Contact

Privacy Policy

The protection of personal data is one of the main concerns of this organization.

In our daily operations, we strive to protect the privacy of the data you provide and to comply with current regulations on personal data protection.

The purpose of this policy is to inform data subjects about the different processing activities carried out by this organization that affect their personal data, in accordance with the provisions of Organic Law 3/2018 of December 5 on Personal Data Protection and guarantee of digital rights, and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.

IDENTIFICATION AND CONTACT DETAILS OF THE CONTROLLER

Miryam Benedited, email:
miryam@mbintimacy.com

PURPOSES OF PROCESSING YOUR PERSONAL DATA

WEBSITE USERS OF THE CONTROLLER

We will process the personal data provided through our web forms in order to:

  • Handle requests, complaints, and incidents submitted through our contact channels or web forms on the website.
  • Conduct quality surveys.
  • Carry out IT monitoring of the website to prevent any data security breaches, which may involve access to users’ personal data.
  • Protect our rights or respond to claims of any kind.

LEGAL BASIS FOR PROCESSING

CUSTOMERS AND SUPPLIERS

The legal basis for processing personal data by the organization is:

Performance of a contract to which the data subject is a party or the application of pre-contractual measures.

The legal basis for processing personal data is the execution of a contract in which the client or supplier is a party, or the application of pre-contractual measures at their request.

Failure to provide personal data may result in the inability to provide the requested service or process the purchase of the desired product.

The data subject’s consent for:

  • Responding to queries, complaints, or incidents submitted through the channels made available by the organization.
  • Sending communications related to services, activities, or events offered and/or carried out by the organization.
  • Sending commercial and advertising information.
  • Marketing and events.

Legal obligation applicable to the data controller

The organization must process your data to comply with legal obligations imposed by applicable laws. For example, the obligation to provide tax-related information to the Spanish Tax Agency (AEAT).

In such cases, the data subject cannot refuse the processing of their personal data.

Legitimate interest of the data controller

In certain cases, it will be necessary to process your data to satisfy legitimate interests pursued by the Data Controller, provided that these interests do not override the fundamental rights and freedoms of the data subject. Processing based on legitimate interest includes:

  • IT monitoring of the website to prevent any data security breaches.
  • Verifying your identity or the information provided for the delivery of the contracted service or purchased product.
  • Managing your data and, where appropriate, sharing it with external providers for the proper functioning of our business.
  • Improving our services and your browsing and website experience.
  • Protecting our rights or responding to claims of any kind.

DATA RETENTION PERIODS OR CRITERIA

Personal data will be retained in accordance with the following criteria:

For the time necessary to fulfill the purposes for which they were initially collected.

Once the data is no longer necessary for processing, it will be properly blocked and made available to competent public authorities, courts, or the Public Prosecutor’s Office for the legally established limitation periods.

Regarding retention periods, the following regulations apply:

  • The Civil Code: for contractual obligations, data will be retained for 5 or 15 years depending on the case (Article 1964.2).
  • The Commercial Code: requires retaining accounting and commercial information (invoices, receipts, etc.) for 6 years.
  • The General Tax Law: requires retaining tax-related documents for 4 years.
  • Any other applicable regional regulations depending on the relevant Autonomous Community.

RIGHTS

Data subjects may exercise the following rights at any time and free of charge:

Access, rectification, and erasure of their data; restriction of processing; objection; data portability (where technically feasible); withdrawal of consent; and, where applicable, the right not to be subject to automated decision-making, including profiling.

To exercise these rights, you may use the forms provided by the organization or send a written request to the postal or email address indicated above.

The request must include:

  • A copy of your ID or equivalent document to verify your identity.
  • A description of the right you wish to exercise.

If you believe your rights have been violated, you may file a complaint with the competent Data Protection Authority (Spanish Data Protection Agency) via: www.agpd.es

ACCURACY OF DATA

The data subject guarantees that the data provided is true, accurate, complete, and up to date, and undertakes to notify any changes through the channels provided. The data subject shall be responsible for any damage or loss caused by failure to comply with this obligation.

If the user provides data relating to third parties, they declare that they have obtained the necessary consent and undertake to inform such parties of the contents of this clause, exempting the organization from any liability arising from failure to comply with this obligation.