Privacy Policy

Our Privacy Policy is essential to ensure the protection of your personal data on The Guide Artists Publishing. Here, we explain how we collect, use, and safeguard your information when you visit our site. It's important that you understand our practices and your rights regarding your data. If you have any questions, feel free to contact us. By using our site, you agree to our Privacy Policy.

"DETAILED PRIVACY POLICY INFORMATION WEBSITE"

https://theguideartists.com

 

INDEX

  1. Objective of the Privacy Policy

  2. Definitions

  3. Identity of the Data Controller

  4. Applicable Laws and Regulations

  5. Principles Applicable to the Processing of Personal Data

  6. Data Processing Activities Performed

  7. Necessary and Updated Information

  8. Personal Data of Minors

  9. Technical and Organizational Security Measures

  10. Rights of Data Subjects

  11. Complaints to the Supervisory Authority

  12. Acceptance and Changes to the Privacy Policy

 

1.- Objective of the Privacy Policy

"The purpose of this 'Privacy Policy and Data Protection' is to inform about the conditions governing the collection and processing of personal data by The Guide Artists, making every effort to safeguard the fundamental rights, honor, and freedoms of individuals whose personal data is processed, in compliance with the regulations and laws governing the Protection of Personal Data according to the European Union and the Spanish Member State, specifically as expressed in the 'Data Processing Activities' section of this Privacy Policy.

Therefore, in this Privacy Policy and Data Protection, users of the Website https://theguideartists.com are informed of all the details of their interest regarding how these processes are carried out, for what purposes, which other entities may have access to their data, and what rights users have."

 

2.- Definitions

1. "Personal Data": Any information relating to an identified or identifiable natural person ("the Website user"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. "Processing": Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. "Limitation of processing": The marking of stored personal data with the aim of limiting their processing in the future.

4. "Profiling": Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

5. "Pseudonymization": The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. "File": Any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized, or dispersed on a functional or geographical basis.

7. "Controller" or "Controller of the processing": The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. "Processor": A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

9. "Recipient": A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

10. "Third Party": A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

11. "Consent of the data subject": Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

12. "Personal data breach": A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

13. "Genetic data": Personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

14. "Biometric data": Personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

15. "Data concerning health": Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

16. "Main establishment": (a) As regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions will be considered to be the main establishment; (b) as regards a processor with establishments in more than one Member State, the place of its central administration in the Union or, if it has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation.

17. "Representative": A natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27 of the GDPR, represents the controller or processor with regard to their respective obligations under this Regulation.

18. "Enterprise": A natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

19. "Supervisory authority": An independent public authority established by a Member State pursuant to Article 51 of the GDPR. In the case of Spain, it is the Spanish Data Protection Agency.

20. "Cross-border processing": (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State, or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

21. "Information society service": Any service normally provided for remuneration, at a distance, by electronic means, and at the individual request of a recipient of services.

 

3.- Identity of the Data Controller

"The Data Controller is the natural or legal person, public or private, or administrative body, who alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the European Union Law or the Spanish Member State Law.

In the aspects outlined in this Data Protection Policy, the identity and contact details of the Data Controller are as follows:"

The Guide Artists - ES75777577Y

Street Vazquez Aroca, 14005 - Spain

  • Email: orders@theguideartists.com

4.- Applicable Laws and Regulations

"This Privacy and Data Protection Policy is developed based on the following data protection laws and regulations:

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as GDPR.

- Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, known as LOPD/GDD.

- Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, known as LSSICE."

 

5.- "PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA"

"The personal data collected and processed through this website will be treated in accordance with the following principles:

Principle of lawfulness, fairness, and transparency: All processing of personal data carried out through this Website will be lawful and fair, with the user being fully aware when their personal data is being collected, used, accessed, or processed. Information regarding the processing activities will be communicated in advance, easily accessible, and presented in a simple and clear language.

Principle of purpose limitation: All data will be collected for specific, explicit, and legitimate purposes and will not be further processed in a manner that is incompatible with those purposes.

Principle of data minimization: The collected data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

Principle of accuracy: The data will be accurate and, if necessary, kept up to date, with all reasonable measures taken to promptly delete or rectify inaccurate personal data concerning the purposes for which they are processed.

Principle of storage limitation: The data will be kept in a way that allows the identification of data subjects for no longer than is necessary for the purposes of processing the personal data.

Principle of integrity and confidentiality: The data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss or damage, through the implementation of suitable technical and organizational measures.

Principle of proactive accountability: The entity owning the Website will be responsible for complying with the principles outlined in this section and will be able to demonstrate such compliance."

 

6.- "DATA PROCESSING ACTIVITIES"

Below, the data processing activities carried out through the website are detailed, specifying each of the following sections:

Activity: Name of the data processing activity

Purposes: Each of the uses and treatments performed with the collected data

Legal basis: The legal basis legitimizing the data processing

Data processed: Types of data processed

Source: Where the data are obtained from

Retention: Period during which the data are retained

Recipients: Third-party individuals or entities to whom the data are provided

International transfers: Cross-border transfers of data outside the European Union

 

6.1 "PRIMARY DATA PROCESSING ACTIVITIES"

These are data processing activities whose purposes are necessary and essential for the provision of services.

Clients . Legal Basis (Art. 6.1.b GDPR): Existence of a contractual relationship with the data subject through a contract or pre-contract.

Purposes: Contact and commercial activities with clients.

Data Categories and Groups: Clients (Identifying data; Economic, financial, and insurance data; Transactions of goods and services).

Data Source: The data subject themselves or their legal representative.

Recipient Category: Tax Administration; Banks, savings banks, and rural savings banks.

International Transfer: Not foreseen.

Retention Period: For a period of 6 years from the last confirmation of interest. Article 30 of the Commercial Code.

6.2 OPTIONAL DATA PROCESSING ACTIVITIES (if the user has marked their acceptance)

These are data processing activities whose purposes are not essential for the provision of the service and are only carried out if the user has marked YES in the consent for the performance of these activities.

 

7.- REQUIRED AND UPDATED INFORMATION

All fields marked with an asterisk (*) on the Website's forms are mandatory, so the omission of any of them could result in the impossibility of providing the requested services or information.

You must provide truthful information to ensure that the provided information is always up-to-date and error-free. You should promptly notify the Data Controller of any changes and corrections to your personal data by sending an email to the following address: orders@theguideartists.com.

Likewise, by clicking on the "I Accept" button (or equivalent) included in the aforementioned forms, you declare that the information and data provided therein are accurate and truthful, and that you understand and accept this Privacy Policy.

 

8.- DATA OF MINORS

In compliance with the provisions of Article 8 of the GDPR and Article 7 of the LOPD/GDD, only individuals over 14 years of age may give their consent for the lawful processing of their personal data by The Guide Artists.

Therefore, individuals under 14 years of age may not use the services available through the Website without the prior authorization of their parents, legal guardians, or representatives, who will be solely responsible for all actions carried out through the Website by the minors under their care, including the completion of online forms with the personal data of such minors and, where applicable, the selection of accompanying checkboxes.

 

9.- TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES

The Data Controller adopts the necessary organizational and technical measures to ensure the security and privacy of your data, prevent its alteration, loss, unauthorized processing, or access, depending on the state of technology, the nature of the stored data, and the risks to which they are exposed.

Among others, the following measures stand out:

  • Ensure the permanent confidentiality, integrity, availability, and resilience of the processing systems and services.

  • Restore the availability and access to personal data promptly in case of physical or technical incidents.

  • Regularly verify, assess, and evaluate the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.

  • Pseudonymize and encrypt personal data, particularly sensitive data.

On the other hand, the Data Controller has decided to manage the information systems according to the following principles:

  • Principle of Regulatory Compliance: All information systems will comply with the applicable legal, regulatory, and sector-specific regulations affecting information security, especially those related to the protection of personal data, system security, data, communications, and electronic services.

  • Principle of Risk Management: Risks will be minimized to acceptable levels, seeking a balance between security controls and the nature of the information. Security objectives must be established, reviewed, and consistent with information security aspects.

  • Principle of Awareness and Training: Training programs, awareness-raising, and awareness campaigns will be implemented for all users with access to information concerning information security.

  • Principle of Proportionality: The implementation of controls to mitigate security risks to assets will seek a balance between security measures, the nature of the information, and risk.

  • Principle of Responsibility: All members of the Data Controller will be responsible for their conduct regarding information security, complying with established standards and controls.

  • Principle of Continuous Improvement: The effectiveness of implemented security controls in the organization will be reviewed regularly to increase adaptability to the constant evolution of risk and the technological environment.

  •  

10.- Rights of the Data Subjects

The current data protection regulations protect the user with a series of rights regarding the use of their data. Each of these rights is personal and non-transferable, meaning that they can only be exercised by the data subject, upon verification of their identity.

Below are the rights of the users of the Website:

1. Right of access: This is the right of the Website user to obtain confirmation from the Data Controller whether their personal data is being processed or not, and if so, to obtain information about their specific personal data and the processing carried out or to be carried out by the Data Controller, including, among others, information available about the origin of such data and the recipients of communications made or planned regarding them.

2. Right to rectification: This is the right of the Website user to have their personal data corrected if it is inaccurate or incomplete considering the purposes of the processing.

3. Right to erasure: Also known as the "right to be forgotten," this is the right of the Website user, provided that current legislation does not establish otherwise, to obtain the erasure of their personal data when it is no longer necessary for the purposes for which it was collected or processed; the user has withdrawn their consent to the processing and there is no other legal basis for such processing; the user objects to the processing and there are no overriding legitimate grounds for the processing; the personal data has been unlawfully processed; the personal data has been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of implementation, will take reasonable measures to inform other possible data controllers who are processing the personal data of the data subject's request to erase any links to that personal data.

4. Right to restriction of processing: This is the right of the Website user to limit the processing of their personal data. The Website user has the right to obtain restriction of processing where they contest the accuracy of their personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the user needs it for legal claims; and when the Website user has objected to the processing.

5. Right to data portability: In cases where processing is carried out by automated means, the Website user has the right to receive their personal data from the Data Controller in a structured, commonly used, and machine-readable format, and to transmit it to another data controller. Where technically feasible, the Data Controller will transmit the data directly to that other data controller.

6. Right to object: This is the right of the Website user to object to the processing of their personal data or to request that the processing be ceased by the Data Controller.

7. Right not to be subject to automated decision-making and/or profiling: This is the right of the Website user not to be subject to a decision based solely on automated processing of their personal data, including profiling, unless current legislation provides otherwise.

8. Right to withdraw consent: This is the right of the Website user to withdraw their consent given for the processing of their data at any time. 

The user of the Website may exercise any of the aforementioned rights by contacting the Data Controller and providing identification using the following contact information:

  • Data Controller: The Guide Artists Publishing (RAO)

  • Address: Vazquez Aroca Street, 14005 Spain

  • Email: orders@theguideartists.com

  • Website: https://theguideartists.com

11.- RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

The user is informed of their right to file a complaint with the Spanish Data Protection Agency if they believe that a breach of data protection legislation has occurred regarding the processing of their personal data.

Contact information for the supervisory authority:

Spanish Data Protection Agency

Email: info@aepd.es

Phone: +34 912 663 517

Website: https://www.aepd.es

Address: C/ Jorge Juan, 6. 28001, Madrid (Madrid), Spain

12.- ACCEPTANCE AND CHANGES IN THE PRIVACY POLICY

It is necessary for the user of the Website to have read and agreed to the data protection conditions contained in this Privacy Policy, as well as to accept the processing of their personal data for the Data Controller to proceed with it in the manner, deadlines, and purposes indicated.

The Data Controller reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential, or doctrinal change from the Spanish Data Protection Agency. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any rights of the Website User, will be explicitly communicated to the user.