Privacy policy

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the movement of such data, hereinafter the RGPD, as well as the Organic Law 3/2018, of 5 December, on Data Protection and Digital Rights (hereinafter, LOPDGDD) and other applicable regulations. The purpose of this Privacy Policy is to inform natural persons who provide their personal data, and/or those of the person they represent, in respect of which information is being collected, of the specific aspects relating to the processing of their data, the purposes of the processing, the contact details for exercising their rights, the periods of conservation of the information and the security measures, among other things.

Who is the data controller?

In terms of data protection, Yegané S.L. shall be considered the Data Controller in relation to the processing of personal data carried out by this entity.


The contact details of the Data Controller are set out below:

  •  Identity of the person responsible: Yegané S.L. (B98601636)
  • Physical address: Calle dels Sequiers, 2, Polígono Industrial El Cap de L'Horta,, 46185, POBLA DE VALLBONA, LA, VALENCIA
  • E-mail address: info@youfirstbeauty.com
  • Telephone: 960 42 01 55

What personal data do we process?

All data collected by Yegané S.L. will be processed in a fair, lawful and transparent manner. Likewise, the data requested in each of the processing operations carried out will consist only of those that are strictly necessary to carry out the intended purpose and will be communicated in each case.
In this way, the data collected will be adequate, relevant and not excessive in relation to the purposes for which they are processed. Therefore, your personal data will be collected for specific, explicit and legitimate purposes and will not be further processed in a way that is incompatible with those purposes. It will also be updated whenever necessary.

In general terms, the following types of data are collected within the framework of the different processing activities carried out in the organisation:

  • Identifying data.
  • Commercial Information.
  • Transactions in goods and services.

 

Where do personal data come from?

As a general rule, personal data are always collected directly from the data subject; however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject.

In this regard, this will be communicated to the data subject through the information clauses contained in the different information collection channels and within a reasonable period of time or in the first communication made to the data subject.

 

For what specific purposes and in what specific instances do we process personal data?

In general terms, personal data are processed for the following purposes:

  • Newsletters: when previously authorised, by email, fax, SMS, MMS, social communities or any other electronic or physical means, present or future, that enable commercial communications to be made, as well as sending the website's newsletter. These communications will be carried out by the Controller, related to its products and services, or those of its collaborators or suppliers with whom a promotional agreement has been reached. In this case, third parties will never have access to personal data.

The personal data collected will not be used to create profiles or make automated decisions.


However, all the explicit purposes for which each of the processing operations are carried out are set out in the informative clauses included in each of the data collection methods (web forms, paper forms, voice messages or posters and information notes, invoices, contracts and other documents containing personal data).

What is the lawfulness of the data processing?

As a general rule, before processing personal data, Yegané S.L. informs you of the legal basis on which it establishes the legitimacy of the processing in question.


However, personal information may be processed within the organisation for:

  • Consent: some processing operations are based on the explicit and unambiguous consent of the data subject, through the inclusion of consent clauses in the various information collection systems, through a declaration or a clear affirmative action such as ticking a box or signing a document, or by sending data through the indicated contact points. In addition, we inform you that we will only use personal information in accordance with this Privacy Policy and, in general, we will ask for your consent to use it for purposes other than those for which you originally provided it.
  • Legitimate interest: the processing of data based on the legitimate interest of the data controller will be established mainly for the sending of commercial communications or events on products or services similar to those contracted. In accordance with article 21.2 of the Information Society Services Act, this processing will only be valid if you, as a customer, have not expressly refused at the time of collection or in any of the communications we send.

 

How long do we process data?

At www.youfirstbeauty.com personal data is processed for the time necessary to fulfil the purpose for which it was collected, for as long as the service is provided or the employment or contractual relationship is maintained, there is a mutual interest and/or for the time provided for in the corresponding regulations.

Once the established time criteria have been met, the data will be cancelled. Said cancellation will give rise to the blocking of the data, which will only be kept at the disposal of the Public Administrations, Judges and Courts, in order to attend to any possible liabilities arising from the processing, during the period of limitation of these, after which time the information will be destroyed.

 

With whom do we share personal data?

As a general rule, Yegané S.L. does not transfer or communicate your data to third parties, except for those legally required.
However, should it be necessary, the interested party is informed of these transfers or communications of data through the informative clauses contained in the different ways of collecting personal data.

Which rights can you exercise?

According to European legislation, your rights are as follows:

  • Right of access, the right to request information from the data controller about whether their personal data are being processed.
  • Right of rectification, a right that allows the person concerned to request the modification of data that are inaccurate or incomplete.
  • Right of Opposition, the right of an individual to object to the processing of his or her personal data or the cessation of such processing.
  • Right to automated individual decisions, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
  • Right of Limitation, the right to suspend the processing of the user's personal data in certain cases.
  • Right of Deletion or Oblivion, right to erasure of the data subject's personal data.
  • Right of portability, the right to request the controller to provide personal data in a structured and clear format to another controller.
  • The right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with the regulations in force.

How to exercise your rights?

The applicant may exercise his or her rights by the following means:

  • Email providing documentation proving the identity of the applicant (copy of the front of the National Identity Card, or equivalent).
  • Postal mail to Calle dels Sequiers, 2, Polígono Industrial El Cap de L'Horta, 46185, POBLA DE VALLBONA, LA, VALENCIA providing documentation proving the identity of the applicant (copy of the front of the National Identity Card, or equivalent).


In any case, you can request the protection of the Spanish Data Protection Agency through its website.


In this regard, Yegané S.L. will respond to your request as soon as possible and taking into account the deadlines set out in the data protection regulations.

What could be the consequences of not providing the information?

The data requested in the fields marked with an asterisk (*) or those provided in the documents or media where the information is provided, are those strictly necessary in relation to the purpose for which they are collected; or for the provision of an optimal service to the data subject or through a legal obligation imposed on the data controller himself or a necessary requirement to enter into a contract, the inclusion of data in the remaining fields being voluntary.


If not all data is provided, there is no guarantee that the information and services provided will be completely tailored to your needs.


Therefore, in the event that the required data is not provided or is provided incorrectly or incompletely, we will not be able to attend to your request, making it impossible to provide you with the information requested or to carry out the contracting of the services.


Likewise, the user guarantees that the information transmitted in any of the forms is truthful, exact and corresponds to the data of which they are the owner.

What security measures do we have in place?

The security measures adopted by Yegané S.L. are those required by the provisions of article 32 of the RGPD.
In this regard, Yegané S.L., taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, has established the appropriate technical and organisational measures to ensure the level of security appropriate to the existing risk.


In any case, Yegané S.L. has implemented sufficient mechanisms to:

  • Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
  • Restore availability and access to personal data quickly, in the event of a physical or technical incident.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.

Changes to this privacy policy

From time to time, this Privacy Policy may be revised in order to update changes in current legislation, update the procedures for collecting and using personal information, the appearance of new services or the exclusion of others. These changes will be effective as of their publication on the website, so it is important that you regularly review this Privacy Policy in order to remain informed of any changes.