We are committed to protecting personal information. Your privacy and trust are important to us, so in this Privacy Policy we provide you with important information about how we treat the personal information of our Users.

This Privacy Policy is applicable to https://www.ritaros.es/, as provided in our Legal Notice and Terms of Use.

We recommend that you carefully read the following and, if after doing so you have any questions, you can contact us through our email address info@ritaros.com.

Responsible for the treatment and declaration of regulatory compliance

The owner of this website is , with Tax Identification Number and registered office located at .

OWNER: RITAROS COLLECTION, S.L.U.

CIF / NIF: B-67374595

COMPANY / PROFESSIONAL ADDRESS: Barcelona

TELEPHONE: 96.753.90.99

E-MAIL ADDRESS: info@ritaros.com

WEB ADDRESS: https://www.ritaros.com/

If your query is related to our use of your personal data or if you wish to unsubscribe of our services, you can send an email to info@ritaros.com

The Seller declares that it complies with current Spanish and European legislation on the Protection of Personal Data, specifically Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, and in accordance with the state of the technology, the nature of the data and the risks to which they are exposed, declares that it applies the appropriate technical and organisational measures to guarantee the confidentiality and privacy of the personal data collected through this website, as well as their integrity, availability and security, taking the necessary actions to prevent any alteration, loss, unauthorised access or fraudulent use of the data processed. 

The Seller guarantees that the User's personal data is processed in a lawful, fair and transparent manner, and that it has been collected with the User's explicit consent after being informed of the purpose of the processing, which is expressly indicated in this Privacy Policy.

The Seller will not process or share the User's personal data except as permitted by current regulations, at the request of competent authorities or when it has the express and previously informed consent of the User.

The Seller will not use the User's personal data for purposes other than those previously informed prior to the User sending the data.

Personal information and processing of personal data. What does it mean?

Personal information refers to any information that relates to an identified to a natural person, directly or indirectly, (name, identification number, location data or factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of the person, exact information on the geographic location, financial information and bank account numbers, as well as unique identification elements, such as ID numbers, IP, MAC, social security, driver's license, etc.).

Particularly protected personal information is that related to race or ethnic origin, political opinions, religious beliefs, membership in workers' associations, physical or mental health, additional medical information, including biometric and genetic data or sexual preferences, criminal records or convictions.

The operations, actions and technical procedures carried out in an automated or non-automated manner and which enable the collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of enabling access or interconnection, limitation, deletion or destruction of personal data or sets of personal data are considered to be the processing of personal data.

The Seller does not collect or process personal data related to specially protected personal information of the users of any of its websites. If you want to know how we treat your personal data, we invite you to continue reading this Privacy Policy.

How we use personal information

Transparency and information on personal data protection

We want to make our privacy practices clear so that you can make informed decisions about the use of your personal information by the Seller.

Our values ​​for the processing of personal data:

Lawfulness and loyalty

We will always require your prior consent for the processing of your personal data for one or more specific purposes that will be informed to you prior to sending your data, unless the processing of your personal data is based on some other legitimate cause in accordance with the applicable current legislation.

Minimization

We only require from users the data that is strictly necessary in relation to the purposes of data processing.

Limitation of the conservation period

We keep the data for the time necessary based on the purpose of the processing, informing in each case of the retention period. We review and update the personal databases by eliminating inactive records or those that are no longer necessary because the purpose of the processing has ended.

Confidentiality

We apply the appropriate technical and organizational security measures for the processing of personal data, ensuring its confidentiality and minimizing the risk of unauthorized access or misuse of users' personal data by third parties.

Transparency

In this policy you can find all the information related to the use made of your personal data. In general, we collect, use, disclose, transfer and store personal information when it is necessary to provide our services and for our operational and business purposes, as described in this Privacy Policy.

We invite you to contact us if you have questions or concerns regarding the processing of your personal data through our email info@ritaros.com.

How do we obtain your data? Type of personal information we collect

We collect your personal information through:

  • The Contact email referenced on the website.
  • The Contact Form.
  • The Customer Registration Form.
  • The use of Cookies.
  • The e-commerce Shopping Cart (during the purchase process).

Through the aforementioned channels we can collect the following information:

  • Name and surname
  • ID/NIF/CIF
  • Telephone
  • Email address
  • Full postal address
  • Company
  • Financial data necessary to manage your order
  • Any opinion or comment that you decide to freely provide us or that appears on public profiles (for example, through social networks).
  • The information collected through the use of cookies, which you can consult in our Cookies Policy.

Your commitment to the truthfulness of the data you provide us

The User declares that the personal data provided to the Seller at any stage of the use of this website are true.

As a User, you must know that you are solely responsible for any damage or harm, direct or indirect, that may be caused to the Seller as the person responsible for this website or to a third party if you fill out any form with false data or data from third parties without their prior consent, causing deception, damage or harm.

In order for us to keep your data accurate and up to date, we ask the User to inform us of any variation that may occur in the data provided.

Consent of minors

The sending of personal data through this website by users under 14 years of age is prohibited. If it detects users who may be under the indicated age, it will not process their data and therefore will not respond to requests.

The Seller reserves the right to request a copy of your ID or equivalent document proving your legitimacy in the event of having reasonable suspicions that the User is a minor.

Purpose of processing

The Seller informs that all personal data provided by the User through this website will be incorporated and processed by the data controller for the following purposes:

  • Manage queries made through the Contact Form and the different contact emails on this website and provide the appropriate response.
  • Send you commercial communications about our news, offers and promotions if you have expressly authorized it.
  • Provide you with the requested service in accordance with the terms and conditions of the contract signed with the User.
  • Manage registrations and deregistrations of Clients and users in the databases for electronic communications.
  • Attend to the exercise of user rights.
  • Legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection or investigation of a crime, loss or fraud prevention or to comply with internal and external audit requirements, with our information security objectives, crime prevention, which may entail that they are treated: (a) under applicable law, which may include laws outside the User's country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities, which may include authorities outside the User's country of residence; (c) and to protect our rights, privacy, safety or property, or those of others.
  • Legitimate interest: We may transfer your personal information to affiliated or collaborating companies for business management purposes.

Prior to sending any request or information through the email addresses published on this website, the User agrees to have read this Privacy Policy, which for legal purposes means that he or she has given unequivocal, free, specific and informed consent to the processing of his or her personal data for the purposes indicated, without prejudice to the fact that he or she subsequently has the right to exercise his or her rights in accordance with current regulations and the provisions of this Privacy Policy.

The aforementioned express consent implies the authorization of the processing of his or her data under the terms established in this Privacy Policy, as well as by the joint controllers and those in charge of the processing with whom he or she maintains an obligatory contractual relationship and compliance control.

The personal information that we have about users is not always obtained directly from the users. Our servers automatically collect certain information through cookies that may identify the User.

International transfers

In some cases, third-party tools and services are used to manage some of the services offered on this website. Some of these services may be owned by third parties residing outside the European Union.

The Seller tries to use secure tools whose servers are preferably located in Spain, or failing that, in a member state of the European Union, or that comply with European law in accordance with the guidelines and recommendations of the Spanish Data Protection Agency, the European Commission and the relevant community agreements on international data transfer, including obtaining certification on the Privacy Shield list.

In the event that international data transfer is necessary, acceptance of this Privacy Policy means that as a User you expressly consent to said transfer.

Security Measures Applicable to the Processing of Personal Data

In order to protect the personal data of web users, it ensures itself and controls its data processors, in the application of the appropriate technical and organizational measures to protect personal data, taking into account the scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of the interested parties, trying to be able to ensure the confidentiality, integrity, availability and resilience of the systems and services of the processing.

In particular, it has implemented an encryption and authentication protocol (TLS 1.2, ECDHE_RSA with P-256 and AES_128_GCM) that guarantees that the personal data consulted by us are transmitted to our servers through a secure connection ("Secure-Socket-Layer"), in order to protect them from third parties.

Our information security policies and procedures are regularly reviewed and updated to meet the needs of our business, technological changes and regulatory requirements.

  • We implement technical and organizational measures to store and transfer information securely, in order to protect it from accidental loss or attacks, as well as from unauthorized access, use, destruction or disclosure.
  • We have a privacy and security risk assessment strategy, as well as a disaster recovery and business continuity plan designed to safeguard the continuity of our services and to protect our staff and our employees.
  • We apply appropriate restrictions on access to personal information.
  • We require our suppliers in charge of processing the data to have accredited security controls appropriate to the processing of personal data that they carry out in each case.
  • We require that our employees and contractors undergo continuous training in the area of information security, as well as in other relevant areas, since they have access to personal information and other sensitive data.

Declares that it is able to act quickly and effectively to restore the availability and access to personal data in the event of identifying the occurrence of a physical or technical incident, maintaining for this purpose an internal Incident log, an incident response plan, as well as the necessary backup management and control activities that guarantee the recovery of information in the event of a security incident.

Declares that it stores users' personal data on secure servers, protected against the most common types of attacks and located in Spain, Europe, or in the case of storage outside Europe, after verifying compliance with European agreements (Privacy Shield).

Notification of personal data security breaches

In the event of a breach of personal data security, unless it is unlikely that such a breach of security constitutes a risk to the rights and freedoms of natural persons, the Spanish Data Protection Agency shall be notified within 72 hours after having become aware of the incident, describing the nature of the breach, the possible consequences that could arise and the measures adopted or proposed to remedy the security breach; and if possible, the categories and approximate number of interested parties and data affected shall be made known.

Likewise, the interested parties shall be notified as soon as possible when it is likely that the breach of personal data security entails a high risk to the rights and freedoms of natural persons, describing the possible consequences that could arise and the measures adopted or proposed to remedy the security breach.

Exercise of rights

At any time, the User may withdraw its consent and/or exercise its rights of access, rectification, deletion, limitation, opposition and portability provided for in the European regulations on personal data protection, by sending an email to info@ritaros.com.

In such case, the User must indicate the right he/she wishes to exercise, the website on which he/she exercises the right and attach a copy of his/her ID or any other valid identification document that legitimises him/her to do so, including that which allows his/her electronic identification.

What do these rights consist of?

The right of access legitimises the User to obtain information about which personal data is being processed, the purpose of the processing, the categories of data processed, the retention period or criteria, the recipients or categories of recipients; if profiles are created, significant information on the logic applied and the expected consequences of the processing; the exercise of the rights to rectification or deletion of personal data and to limit or oppose processing and the right to file a claim with the Control Authority.

To exercise it, the User does not need to provide justification, unless he or she has exercised it in the last six months.

In the event of exercising his or her right of access, he or she is legally obliged to resolve the access request within a maximum period of one month from receipt of the request, providing a copy of the personal data being processed or allowing you remote access to it. will also provide any other additional copy requested by the interested party, upon payment of the fee generated by the administrative costs of issuance.

The Seller may deny access and, where appropriate, invoke the protection of the Spanish Data Protection Agency on the grounds that said access has been exercised in the previous six months, or because it is provided for or prevented by a national or community regulation.

The right to rectification legitimises the User to demand that we rectify the data that he or she considers to be inaccurate or incomplete. To do so, the User must indicate to us which data it refers to and the correction that must be made, providing documentation that justifies it. In such case, the User must make the rectification as soon as possible and, in any case, within one month of receiving the request. This period may be extended by another two months if necessary, taking into account the complexity and number of requests. will inform the interested party of the extension within the first month of the request.

The right to erasure (or “right to be forgotten”) means that the User has the right to have data deleted when the processing is unlawful, the data subject has withdrawn his or her consent or has exercised the right to object and there are no other legitimate reasons for the processing; the data is no longer necessary in relation to the purposes for which it was collected or processed; or it must be deleted to comply with a legal obligation.

The data subject shall not have the right to have his or her data deleted when the processing is necessary to exercise the right to freedom of expression and information; to comply with a legal obligation; for the formulation, exercise or defence of claims; for public interest based on current legislation for reasons of public health or for historical, statistical or scientific research purposes.

The Seller will respond to your request as soon as possible and, in any case, within one month of receipt of your request. This period may be extended by another two months if necessary, taking into account the complexity and number of requests. The Seller will inform the interested party of the extension within the first month of the request.

The right to object means that the User has the right to not have his or her personal data processed or to have it ceased in cases where the processing is based on direct marketing, profiling; the interests or rights and freedoms of the interested party prevail, especially if he or she is a child, the legitimate interest of or of third parties; historical, statistical or scientific research, unless the processing is necessary for reasons of public interest.

The Seller will respond to your request as soon as possible and, in any case, within one month of receiving your request. This period may be extended by another two months if necessary, taking into account the complexity and number of requests. The Seller will inform the interested party of the extension within the first month of the request.

The right to restriction of processing means that the User has the right to decide which personal data he or she does not want to be processed in the future, and may exercise this right when he or she has previously contested the accuracy of the data; when the processing is unlawful and instead of exercising the deletion of the data, he or she decides to limit it for future processing; or when he or she considers that he or she no longer needs the personal data for the authorised purposes of processing, but instead, the User needs it for the formulation, exercise or defence of claims.

In the event of restriction of processing, the restriction may be lifted if there is consent from the interested party; there is a possibility that the processing affects the protection of the rights of another natural or legal person; there is a judicial procedure that justifies it; or there is an important reason of public interest based on current legislation.

The Seller will respond to your request as soon as possible and, in any case, within one month of receiving your request. This period may be extended by another two months if necessary, taking into account the complexity and number of requests. The Seller will inform the interested party of the extension within the first month from the request.

The right to portability means that the User has the right to receive the personal data provided or to transmit them to another controller, in a structured format of common use and machine reading, provided that the processing is carried out by automated means and the processing is based on the consent that the User once gave for one or more specific purposes, or for the execution of a contract to which he or she was a party.

The right to portability will not apply when the transmission is technically impossible; or when it may negatively affect the rights and freedoms of third parties; or when the processing has a mission of public interest based on current legislation.

The Seller will respond to your request as soon as possible and, in any case, within one month from receipt of your request. This period may be extended by another two months if necessary, taking into account the complexity and number of requests. The Seller will inform the interested party of the extension within the first month from the request.

How do we share information with third parties? Data processors

We share personal information with third parties in order to provide services or carry out business operations under the terms described in this Privacy Policy or when we consider that the law allows or requires it. When we share personal information, we do so in accordance with data privacy and security requirements.

Informs the User that their personal data may be transferred to:

  • Our business partners and third-party service providers, when necessary for the provision of services, internal administration and sales management, technical assistance and customer service, software support, systems and platforms, cloud hosting services or data analysis. In such cases, the transfer of data to the third party will only be carried out when it informs the User and maintains a contractual relationship with the data processor that guarantees its confidentiality, the non-use of the personal information of the users that we make available to you for purposes other than those indicated above, as well as compliance with our internal privacy and information security regulations.
  • When said transfer of data is covered by a legal obligation or is required by the competent authorities to respond to legal requirements, criminal investigation of a possible illegal activity or claims that a content infringes the rights of third parties or to protect the rights, property or security of third parties, in the event of a merger, sale, restructuring, acquisition, joint venture, assignment, transfer or other disposition, in whole or in part, of our business, assets or shares.

If required by the competent authorities to respond to legal requirements, criminal investigation of a possible illegal activity or claims that a content infringes the rights of third parties or to protect the rights, property or security of third parties, you may communicate personal information of users to the competent authorities.

If the rights over the website were to be transferred to another entity, you agree to agree the subrogation and commitment of the new managing entity responsible for the processing of personal data for the continuation of this Privacy Policy, noting the commitment that if the personal information is to be used in a manner contrary to this policy, the User must be notified in advance.

Cookies Policy

Uses cookies (small information files that are downloaded to a User's terminal equipment when accessing a website, in order to store data that can be updated and retrieved by the person responsible for its installation) to carry out certain functions that are considered essential for the correct operation and display of the website and, in some cases, to store and manage the User's preferences, enable content and collect analytical and usage data.

To obtain these analyses, this website may automatically store certain information in the server logs through the use of cookies that collect usage and navigation data related to the use of this website by the User. These logs usually include information such as, for example, the type of browser, browser language, date and time of access request, URL, computer or device model, operating system version, unique identifiers (IP) and data on the mobile network used to access and navigate this website.

If you wish to obtain more information about our use of cookies and how you can prevent their installation, you can visit our Cookies Policy.

How long will we process your data?

The personal data provided will be kept for the duration of the contractual relationship that may bind us, during the legal retention periods, or until the User requests its deletion, for the purpose of keeping you informed about the actions promoted by , provided that such processing is appropriate, pertinent and limited to what is necessary for the purposes for which the data was collected in accordance with this Privacy Policy.

Reuse of this policy

The Seller does not authorize the copying, reproduction or reuse of this privacy policy that has been specifically analyzed to respond to the obligations inherent to this website.

Applicable legislation and jurisdiction

The Seller is based in Spain, so the content of this Privacy Policy has been drafted under Spanish legislation and applicable European Union regulations.

The User agrees that any claims or complaints arising from or related to the use of this website and more specifically to the processing of its personal data will be resolved by the court of competent jurisdiction located in Madrid. If he/she were to make any type of claim, he/she will do so before the competent court of the User's domicile or in Madrid if it concerns legal persons or professionals who are not consumers.

If the User accesses this site from a location outside of Spain, he/she is responsible for complying with all local and international laws that apply to him/her.

Reservation of the right to modify the Privacy Policy

The Seller may modify this Privacy Policy at any time, taking into account the evolution of this website and the content offered therein, if it deems it necessary, whether for legal reasons, technical reasons, or due to changes in the nature or layout of the website, without any obligation to notify or inform the User of such modifications, it being understood that their publication on the website itself is sufficient.

Any modification will take effect with respect to users who use this website after said modification. Continued use of this site after the publication of any change will be considered as acceptance of said changes. For this reason, at the end of this Privacy Policy, the last date of its update will always be published, so that the changes introduced will be effective as of said date.

If the User does not agree with the updates to our Privacy Policy, he/she may opt out of them by not entering his/her personal data in the contact forms on the website or by exercising his/her rights as specified above. If his/her rights are not met, he/she may file a complaint with the supervisory authority.