, fairness, and transparency – User consent will be required at all times, after providing completely transparent information regarding the purposes for which personal data is collected.
  • Purpose limitation – Personal data will be collected for specific, explicit, and legitimate purposes.
  • Data minimization – The personal data collected will be only what is strictly necessary in relation to the purposes for which they are processed.
  • Accuracy – Personal data must be accurate and kept up to date at all times.
  • Storage limitation – Personal data will only be kept in a form that permits identification of the User for as long as necessary for the purposes of processing.
  • Integrity and confidentiality – Personal data will be processed in a way that ensures its security and confidentiality.
  • Accountability – The Data Controller will be responsible for ensuring compliance with the above principles.

Categories of personal data

The categories of data processed by Diana Davila are identification data only. No special categories of personal data are processed within the meaning of Article 9 of the GDPR.

Special categories of personal data include those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic data, biometric data used for the unique identification of a natural person, health data, or data concerning a natural person’s sex life or sexual orientation.

Processing of such special categories will require the explicit consent of the User for one or more specific purposes.

Legal basis for processing personal data

The legal basis for processing personal data is consent. Diana Davila undertakes to obtain the User’s express and verifiable consent for processing their personal data for one or more specific purposes.

The User has the right to withdraw consent at any time. Withdrawal of consent will be as easy as granting it, and as a general rule, it will not affect the use of the Website.

When the User is required or may provide their data through forms to make inquiries, request information, or for matters related to Website content, they will be informed if providing any of these fields is mandatory because such data is essential for the proper completion of the process.

Purposes of processing personal data

Personal data is collected and managed by Diana Davila for the purpose of facilitating, expediting, and fulfilling the commitments established between the Website and the User, or to maintain the relationship established in the forms completed by the User, or to respond to a request or inquiry.

The data may also be used for commercial purposes such as personalization, operational and statistical purposes, and activities related to the business purpose of Diana Davila, as well as for extracting, storing, and marketing studies to adapt the offered content to the User, and to improve quality, operation, and browsing of the Website.

At the time personal data is obtained, the User will be informed of the specific purpose(s) of processing for which the data will be used.

Retention period for personal data

Personal data will be retained only for the minimum time necessary for the purposes of its processing and, in any case, for the following period: 18 months, or until the User requests its deletion.

When personal data is collected, the User will be informed of the retention period or, when that is not possible, the criteria used to determine it.

Recipients of personal data

User personal data will not be shared with third parties, except in the following case:

  1. OVH GROUPE SA – 2 rue Kellermann, 59100 Roubaix, France.

If the Data Controller intends to transfer personal data to a third country or international organization, the User will be informed at the time of collection, along with information about the country or organization and whether there is an adequacy decision by the European Commission.

Personal data of minors

In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only Users over 14 years old may lawfully give their consent to the processing of their personal data by Diana Davila. For minors under 14 years of age, parental or guardian consent will be required, and processing will be lawful only if such consent has been given.

Data security and confidentiality

Diana Davila undertakes to adopt the necessary technical and organizational measures, appropriate to the level of risk, to guarantee the security of personal data and prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.

The Website has an SSL (Secure Socket Layer) certificate to ensure that personal data is transmitted securely and confidentially, with data transmission between the server and the User being fully encrypted.

However, since Diana Davila cannot guarantee the absolute security of the Internet or the total absence of hackers or others who may gain unauthorized access, the Data Controller undertakes to notify the User without undue delay when a personal data security breach occurs that is likely to result in a high risk to the rights and freedoms of natural persons.

Personal data will be treated as confidential by the Data Controller, who undertakes to ensure such confidentiality by legal or contractual obligation for employees, associates, and anyone to whom access to the information is granted.

User rights

The User has the following rights recognized under the GDPR and Organic Law 3/2018:

  • Right of access – To obtain confirmation as to whether Diana Davila is processing the User’s personal data, and if so, to access such data and information about its processing.
  • Right to rectification – To have inaccurate or incomplete personal data corrected.
  • Right to erasure (“right to be forgotten”) – To request the deletion of personal data when it is no longer necessary for the purposes collected, when consent is withdrawn, when the User objects to processing and there are no overriding legitimate grounds, when data has been processed unlawfully, or when required by law.
  • Right to restriction of processing – To request limitation of data processing in certain cases, such as contesting accuracy or when processing is unlawful.
  • Right to data portability – To receive personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller, where technically possible.
  • Right to object – To object to the processing of personal data, including for profiling.
  • Right not to be subject to automated decision-making – To not be subject to a decision based solely on automated processing, including profiling, except where permitted by law.

Requests to exercise these rights must be sent to the Data Controller with the reference “GDPR–dianadavilafotografia.com” and must include:

  • Name, surname(s), and a copy of the User’s ID card (or equivalent). If represented, proof of representation and ID of the representative is required.
  • Specific request and reasons.
  • Address for notifications.
  • Date and signature.
  • Supporting documents, if applicable.

Requests should be sent to:

Postal address: Tuscany, Italy

Email: dianadavilagonzales@gmail.com

Links to third-party websites

The Website may include links to third-party websites not operated by Diana Davila. Each third party is responsible for their own privacy policies and data practices.

Complaints to the supervisory authority

If the User considers there is an issue with how personal data is being processed, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority in the Member State of their habitual residence, place of work, or the place of the alleged infringement. In Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD) – https://www.aepd.es/.

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary for the User to have read and agreed with this Privacy Policy, and to accept the processing of their personal data, for the Data Controller to proceed with such processing in the manner, for the purposes, and during the periods indicated. Use of the Website implies acceptance of this Privacy Policy.

Diana Davila reserves the right to modify this Privacy Policy, either at her own discretion or due to legislative, jurisprudential, or doctrinal changes by the Spanish Data Protection Agency. Changes or updates will not be explicitly notified to the User, and it is recommended to review this page periodically.

This Privacy Policy has been updated to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on the Protection of Personal Data and guarantee of digital rights.

error: Content is protected !!