Skip to main content

Purchase, returns and delivery policy

At Museo de las paellas, S.L. we are especially committed to the confidentiality of the personal data provided to us through the website, and through this policy we inform the user about data protection matters as well as the rights to which they are entitled.

Therefore, and pursuant to the General Data Protection Regulation of the European Union (GDPR), EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, and in accordance with the principle of transparency, we provide you with relevant information on the processing of personal data, in order to inform you at all times how we process data, for what purpose, and the corresponding rights.

Data Controller:

Museo de las paellas, S.L. (hereinafter THE CONTROLLER), CIF: B13941778, with registered address at C/ Velázquez, 10, 1st floor, 28001 Madrid, and email: museodelaspaellas@gmail.com

Data Protection Officer (DPO) contact: No DPO is available; however, you may contact us through any of the means indicated above.

Data collection:

THE CONTROLLER has obtained the personal data to be processed through different channels:

  • Voluntarily provided by the data subject, either through a web form, email, telephone, or contract, for the request of any type of information or for the formalization and/or acquisition of services or products.
  • From publicly accessible sources and/or public records, and always when there is a legitimate interest on the part of THE CONTROLLER.

Description of the purpose of processing:

THE CONTROLLER will process your data in order to respond to requests made through this website. Additionally, if you give your consent to receive commercial communications, promotions, and information of interest, commercial and/or advertising information may be sent to you through the usual communication channels. However, such consent may be revoked at any time through the means provided for that purpose.

We will process your data for commercial, administrative, accounting, and tax management, in accordance with current regulations and based on the information provided and the authorization granted.

Data retention:

The personal data provided will be retained as long as the relationship with the entity is maintained and deletion is not requested by the data subject. They will be kept in accordance with the legally established timeframes and depending on the purpose for which they were collected.

If the data subject has voluntarily subscribed to any type of commercial communication, newsletter, advertising, etc., the data will remain until they request to unsubscribe from such communications.

Legal basis:

The legal basis for the processing of personal data by THE CONTROLLER is supported by:

  • The mere request by the data subject for any type of information.
  • The possible subscription to receive commercial communications through express consent.
  • The formalization of a commercial relationship resulting from the acquisition of products and/or services.
  • Legitimization through the execution of a contract.

Recipients:

While the data of the data subject is being processed, THE CONTROLLER will not transfer the data to third parties unless there is a legal obligation.

In cases where third-party services are used for administrative, tax, accounting, and/or commercial processing, the required data processing agreement will be duly formalized to ensure the security and confidentiality of the data subject’s information.

Rights:

The data subject, in relation to their personal data, may freely and at no cost exercise the following rights:

  • Right of access to their personal data.
  • Right to rectification of their personal data when incomplete or inaccurate.
  • Right to erasure of their personal data when they are no longer necessary for the purposes for which they were collected.
  • Right to restriction of processing, in whole or in part.
  • Right to object to processing.
  • Right to data portability.
  • Right to withdraw previously granted consent.

If you feel that your rights regarding the protection of your personal data have been violated, especially if you have not obtained satisfaction in the exercise of your rights, you may file a complaint with the competent Data Protection Authority.

Supervisory Authority:

If you need more information and/or assistance—beyond what we can and wish to provide—regarding Data Protection, you should know that the supervisory authority in Spain responsible for ensuring compliance with data protection regulations, and for guaranteeing and safeguarding the fundamental right to personal data protection, is:

Spanish Data Protection Agency (AEPD)
C/ Jorge Juan Nº6
28001 – Madrid
901 100 099 – 912 663 517
www.agpd.es

You may also contact them through this form.

The AEPD informs and assists citizens in exercising their rights, as well as companies in complying with the obligations established by law.

As the owner of your own data, the AEPD safeguards the exercise of the rights of access, rectification, erasure, restriction, portability, and objection when they have not been properly addressed. It also guarantees the right to data protection in cases of actions that may be contrary to the law.