Privacy Policy

The data controller responsible for processing your personal data is:

Dinvarelato
NIF: J58190318
Address: Av. de Castilla y León, 46, bajo, 09006 Burgos, Spain
Email: info@dinvarelato.com
Phone: +34 947 075 990

This Privacy Policy applies to all personal data collected through the website dinvarelato.com and through direct contact with our organisation.

The processing of your personal data is governed by the following legal instruments:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR)
• Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD)
• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE)

We collect personal data only when you voluntarily provide it to us. The categories of data we may collect include:

• Contact form data: name, email address, and the content of your message.
• Communication data: information you provide when contacting us by phone or email.
• Technical data: IP address, browser type, pages visited, and time spent on pages, collected through cookies and analytics tools where consent is given.

We do not collect sensitive categories of personal data as defined in Article 9 of the GDPR.

We process your personal data for the following purposes and on the following legal bases:

• Responding to enquiries (Art. 6.1.b GDPR): Processing is necessary to take steps at your request prior to entering into a contract or to respond to your communication.
• Website analytics (Art. 6.1.a GDPR): Where you have given consent, we process technical data to understand how visitors use our website and improve its content.
• Legal compliance (Art. 6.1.c GDPR): Where processing is necessary to comply with a legal obligation applicable to us.
• Legitimate interests (Art. 6.1.f GDPR): For the proper functioning and security of our website, where our interests are not overridden by your rights.

We retain personal data only for as long as necessary for the purposes for which it was collected, subject to applicable legal retention obligations:

• Contact enquiry data is retained for a period of up to two years from the date of last communication, unless a longer retention period is required by law.
• Technical analytics data is retained in accordance with the retention periods of the analytics tools used, typically not exceeding 26 months.
• Data subject to legal or accounting obligations may be retained for the period required by applicable Spanish law.

Once the applicable retention period expires, data is securely deleted or anonymised.

We do not sell, rent, or trade your personal data to third parties. We may share data with:

• Service providers: Third-party providers who assist us in operating our website and services (e.g. hosting providers, analytics providers), acting as data processors under appropriate data processing agreements.
• Legal authorities: Where required by applicable law or court order.

Where service providers are located outside the European Economic Area, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, such as Standard Contractual Clauses approved by the European Commission.

Under the GDPR and LOPDGDD, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): You may request confirmation of whether we process your data and obtain a copy.
• Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR): You may request deletion of your data where the legal bases for processing no longer apply.
• Right to restriction (Art. 18 GDPR): You may request that processing be restricted in certain circumstances.
• Right to data portability (Art. 20 GDPR): Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@dinvarelato.com. You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD) at www.aepd.es.

Our website uses cookies and similar technologies. Strictly necessary cookies are used without consent as they are essential for the website to function. Other cookie categories (analytics, marketing) are only activated where you have given your explicit consent through our cookie consent interface.

For full details of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are reviewed and updated as necessary to reflect the current state of technology and the risks involved.

Transmission of data over the internet cannot be guaranteed to be completely secure. While we take reasonable precautions, we cannot guarantee the absolute security of data transmitted to our website.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically. Continued use of our website following any update constitutes acceptance of the revised policy.