WEBSITE PRIVACY POLICY

https://byalmaklub.com/


I. PRIVACY POLICY AND DATA PROTECTION

In compliance with current legislation, byalmaklub (hereinafter also referred to as the “Website”) undertakes to implement the necessary technical and organizational measures, appropriate to the level of risk associated with the collected data, to ensure adequate data protection.


Laws Incorporated into This Privacy Policy

This Privacy Policy is adapted to the current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following legal provisions:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
  • Royal Decree 1720/2007, of 21 December, approving the regulations for the development of Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).
  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).


Identity of the Data Controller

The Data Controller responsible for processing personal data collected via byalmaklub is: Almudena Dolores Pérez Hernández, with NIF: 78583721N (hereinafter, the “Data Controller”). Contact details:


Registration of Personal Data

In accordance with the GDPR and LOPD-GDD, any personal data collected through the forms on the Website will be incorporated and processed in our database for the purpose of facilitating, streamlining, and fulfilling the commitments established between byalmaklub and the User, or maintaining the relationship established in said forms, or responding to requests or inquiries.

Unless an exemption under Article 30.5 of the GDPR applies, a record of processing activities is maintained that specifies, by purpose, the processing activities carried out and all other conditions set forth in the GDPR.


Principles Applicable to the Processing of Personal Data

The User’s personal data will be processed according to the principles set out in Article 5 of the GDPR and Articles 4 and subsequent of Organic Law 3/2018:

  • Lawfulness, fairness, and transparency: User consent will always be required following full transparency about the purposes of data collection.
  • Purpose limitation: Data will be collected for specific, explicit, and legitimate purposes.
  • Data minimization: Only data strictly necessary for the purposes will be collected.
  • Accuracy: Data must be accurate and kept up to date.
  • Storage limitation: Data will be retained only as long as necessary.
  • Integrity and confidentiality: Security and confidentiality will be ensured.
  • Accountability: The Data Controller is responsible for compliance with these principles.


Categories of Personal Data

The only category of data collected by byalmaklub is identifying data. No special categories of personal data, as defined in Article 9 of the GDPR, are processed.


Legal Basis for Processing

The legal basis for data processing is the User’s consent, which must be explicit and verifiable for one or more specific purposes.
The User may withdraw consent at any time, which will be as easy as granting it. Withdrawal will not affect the lawful use of the Website.
In forms where data must be entered to make inquiries or access content, mandatory fields will be clearly indicated.


Purpose of Data Processing

Personal data is collected and managed by byalmaklub to facilitate and maintain the relationship established via the forms or to respond to User requests or inquiries.
Additionally, data may be used for commercial, operational, statistical, or marketing purposes, including personalization and improving the quality of the Website and its content.
At the time of collection, Users will be informed about the specific purposes for which their data will be processed.


Data Retention Period

Personal data will be retained for the time necessary to fulfill the purposes for which they were collected and to maintain the commercial relationship with the User.

Once this relationship has ended, the data may be kept for the periods required to comply with legal obligations under applicable tax, accounting, and administrative regulations. After these periods have expired, the data will be securely deleted.


Data Recipients

User data may be shared with:

  • Third parties or international organizations, if applicable. In such cases, Users will be informed of the destination country or organization and whether there is an adequacy decision by the European Commission.
  • In order to provide the services offered through the Website, personal data may be processed by third-party service providers acting as data processors on behalf of the Data Controller. These providers may include, among others, payment service providers, website hosting services, e-commerce platforms, and shipping or logistics companies necessary for order fulfillment.
  • All such providers process personal data in accordance with applicable data protection laws and under contractual agreements that ensure the confidentiality and security of the information.


Data of Minors

Only individuals over 14 years old may legally give consent for the processing of their data by byalmaklub. For minors under this age, the consent of parents or guardians is required.


Data Security and Confidentiality

byalmaklub undertakes to implement appropriate technical and organizational measures to safeguard personal data and prevent their accidental or unlawful destruction, loss, alteration, or unauthorized access.
However, due to the nature of the internet, absolute security cannot be guaranteed. In the event of a data breach, the Data Controller will notify affected Users without undue delay if the breach is likely to pose a high risk to their rights and freedoms.
Data will be treated as confidential by the Data Controller, who shall ensure that all employees or collaborators respect this confidentiality through legal or contractual obligations.


Data Subject Rights

Users may exercise the following rights under the GDPR and LOPD-GDD:

  • Right of access: To confirm whether data is being processed and obtain details.
  • Right to rectification: To correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability: If processing is automated.
  • Right to object
  • Right not to be subject to automated decision-making or profiling

Requests must include:

  • Full name, ID or equivalent proof of identity
  • Reason for the request
  • Contact address
  • Date and signature
  • Supporting documents, if applicable

Requests may be sent to:


Links to Third-Party Websites

The Website may contain links to external sites. byalmaklub is not responsible for their privacy practices. Users should consult the respective privacy policies of those websites.


Complaints to Supervisory Authority

If the User believes that their data is being mishandled, they may file a complaint with a Data Protection Authority. In Spain, this is the Agencia Española de Protección de Datos (https://www.aepd.es).


II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and agree to the conditions contained in this Privacy Policy to allow the Data Controller to process their data as indicated. Use of the Website implies acceptance of this Privacy Policy.
byalmaklub reserves the right to update or modify this policy without explicit notification. It is recommended that Users review this page regularly to stay informed of any changes.
This policy was last updated in compliance with Regulation (EU) 2016/679 and Organic Law 3/2018.