Política de Privacidad

Privacy Policy

The ownership of this website, www.wohaparfums.es (hereinafter, Web Site) is held by the commercial company W.O.H.A arquitectura S.L., with CIF B54836036 (hereinafter THE COMPANY).

Address: Calle Velarde, no 11. 03203. Elche (Alicante). Contact telephone number: 629831606

Email: woha@wohaparfums.es

Respecting the provisions of current legislation, THE COMPANY undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected.

Laws that incorporate this privacy policy

This privacy policy is adapted to the current Spanish and European legislation on the protection of personal data on the internet. In particular, it respects the following rules:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR).
  • Law 34/2002 of 11 July on Information Society and Electronic Commerce Services (LSSI-CE).
  • Organic Law 3/2018, of 5 December, on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).

Identity of the controller

The controller of personal data collected at www.wohaparfums.es is: the commercial company W.O.H.A arquitectura S.L., with CIF B54836036

Address: Calle Velarde, no 11. 03203. Elche (Alicante). Contact telephone number: 629831606

Email: woha@wohaparfums.es

Registration of personal data

The personal data collected by THE COMPANY, through the forms filled out on its pages, will be inserted in an automated file under the responsibility of THE COMPANY.

Principles governing the processing of personal data

The processing of personal data of the User shall be subject to the following principles set out in article 5 of the GDPR:

  • Principle of lawfulness, fairness and transparency: the consent of the User will be required at all times after having provided fully transparent information on the purposes for which the personal data are collected.
  • Purpose limitation principle: personal data will be collected for specific, explicit and legitimate purposes.
  • Data minimisation principle: the personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
  • Accuracy principle: personal data must be accurate and always up to date.
  • Principle of limitation of the storage period: personal data will only be kept in a way that allows the identification of the User for the time necessary for the purposes of their processing.
  • Principle of integrity and confidentiality: personal data shall be treated in a manner that guarantees their security and confidentiality.
  • Proactive responsibility principle: THE COMPANY will be responsible for ensuring that the above principles are met.

Examples of personal information we collect on our website:

  • The internet IP address you use to connect to the internet with your computer or other device;
  • Your account username, email address and password;
  • Information about your computer, device and internet connection such as the device application or browser version and type, types and versions of your browser connection, operating system or time zone settings;
  • The location of your device or computer;
  • Telephone numbers used to call our customer service.
  • We may also use device identifiers, cookies and other technologies on devices, apps and our websites to collect

navigation data, usage or other technical information for fraud prevention purposes. For more information on this point, see Cookies Policy.

  • In no case are special categories of personal data within the meaning of Article 9 GDPR processed.

Legal basis for processing personal data

The legal basis for processing personal data is consent. THE COMPANY undertakes to obtain the User’s explicit and verifiable consent for the processing of their personal data for one or more specific purposes.

The User has the right to withdraw their consent at any time. It will be as easy to withdraw consent as to give it. As a general rule, withdrawal of consent will not condition your use of the Website.

In the cases where the User must or may provide their data through forms to make inquiries, request information or for reasons related to the content of the Website, you will be informed if the completion of any of them is mandatory because they are essential for the proper conduct of the transaction.

Customer Service: We consider that we have a legitimate interest to answer the requests or queries you raise through the various means of contact. We understand that the processing of this data is also beneficial for you as it allows us to serve you properly and resolve queries raised. When you contact us, in particular for the management of incidents related to the product purchased through the Platform, the processing is necessary for the execution of the contract of sale. When your query is related to the exercise of the rights we inform you about below, or with claims related to our products or services, what entitles us to process your data is the compliance of legal obligations on our part.

Marketing: The legitimate basis for processing your data for marketing purposes is the consent you give. For example, when you agree to receive personalized information through various means, when you consent to the sending of newsletters, or when you accept legal bases for participating in a promotional action.

Development, performance and execution of the service contract: The processing of your data is necessary for the execution of the service contract

Services that connect us with you.
We understand that the processing of this data is beneficial for all parties involved when a purchase is made, and particularly for you, as it allows us to establish appropriate measures to protect you against fraud attempts by third parties.

Purposes of processing personal data
Personal data is collected and managed by THE COMPANY in order to facilitate, expedite, and fulfill the commitments established between the Website and the User, or to maintain the relationship established in the forms filled out by the latter, or to address a request or inquiry.

Additionally, the data may be used for commercial purposes of personalization, operational and statistical analysis, and activities related to the social purpose of THE COMPANY, as well as for extracting, storing data, and conducting marketing studies to tailor the content offered to the User, as well as to improve the quality, functionality, and navigation of the Website.

At the time the personal data is collected, the User will be informed about the specific purpose(s) for which the personal data is intended, i.e., the use(s) that will be made of the collected information.

Personal data retention periods
Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: 3 years, or until the User requests its deletion.

At the time personal data is collected, the User will be informed about the duration of the retention period or, when this is not possible, the criteria used to determine this period.

Recipients of personal data
The User’s personal data will be shared with the following recipients or categories of recipients:

  • Public bodies, Tax Agency, Judges and Courts, and, in general, competent authorities, when THE COMPANY is legally obligated to provide such data.
  • Google LLC, located at 1600 Amphitheatre Parkway, 94043, Mountain View (California), United States, which provides GSuite services, including cloud computing and email services. Google participates in and has certified its compliance with the EU-U.S. Privacy Shield framework, committing to subject all personal information received from European Union member countries to the principles derived from the Privacy Shield.
  • Facebook Ireland, Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook participates in and has certified its compliance with the EU-U.S. Privacy Shield framework, committing to subject all personal information received from European Union member countries to the principles derived from the Privacy Shield.

In addition to the aforementioned data communications, THE COMPANY collaborates with certain third-party service providers who have access to your personal data and process such data on behalf of THE COMPANY as a result of their service provision. Some examples include:

  • Financial institutions.
  • Technology service providers.
  • Tax consultancies to manage service invoicing.

THE COMPANY follows strict selection criteria for service providers to ensure compliance with its data protection obligations and commits to signing the appropriate data processing agreements, imposing obligations such as: applying appropriate technical and organizational measures; processing personal data for the agreed purposes, strictly following THE COMPANY’s documented instructions; and deleting or returning the data to THE COMPANY once the services are completed.

If THE COMPANY intends to transfer personal data to a third country or international organization, the User will be informed at the time the personal data is collected about the country or organization to which the data will be transferred, as well as the existence or absence of a decision by the Commission regarding the adequacy of such transfer.

Personal data of minors
In compliance with Article 7 of the LOPD, only individuals over 14 years old may lawfully consent to the processing of their personal data by THE COMPANY. If the User is under 14, parental or guardian consent will be required for the processing, and this consent will only be considered valid to the extent that it has been authorized.

Confidentiality and security of personal data
THE COMPANY commits to adopting the necessary technical and organizational measures, appropriate to the level of security risk posed by the data collected, to ensure the security of personal data and prevent accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized communication or access to such data.

However, since THE COMPANY cannot guarantee the invulnerability of the internet or the complete absence of hackers or others who may fraudulently access personal data, THE COMPANY commits to notifying the User without undue delay in the event of a data security breach that could pose a high risk to the rights and freedoms of natural persons. As stipulated in Article 4 of the GDPR, a personal data breach is defined as any security breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.

Personal data will be treated as confidential by THE COMPANY, which commits to informing and ensuring, through a legal or contractual obligation, that such confidentiality is respected by its employees, associates, and anyone to whom access to the information is granted.

Rights arising from the processing of personal data
The User has the following rights regarding their personal data, recognized by the GDPR:

  • Right of access: The User has the right to obtain confirmation of whether THE COMPANY is processing their personal data, and, if so, to obtain information about their specific personal data and the processing carried out by THE COMPANY.
  • Right to rectification: The User has the right to request the modification of any inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): The User has the right, provided that current legislation does not provide otherwise, to request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected or processed.
  • Right to restriction of processing: The User has the right to limit the processing of their personal data in specific cases.
  • Right to data portability: When processing is carried out by automated means, the User has the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
  • Right to object: The User has the right to object to the processing of their personal data.
  • Right not to be subject to automated decision-making: The User has the right not to be subject to a decision based solely on automated processing, including profiling.

The User can exercise their rights by writing to the Data Controller, with the reference “GDPR THE COMPANY,” providing:

  • Their full name and a copy of their ID.
  • Specific reasons for the request.
  • An address for notifications.
  • The date and signature of the applicant.
  • Any supporting documents.

Third-party website links
The Website may include hyperlinks or links that allow access to third-party websites that are not operated by THE COMPANY. The owners of such websites are responsible for their own privacy policies and data protection practices.

Complaints to supervisory authorities
If the User believes that there is a problem or violation of current regulations regarding the way their personal data is being handled, they have the right to judicial protection and to file a complaint with a supervisory authority. In Spain, this is the Spanish Data Protection Agency (http://www.agpd.es).

Acceptance and changes to this privacy policy
It is necessary that the User has read and agrees with the conditions regarding personal data protection contained in this Privacy Policy, as well as consents to the processing of their personal data by THE COMPANY.

THE COMPANY reserves the right to modify its Privacy Policy based on its own discretion or due to changes in legislation, case law, or guidance from the Spanish Data Protection Agency. Any changes or updates to this Privacy Policy will be explicitly communicated to the User.