PRIVACY POLICY
1. Introduction
At robertoheras.com (“Website,” “we,” “us,” or “our”), we are committed to respecting your privacy and safeguarding your personal data. Protecting the confidentiality, integrity, and availability of visitor and user information is of paramount importance. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal information collected or processed through the operation of robertoheras.com. For the purposes of applicable data protection law, including GDPR, the controller of your personal data is Roberto Heras (accessible via [email protected]). This policy applies regardless of whether you are accessing the site as a visitor, registered user, customer, or any other category of user.
3. Categories of Data We Process
We may collect, process, and use various categories of personal data, categorized as follows:
3.1 Usage Data
Includes information automatically collected through your use of the Website, such as IP address, browser type, device identifiers, session statistics, pages viewed, access times, referring websites, and navigation patterns.
3.2 Account Data
Includes data you provide when you create an account or communicate directly through the Website, such as your full name, email address, mailing address, telephone number, and other contact information.
3.3 Profile Data
Includes data gathered from your interactions with the Website such as saved preferences, favorite products, past activity, browsing history, comments, feedback, and purchase behavior.
3.4 Communication Data
Includes records of communications with us, including support requests, inquiries, and any historical correspondence shared via email or through Website forms.
3.5 Technical Data
Includes information from the devices and technologies you use to access our services, such as device make/model, operating system, system configurations, browser settings, and unique device identifiers.
3.6 Transaction Data
Includes details about your purchases, payment methods used, billing and shipping information, transaction history, and relevant order fulfillment communications.
3.7 Preference Data
Includes data related to your communications preferences, marketing consents, language settings, email subscription choices, and product interests.
4. Legal Bases for Processing
We process your personal data under the following lawful bases, as defined under GDPR Article 6(1):
– Consent: Where you have given clear consent (e.g., for marketing communications).
– Contract Performance: When processing is necessary for the performance of a contract or to take steps at your request before entering into a contract.
– Legal Obligation: Where processing is required to comply with applicable legal obligations.
– Legitimate Interests: When it is necessary for our legitimate business interests and those interests are not overridden by your rights and freedoms (e.g., to improve our Website functionality or to ensure internal administrative purposes).
Where CCPA applies, we process “personal information” as defined under Cal. Civ. Code §1798.140, and consumers retain specific rights as described below.
5. Your Data Protection Rights
Under applicable data protection legislation, you have the following rights with respect to your personal data:
– Right of Access: You may request confirmation of whether we process your data and access a copy of it.
– Right to Rectification: You may request correction of inaccurate or incomplete personal information.
– Right to Erasure (“Right to be Forgotten”): You may request deletion of your data when no longer necessary for the purposes for which it was collected, except where retention is legally required.
– Right to Restriction: You may request that we restrict processing of your data under certain conditions.
– Right to Data Portability: You may request to receive your data in a machine-readable format and have it transmitted to another controller where technically feasible.
– Right to Object: You may object to our processing of your data based on legitimate interests or direct marketing purposes.
To exercise any of the above rights, or if you are a resident of California wishing to exercise your CCPA rights, please contact us at: [email protected].
6. Security Measures
We employ both organizational and technical measures to protect your personal information. These include, but are not limited to:
– Encryption of data in transit via SSL/TLS
– Restriction of access to data on a need-to-know basis
– Regular backups to prevent loss or corruption of data
– Continuous monitoring of security protocols and incident response policies
– Staff training on secure handling of personal and sensitive information
Although no system is completely immune to breaches, we strive constantly to ensure high levels of protection.
7. International Transfers
If your personal data is transferred or stored outside the European Economic Area (EEA) or outside your jurisdiction (such as the United States), we ensure such transfers are lawful and secure. Where required, we rely on:
– Adequacy Decisions by the European Commission
– Standard Contractual Clauses approved by the European Commission
– Other legally compliant mechanisms and safeguards
We account for regional compliance standards and ensure rights and protections remain enforceable.
8. Data Retention
We only retain personal data for as long as necessary to fulfill the purposes for which we collected it, including to meet legal, financial, or reporting requirements. Retention periods include:
– Usage and Technical Data: up to 24 months
– Account and Profile Data: stored as long as the user account remains active
– Communication Data: retained for up to 3 years after final interaction
– Transaction Data: retained for 7 years to comply with financial and tax obligations
– Preference Data: retained until revoked or updated by you
Upon expiration of retention periods, data is either securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience and analyze Website traffic. Cookies fall into the following categories:
– Essential Cookies: Necessary for Website functionality and security; cannot be disabled.
– Functional Cookies: Enable enhanced features and remember your settings or preferences.
– Analytics Cookies: Collect aggregated data on user behavior and Website performance; used to improve content and navigation.
– Performance Cookies: Used to understand performance metrics on different devices and browsers.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, users are provided with the ability to manage their cookie settings. When first visiting robertoheras.com, you will see a cookie consent banner that enables granular control over non-essential cookies.
You can also manage cookies at any time via browser settings or by revisiting the cookie preferences banner available on the site. Users have the right to withdraw consent for non-essential cookies at any time.
11. Protection of Children’s Privacy
Our services are not directed to children under the age of 13, and we do not knowingly collect personal data from such individuals. If we become aware that a child under 13 has provided us with personal information, we will take immediate steps to delete such data from our systems.
12. Policy Updates and Notifications
We may update this Privacy Policy from time to time to reflect changes in legal requirements, best practices, or Website functionality. Any material changes will be posted to this page and, where appropriate, notified to you through other means. Continued use of the Website after such changes constitutes your acknowledgment and acceptance of the revised policy.
13. Contact Us
If you have any questions, requests, or concerns regarding this Privacy Policy or our data handling practices, you may contact us at:
Email: [email protected]
—
We are committed to ensuring full compliance with applicable privacy laws and providing transparency and accountability in our data processing practices. For any inquiries relating to your personal data or privacy rights, please reach out to us at the above contact details.