Privacy Policy

Última actualización: Abril 2024.

1. General information

Danielle Talia Pacheco Lee (6031266W) como Responsable del Tratamiento, le informa que, según lo dispuesto en el Reglamento (UE) 2016/679, de 27 de abril, (RGPD) y en la L.O. 3/2018, de 5 de diciembre, de protección de datos y garantía de los derechos digitales (LOPDGDD), trataremos su datos tal y como reflejamos en la presente Política de Privacidad.

In this Privacy Policy we describe how we collect your personal data and why we collect it, what we do with it, with whom we share it, how we protect it, and your choices regarding the processing of your personal data.

This Policy applies to the processing of your personal data collected by this website for the provision of services for web users or customers. If you accept the measures in this Policy, you agree that we treat your personal data as defined in this Policy.

2. Contact

Information about the data controller:

Brand: Danielle Pacheco Chocolatier
Razón Social: Danielle Talia Pacheco Lee
NIF: 60312166W
Dirección: C/ Buïgas 4, 08017 Barcelona
Telephone: +34 613864070
Email: [email protected]

3. Key Principles

At Danielle Pacheco Chocolatier we treat the information you provide us with in order to provide the requested service, send you the required information, and/or carry out billing.

In accordance with the applicable data protection regulations, your personal data may be processed provided that:

• You have given us your consent for the purposes of processing when browsing the web and/or offering us your personal data. You can withdraw your consent at any time.
• Per legal requirement.
• In case of a legitimate interest that is not undermined by your privacy rights, such as sending information in relation to your query or your status as a customer.
• Because it is necessary for the provision of any of our services through a contractual relationship between you and us.

We have always been committed to providing our services with the highest degree of quality, which includes treating your data with security and transparency. Our principles are:

• Legality: We will only collect your personal data for specific, explicit and legitimate purposes.
• Data minimization: We limit the collection of personal data to what is strictly relevant and necessary for the purposes for which it was collected, for example to place an order, for after-sales service, to maintain a user profile or to respond to a comment received via the contact form. Examples of data that we can collect are: bank details, telephone number, email, name and surname, NIF, postal address. This is not a complete list. Comments submitted via the contact form may be subject to an automated service to detect and block spam. If you ask us for a link to reset your password, the message may contain your IP address.
• Purpose limitation: We will only collect your personal data for the ends declared and named according to your desires.
• Accuracy: We will keep your personal data accurate and up to date based on the information you provide to us.
• Data security: We apply appropriate technical and organizational measures proportional to the risks to ensure that your data is not damaged, such as unauthorized disclosure or access, accidental or unlawful destruction or accidental loss or alteration and any other form of illicit treatment.
• Access and rectification: We provide the means for you to access or rectify your data when you consider it appropriate.
• Retention: We retain your personal data in a lawful and appropriate manner. The data provided will be kept as long as the commercial relationship is maintained or for the time necessary to comply with legal obligations and attend to possible responsibilities that may arise from compliance with the purpose for which the data was collected.
• International transfers: In the case that your data is transferred outside the EU/EEA, it will be adequately protected.
• Security breaches: We take measures to ensure the protection of the identifying data of our users. However, in the event of a security breach, we undertake to inform the competent authorities without undue delay.
• Minors: The content of our page is not designed for minors. Please do not use the contact form or place an order if you are under 18 years of age.

Usted tiene derecho a obtener información sobre si en Danielle Pacheco Chocolatier estamos tratando sus datos personales, por lo que puede ejercer sus derechos de acceso, rectificación, supresión y portabilidad de datos y oposición y limitación a su tratamiento ante Danielle Pacheco Chocolatier, en la c/ Buïgas 4, 08017 Barcelona o en la dirección de correo electrónico [email protected], adjuntando copia de su DNI o documento equivalente.  Asimismo, y especialmente si considera que no ha obtenido satisfacción plena en el ejercicio de sus derechos, podrá presentar una reclamación ante la autoridad nacional de control dirigiéndose a estos efectos a la Agencia Española de Protección de Datos, C/ Jorge Juan, 6 – 28001 Madrid.

4. Third parties

Trabajamos con varios terceros para mantener el funcionamiento de la pagina web y el email, y para efectuar el pagamiento cuando compras algo en nuestra pagina. Concretamente, la pagina web esta alojada con Bluehost (Newfold Digital, una empresa americana). El dominio y el email estan alquilados de Ionos España. Usamos WooCommerce para la tienda online y WordPress.org como plataforma tecnica. Tambien podemos usar plugins a parte de estos grupos principales para mejorar la pagina web, como por ejemplo Complianz para cumplir con las normas de la RGPD, TranslatePress para traducir la pagina a otras lenguas o Cloudflare para mejorar la velocidad de la web. Esta no es una lista completa.

The access and transfer of personal data to third parties are carried out in accordance with the applicable laws and regulations and with the appropriate contractual guarantees.

Our contracts with these third parties include the responsibilities of both sides in terms of protecting the data of the users of the website, such as not collecting more data than necessary, and only using it for the function for which it was requested. We do not share your data with third parties for advertising purposes.

We and the third parties with whom we work keep the data for the time necessary to maintain the supplier-client relationship, or to attend to possible responsibilities that may arise from its relationship with Danielle Pacheco Chocolatier, destroying it securely and definitively at the end of said period. However, the destruction of the data is not appropriate when there is a legal provision that requires its conservation, in which case it must be returned to the data controller, who will guarantee its conservation, duly protected, while such obligation persists.

5. Your Rights as User

Upon presentation of their national identity document or passport, the holders of personal data (data subjects) may exercise their rights of access, rectification, deletion, opposition, portability and purpose limitation. The exercise of rights is free.

RIGHT OF ACCESS (GDPR Article 15.1): Under the right of access, data subjects will be provided with a copy of the personal data that is available together with the purpose for which they have been collected, the identity of the recipients of the data, the expected conservation periods or the criteria used to determine it, the existence of the right to request the rectification or deletion of personal data as well as the limitation or opposition to its treatment, the right to file a claim with the Spanish Agency for Data Protection and, if the data was not obtained directly from the data subject, any information available about its origin. The right to obtain a copy of the data may not interfere with the rights and liberties of other data subjects.

• Form for exercising the right of access.

RIGHT TO RECTIFICATION (GDPR Article 16): Under the right to rectification, information on data subjects that is inaccurate or incomplete will be modified, taking into account the purposes of the treatment. The data subject must indicate in the request what data it refers to and the corrections that must be made, providing, when necessary, supporting documentation of the inaccuracy or incompleteness of the data being processed. If the data has been communicated by the data controller to other data controllers, they must notify them of the rectification of the data unless this is impossible or requires a disproportionate effort, providing the data subject with information about said recipients, if requested.

• Form for exercising the right to rectification.

RIGHT TO BE FORGOTTEN (GDPR Article 17): Under the right to be forgotten, the data of the data subjects will be deleted when they express their refusal to the treatment as long as there is no legal basis that prevents it, the data is not necessary in relation to the purposes for which it was collected, the data subject withdraws the consent given and there is no other legal basis that legitimizes the treatment or said basis is illegal. If the deletion derives from the exercise of the data subject's right to oppose the processing of their data for marketing purposes, the identifying data of the data subject may be kept in order to prevent future processing. If the data has been communicated by the data controller to other data controllers, they must notify them of the deletion of these unless this is impossible or requires a disproportionate effort, providing the data subject with information about said recipients, if requested.

• Form for the right to be forgotten.

RIGHT TO OBJECT(GDPR Article 21): Under the right to object, when the data subject expresses their refusal to the processing of their personal data to the data controller, the latter will stop processing the data as long as there is no legal obligation that prevents it. When the data treatment is necessary for public interest or in the legitimate interest of the data controller, upon a request to exercise the right to object, the data controller will stop processing the data unless compelling reasons are proven that prevail over the interests, rights and freedoms of the data subject or are necessary for the formulation, exercise or defense of claims. If the data subject objects to the processing of data for direct marketing purposes, their personal data will no longer be processed for these purposes.

• Form for the right to object.

RIGHT TO DATA PORTABILITY (GDPR Article 20): Under the right to data portability, if data treatment is carried out by automated means and is based on consent or is carried out within the framework of a contract, data subjects may request to receive a copy of their personal data in a structured, commonly used and mechanically readable format. Likewise, they have the right to request their data be transmitted directly to a new data controller, whose identity must be communicated, when technically possible.

• Form for the right to data portability.

RIGHT TO RESTRICTION OF PROCESSING (GDPR Article 18): Under the right to restriction of processing, data subjects may request the suspension of the processing of their data to challenge its accuracy while the data controller carries out the necessary verifications; or, in the event that data treatment is carried out based on the legitimate interest of the data controller or in compliance of a mission of public interest, while verifying whether these reasons prevail over the interests, rights and freedoms of the data subject. Data subjects can also request the conservation of their data if they consider that the treatment is illegal and, instead of deletion, request restriction of processing; likewise if the data controller no longer needs the data for the purposes for which it was collected, but the data subject needs them for the formulation, exercise or defense of claims. The data controller must clearly indicate in their systems that the data subject has exercised their right to restriction of processing. If the data has been communicated by the data controller to other data controllers, they must notify them of the restriction of processing unless this is impossible or requires a disproportionate effort, providing the data subject with information about said recipients, if requested.

• Form for the right to restriction of processing.

If you have given your consent for a specific purpose, you have the right to withdraw the consent granted at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.

You can exercise these rights by sending reasoned and accredited communication to [email protected]

You also have the right to file a claim with the competent Control Authority (www.aepd.es) if you consider that the treatment of your data does not comply with current regulations.

If the request of the data subject is not processed, the data controller will inform them, without delay and no later than one month after receiving it, of the reasons for their non-action and of the possibility of filing a claim with the Spanish Agency for Data Protection and to exercise legal action.

6. Legal information

This policy is subject to periodic revisions and the website owner can modify it at any time.

The requirements of this Policy complement, and do not replace, any other existing requirements under the applicable data protection law, which will prevail in any case. Catalan, English, and French translations of this privacy policy are for user convenience only. In the case of discrepancies between different languages, the Spanish version will take precedence.