Privacy policy

Your privacy is important to us. In this statement, I explain in detail what personal data we collect from users and how we use it. Please read these terms carefully before providing your personal data on this website.

This Privacy Policy applies exclusively to personal data obtained on the website and is not applicable to information collected by third parties on other websites, even if these are linked to by the website.

MINORS

For children under the age of thirteen, parental or guardian consent is required for the processing of their personal data.

Under no circumstances will data relating to the professional, economic, or personal privacy of other family members be collected from minors without their consent.

If you are under thirteen years old and have accessed this website without informing your parents, you must not register as a user.

INDEX

  1. Purpose of the Privacy Policy
  2. Definitions
  3. Identity of the Data Controller
  4. Applicable Laws and Regulations
  5. Principles Applicable to the Processing of Personal Data
  6. Data Processing Activities Conducted
  7. Necessary and Updated Information
  8. Personal Data of Minors
  9. Technical and Organizational Security Measures
  10. Rights of Interested Parties
  11. Complaints to the Supervisory Authority
  12. Acceptance and Changes to the Privacy Policy

1. PURPOSE OF THE PRIVACY POLICY

This "Privacy Policy and Data Protection Policy" aims to detail the conditions governing the collection and processing of personal data by Lowerton, ensuring the maximum protection of the fundamental rights, honor, and freedoms of individuals whose data is processed. It complies with current regulations and laws governing personal data protection in the European Union and the Spanish Member State, specifically those outlined in the "Processing Activities" section of this Privacy Policy.

Through this Privacy Policy and Data Protection Policy, users of the Lowerton website are informed of all pertinent details regarding how these processes are carried out, their purposes, other entities that may have access to their data, and the users' rights.

2. DEFINITIONS

"Personal data": Any information about an identified or identifiable natural person ("the website user"). An identifiable natural person is one who can be identified, directly or indirectly, through an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

"Processing": Any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or making available, alignment, restriction, erasure, or destruction.

"Restriction of processing": The marking of stored personal data to limit its future processing.

"Profiling": Any form of automated processing of personal data that uses such data to evaluate certain personal aspects of a natural person, especially to analyze or predict their professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

"Pseudonymization": The processing of personal data in such a way that it can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that personal data is not attributed to an identified or identifiable natural person.

"File": Any structured set of personal data, accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.

"Data Controller" or "Controller": The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data.

"Processor": A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller.

"Recipient": A natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether or not a third party. Authorities receiving personal data in the course of a specific investigation in accordance with EU or Member State law are not considered recipients.

"Third party": A natural or legal person, public authority, agency, or body other than the data subject, Controller, Processor, or persons authorized to process personal data under the direct authority of the Controller or Processor.

"Data subject's consent": Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

"Personal data breach": A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

"Genetic data": Personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about their physiology or health, particularly obtained from an analysis of a biological sample.

"Biometric data": Personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person that allow or confirm their unique identification, such as facial images or fingerprint data.

"Health data": Personal data related to the physical or mental health of a natural person, including the provision of health services, which reveal information about their health status.

"Main establishment":
a) For a Controller with establishments in more than one Member State, the location of their central administration in the Union unless decisions about the purposes and means of processing are made in another establishment in the Union, in which case the establishment making those decisions is considered the main establishment.
b) For a Processor with establishments in more than one Member State, the location of their central administration in the Union or, if there is none, the establishment in the Union where the main processing activities take place.

"Representative": A natural or legal person established in the Union who, designated in writing by the Controller or Processor under Article 27 of the GDPR, represents the Controller or Processor with respect to their obligations under this Regulation.

"Company": A natural or legal person engaged in economic activity, regardless of its legal form, including associations or organizations that regularly carry out economic activity.

"Supervisory Authority": The independent public authority established by a Member State under Article 51 of the GDPR. In Spain, this is the Spanish Data Protection Agency (Agencia Española de Protección de Datos).

"Cross-Border Processing":
a) The processing of personal data in the context of activities of establishments in more than one Member State of a Controller or Processor in the Union, if the Controller or Processor is established in more than one Member State, or
b) The processing of personal data in the context of the activities of a single establishment of a Controller or Processor in the Union that substantially affects or is likely to substantially affect data subjects in more than one Member State.

"Information Society Services": Any service of the information society, meaning any service usually provided in exchange for remuneration, remotely, electronically, and at the individual request of a service recipient.

3. IDENTITY OF THE DATA CONTROLLER

The Data Controller is the natural or legal person, public or private entity, or administrative body that, alone or jointly with others, determines the purposes and means of processing personal data. This is subject to the laws of the European Union or the Member State of Spain.

Regarding the aspects outlined in this Privacy Policy and Data Protection Policy, the identity and contact details of the Data Controller are:

Controller: Gorka Muñecas Garzon
Address: Lorenzo Areilza 21, 48993
Phone: 615 83 81 32
Email: Legal@lowerton.com

4. APPLICABLE LAWS AND REGULATIONS

This Privacy Policy and Data Protection Policy is developed based on the following laws and data protection regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter referred to as GDPR.
  • Organic Law 3/2018, of December 5, on Personal Data Protection and Digital Rights Guarantee. Hereinafter referred to as LOPD/GDD.
  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce. Hereinafter referred to as LSSICE.

5. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

Personal data collected and processed through this Website will be treated in accordance with the following principles:

  1. Principle of Lawfulness, Fairness, and Transparency: All personal data processing performed through this Website will be lawful and fair, ensuring the user is fully informed when their personal data is collected, used, consulted, or processed. Information about the data processing will be provided beforehand, in an easily accessible and understandable manner, using simple and clear language.
  2. Principle of Purpose Limitation: All data will be collected for specific, explicit, and legitimate purposes and will not be further processed in ways incompatible with those purposes.
  3. Principle of Data Minimization: Data collected will be adequate, relevant, and limited to what is necessary for the purposes for which they are processed.
  4. Principle of Accuracy: Data will be accurate and, where necessary, kept up-to-date. Reasonable measures will be taken to rectify or erase inaccurate data without delay.
  5. Principle of Storage Limitation: Data will be stored in a manner that permits the identification of data subjects for no longer than necessary for the purposes of the personal data processing.
  6. Principle of Integrity and Confidentiality: Data will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  7. Principle of Accountability: The owner of the Website will be responsible for complying with the principles set forth in this section and must be able to demonstrate this compliance.

6. DATA PROCESSING ACTIVITIES

The data processing activities conducted through the Website are detailed below, specifying each of the following aspects:

Activity: Digital marketing, online advertising, and training.
Purposes: Managing information requests, managing newsletter subscriptions, handling blog comments, and managing and invoicing clients.
Legal Basis: Consent.
Data Processed: In accordance with the General Data Protection Regulation, personal data submitted through the Website forms will be processed as "Website Users and Subscribers" data.
Source: Subscription forms for the blog or newsletter, download forms, and contact forms.
Retention Period: Five years after the last point of interest for information requests; for the blog and newsletter, until an unsubscribe request is made.
Recipients: The following companies will have access to the necessary personal data to perform their roles as data processors but cannot use it for other purposes. Additionally, they must treat the personal information in accordance with this Privacy Policy and applicable data protection legislation.

  • Web Platform: WordPress.org processes data to provide its support services to Lowerton.
  • Google Analytics: A web analytics service provided by Google, Inc., a company based in Delaware with its main office at 1600 Amphitheatre Parkway, Mountain View (California), CA 94043, United States. Google Analytics uses "cookies" (text files stored on your computer) to help analyze how users interact with the website. The information generated by the cookie about website use (including your IP address) is transmitted and stored by Google on servers in the United States.

International Transfers: None are planned.

NAVIGATION
When browsing Lowerton, non-identifiable data may be collected, including IP addresses, approximate geographic locations, a record of how services and sites are used, and other data that cannot identify the user. This includes browsing habits data collected through third-party services. The website uses the following third-party analytics services:

  • Google Analytics
  • Google Search Console
  • Facebook Insights
  • SEMrush

This information is used to analyze trends, manage the site, track user movements, and gather demographic information about the user base as a whole.

In compliance with Article 8 of the GDPR and Article 7 of the LOPD/GDD, only individuals over the age of 14 may legally provide consent for the processing of their personal data by Lowerton.

As such, individuals under 14 years of age may not use the services available on the website without prior authorization from their parents, guardians, or legal representatives, who will be solely responsible for all actions carried out through the website by the minors in their charge. This includes completing online forms with the minors’ personal data and, where applicable, checking accompanying boxes.

9. TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

The Data Controller adopts the necessary organizational and technical measures to ensure the security and privacy of your data, preventing its alteration, loss, unauthorized processing, or access, depending on the state of technology, the nature of the stored data, and the risks to which they are exposed.

Among others, the following measures are highlighted:

  • Ensuring the confidentiality, integrity, availability, and resilience of processing systems and services.
  • Restoring the availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly verifying, evaluating, and assessing the effectiveness of the technical and organizational measures implemented to ensure processing security.
  • Pseudonymizing and encrypting personal data where sensitive data is involved.

Additionally, the Data Controller has decided to manage information systems in accordance with the following principles:

  1. Compliance Principle: All information systems will comply with applicable legal, regulatory, and sectoral requirements related to information security, especially those concerning personal data protection, system security, data, communications, and electronic services.
  2. Risk Management Principle: Risks will be minimized to acceptable levels, seeking a balance between security controls and the nature of the information. Security objectives must be set, reviewed, and aligned with information security requirements.
  3. Awareness and Training Principle: Training programs, awareness campaigns, and educational initiatives will be provided for all users with access to information to ensure security awareness.
  4. Proportionality Principle: Controls to mitigate security risks for assets will be implemented while balancing the measures with the nature of the information and associated risks.
  5. Responsibility Principle: All members involved in processing are responsible for their behavior regarding information security, complying with established standards and controls.
  6. Continuous Improvement Principle: The effectiveness of implemented security controls will be regularly reviewed to adapt to evolving risks and technological environments.

10. RIGHTS OF DATA SUBJECTS

Current data protection regulations grant users a series of rights regarding the use of their data. Each of these rights is personal and non-transferable, meaning they can only be exercised by the data owner after verifying their identity.

Below are the rights of website users:

  • Right of Access: Users have the right to confirm whether the Data Controller is processing their personal data and, if so, to obtain information about their specific personal data and how it is being processed, including details about the origin of the data and the recipients of any disclosures made or planned.
  • Right of Rectification: Users have the right to have inaccurate personal data corrected or completed if incomplete, considering the purposes of the processing.
  • Right of Erasure ("Right to be Forgotten"): Users have the right, as long as applicable law does not stipulate otherwise, to have their personal data deleted when it is no longer needed for the purposes for which it was collected or processed; when the user withdraws their consent and no other legal basis exists; when the user objects to the processing and no legitimate grounds for continuation exist; when the personal data has been processed unlawfully; or when the data was collected in relation to an offer of services to minors under 14 years. Additionally, reasonable steps will be taken to inform other controllers processing the data of the request to erase any links to or copies of the data.
  • Right to Restrict Processing: Users have the right to restrict the processing of their personal data in specific cases, such as when the data's accuracy is contested, the processing is unlawful, or the data is required for legal claims.
  • Right to Data Portability: In cases where processing is conducted via automated means, users have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another Controller. Where technically feasible, data will be directly transmitted to the new Controller.
  • Right to Object: Users have the right to object to the processing of their personal data or request its cessation by the Data Controller.
  • Right Not to Be Subject to Automated Decision-Making and/or Profiling: Users have the right not to be subjected to decisions based solely on automated processing, including profiling, unless otherwise stipulated by law.
  • Right to Withdraw Consent: Users have the right to withdraw their consent to data processing at any time.

Website users may exercise any of these rights by contacting the Data Controller and providing identification through the following contact details:

Controller: Gorka Muñecas Garzon
Address: Lorenzo Areilza 21, 48993
Phone: 615 83 81 32
Email: G@lowerton.com

11. RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

Users are informed of their right to file a complaint with the Spanish Data Protection Agency if they believe their data protection rights have been violated.

Supervisory Authority Contact Information:

  • Agency: Spanish Data Protection Agency
  • Email: info@aepd.es
  • Phone: 912663517
  • Website: www.aepd.es
  • Address: C/. Jorge Juan, 6, 28001, Madrid, Spain

12. ACCEPTANCE AND CHANGES TO THE PRIVACY POLICY

Website users must read and agree to the terms of this Privacy Policy to allow the Data Controller to process their personal data as specified.

The Data Controller reserves the right to modify this Privacy Policy based on its discretion, legislative changes, or updates in legal or regulatory guidance. Changes affecting purposes, retention periods, data sharing with third parties, international transfers, or user rights will be explicitly communicated to the user.

Turn Complex Challenges into Innovative Solutions in Minutes

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Español
English
Lorenzo Areilza 21 48993 Getxo
Pujades 100 08005 Barcelona
PRODUCT
Business needsScoutingPilots
SOLUTIONS
CommunitiesSafe AIISO 56001
COMPANY
About usWork with usContact
PRIVACY
PrivacyCookiesLegal Notice
© 2024 Lowerton. All Rights Reserved.