In order to navigate through www.rarepuzzles.com, it is not necessary to provide any personal data. However, users need to share personal data in order to register on the website, place orders at the online store, or request information through a form or email.
Personal data are protected by law, which requires those responsible for its custody to meet certain requirements and inform users about them. Currently, Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, is the legal text that regulates the processing of personal data in the European Union, and it is known as General Data Protection Regulation (GDPR). The Spanish Data Protection Agency is the agency responsible for ensuring compliance with that regulation within Spain.
The website www.rarepuzzles.com is owned and operated by Jorge Gallego Bóveda (from no on, the Owner), residing at Calle Santa Virgilia 21, 10F, 28033 Madrid, Spain, with Tax ID number 51674654W, telephone +34691722262, and email email@example.com.
The Owner informs users of www.rarepuzzles.com of the policy regarding the treatment and protection of the personal data of users and customers that can be collected by browsing or buying products through the website.
In this regard, the Owner ensures compliance with current regulations regarding the protection of personal data, reflected in Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, known as General Data Protection Regulation (GDPR)
In addition, the Owner inform users of www.rarepuzzles.com of the existence of a file of personal data created by the Owner and under his responsibility. Such file has been registered in the Spanish Data Protection Agency, as required by law.
2. Data Collected and Purpose
The personal data collected in the registration process, or when the user signs up for a newsletter or when he fills out a contact form in www.rarepuzzles.com will be the Email Address and the First Name, which the Owner assumes is the real name.
When the user places an order at the online store or through direct communication with the Owner, he will also need to provide the Last Name, Address, and a Phone Number. If the client requests a conventional invoice apart from the electronic invoice sent by default, then he must also provide the Tax ID number, without which the invoice would not be valid. Furthermore, in the cases when the user decides to exercise his Right to Cancel through traditional mail, the user will also have to submit a photocopy of a valid document ID to prove his identity. Finally, if we need to make a refund and the user chose the bank transfer method to make the payment, he will also have to provide the IBAN as well, without which we could not make the refund.
The data requested through forms or fields with an asterisk (*) are necessary in order to process the users’ requests. When there are forms with fields marked as mandatory, users will understand that they are necessary to process the request. Users assume that providing the required personal information, even in the cases in which the website describes it as mandatory, will always be voluntary. Users can choose not to complete these fields described as mandatory, in which case they assume that the Owner will be unable to process the request. For example, the Owner can not email a newsletter if the user refuses to provide his email address. It is in this sense that the email field is described as mandatory information. The same is true about the customer’s shipping address, which is essential to make the shipment. If the user chooses not to provide the shipping address, the Owner cannot ship the order. In this sense, the address field is marked as mandatory. However, despite this description, users accept that they provide the data voluntarily.
The Owner informs users that the purpose of the processing of the data collected is to fulfill the requests made by users, to manage communications with users and customers, to process orders, to actually deliver the products purchased, and to service customers.
3. Communication to Third Parties
The Owner informs users that their personal data will never be disclosed to third parties, except when disclosing the data is forced by a legal obligation or when the service involves the need to share the data.
In this case, users understand and agree that the Owner will have to give some personal data to the shipping companies responsible for completing the delivery of the orders. The data shared will be the First Name, Last name, Delivery Address, Email and Phone Number. Email is required so that users can receive tracking information, and the phone number is required so that the shipping company can contact the user in case there is any incident during delivery.
When users use the online store to buy puzzles that are sold by other vendors, they accept that the Owner will share their personal data with the vendor, so that he can communicate directly with the user, provide a shipping quote, manage the payment, and ship the puzzle afterwards.
4. Consent of the User
When a user employs any means of communication in order to contact www.rarepuzzles.com, he accepts and consents that all his personal data contained in such communication will be managed and treated, either automatically or manually. The user that sends information to www.rarepuzzles.com is the only responsible person with regards to the truth and correctness of the data included. Users guarantee the exactness and authenticity of the personal data provided, and they commit themselves to maintaining them updated within their users’ accounts at www.rarepuzzles.com. Users will provide true and correct information during registration. The Owner is not responsible for the veracity of any information that has not been facilitated by himself or any information that are marked as coming from other sources. For the same reason, the Owner assumes no liability whatsoever for possible damage that may arise from the use of such information. Furthermore, www.rarepuzzles.com is exonerated from liability for any loss or damage that might happen as a result of errors, defects or omissions in the information that appears at www.rarepuzzles.com when such information comes from outside sources.
5. Rights of the Users
The General Data Protection Regulation gives users the ability to exercise certain rights related to the processing of personal data.
As long as the users’ personal data are processed by the Owner, users may exercise their rights of access, portability, rectification, deletion, limitation and opposition, in accordance with the provisions of current legislation on the protection of personal information.
To make use of the exercise of these rights, users should communicate with the Owner in written form. They can send an email to the address firstname.lastname@example.org from the email address used during registration at www.rarepuzzles.com, ,or by traditional mail to Jorge Gallego Bóveda, Santa Virgilia 21, 10F, 28033 Madrid, Spain. If done by traditional mail, users must include a photocopy of a legal document in order to verify their identity.
The exercise of such rights shall be performed by the User himself whenever possible. However, they may be performed by an authorized person as a legal representative of the User. In such cases, some documentation proving such representation must be provided.
The Owner maintains levels of personal data protection security in accordance with the Real Decreto 994/1999, of June 11, on security measures for automated files containing personal data, and he has established all the technical means at his disposal to prevent loss, alteration, unauthorized access and/or theft of the data that users provide through the website or through any other means of communication with www.rarepuzzles.com. The processing of personal data, and the sending of communications by electronic means are in accordance with the General Data Protection Regulation and Law 34/2002, of July 11, on services of the Information Society and Electronic Commerce (B.O.E. of July 12, 2002).
(Last Update: May 4, 2018).