Privacy policy
WEB REGISTRATION
RECORD OF PROCESSING ACTIVITIES
DATA CONTROLLER
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, we inform you that the personal data provided herein will be incorporated into a file owned and managed by CRISTINA GRANERO VARGAS with NIF: 75106729E, and address: CARRE MAYOR, 9 - Fortià (Gerona - 17469)
Contact details:
972534324 | 606018720
CRISTINAGRANERO@GMAIL.COM
PURPOSE OF PROCESSING
Collect and store visit data to properly manage the presence on the website.
Inform about activities, products, or services, as well as for any other purpose to which they authorize.
Register the number of visits and activity of visitors.
Allow navigation within the website and the use of the different options and services available on it.
CATEGORY OF DATA SUBJECTS
Customers, employees (if any), and third parties who access the facilities of the Data Controller.
CATEGORY OF DATA
The data to be processed will be the image and sound of individuals who access the facilities of the Data Controller.
CATEGORY OF RECIPIENTS
State security forces and bodies.
INTERNATIONAL TRANSFERS
No international data transfers outside the European Economic Area are planned.
The entity carries out international data transfers to recipients established outside the European Economic Area.
RETENTION PERIOD
Data will be retained for the time necessary to fulfill the purpose for which they were collected.
Once the purposes for which the data were initially collected have disappeared, they will be retained for the terms provided in tax and labor legislation to comply with the necessary prescription of responsibilities.
SECURITY MEASURES IN PERSONAL DATA PROTECTION ON WEB PAGES
PRIVACY AND SECURITY ON THE INTERNET
Digital privacy is defined by a series of characteristics:
It refers to all the information of a user that circulates on the internet. In addition to personal data such as name, ID, phone, address, etc.
The particularities of the internet also mean that privacy refers to images, videos, email, geolocation, browsing history, IP, or any other data that allows the identification of a user on the network.
It is not limited to the use of web pages or social networks but also refers to the transmission of data through online stores, applications, instant messaging services, etc.
On the other hand, it should be noted that digital privacy in Spain is regulated by the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD), which adapts the General Data Protection Regulation (GDPR) to Spanish regulations, which applies at the European level.
To comply with digital privacy regulations, web pages that collect personal information from users must inform about their Privacy Policy, Cookie Policy, and Legal Notice.
The privacy policy is the legal text that informs the user about how their personal data will be processed. It must be placed in a specific and clearly visible section of the web.
The privacy policy must inform about:
Identity of the data controller
Information of the user to be collected
Purpose for which such information is collected
Period during which the user's data will be kept in the database
If the user's data will be transferred to third parties
If there is any security breach
The way to exercise ARSULIPO rights (formerly ARCO rights), that is, the rights of access, rectification, deletion, limitation of processing, portability, or opposition.
Cookie Policy
Cookies are files installed in the user's browser to know their browsing history. They are usually used in marketing to offer content, products, or services related to the user's interests.
To place a cookie in the user's browser, express consent must be obtained. That is, tacit or implied consent is no longer valid; it must be effective, voluntary, and unequivocal. For example, by checking an acceptance box.
On the other hand, the intention to use the user's cookies must be presented through a double-layer information system. In the first layer, it is simply indicated that the web uses third-party cookies, with a link to the second layer, where more detailed information is provided about the purpose, if they will be transferred to third parties, or the time they will remain in the database.
As a general rule, to place any cookie, the user's express consent is required, but this is not always the case. For example, it will not be necessary in the case of user input cookies, security cookies, multimedia playback cookies, or authentication cookies.
Legal Notice
The legal notice is a text that must be included on the web whenever it is:
Corporate pages
Websites or blogs with advertising
Online stores
Portals offering some type of service
The legal notice must include the following information:
Company/user name and contact details
ID, NIF, or NIE
Commercial Registry number, if registered as a company
Information on mandatory administrative authorizations obtained
If practicing a regulated profession, the data of the Professional Association, academic title, or deontological norms related to the practice of the profession must be provided.
MORE INFORMATION ABOUT COOKIES
The second paragraph of Article 22 of Law 34/2002, of July 11, on services of the information society and electronic commerce establishes:
“Service providers may use data storage and retrieval devices on recipients' terminal equipment, provided that they have given their consent after being provided with clear and complete information on their use, particularly on the purposes of data processing, in accordance with the provisions of Organic Law 15/1999, of December 13, on the Protection of Personal Data.
When technically possible and effective, the recipient's consent to accept data processing may be provided through the appropriate browser or other application settings. The above does not prevent possible technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network or, to the extent strictly necessary, for the provision of an information society service expressly requested by the recipient.”
In particular, it should be noted that, in accordance with the transcribed provision, it applies to any “data storage and retrieval devices” on any “recipients' terminal equipment” and that the annex of the aforementioned LSSI defines as “Service recipient or recipient” the “natural or legal person who uses, whether or not for professional reasons, an information society service.”
Thus, Article 22 of the LSSI and this guide refer to the use of cookies and similar technologies used (such as local shared objects or flash cookies, web beacons or bugs, etc.) to store and retrieve data from a terminal device (for example, a computer, mobile phone, or tablet) of a natural or legal person who uses, whether or not for professional reasons, an information society service.
The legal obligations imposed by the regulations are two, namely: the obligation of transparency and the obligation to obtain consent.
The second paragraph of Article 22 of the LSSI establishes that users must be provided with clear and complete information on the use of data storage and retrieval devices and, in particular, on the purposes of data processing. This information must be provided, as indicated, in accordance with the GDPR, which requires that the processing of users' data be carried out transparently for them.
Therefore, the information on cookies provided when requesting consent must be sufficiently complete to allow users to understand their purposes and the use that will be made of them.
The cookie policy must include the following information:
Definition and generic function of cookies.
Information on the type of cookies used and their purpose.
Identification of who uses the cookies, that is, if the information obtained by the cookies is processed only by the editor and/or also by third parties with whom the editor has contracted the provision of a service for which the use of cookies is required, identifying the latter.
Information on how to accept, deny, or revoke consent for the use of cookies stated through the functionalities provided by the editor (the cookie management or configuration system that has been enabled) or through common platforms that may exist for this purpose.
If applicable, information on data transfers to third countries carried out by the editor.
When profiling involves automated decision-making with legal effects for the user or significantly affects them similarly, it will be necessary to inform about the logic used, as well as the importance and expected consequences of such processing for the user in the terms established in Article 13.2 f) of the GDPR.
Data retention period for different purposes in the terms established in Article 13.2 a) of the GDPR.
Regarding the rest of the information required by Article 13 of the GDPR that does not specifically refer to cookies (for example, the rights of data subjects), the editor may refer to the privacy policy.
For the use of non-exempt cookies, it will always be necessary to obtain the user's consent. This consent can be obtained through express formulas, such as clicking on a section that indicates “I consent,” “I accept,” or other similar terms. It can also be inferred from an unequivocal action performed by the user, in a context where clear and accessible information has been provided about the purposes of the cookies and whether they will be used by the same editor and/or by third parties, so that it can be understood that the user accepts the installation of cookies. In no case does mere user inactivity imply consent by itself.
In accordance with paragraph 2 of Article 22 of the LSSI, consent must be given by the “recipients” of information society services.
According to paragraph d) of the Annex of the LSSI, “Service recipient or recipient” means “the natural or legal person who uses, whether or not for professional reasons, an information society service.” And according to the definitions made in the corresponding section, the term recipient coincides with that of the user, which is used in this guide.
Therefore, the information must be directed directly to the user so that they can express their consent or rejection.
MOBILE APPLICATIONS (APPS)
Entities involved in the development, distribution, and exploitation of apps for mobile devices, particularly those that play the role of data controllers or co-controllers in each of their areas of competence, as well as other agents involved in the mobile app ecosystem, such as application developers and library developers, have the following obligations:
Duty of information:
The information provided to users about the processing of their personal data must meet the requirements established in Articles 13 and 14 of the GDPR and Article 11 of the LOPDGDD, particularly regarding layered information, as indicated in the “Guide for compliance with the duty to inform” and the “Decalogue for adapting privacy policies on the internet to the GDPR.”
This information, in the form of a privacy policy, must be available both in the application itself and in the app store. This way, the user can consult it before installing the application or at any time during its use.
Access to the privacy policy must be easily accessible from the application, requiring the user a reduced number of interactions, preferably a maximum of two clicks as recommended by GT29 in its guidelines.
The data controller must be clearly identified in the privacy policy.
The information on processing must be complete and consistent both in the app store, if applicable, and in the application itself. There can be no discrepancies between the two.
The language in which privacy policies are described must be appropriate for the target user of the application, considering their age and level of knowledge.
Privacy policies must be specific and concrete about the personal data processing carried out.
Data controllers who commission the development, production, and/or exploitation of applications to third parties with access to personal data must ensure compliance with the requirements established in the GDPR for each of the parties.
Although the device shows the user a notification requesting their authorization to access such resources, in many cases, the information displayed is not sufficient in the context of the GDPR, nor is the granularity of the permission correctly specified, as it must include, among other information, the purpose of processing those data. The need to access such resources must be appropriately informed in the application's privacy policy so that the user can decide whether or not to grant authorization to the application to access such resources.
CYBERBULLYING – DIGITAL HARASSMENT
The development of the Internet and Information and Communication Technologies (ICT) has led to the emergence of various forms of violence, facilitated by the widespread and intensive use of mobile devices and the Internet, social networks, and services such as instant messaging or geolocation, which have served as a channel for their proliferation.
The characteristics of ICT have given rise to new threats, derived, among others, from the speed with which information is disseminated in this environment, the possibility of accessing information thanks to search engines, and the difficulties in eliminating it. The ease of viralizing and the permanence in the online environment entail new risk situations, such as access and dissemination without consent of sensitive information, intimate photographs or videos; monitoring and tracking online activities; damage to reputation, etc., with particularly harmful behaviors known as “sextortion” or online sexual harassment.
In the workplace, these forms of digital violence occur and reproduce, often accompanying -and sometimes causing- behaviors constituting workplace harassment and sexual harassment or harassment based on sex. These behaviors affect the physical, mental, and emotional health of workers, so combating them is an obligation of the employer, who guarantees the health and safety of their workers.
Entities could adopt measures to prevent behaviors within the workplace that constitute sexual or workplace harassment through unlawful processing of their employees' data by other employees. Specifically, within the duty to ensure occupational health and safety, there is an obligation to train staff on behaviors constituting workplace harassment and sexual harassment or harassment based on sex, as well as on the appropriate and respectful use of social networks and ICTs with the fundamental right to privacy protection.
In this regard, information is presented as a fundamental tool. Entities could:
Include in their harassment prevention policies a description of inappropriate behaviors in the use of new technologies, so that employees are aware of the risks they may pose to privacy and the behaviors that may lead to a situation of workplace harassment or sexual harassment or harassment based on sex. This way, companies can inform about the nature of certain behaviors as offenses or crimes, as well as publish examples of behaviors carried out through the Internet and social networks that constitute harassment cases. The aim is for employees to be clear about the criminal and administrative consequences, if applicable, of such behaviors.
Provide information on possible mechanisms of reaction to personal data processing that may constitute a harassment situation: information on the mechanisms for removing content from major internet platforms, privacy policies of major operators, or the priority channel made available to the public by the Spanish Data Protection Agency, among others.
Organizations have a duty to collaborate with the competent authorities to eradicate these situations: the AEPD, the FCSE, the judicial authorities. They also have a duty to report when they become aware of cyberbullying situations in cases of gender violence.
Additionally, entities have a duty to implement the mechanisms of action provided in their harassment prevention policies, initiating the relevant disciplinary actions against workers who carry out these behaviors and informing them of the possible legal consequences and responsibilities they may incur.
Finally, it would be advisable to foresee special channels in these mechanisms of action for cases where harassment is carried out through unlawful processing of personal data.
In this regard, entities can publicize and disseminate the channel established by the Spanish Data Protection Agency to enforce the right to delete especially sensitive personal data.
ANNEXES
PRIVACY POLICY FOR THE WEBSITE OF CRISTINA GRANERO VARGAS
This Privacy Policy sets out the terms in which CRISTINA GRANERO VARGAS uses and protects the information provided by its users when using its website. This company is committed to the security of its users' data. When we ask you to fill in personal information fields with which you can be identified, we do so by ensuring that it will only be used in accordance with the terms of this document. However, this Privacy Policy may change over time or be updated, so we recommend and emphasize that you continually review this page to ensure that you agree with such changes.
User Rights
We inform you that you can exercise the rights of access, rectification, limitation of processing, opposition, and portability in accordance with the provisions of Regulation 2016/679 of April 27 on the Protection of Personal Data and Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights (LOPDGDD 3/2018) and following the Recommendations and Instructions issued by the Spanish Data Protection Agency (A.E.P.D), by sending an email to CRISTINAGRANERO@GMAIL.COM or a letter along with a photocopy of your ID, to the following address: CARRE MAYOR, 9 - Fortià (Gerona - 17469)
Information Collected
Our website may collect personal information, for example: Name, contact information such as your email address, and demographic information. Likewise, when necessary, specific information may be required to process an order or make a delivery or billing.
Use of Collected Information
Our website uses the information to provide the best possible service, particularly to maintain a user registry, orders if applicable, and improve our products and services. Periodic emails may be sent through our site with special offers, new products, and other advertising information that we consider relevant to you or that may provide you with some benefit. These emails will be sent to the address you provide and can be canceled at any time.
CRISTINA GRANERO VARGAS is highly committed to fulfilling the commitment to keep your information secure. We use the most advanced systems and constantly update them to ensure that there is no unauthorized access.
Cookies
A cookie refers to a file that is sent with the purpose of requesting permission to be stored on your computer. By accepting such a file, the cookie is created, and it then serves to have information regarding web traffic and also facilitates future visits to a recurring website. Another function of cookies is that with them, websites can recognize you individually and therefore provide you with the best-personalized service on their website.
The website of CRISTINA GRANERO VARGAS uses cookies to identify the pages that are visited and their frequency. This information is used only for statistical analysis and then the information is permanently deleted. You can delete cookies at any time from your computer.
However, cookies help to provide a better service on websites. They do not give access to information from your computer or you unless you want it and provide it directly. You can accept or decline the use of cookies, but most browsers automatically accept cookies as it serves to have a better web service. You can also change your computer settings to decline cookies. If declined, you may not be able to use some of our services.
Links to Third Parties and Social Networks
This website may contain links to other sites that may be of interest to you. Once you click on these links and leave our page, we no longer have control over the site to which you are redirected and therefore are not responsible for the terms or privacy or the protection of your data on those other third-party sites. Such sites are subject to their own privacy policies, so it is recommended that you consult them to confirm that you agree with them.
Control of Your Personal Information
At any time, you can restrict the collection or use of personal information provided to our website. Each time you are asked to fill out a form, such as a user registration form, you can check or uncheck the option to receive information by email. If you have marked the option to receive our newsletter or advertising, you can cancel it at any time.
This company will not sell, transfer, or distribute the personal information collected without your consent unless required by a judge with a court order.
CRISTINA GRANERO VARGAS reserves the right to change the terms of this Privacy Policy at any time.
RECORD OF PROCESSING ACTIVITIES
DATA CONTROLLER
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, we inform you that the personal data provided herein will be incorporated into a file owned and managed by CRISTINA GRANERO VARGAS with NIF: 75106729E, and address: CARRE MAYOR, 9 - Fortià (Gerona - 17469)
Contact details:
972534324 | 606018720
CRISTINAGRANERO@GMAIL.COM
PURPOSE OF PROCESSING
Collect and store visit data to properly manage the presence on the website.
Inform about activities, products, or services, as well as for any other purpose to which they authorize.
Register the number of visits and activity of visitors.
Allow navigation within the website and the use of the different options and services available on it.
CATEGORY OF DATA SUBJECTS
Customers, employees (if any), and third parties who access the facilities of the Data Controller.
CATEGORY OF DATA
The data to be processed will be the image and sound of individuals who access the facilities of the Data Controller.
CATEGORY OF RECIPIENTS
State security forces and bodies.
INTERNATIONAL TRANSFERS
No international data transfers outside the European Economic Area are planned.
The entity carries out international data transfers to recipients established outside the European Economic Area.
RETENTION PERIOD
Data will be retained for the time necessary to fulfill the purpose for which they were collected.
Once the purposes for which the data were initially collected have disappeared, they will be retained for the terms provided in tax and labor legislation to comply with the necessary prescription of responsibilities.
SECURITY MEASURES IN PERSONAL DATA PROTECTION ON WEB PAGES
PRIVACY AND SECURITY ON THE INTERNET
Digital privacy is defined by a series of characteristics:
It refers to all the information of a user that circulates on the internet. In addition to personal data such as name, ID, phone, address, etc.
The particularities of the internet also mean that privacy refers to images, videos, email, geolocation, browsing history, IP, or any other data that allows the identification of a user on the network.
It is not limited to the use of web pages or social networks but also refers to the transmission of data through online stores, applications, instant messaging services, etc.
On the other hand, it should be noted that digital privacy in Spain is regulated by the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD), which adapts the General Data Protection Regulation (GDPR) to Spanish regulations, which applies at the European level.
To comply with digital privacy regulations, web pages that collect personal information from users must inform about their Privacy Policy, Cookie Policy, and Legal Notice.
The privacy policy is the legal text that informs the user about how their personal data will be processed. It must be placed in a specific and clearly visible section of the web.
The privacy policy must inform about:
Identity of the data controller
Information of the user to be collected
Purpose for which such information is collected
Period during which the user's data will be kept in the database
If the user's data will be transferred to third parties
If there is any security breach
The way to exercise ARSULIPO rights (formerly ARCO rights), that is, the rights of access, rectification, deletion, limitation of processing, portability, or opposition.
Cookie Policy
Cookies are files installed in the user's browser to know their browsing history. They are usually used in marketing to offer content, products, or services related to the user's interests.
To place a cookie in the user's browser, express consent must be obtained. That is, tacit or implied consent is no longer valid; it must be effective, voluntary, and unequivocal. For example, by checking an acceptance box.
On the other hand, the intention to use the user's cookies must be presented through a double-layer information system. In the first layer, it is simply indicated that the web uses third-party cookies, with a link to the second layer, where more detailed information is provided about the purpose, if they will be transferred to third parties, or the time they will remain in the database.
As a general rule, to place any cookie, the user's express consent is required, but this is not always the case. For example, it will not be necessary in the case of user input cookies, security cookies, multimedia playback cookies, or authentication cookies.
Legal Notice
The legal notice is a text that must be included on the web whenever it is:
Corporate pages
Websites or blogs with advertising
Online stores
Portals offering some type of service
The legal notice must include the following information:
Company/user name and contact details
ID, NIF, or NIE
Commercial Registry number, if registered as a company
Information on mandatory administrative authorizations obtained
If practicing a regulated profession, the data of the Professional Association, academic title, or deontological norms related to the practice of the profession must be provided.
MORE INFORMATION ABOUT COOKIES
The second paragraph of Article 22 of Law 34/2002, of July 11, on services of the information society and electronic commerce establishes:
“Service providers may use data storage and retrieval devices on recipients' terminal equipment, provided that they have given their consent after being provided with clear and complete information on their use, particularly on the purposes of data processing, in accordance with the provisions of Organic Law 15/1999, of December 13, on the Protection of Personal Data.
When technically possible and effective, the recipient's consent to accept data processing may be provided through the appropriate browser or other application settings. The above does not prevent possible technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network or, to the extent strictly necessary, for the provision of an information society service expressly requested by the recipient.”
In particular, it should be noted that, in accordance with the transcribed provision, it applies to any “data storage and retrieval devices” on any “recipients' terminal equipment” and that the annex of the aforementioned LSSI defines as “Service recipient or recipient” the “natural or legal person who uses, whether or not for professional reasons, an information society service.”
Thus, Article 22 of the LSSI and this guide refer to the use of cookies and similar technologies used (such as local shared objects or flash cookies, web beacons or bugs, etc.) to store and retrieve data from a terminal device (for example, a computer, mobile phone, or tablet) of a natural or legal person who uses, whether or not for professional reasons, an information society service.
The legal obligations imposed by the regulations are two, namely: the obligation of transparency and the obligation to obtain consent.
The second paragraph of Article 22 of the LSSI establishes that users must be provided with clear and complete information on the use of data storage and retrieval devices and, in particular, on the purposes of data processing. This information must be provided, as indicated, in accordance with the GDPR, which requires that the processing of users' data be carried out transparently for them.
Therefore, the information on cookies provided when requesting consent must be sufficiently complete to allow users to understand their purposes and the use that will be made of them.
The cookie policy must include the following information:
Definition and generic function of cookies.
Information on the type of cookies used and their purpose.
Identification of who uses the cookies, that is, if the information obtained by the cookies is processed only by the editor and/or also by third parties with whom the editor has contracted the provision of a service for which the use of cookies is required, identifying the latter.
Information on how to accept, deny, or revoke consent for the use of cookies stated through the functionalities provided by the editor (the cookie management or configuration system that has been enabled) or through common platforms that may exist for this purpose.
If applicable, information on data transfers to third countries carried out by the editor.
When profiling involves automated decision-making with legal effects for the user or significantly affects them similarly, it will be necessary to inform about the logic used, as well as the importance and expected consequences of such processing for the user in the terms established in Article 13.2 f) of the GDPR.
Data retention period for different purposes in the terms established in Article 13.2 a) of the GDPR.
Regarding the rest of the information required by Article 13 of the GDPR that does not specifically refer to cookies (for example, the rights of data subjects), the editor may refer to the privacy policy.
For the use of non-exempt cookies, it will always be necessary to obtain the user's consent. This consent can be obtained through express formulas, such as clicking on a section that indicates “I consent,” “I accept,” or other similar terms. It can also be inferred from an unequivocal action performed by the user, in a context where clear and accessible information has been provided about the purposes of the cookies and whether they will be used by the same editor and/or by third parties, so that it can be understood that the user accepts the installation of cookies. In no case does mere user inactivity imply consent by itself.
In accordance with paragraph 2 of Article 22 of the LSSI, consent must be given by the “recipients” of information society services.
According to paragraph d) of the Annex of the LSSI, “Service recipient or recipient” means “the natural or legal person who uses, whether or not for professional reasons, an information society service.” And according to the definitions made in the corresponding section, the term recipient coincides with that of the user, which is used in this guide.
Therefore, the information must be directed directly to the user so that they can express their consent or rejection.
MOBILE APPLICATIONS (APPS)
Entities involved in the development, distribution, and exploitation of apps for mobile devices, particularly those that play the role of data controllers or co-controllers in each of their areas of competence, as well as other agents involved in the mobile app ecosystem, such as application developers and library developers, have the following obligations:
Duty of information:
The information provided to users about the processing of their personal data must meet the requirements established in Articles 13 and 14 of the GDPR and Article 11 of the LOPDGDD, particularly regarding layered information, as indicated in the “Guide for compliance with the duty to inform” and the “Decalogue for adapting privacy policies on the internet to the GDPR.”
This information, in the form of a privacy policy, must be available both in the application itself and in the app store. This way, the user can consult it before installing the application or at any time during its use.
Access to the privacy policy must be easily accessible from the application, requiring the user a reduced number of interactions, preferably a maximum of two clicks as recommended by GT29 in its guidelines.
The data controller must be clearly identified in the privacy policy.
The information on processing must be complete and consistent both in the app store, if applicable, and in the application itself. There can be no discrepancies between the two.
The language in which privacy policies are described must be appropriate for the target user of the application, considering their age and level of knowledge.
Privacy policies must be specific and concrete about the personal data processing carried out.
Data controllers who commission the development, production, and/or exploitation of applications to third parties with access to personal data must ensure compliance with the requirements established in the GDPR for each of the parties.
Although the device shows the user a notification requesting their authorization to access such resources, in many cases, the information displayed is not sufficient in the context of the GDPR, nor is the granularity of the permission correctly specified, as it must include, among other information, the purpose of processing those data. The need to access such resources must be appropriately informed in the application's privacy policy so that the user can decide whether or not to grant authorization to the application to access such resources.
CYBERBULLYING – DIGITAL HARASSMENT
The development of the Internet and Information and Communication Technologies (ICT) has led to the emergence of various forms of violence, facilitated by the widespread and intensive use of mobile devices and the Internet, social networks, and services such as instant messaging or geolocation, which have served as a channel for their proliferation.
The characteristics of ICT have given rise to new threats, derived, among others, from the speed with which information is disseminated in this environment, the possibility of accessing information thanks to search engines, and the difficulties in eliminating it. The ease of viralizing and the permanence in the online environment entail new risk situations, such as access and dissemination without consent of sensitive information, intimate photographs or videos; monitoring and tracking online activities; damage to reputation, etc., with particularly harmful behaviors known as “sextortion” or online sexual harassment.
In the workplace, these forms of digital violence occur and reproduce, often accompanying -and sometimes causing- behaviors constituting workplace harassment and sexual harassment or harassment based on sex. These behaviors affect the physical, mental, and emotional health of workers, so combating them is an obligation of the employer, who guarantees the health and safety of their workers.
Entities could adopt measures to prevent behaviors within the workplace that constitute sexual or workplace harassment through unlawful processing of their employees' data by other employees. Specifically, within the duty to ensure occupational health and safety, there is an obligation to train staff on behaviors constituting workplace harassment and sexual harassment or harassment based on sex, as well as on the appropriate and respectful use of social networks and ICTs with the fundamental right to privacy protection.
In this regard, information is presented as a fundamental tool. Entities could:
Include in their harassment prevention policies a description of inappropriate behaviors in the use of new technologies, so that employees are aware of the risks they may pose to privacy and the behaviors that may lead to a situation of workplace harassment or sexual harassment or harassment based on sex. This way, companies can inform about the nature of certain behaviors as offenses or crimes, as well as publish examples of behaviors carried out through the Internet and social networks that constitute harassment cases. The aim is for employees to be clear about the criminal and administrative consequences, if applicable, of such behaviors.
Provide information on possible mechanisms of reaction to personal data processing that may constitute a harassment situation: information on the mechanisms for removing content from major internet platforms, privacy policies of major operators, or the priority channel made available to the public by the Spanish Data Protection Agency, among others.
Organizations have a duty to collaborate with the competent authorities to eradicate these situations: the AEPD, the FCSE, the judicial authorities. They also have a duty to report when they become aware of cyberbullying situations in cases of gender violence.
Additionally, entities have a duty to implement the mechanisms of action provided in their harassment prevention policies, initiating the relevant disciplinary actions against workers who carry out these behaviors and informing them of the possible legal consequences and responsibilities they may incur.
Finally, it would be advisable to foresee special channels in these mechanisms of action for cases where harassment is carried out through unlawful processing of personal data.
In this regard, entities can publicize and disseminate the channel established by the Spanish Data Protection Agency to enforce the right to delete especially sensitive personal data.
ANNEXES
PRIVACY POLICY FOR THE WEBSITE OF CRISTINA GRANERO VARGAS
This Privacy Policy sets out the terms in which CRISTINA GRANERO VARGAS uses and protects the information provided by its users when using its website. This company is committed to the security of its users' data. When we ask you to fill in personal information fields with which you can be identified, we do so by ensuring that it will only be used in accordance with the terms of this document. However, this Privacy Policy may change over time or be updated, so we recommend and emphasize that you continually review this page to ensure that you agree with such changes.
User Rights
We inform you that you can exercise the rights of access, rectification, limitation of processing, opposition, and portability in accordance with the provisions of Regulation 2016/679 of April 27 on the Protection of Personal Data and Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights (LOPDGDD 3/2018) and following the Recommendations and Instructions issued by the Spanish Data Protection Agency (A.E.P.D), by sending an email to CRISTINAGRANERO@GMAIL.COM or a letter along with a photocopy of your ID, to the following address: CARRE MAYOR, 9 - Fortià (Gerona - 17469)
Information Collected
Our website may collect personal information, for example: Name, contact information such as your email address, and demographic information. Likewise, when necessary, specific information may be required to process an order or make a delivery or billing.
Use of Collected Information
Our website uses the information to provide the best possible service, particularly to maintain a user registry, orders if applicable, and improve our products and services. Periodic emails may be sent through our site with special offers, new products, and other advertising information that we consider relevant to you or that may provide you with some benefit. These emails will be sent to the address you provide and can be canceled at any time.
CRISTINA GRANERO VARGAS is highly committed to fulfilling the commitment to keep your information secure. We use the most advanced systems and constantly update them to ensure that there is no unauthorized access.
Cookies
A cookie refers to a file that is sent with the purpose of requesting permission to be stored on your computer. By accepting such a file, the cookie is created, and it then serves to have information regarding web traffic and also facilitates future visits to a recurring website. Another function of cookies is that with them, websites can recognize you individually and therefore provide you with the best-personalized service on their website.
The website of CRISTINA GRANERO VARGAS uses cookies to identify the pages that are visited and their frequency. This information is used only for statistical analysis and then the information is permanently deleted. You can delete cookies at any time from your computer.
However, cookies help to provide a better service on websites. They do not give access to information from your computer or you unless you want it and provide it directly. You can accept or decline the use of cookies, but most browsers automatically accept cookies as it serves to have a better web service. You can also change your computer settings to decline cookies. If declined, you may not be able to use some of our services.
Links to Third Parties and Social Networks
This website may contain links to other sites that may be of interest to you. Once you click on these links and leave our page, we no longer have control over the site to which you are redirected and therefore are not responsible for the terms or privacy or the protection of your data on those other third-party sites. Such sites are subject to their own privacy policies, so it is recommended that you consult them to confirm that you agree with them.
Control of Your Personal Information
At any time, you can restrict the collection or use of personal information provided to our website. Each time you are asked to fill out a form, such as a user registration form, you can check or uncheck the option to receive information by email. If you have marked the option to receive our newsletter or advertising, you can cancel it at any time.
This company will not sell, transfer, or distribute the personal information collected without your consent unless required by a judge with a court order.
CRISTINA GRANERO VARGAS reserves the right to change the terms of this Privacy Policy at any time.