Privacy policy
PURPOSE
The purpose of this Privacy Policy is to inform users of the Carlota Santos Website about the processing of their personal data, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights.
LANGUAGE AND PREVAILING VERSION
This text is drafted in Spanish. Any versions that may be provided in other languages are for informational purposes only. In the event of any interpretative discrepancy, the Spanish version shall prevail.
DATA CONTROLLER
Controller: Carlota Santos
Contact email: help@monteroneart.com
Professional address: Zurbano 45, Madrid, Spain
The Controller determines the purposes and means of processing the personal data collected through the Website.
PERSONAL DATA PROCESSED
Depending on the User’s interaction with the Website, the following personal data may be collected:
– Identification data, such as name and surname.
– Contact details, such as email address and, where applicable, telephone number.
– Billing and shipping information, in the case of a purchase or commission.
– Data required for payment processing.
– Information voluntarily provided by the User through forms or direct communications.
Where data is collected through forms, it will be clearly indicated which fields are mandatory. Failure to provide such data may prevent the proper handling of the request or the provision of the corresponding service.
No special categories of personal data are processed.
PURPOSES OF PROCESSING
The User’s personal data will be processed for the following purposes:
– To respond to enquiries, information requests or communications.
– To manage orders for print-on-demand artworks and artistic commissions.
– To manage contractual or pre-contractual relationships.
– To process payments, invoicing and shipping.
– To comply with applicable legal obligations.
– To maintain communications related to Carlota Santos’ professional activity, where a lawful basis exists.
Personal data will not be processed for purposes incompatible with those described above.
LEGAL BASIS FOR PROCESSING
The processing of personal data is based on:
– The User’s consent, where required.
– The performance of a contract or the implementation of pre-contractual measures.
– Compliance with legal obligations.
– The legitimate interests of the Controller, where applicable and provided that the User’s rights and freedoms do not prevail.
DATA RETENTION
Personal data will be retained only for the time necessary to fulfil the purpose for which it was collected and, thereafter, for the periods required by law for compliance with legal obligations or the defence of potential claims.
DATA RECIPIENTS
Personal data will not be disclosed to third parties, except where required by law or where necessary for the proper provision of the service, in particular to:
– Technology service providers.
– Payment platforms.
– Printing, logistics and transport services.
– Accounting, tax or legal advisors.
In such cases, third parties will act as data processors, subject to the corresponding contracts and legal safeguards.
INTERNATIONAL DATA TRANSFERS
Where certain service providers are located outside the European Economic Area, international data transfers will be carried out in accordance with legally recognised mechanisms, such as standard contractual clauses or other safeguards provided for under applicable regulations.
USER RIGHTS
The User has the right to:
– Access their personal data.
– Request the rectification of inaccurate data.
– Request the erasure of data when it is no longer necessary.
– Request the restriction of processing.
– Object to processing.
– Request the portability of their data.
To exercise these rights, the User may submit a written request via the email address indicated in the Data Controller section, clearly specifying the right they wish to exercise.
Where there are reasonable doubts as to the identity of the applicant, additional information may be requested solely for the purpose of identity verification.
The User also has the right to lodge a complaint with the Spanish Data Protection Agency if they consider that the processing of their personal data does not comply with applicable regulations.
SECURITY MEASURES
Carlota Santos implements appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data, taking into account the state of the art, the nature of the data processed and the risks associated with processing, in order to prevent unauthorised alteration, loss, processing or access.
DATA RELATING TO MINORS
The Website is not intended for individuals under fourteen (14) years of age. Should personal data of minors be collected without the required consent, such data will be deleted immediately.
CHANGES TO THE PRIVACY POLICY
This Privacy Policy may be amended to reflect legal or technical changes. Updated versions will be published on the Website and will apply from the date of publication.
Â