Privacy Policy

Legal name: Shawn Whitne (hereinafter, the Data Controller)
Trade name: Shawn Whitne
Tax ID (NIF): Y4335539F
Address: C. Algibe de la Vieja, 7, Albaicín, 18010 Granada, Spain
Email: shawntwhitney@gmail.com

In accordance with current legislation, the Data Controller undertakes to adopt the necessary technical and organizational measures appropriate to the level of security required by the risk associated with the collected data.

LAWS INCORPORATED INTO THIS PRIVACY POLICY

This Privacy Policy is adapted to current Spanish and European regulations on the protection of personal data on the internet. In particular, it complies with the following legislation:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

• Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).

• Royal Decree 1720/2007 of 21 December approving the implementing regulations of Organic Law 15/1999 of 13 December on the Protection of Personal Data (RDLOPD).

• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

REGISTRATION OF PERSONAL DATA

In compliance with the provisions of the GDPR and the LOPD-GDD, users are informed that the personal data collected by the Data Controller through the forms provided on its pages will be incorporated into and processed within its records for the purpose of facilitating, expediting, and fulfilling the commitments established between the Data Controller and the User, or maintaining the relationship established through the forms completed by the User, or responding to a request or inquiry.

Likewise, in accordance with the GDPR and the LOPD-GDD, unless the exception provided for in Article 30.5 of the GDPR applies, a record of processing activities is maintained specifying, according to their purposes, the processing activities carried out and the other circumstances established by the GDPR.

PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The processing of the User’s personal data shall be subject to the following principles set forth in Article 5 of the GDPR and Articles 4 et seq. of Organic Law 3/2018:

• Lawfulness, fairness, and transparency: User consent shall be required at all times, following full and transparent information regarding the purposes for which personal data are collected.

• Purpose limitation: Personal data shall be collected for specific, explicit, and legitimate purposes.

• Data minimization: Personal data collected shall be limited to what is strictly necessary for the purposes for which they are processed.

• Accuracy: Personal data must be accurate and kept up to date.

• Storage limitation: Personal data shall be kept only for as long as necessary to fulfill the purposes of processing.

• Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security and confidentiality.

• Proactive accountability: The Data Controller shall be responsible for ensuring compliance with these principles.

CATEGORIES OF PERSONAL DATA

The only categories of personal data processed on the Data Controller’s website are identifying data. Under no circumstances are special categories of personal data processed, as defined in Article 9 of the GDPR.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

The legal basis for the processing of personal data is consent. The Data Controller undertakes to obtain the User’s express and verifiable consent for the processing of personal data for one or more specific purposes.

The User has the right to withdraw consent at any time. Withdrawal of consent shall be as easy as granting it. As a general rule, withdrawal of consent shall not affect the use of the Website.

Whenever the User must or may provide personal data through forms to make inquiries, request information, or for reasons related to the content of the Website, the User shall be informed if completion of any fields is mandatory, as they are essential for the proper execution of the requested operation.

PURPOSES OF THE PROCESSING OF PERSONAL DATA

Personal data are collected and managed by the Data Controller for the purpose of facilitating, expediting, and fulfilling the commitments established between the Website and the User, maintaining the relationship established through forms completed by the User, or responding to a request or inquiry.

Additionally, data may be used for commercial purposes related to personalization, operations, statistics, and activities inherent to the Data Controller’s business purpose, as well as for data extraction, storage, and marketing studies in order to adapt the content offered to the User and improve the quality, operation, and navigation of the Website.

At the time personal data are collected, the User shall be informed of the specific purpose or purposes for which the personal data will be processed.

RETENTION PERIODS FOR PERSONAL DATA

Personal data shall be retained only for the minimum period necessary for the purposes of processing and, in any case, for the following period: 18 months, or until the User requests their deletion.

At the time personal data are collected, the User shall be informed of the retention period or, where this is not possible, the criteria used to determine such period.

RECIPIENTS OF PERSONAL DATA

The User’s personal data shall not be shared with third parties.

In any case, at the time personal data are collected, the User shall be informed of the recipients or categories of recipients of the personal data.

PERSONAL DATA OF MINORS

In accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, only individuals over the age of 14 may lawfully give consent for the processing of their personal data by the Data Controller. If the User is under 14 years of age, parental or guardian consent shall be required, and processing shall only be lawful to the extent that such consent has been granted.

CONFIDENTIALITY AND SECURITY OF PERSONAL DATA

The Data Controller undertakes to adopt the necessary technical and organizational measures appropriate to the level of security required by the risk of the collected data, ensuring the security of personal data and preventing accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

However, since the Data Controller cannot guarantee the absolute invulnerability of the internet or the total absence of hackers or other unauthorized access, the Data Controller undertakes to notify the User without undue delay in the event of a personal data security breach that is likely to result in a high risk to the rights and freedoms of natural persons.

In accordance with Article 4 of the GDPR, a personal data breach is defined as any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Personal data shall be treated as confidential by the Data Controller, who undertakes to ensure such confidentiality through legal or contractual obligations binding its employees, collaborators, and any persons granted access to the information.

RIGHTS ARISING FROM THE PROCESSING OF PERSONAL DATA

The User may exercise the following rights recognized under the GDPR and Organic Law 3/2018:

• Right of access: The right to obtain confirmation as to whether personal data concerning the User are being processed and, if so, access to such data and related information.

• Right to rectification: The right to request the correction of inaccurate or incomplete personal data.

• Right to erasure (“right to be forgotten”): The right to obtain the deletion of personal data when they are no longer necessary, consent has been withdrawn, processing is unlawful, or deletion is required by legal obligation.

• Right to restriction of processing: The right to restrict processing under certain circumstances.

• Right to data portability: The right to receive personal data in a structured, commonly used, machine-readable format and transmit them to another controller.

• Right to object: The right to object to the processing of personal data.

• Right not to be subject to automated decision-making: Including profiling, except where permitted by law.

To exercise these rights, the User must submit a written request to the Data Controller specifying:

• Full name and a copy of a valid ID document

• The specific request or information sought

• Address for notification purposes

• Date and signature

• Any supporting documentation

LINKS TO THIRD-PARTY WEBSITES

The Website may include links to third-party websites not operated by the Data Controller. Such websites have their own privacy policies and are solely responsible for their data processing practices.

COMPLAINTS TO THE SUPERVISORY AUTHORITY

If the User considers that there has been a breach of applicable data protection regulations, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority. In Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD):
https://www.aepd.es/

ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

Use of the Website implies acceptance of this Privacy Policy. The User must have read and agreed to the conditions regarding the protection of personal data contained herein and consent to the processing of such data in the manner, for the periods, and for the purposes indicated.

The Data Controller reserves the right to modify this Privacy Policy at its discretion or as required by legislative, jurisprudential, or doctrinal changes issued by the Spanish Data Protection Agency. Users are advised to review this page periodically to remain informed of any updates.

This Privacy Policy was updated to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights.