Pursuant to the current regulations, Viridivia Group S.L. (hereinafter, the Website) agrees to adopt the necessary technical and organizational measures according to the accurate safety level for the risks arising from the data collected.
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GPRD).
- Organic Law 3/2018 of 5th December on Personal Data Protection and Guarantee of Digital Rights (LOPD-GDD).
- Royal Decree 1720/2007 of 21st December which approves the Regulations for the development of the Organic Law 5/1999 of 13th December on the Protection of Personal Data (RDLOPD).
- Act 34/2002 of 11th July on Services for the Information Society and E-Commerce (LSSI-CE).
Particulars of the controller of the processing of personal data
The controller of the processing of personal data collected on www.humboldtseedcompany.es, is:
- Name of the Company: Viridivia Group S.L.
- VATIN: B67471086.
- Registered in the Commercial Registry of Barcelona.
- Registry particulars: Page 158, Volume 47041, Book 0, Sheet 539030, General Section (Province B), 1st Registration.
- Address: Av. República Argentina n.17, Bajos 1ª, 08023 (Barcelona), Spain.
- E-mail: firstname.lastname@example.org
Data Protection Officer (DPD)
The Data Protection Delegate (DPD in Spanish and DPO in English) is responsible or the compliance with the corresponding data protection regulations. The user can contact the DPO, appointed by the controller of the processing of personal data via email: email@example.com.
Personal Data Registry
Pursuant to the provisions of the GPRD and the LOPD-GDD, you are hereby informed that the personal data collected by Viridivia Group S.L. through the forms on their Websitepages shall be incorporated into our files and processed in order to facilitate, speed up and meet the requirements established by Viridivia Group S.L. and the User or the maintenance of the relationship established by the forms filled in by the latter, or in order to respond to their requests and queries. Besides, following the provisions of GPRD and LOPD-GDD, unless the exception established by article 30.5 of GPRD applies, we keep a registry with the processing activities which includes, depending on their purposes, the processing activities carried out and other particulars established by the GPRD.
Principles applicable to personal data processing
The processing of the User’s personal data shall meet the following principles established by article 5 of the GPRD and article 4 and the following ones of the Organic Law 3/2018 of 5th December, on the Protection of Personal Data and the Guarantee of Digital Rights:
- Principle of lawfulness, fairness and transparency: the User shall consent the processing of their data after informing them in a transparent manner about the purposes of the collection of their personal data.
- Principle of limitation to purpose: the personal data shall be collected for specific, explicit and legitimate purposes.
- Principle of minimization of data: the personal data collected shall be only those strictly necessary regarding the purposes of their processing.
- Principle of accuracy: personal data must be accurate and kept up to date.
- Principle of a limited storage period: personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Principle of integrity and confidentiality: personal data must be processed in such a way their safety and confidentiality are ensured.
- Principle of proactive responsibility: the controller shall be responsible for the compliance with the abovementioned.
Types of personal data
The type of data processed by Viridivia Group S.L. is just informative data. In no case are there special types of data according to article 9 of the GPRD.
Legal grounds for the processing of personal data
The legal grounds for the processing of personal data consist of consent. Viridivia Group S.L. agrees to obtain the User’s express and verifiable consent for the processing of personal data for one or several specific purposes.
The User shall have right to withdraw their consent anytime. The withdrawal of consent shall be as easy as the granting of consent. As a general rule, the withdrawal of consent shall not determine the use of the Website.
When the User can or must provide their data through forms in order to make queries, request information or for any reason related to the content of the Website, they shall be informed if any of them have to be included mandatorily because they are necessary for the correct development of the operation.
Purposes of personal data processing
The personal data are collected and managed by Viridivia Group S.L. in order to facilitate, accelerate and meet the agreements between the Website and the User or the maintenance of the relationship established by the forms the User has filled up or in order to respond to a request or query.
Besides, the data may be used for the commercial purpose of personalization, operation and statistics and for the purposes of the Company, Viridivia Group S.L., as well as for the obtaining and storage of data and for marketing research in order to adapt the Content offered to the User, as well as for improving the quality, operation and Website browsing experience.
Whenever the personal data are obtained, the User will be informed about the purpose(s) of the processing of their personal data; i.e., about the use or uses of the collected information.
Personal data storage periods
Personal data shall only be storage during the minimum time needed for the purposes or the processing and/or until the User requests its cancellation.
Whenever the personal data are obtained, the User shall be informed about the period during which they will be storage or, if that is not possible, about the criteria used for establishing that period.
Recipients of personal data
In case the controller of the processing of personal data aims to transfer the personal data to a third country or international organization, whenever they obtain the personal data, they must inform the User about the third country or international organization to which the data will be transferred, as well as about the existence or absence of an adjustment decision of the Committee.
Minor people’s personal data
Pursuant to the provisions of articles 8 of GPRD and 7 of the Organic Law 3/2018 of 5th December on the Protection of Personal Data and the Guarantee of Digital Rights, only people over 18 can grant their consent for the lawful processing of their personal data Viridivia Group S.L.
Personal data confidentiality and safety
Viridivia Group S.L. agrees to adopt the necessary technical and organizational measures according to the accurate safety level for the risks arising from the data collected, in such a way the safety of the personal data is guaranteed and in order to avoid the destruction, loss or accidental or illicit alteration of the personal data which have been transmitted, stored or processed in other way, or the disclosure or unauthorized access to those data.
The Website has a SSL (Secure Socket Layer) certificate that guarantees that personal data are transferred in a safe and confidential way, as the transmission of data between the server and the User, and the feedback, is completely coded and encrypted.
Nevertheless, as Viridivia Group S.L. cannot guarantee the impregnability of the internet or the total absence of hackers or other people who may access fraudulently the personal data, the controller of the processing agrees to inform the User immediately whenever a violation of the safety of the personal data occurs if it can mean a high risk for the rights and liberties of individuals. Pursuant to article 4 of the GPRD, any violation of the safety of personal data shall be a safety violation which causes the destruction, loss or accidental or illicit alteration of the personal data which have been transmitted, stored or processed in other way, or the disclosure or unauthorized access to those data.
Personal data shall be processed as confidential by the controller of the processing, who also agrees to inform about and guarantee through a legal or contractual obligation the observance of that confidentiality by their employees, associates and any other person who can access the information.
Rights arising from personal data processing
The User has and can exercise, before Viridivia Group S.L. and, thus, before the controller of the processing, the following rights established by the GPRD and by the Organic Law 3/2018 of 5th December, on the Protection of Personal Data and the Protection of Digital Rights:
- Right of access: The User shall have the right to obtain confirmation as to whether or not Viridivia Group S.L. is processing their personal data, and, where that is the case, access to the personal data and to the processing carried out by Viridivia Group S.L., as well as to the information available regarding the origin of the data and the recipients to whom personal data have been or will be disclosed.
- Right to rectification: The User have right to obtain the rectification of inaccurate personal data or, taking into account the purposes of the processing, incomplete personal data.
- Right to erasure (“right to be forgotten”): It is the right of the user, as long as the current Law does not state otherwise, to obtain the erasure of personal data when these are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the user withdraws consent on which the processing is based and where there is no legal ground for it; when the User objects to the processing and there are no overriding legitimate grounds for the processing; the personal data have been unlawfully processed; or the personal data have been collected in relation to the direct offer of information society services to a person under 14. Besides from erasing the data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps to inform controllers which are processing the personal data that the User has requested the erasure of any links to those personal data.
- Right to restriction of processing: is the right of the User to restrict the processing of their personal data. The User shall have right to obtain the restriction of the processing when the accuracy of the personal data is contested by the data subject; when the processing is unlawful; when the controller no longer needs the personal data, but they are required by the user for the establishment of legal claims; and when the user has objected to processing.
- Right to data portability: In case the processing is carried out by automated systems, the User shall have the right to receive from the controller of the processing of their personal data in a structure format, of common use and machine readable, and to send them to another controller of the processing. AS long as it is possible from a technical point of view, the controller of the process shall transfer directly the data to the other controller.
- Right to object: The user shall have the right to claim that their personal data are not processed or that Viridivia Group S.L. stops the processing.
- Right not to be subject of automated individual decision-making, including profiling: The User shall have the right not to be subject to a decision based solely on automated processing, including profiling, unless the current law states otherwise.
Thus, the User can exercise their rights through a written communication to the Controller of the processing of personal data stating “RGPD-www.humboldtseedcompany.es”, and specifying:
- The User’s name, surnames and copy of ID card. If a representative is admitted, it shall be also necessary to obtain their ID particulars through the same means as the person that represents the User, as well as a document that certificates the representation. The copy of the ID card can be replaced by any other lawful ID document.
- Request with the specific reasons for the request or the information they want to access.
- Address for notifications.
- Date and signature of the applicant.
- Any document necessary as background for the request.
This request and any other attached document can be sent to the following email address: firstname.lastname@example.org.
Links to Third-Party Websitesites
The Website may include links to access Third-Party Websites which are not operated by Viridivia Group S.L. The owners of those Websites shall have their own data protection policies and they shall be liable, in each case, of their own files and privacy practices.
Claims submitted before the control authority
In case the User considers there is a problem or violation of the current regulations regarding the way their data are being processed, they shall have right to an effective judicial protection and to file a claim before a control authority, particularly, in the Country in which they have their primary residence, their workplace or the place where the violation took place. In the case of Spain, the control authority is the Spanish Agency for the Protection of Personal Data (http://www.agpd.es).
It is necessary that the User has read and agrees with the conditions about the protection of personal data in this Privacy and Cookies Policy, as well as the processing of their personal data so the controller can carry it out following the established way, periods and purposes. The use of the Website shall mean the acceptance of its Privacy and Cookies Policy.
Viridivia Group S.L. reserves the right to modify its Privacy and Cookies Policy, according to their own criteria, or due to a change of the laws or regulations of the Spanish Agency for the Protection of Personal Data. The changes or updates of this Privacy and Cookies Policy shall not be notified explicitly to the User. We recommend the User visits the Website periodically to know the last changes or updates.
This Privacy and Cookies Policy was updated on 25th January 2020 in order to adapt to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GPRD) and to Organic Law 3/2018 of 5th December on the Protection of Personal Data and the Guarantee of Digital Rights.