1. - Who controls your data?
Identity: 3INA COSMETICS, SL.
Tax ID: B87141305
2. - What data of yours do we process?
2.1 Online purchase: Identifying data that has been provided to us when registering at the online store (www.3ina.com): name, surname, telephone, email, address, and Economic and transactional information data provided for the purchase in the online store (payment or card information, information about purchases, orders, returns ...).
2.2 Newsletters: Identification data provided in the service subscription: name and email.
2.3 Customer Service: Identification data provided through the Customer Service channels: name, email, and telephone number.
2.4 Instant messaging: Identification data provided: mobile.
Remember that, when we ask you to fill in your personal data to give you access to some functionality or service, we will mark some fields as mandatory, since they are data that we need in order to provide you with the service or give you access to the functionality in question. Please keep in mind that if you decide not to provide us with this information, you may not be able to complete your registration as a user or you may not be able to enjoy those services or features.
3. - What is the purpose for processing your personal data and what is the legal basis?
We keep your data with the following purposes, legal basis and retention periods as stated below:
3.1 Online purchase.
Purpose: The main purpose is the performance, compliance and implementation of the purchase agreement which includes (i) order preparation and delivery management; (ii) payment management and, where appropriate, returns, (iii) billing and delivery of tickets and invoices for purchases made in the online store, (iv) surveys and publication of opinions on products, as well as testing them virtually and (v) process and respond to doubts, queries or claims. The additional purpose is for creating profiles and marketing.
Legal basis: Main purpose (the agreement) and additional purpose (legitimate interest).
Retention periods: The personal data that you provide shall be retained for a 6-year period from the date of the last purchase, blocking this data until there is a requirement for any potential liability actions.
Purpose: The main purpose is for sending personalised electronic notifications about our products via email. The additional purpose is for creating profiles and marketing.
Legal basis: Main purpose (consent) and additional purpose (legitimate interest).
Retention periods: The personal data will be retained until you request to be delisted, given that up until that moment we will have the understanding that you are still interested in receiving our notifications.
3.3 Customer Service.
Purpose: The purpose is to handle or resolve your application or request.
Legal basis: Agreement and legitimate interest.
Retention periods: We will process your data for the time necessary to deal with your application or request, blocking it until there is a requirement for potential liability actions.
3.4 Instant messaging.
Purpose: The purpose is to handle or resolve your application or request. The additional purpose is for sending personalised electronic notifications about our products via email.
Legal basis: Consent and legitimate interest.
Retention periods: Main purpose: We will process your data for the time necessary to deal with your application or request, blocking it until there is a requirement for potential liability actions. Additional purpose: The personal data will be retained until you request to be delisted, given that up until that moment we will have the understanding that you are still interested in receiving our notifications.
3.5 Accepting cookies on the www.3ina.com. You will find more information in our Cookies Policy.
With regard to creating profiles and marketing, we believe that we have legitimate interest for creating a profile with the information that we have about you (like the browsing you do and/or purchase history) and the personal data that you have provided because we understand that processing this data is also beneficial to you as it allows you to improve your experience as a user and to access the information in accordance with your preferences. To that end, 3INA has deliberated the interests and rights of the interested parties, and the measures adopted by the controller to fulfil the general conditions in terms of commensurability and transparency, and they have drawn the conclusion that:
1. - The impact on fundamental rights and public freedoms of the people is lower.
2. - The processing may be reasonably intended by the interested party.
3. - The data processing with the previous purposes does not give rise to the exemption, discrimination, defamation, or situations that could put the reputation of the interested party and/or their negotiation power at risk.
4.- Who is the recipient of your data?
4.1 Data communication.
The processed personal data will only be communicated to third parties, in compliance with legal obligations.
4.2 Data Processors.
3INA will have collaboration from third-party service providers who will have access to your personal data and will process said data in name and representation of the company because of their service provision. 3INA follows very strict criteria when selecting its service providers with the aim of fulfilling its obligations in terms of data protection, and it is committed to subscribing to the corresponding data protection agreement with them. More specifically, 3INA will contract the service provision from third party providers that are active, including but not limited to, in the following sectors: logistics services, legal guidance, provider accreditation, multi-disciplinary professional service companies, companies related to maintenance, companies providing technology services, companies providing IT services, physical security companies, instant messaging service providers, infrastructural maintenance and management companies and call centre service companies, providers of accommodation, maintenance and support services in our databases, as well as software and applications that can process your data.
Due to service efficiency, some of the aforementioned providers are located in territories outside the European Economic Area that do not provide a level of data protection comparable to that of the European Union, such as the United States. In such cases, we inform you that we transfer your data with adequate guarantees and always keeping the security of your data: Some providers are certified in Privacy Shield, certification that you can consult at the following link: https://www.privacyshield.gov/ welcome. With other suppliers we have signed Model Contractual Clauses approved by the Commission, the content of which you can consult at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside- eu / model-contractstransfer-personal-data-third countries.
5.- What are your rights when you provide us with your data?
The rights that you have for personal data processing with reference to 3INA are:
· The right to request access to your personal data
· The right to request its rectification or withdrawal
· The right to request a processing restriction
· The right to data transfer
· The right to oppose processing
· The right not to subject oneself to automatic decisions, including profiles
6. - What does the right of access consist of?
You will have the right to obtain conformation regarding whether or not your personal data is being processed, and to obtain the following information: the processing purposes; the categories of the data that is being processed; the recipients or the categories of recipients that have been sent it or will be sent it; where possible, the expected time frame for retaining the personal data, or where it is not possible, the criteria used to determine this time frame. In such cases, we will provide you with a copy of the personal data that is being processed. Further to this, when you make the request electronically, the information will be provided in a usable digital format. You will be able to exercise this right every six months, unless there is a legitimate reason for requesting it more than once within this six month period, and we will inform you about the follow-up from your request within one month.
To exercise your right of access, send an email to: firstname.lastname@example.org, or a letter to eCommerce Department, Velázquez nº 53, 28001 Madrid.
7. - What does the right to rectification consist of?
You will have the right to rectify any incorrect personal data that concerns you and to do so; you will have to submit, where necessary, the documentation justifying the incorrectness or incomplete nature of the data being processed. To exercise your right to rectification, send an email to send an email to: email@example.com, or a letter to eCommerce Department, Velázquez nº 53, 28001 Madrid.
8. - What does the right to withdrawal consist of?
You will have the right to withdraw any personal data that concerns you when one of the following circumstances is applicable: when it is not necessary for the purposes that it was gathered or processed; when you withdraw consent and the processing has no further legal basis; when you oppose the processing and there are no further legitimate reasons for the processing; when it has been processed illegally. To exercise your right to removal, send an email to send an email to: firstname.lastname@example.org, or a letter to eCommerce Department, Velázquez nº 53, 28001 Madrid.
9. - What does the right to the process limitation consist of?
You will have the right to limit your data from being processed when one of the following conditions is fulfilled:
a) when you have contested the accuracy of your personal data during the time frame which will allow the file controller to verify its accuracy.
b) if you consider the processing to be illegal and the file controller opposes the withdrawal of the personal data and requests that its use is instead limited.
c) when the file controller no longer needs the personal data for the processing purposes, but you need it to formulate, exercise or defend complaints.
d) if you have opposed the processing, whilst a check is being made on whether the file controller’s legitimate reasons prevail over your own.
When you have obtained the processing restriction in accordance with this section, you will be informed of it by the person responsible for the file. To exercise your right to processing restriction, send an email to send an email to: email@example.com, or a letter to eCommerce Department, Velázquez nº 53, 28001 Madrid.
10. - What does the right to data transfer consist of?
You will have the right to receive the personal data that concerns you that you provided to the data controller in a structured, usable and readable format, and the right to send it to another data controller when: the processing is based on consent, and it is done automatically. On exercising your right to the data transfer, you will have the right to have your personal data sent directly from controller to controller where it is technically possible. The right to transfer will not be extended to data that the file controller may have inferred from data resulting directly from the use by said controller of the provided services. To exercise your right to data transfer, send an email to send an email to: firstname.lastname@example.org, or a letter to eCommerce Department, Velázquez nº 53, 28001 Madrid.
11. - What does the right of opposition consist of?
You will have the right to oppose your data being processed at any time. If you choose to exercise this right, the file controller will stop processing your personal data, unless we can demonstrate compelling legitimate reasons for the processing to prevail over your interests, rights and freedoms, or to formulate, exercise or defend complaints. To exercise your right of opposition, send an email to send an email to: email@example.com, or a letter to eCommerce Department, Velázquez nº 53, 28001 Madrid.
12. - What does the right to not subject oneself to automatic decisions, including profiles consist of?
You will have the right not to be subjected to a decision that is solely based on automatic processing, including the creation of profiles which may give rise to (said decisions) legal effects or which may affect you in a similar way; unless:
- said decision is necessary for entering into or implementing an agreement,
- is authorised by a law or
- is based on consent.
To exercise your right not to subject oneself to automatic decisions, send an email to send an email to: firstname.lastname@example.org, or a letter to eCommerce Department, Velázquez nº 53, 28001 Madrid.
We also inform you that you may approach the Spanish Data Protection Agency to obtain more information about your rights. Furthermore, in the event that you have granted your consent for a specific purpose, you have the right to withdraw your consent at any time without this affecting the legality of the processing based on the consent given prior to its withdrawal.
Likewise, we inform you that you may submit a complaint to the competent Data Protection Supervisory Authority, the Spanish Data Protection Agency (https://www.aepd.es), especially when you are not satisfied with how your rights have been obtained.