Privacy & Data Protection Policy
TOMS COFFEE CONCEPT, S.L. is committed to implementing the necessary technical and organizational measures to ensure the security and protection of the collected data. In line with the associated risks, the details of these measures can be found in the Privacy and Data Protection Policy provided.
Laws that incorporate this Privacy & Data Protection Policy
Our policy aligns with the prevailing Spanish and European regulations concerning the safeguarding of personal data on the Internet. Specifically, it adheres to the following regulations:
- Organic Law 3/2018, enacted on December 5, which focuses on the Protection of Personal Data and the assurance of digital rights.
- Regulation (EU) 2016/679, adopted by the European Parliament and the Council on April 27, 2016, addresses the protection of individuals regarding the processing and movement of personal data (GDPR).
- Royal Decree 1720/2007, approved on December 21, 2007, establishes the regulations that implement Organic Law 15/1999, enacted on December 13, 1999, concerning the Protection of Personal Data (RDLOPD).
- Law 34/2002, dated July 11, 2002, governs Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the person responsible for the processing of personal data
The entity responsible for processing the personal data collected on this website is TOMS COFFEE CONCEPT, S.L, identified by the tax identification number ES-B72732753.
Address: Carrer Casp 70. 08010, Barcelona
Contact telephone number: +34937145238
Contact e-mail: info@saga.coffee
Data Protection Officer (DPD)
The Data Protection Officer (DPO) is accountable for ensuring adherence to the applicable regulations by the Website and TOMS COFFEE CONCEPT, S.L.
Principles applicable to the processing of personal data
The processing of the User’s personal data shall adhere to the principles outlined in Article 5 of the GDPR, including:
- Lawfulness, fairness, and transparency: User consent is required, following transparent information about the purposes of data collection.
- Purpose limitation: Personal data will be collected for specific, explicit, and lawful purposes.
- Data minimization: Only strictly necessary personal data will be collected for the intended processing activities.
- Accuracy: Personal data must be accurate and kept up to date.
- Storage limitation: Personal data will be retained only for as long as necessary to fulfill the processing purposes.
- Integrity and confidentiality: Personal data will be processed in a secure and confidential manner.
- Proactive responsibility: The Data Controller is responsible for ensuring compliance with the aforementioned principles.
Legal basis for the processing of personal data
The processing of personal data is based on consent, and TOMS COFFEE CONCEPT, S.L. is committed to obtaining explicit and verifiable consent from the User for the processing of their personal data for specific purposes.
The User has the right to withdraw their consent at any time, and the process of withdrawing consent will be as straightforward as giving it. In general, withdrawing consent will not affect the use of the Website.
In cases where the User is required or given the option to provide their data through forms for inquiries, information requests, or website-related matters, they will be informed if any of the fields are mandatory as they are essential for the proper execution of the requested operation.
Purposes of the processing for which the personal data is used
The purpose of obtaining and managing personal data by TOMS COFFEE CONCEPT, S.L is to facilitate, expedite, and fulfill the commitments established on the Website, as well as to maintain the relationship established through the forms filled in by the User or to respond to requests or inquiries.
Furthermore, the data may be requested for commercial purposes such as personalization, operational and statistical analysis, and activities related to the corporate objectives of TOMS COFFEE CONCEPT, S.L. This includes data extraction, storage, and marketing studies to tailor the Content offered to the User, as well as to enhance the quality, functionality, and navigation experience on the Website.
At the time of collecting personal data, the User will be informed about the specific purpose or purposes for which the data will be used. This includes disclosing the intended use(s) of the collected information.
Retention periods of personal data
Personal data will be stored only for the minimum duration required to fulfill the purposes of its processing, or until the User requests its deletion.
During the collection of personal data, the User will be informed about the specific retention period or, if not feasible, the criteria used to determine the duration of storage.
Recipients of personal data
If the data controller intends to transfer personal data to a third country or international organization, the User will be informed about the specific third country or international organization to which the data will be transferred at the time of obtaining the personal data.
Personal data of minors
In accordance with the regulations stated in Articles 8 of the GDPR and 13 of the RDLOPD, only individuals who are 14 years of age or older can lawfully provide their consent for the processing of their personal data by TOMS COFFEE CONCEPT, S.L. If a minor is below the age of 14, the consent of their parents or legal guardians will be necessary for the processing to be considered lawful, and it will only be carried out with their authorization.
Secrecy and security of personal data
TOMS COFFEE CONCEPT, S.L. is committed to implementing the necessary technical and organizational measures, appropriate to the level of risk associated with the collected data, to ensure the security of personal data. These measures aim to prevent accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure of transmitted, stored, or processed personal data.
While TOMS COFFEE CONCEPT, S.L. endeavors to maintain the utmost security, it cannot guarantee absolute protection against hackers or unauthorized individuals. In the event of a security breach compromising personal data, the Data Controller will promptly notify the User in accordance with Article 4 of the GDPR, which defines a breach of security as any incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized access, or disclosure of personal data.
The Data Controller treats personal data as confidential and ensures that confidentiality is upheld by its employees, partners, and any authorized individuals who have access to the information, through legal or contractual obligations.
Rights arising from the processing of personal data
The User holds the rights established by the GDPR and can exercise them against the Data Controller, TOMS COFFEE CONCEPT, S.L., as follows:
- Right of access: The User can request confirmation of whether their personal data is being processed by TOMS COFFEE CONCEPT, S.L. and obtain information about the specific personal data and processing details, including the data’s origin and recipients.
- Right of rectification: The User has the right to request the correction or completion of their inaccurate or incomplete personal data, considering the purposes of the processing.
- Right to erasure (“right to be forgotten”): The User can request the deletion of their personal data when it is no longer necessary, when consent is withdrawn, when there is no other legal basis for processing, when there is an objection, or when it has been processed unlawfully.
- Right to restriction of processing: The User has the right to request a limitation on the processing of their personal data in certain circumstances, such as disputing accuracy, unlawful processing, no longer needing the data but requiring it for legal claims, or objecting to the processing.
- Right to data portability: If the processing is automated, the User can request to receive their personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller when technically feasible.
- Right to object: The User can object to the processing of their personal data or request its cessation by TOMS COFFEE CONCEPT, S.L.
To exercise these rights, the User should send a written communication to the Data Controller, referencing “GDPR – TOMS COFFEE CONCEPT, S.L.”, and providing the following details: name, surname, a copy of the ID card, reasons for the request or information needed, address for notifications, date, signature, and any supporting documents.
The request can be sent to Carrer Casp 70. 08010, Barcelona or to the cxustomer service email: info@saga.coffee
Complaints to the supervisory authority
If the User believes that there is an issue or violation of the applicable regulations regarding the processing of their personal data, they have the right to seek effective judicial protection and file a complaint with the relevant supervisory authority. Specifically, the User can lodge a complaint with the supervisory authority in the country where they reside, work, or where the alleged violation occurred. In Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).
Acceptance and changes to this Privacy & Data Protection Policy
The User must carefully read and agree to the terms outlined in this Privacy Policy, including the protection of personal data, and provide consent for the processing of their personal information by the Data Controller in order to proceed accordingly, within the specified timeframes and for the stated purposes. By using this website, the User acknowledges and accepts the Privacy Policy.
TOMS COFFEE CONCEPT, S.L. reserves the right to modify its Privacy Policy based on its own discretion or due to changes in legislation, judicial rulings, or guidance from the Spanish Data Protection Agency. Any modifications or updates to this Privacy Policy will be explicitly communicated to the User.
This Privacy Policy was last updated on January 10, 2022 to align with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data.