Laws Incorporated into This Privacy Policy

This Privacy Policy is adapted to the current Spanish and European regulations on the protection of personal data on the internet. Specifically, it complies with the following regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (GDPR).
• Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
• Royal Decree 1720/2007 of December 21, approving the Regulation for the development of Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
• Law 34/2002 of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The controller of the personal data collected through the Website is:

Double Premium S.L.

Tax ID (NIF/CIF): B21626510

Registered with the Commercial Registry of Madrid, Volume 0, Page 0, Sheet M847329

Legal Representative: Bruno Maximiliano Sixto López-Bravo

Contact details:

• Address: Carrer Cotoner, 47, 07013, Palma, Islas Baleares
• Phone: +34 623 780 591
• Email: [email protected]

Personal Data Record

In compliance with the GDPR and the LOPD-GDD, we inform you that the personal data collected through the Website’s forms will be incorporated and processed in our database with the purpose of facilitating, expediting, and fulfilling the commitments established between LÕA and the User, or for maintaining the relationship specified in the forms filled in by the User, or to process any request or inquiry.

Additionally, in accordance with the GDPR and the LOPD-GDD, and except in cases where the exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying the processing activities carried out and other circumstances established in the GDPR.

Principles Governing the Processing of Personal Data

The processing of the User’s personal data shall be subject to the following principles, in line with Article 5 of the GDPR and Articles 4 and subsequent of Organic Law 3/2018:

• Principle of lawfulness, fairness, and transparency: User consent will always be required, with full transparency on the purposes for which personal data is collected.
• Principle of purpose limitation: Data will be collected for specified, explicit, and legitimate purposes.
• Principle of data minimization: Only strictly necessary data will be collected.
• Principle of accuracy: Personal data must be accurate and kept up to date.
• Principle of storage limitation: Data will only be kept as long as necessary for the purposes of processing.
• Principle of integrity and confidentiality: Data will be processed in a way that ensures security and confidentiality.
• Principle of proactive responsibility: The Data Controller is responsible for ensuring compliance with these principles.

Categories of Personal Data

The categories of data processed on the Website include identification data and, where applicable, special categories of personal data as defined in Article 9 of the GDPR.

Special categories of personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, health data, or data concerning a person’s sex life or sexual orientation.

Processing of special categories of personal data will always require the explicit consent of the User for one or more specific purposes.

Legal Basis for Data Processing

The legal basis for the processing of personal data is consent. LÕA undertakes to obtain the User’s express and verifiable consent for the processing of their personal data for one or more specific purposes.

The User may withdraw their consent at any time, as easily as it was granted. Withdrawal of consent will not affect the lawfulness of processing carried out prior to such withdrawal.

When the User is required to provide personal data through forms to make inquiries, request information, or for purposes related to the Website’s content, they will be informed whenever providing such data is mandatory in order to properly process the request.

Purposes of Data Processing

Personal data is collected and managed by LÕA for the purpose of facilitating, expediting, and fulfilling the commitments established between the Website and the User, or maintaining the relationship specified in the forms completed by the User, or to process any request or inquiry.

Additionally, the data may be used for commercial, operational, or statistical purposes, as well as for activities related to LÕA’s corporate purpose, including data extraction, storage, and marketing research to adapt the content offered to the User and to improve the quality, operation, and navigation of the Website.

At the time of data collection, the User will be informed of the specific purpose(s) for which the data is being processed.

Data Retention Period

Personal data will only be retained for the minimum time necessary to fulfill the purposes of its processing, or until the User requests its deletion.

At the time of data collection, the User will be informed of the retention period or the criteria used to determine it.

Recipients of Personal Data

The User’s personal data will not be shared with third parties.

In any case, at the time of data collection, the User will be informed about the recipients or categories of recipients of their data.

If the Data Controller intends to transfer personal data to a third country or international organization, the User will be informed of such transfer at the time of data collection, including whether or not there is an adequacy decision by the European Commission.

Personal Data of Minors

In compliance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, only Users over 14 years of age may lawfully consent to the processing of their personal data by LÕA. In the case of minors under 14 years of age, the consent of parents or guardians will be required, and processing will only be lawful to the extent that such consent has been given.

Confidentiality and Security of Personal Data

LÕA undertakes to implement the necessary technical and organizational measures, appropriate to the level of risk associated with the collected data, to ensure the security of personal data and prevent their accidental or unlawful destruction, loss, or alteration, as well as unauthorized disclosure or access.

The Website is equipped with an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, as data transfer between the server and the User is fully encrypted.

However, since LÕA cannot guarantee the absolute invulnerability of the internet or the absence of fraudulent access by third parties, the Data Controller undertakes to notify the User without undue delay in the event of a data security breach that could pose a high risk to the rights and freedoms of natural persons.

Personal data will be treated as confidential by the Data Controller, who undertakes to ensure, through legal or contractual means, that such confidentiality is respected by employees, partners, and any other person with access to the data.

Rights of Users Regarding Data Processing

In accordance with the GDPR and Organic Law 3/2018, Users have the following rights with respect to LÕA and may therefore exercise them against the Data Controller:

• Right of access: To obtain confirmation of whether personal data concerning them is being processed and, if so, access to such data and related information.
• Right to rectification: To obtain the modification of inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”): To request the deletion of personal data when, among other reasons, the data is no longer necessary for the purposes for which it was collected, the User withdraws consent, or the data has been unlawfully processed.
• Right to restriction of processing: To request limitation of data processing in certain circumstances (e.g., when the accuracy of the data is contested).
• Right to data portability: To receive personal data in a structured, commonly used, and machine-readable format and transmit it to another controller, where technically feasible.
• Right to object: To object to the processing of personal data for reasons related to their particular situation.
• Right not to be subject to automated decision-making, including profiling, unless otherwise permitted by applicable law.

To exercise these rights, the User may submit a written communication to the Data Controller with the reference “GDPR-www.loapalma.com,” including:

• Full name of the User and a copy of their national ID document. Where representation is permitted, identification of the representative and proof of representation must also be provided.
• The specific request and the information the User wishes to access.
• Address for notifications.
• Date and signature of the applicant.
• Any supporting documents.

Requests and related documents may be sent to:

Postal address: Carrer Cotoner, 47, 07013, Palma, Islas Balearic Islands

Email: [email protected]

Links to Third-Party Websites

The Website may include hyperlinks to third-party websites not operated by LÕA. The owners of such websites are responsible for their own data protection policies and practices.

Complaints to the Supervisory Authority

If the User considers that there is a problem or violation of current data protection regulations in the way their personal data is being processed, they have the right to effective judicial protection and to file a complaint with the relevant supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement.

In Spain, the supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos): https://www.aepd.es/.

ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary that the User has read and agrees with the conditions on the protection of personal data contained in this Privacy Policy, and that they accept the processing of their personal data so that the Data Controller may proceed with it in the manner, for the periods, and for the purposes indicated. Use of the Website implies acceptance of this Privacy Policy.

LÕA reserves the right to modify this Privacy Policy, at its sole discretion or due to changes in legislation, case law, or guidelines issued by the Spanish Data Protection Agency. Any changes or updates to this Privacy Policy will not be explicitly notified to the User. Users are advised to review this page periodically to stay informed of the latest changes or updates.

This Privacy Policy was last updated to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), and with Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.