Terms and conditions regulating the processing of personal data of users and consumers of the website in domain www.polemoshop.com, under the trade name Polemo Shop® and under the ownership of the trading company Polemo SL, as a platform for the supply and retail marketing of clothing.

Users of this website are required to carefully read this section for a diligent, correct, logical and lawful management of their personal data.

Last reviewed/amended: 1 April 2024.

 

1. Responsible

The following is the name of the owner and administrator of this website, responsible for the determination of the purposes and means of processing personal data:

Name: POLEMO SL

CIF: B87880241

Legal Address: Calle San Joaquín, 16 Local 4 28004 Madrid (Spain)

Telephone: +34 910 267 996

E-mail: contact@polemoshop.com

2. Processing

The owner of this website is responsible for the processing of different categories of personal data as part of its activity of offering and marketing via the Internet.

The owner of this website is responsible for the processing of different categories of personal data as part of its activity of offering and marketing via the Internet.

Concepts regarding the Processing.

The processing of personal data carried out by the Controller shares the elements defined below:

Personal data processing.

Purpose: purpose for which the personal data are processed, including time limits and criteria for their storage.

Legitimacy: legal basis that justifies the processing, as well as the obligation or not to provide them and the consequences of not doing so.

Receivers: the natural or legal person, public authority, service or body to whom the personal data are transferred, whether or not they are processed by a third party, with the exception of public authorities in the course of investigations in accordance with the law, with an indication of any international transfers.

Rights: those corresponding to the data subjects who hold the personal data.

The Data Controller offers its collaboration for the clarification of any of the above concepts, developed in this section.

Details on Processing.

The table below shows the treatments carried out by the Controller:

Treatment Details.

TREATMENT 1

Purpose.

Management of requests for information related to the Responsible Party’s own offer and marketing.

The period of retention of the data by the Data Controller shall be the corresponding period for the analysis of the query and the delivery of the requested information, unless the data subject indicates his/her intention to make another query or purchase product/s.

The Data Controller shall keep the data for the period of time required for the analysis of the query and delivery of the requested information, unless the data subject indicates his/her intention to make another query or purchase product/s.

Legitimacy.

The consent of the user, expressed unequivocally with the selection of the checkbox required to send the consultation form.

The interest of the Data Controller in responding to requests for information received as part of its commercial activity via the Internet.

The interest of the Data Controller in improving security, preventing fraud and improving customer service and customer care processes in the consultation processes.

In all three cases, the contact forms include mandatory fields for submission. Failure to provide this data will prevent the request and processing of the consultation by this means.

Addressees.

No addressees.

The management of queries and requests for information is carried out between the requesting user and the Data Controller.

Directors.

No recipients.

Exceptions only imposed by legal obligations.

No transfer is made.

No international transfer of personal data is carried out.

Rights.

Rights of access, rectification, deletion, limitation, portability and opposition.

Right to withdraw the consent given at any time without affecting the lawfulness of the processing based on such consent.

Right to file a complaint with the competent data protection supervisory authority.

TREATMENT 2

Purpose.

Management of orders and purchase and sale of products through the e-commerce platform.

The data collected in this case will be stored for a period of 3 years in order to comply with the legal requirements associated with the commercial transactions carried out.

Purpose.

To manage orders and purchase and sale of products through the e-commerce platform.

Legitimacy.

The contractual relationship made between the holder of the personal data and the Data Controller.

The data collection form for the initiation of the commercial transaction, or for the acceptance of pre-contractual measures, or where appropriate the physical format given to the customer for acceptance shall contain the complete reference to the processing of personal data.

Personal data processing.

In both cases, the contact forms include mandatory fields for submission. Failure to provide this data will prevent the request and processing of the consultation by this means.

Addressees.

Third parties related to the contracted product(s), such as transport services and online payment processing platforms.

Third party services.

Exceptions only imposed by legal obligations.

The operation of means of payment managed by companies located outside Spain, as well as the delivery address indicated by the purchaser, may involve the international transmission of personal data, in which case the provisions and conditions imposed by the legislation, entities and regulatory control authorities shall be observed to ensure that the data transferred receives protection equivalent to that of the European framework.

The data transferred shall be treated in accordance with the provisions and conditions imposed by the legislation, entities and regulatory control authorities in order to ensure that the data transferred receives protection equivalent to that of the European framework.

Rights.

Rights of access, rectification, erasure, restriction, portability and objection.

Right to withdraw the consent given at any time without affecting the lawfulness of the processing based on such consent.

Right to lodge a complaint with the competent data protection supervisory authority.

PROCESSING

TREATMENT

Purpose.

Creation of customer accounts during the process of ordering and buying and selling of products through the e-commerce platform.

The data collected in this case will be stored indefinitely in order to comply with the legal requirements associated with the commercial transactions carried out, and to give the customer the possibility to consult their order history and place other orders on the information that already exists.

Legitimacy.

The contractual relationship made between the holder of the personal data and the Data Controller.

The data collection form for the initiation of the commercial transaction, or for the acceptance of pre-contractual measures, or where appropriate the physical format given to the customer for acceptance shall contain the complete reference to the processing of personal data.

Personal data processing.

In both cases, the contact forms include mandatory fields for submission. Failure to provide this data will prevent the request and processing of the consultation by this means.

Addressees.

Third parties related to the contracted product(s), such as transport services and online payment processing platforms.

Third party services.

Exceptions only imposed by legal obligations.

The operation of means of payment managed by companies located outside Spain, as well as the delivery address indicated by the purchaser, may involve the international transmission of personal data, in which case the provisions and conditions imposed by the legislation, entities and regulatory control authorities shall be observed to ensure that the data transferred receives protection equivalent to that of the European framework. 

The data transferred shall be treated in accordance with the provisions and conditions imposed by the legislation, entities and regulatory control authorities in order to ensure that the data transferred receives protection equivalent to that of the European framework.

Rights.

Rights of access, rectification, erasure, restriction, portability and objection.

Right to withdraw the consent given at any time without affecting the lawfulness of the processing based on such consent.

Right to lodge a complaint with the competent data protection supervisory authority.

Register of processing operations.

The Data Controller keeps a register of generic and sometimes specific categories of processing according to the following contents:

1. Name and contact details of the Controller.
2. Purposes of the processing. 
3. Description of the categories of data subjects and categories of personal data.
4. Categories of data subjects and categories of personal data.
5. The categories of recipients to whom the personal data have been or may be disclosed, including recipients in third countries or international organisations.
6. Transfers of personal data to a third country or an international organisation, including their identification and documentation of appropriate safeguards.
7. The expected time limits for transfers of personal data to a third country or an international organisation, including their identification and documentation of appropriate safeguards.
8. The deadlines foreseen for the deletion of each of the categories of data stored.
9. The general description of the personal data stored.
10. The general description of the technical and organisational security measures that have been employed or implemented for each processing operation or category thereof.

Such record shall be made available to supervisory authorities and courts of law as appropriate.

The general description of the technical and organisational security measures employed or put in place for each processing or category of processing.

 

3.   Exercise of Rights

Any user of this website, as well as the purchasers of its products, has the opportunity to exercise the rights recognised by the applicable national and international regulations against the Responsible Party.

Rights of the Responsible Party.

Exercisable Rights

1. Right to request access to personal data, in order to know which data are processed and precisely what they consist of.
2. Right to request its rectification, in order to correct inaccuracies or outdated data.
3. Right to request its deletion, if possible.
4. Right to request the limitation of their processing, in the event of doubts about the legality or appropriateness of their purpose, legitimacy, duration of storage, or other questions about the processing, as well as their accuracy or updating.
5. Right to data portability, when the legitimation for the processing is the contractual relationship or the consent of the data subject.
6. Right to object to the processing, where the legitimation for the processing is legitimate interest.

The Data Controller offers its collaboration for the clarification of any of the above concepts and definitions.

Withdrawal of Consent

Consent given for any specific processing of your personal data may be withdrawn at any time, without affecting the lawfulness of the processing based on the consent subsequently withdrawn.

Procedure

The data subject may exercise any of the rights described in this section by communicating to the Data Controller, necessarily providing the information below:

1. Full name
2. Means of contact (email address and telephone or fax number).
3. Copy of the DNI.
4. Copy of DNI/NIE, passport or equivalent document.
5. Identification of the personal data and the right(s) they intend to exercise.

All of the above may be sent to the attention of the Data Controller by e-mail or ordinary post to:

Responsible party: POLEMO SL

Address: Calle San Joaquín, 16 Local 4 28004 Madrid (Spain)

Telephone: +34 910 267 996

E-mail: contact@polemoshop.com

The Controller reserves the right to require further information or additional identifiers.

Complaint or Complaint to Control Authorities

Any data subject may file a claim or complaint with the competent data protection supervisory authority if they consider that their claims have not been satisfactorily dealt with by the Data Controller, or when they understand that there has been negligence, abuse or irregularity or illegality in the processing of their personal data.

Generally, before the Spanish Data Protection Agency (www.agpd.es), without prejudice to the determination of the competence of other supervisory authorities at regional or European level.

Exceptions due to Legitimate Interest or Legal Obligation

The Data Controller may keep personal data necessary for the exercise of legal actions in defence of its rights or those of third parties, or to respond to legally required claims by bodies of the Public Administration, the Administration of Justice and State Security Forces and Corps, in accordance with the applicable regulations.

Similarly, the nature of the actions and services carried out by the Data Controller requires compliance with administrative, accounting and tax regulations, which legitimises and requires the conservation of the corresponding categories of personal data for the period of time imposed in each case.

In addition, and where it deems appropriate, the Controller may share information with lawyers, government and law enforcement officials to protect interests or property, to prevent fraud or other illegal activities perpetrated over the Internet or on its behalf or on behalf of this website, or to prevent any imminent harm to persons or property.

In such cases, the data and information will be kept properly blocked and unusable for the appropriate period of time in accordance with the statute of limitations for possible civil, commercial, administrative and/or criminal liabilities.

4.   Cookies

The speciality of this heading within the terms and conditions governing the processing of personal data advises us to dedicate a special section within this website, which can be consulted by interested users under the heading USE OF COOKIES.

5.   Working Principles

The Controller endeavours to strictly apply principles of conduct based on compliance with personal data protection regulations, including the knowledge and practical application of the opinions of supervisory authorities and case law from ordinary and constitutional jurisdiction.

Principle of Necessity

It imposes a restrictive treatment of the personal data provided or obtained, according to criteria of relevance, proportionality and adequacy to the purposes proposed, explicit and legitimate that are proper to meet the needs of the offer and marketing of this website.

Principle of Information

Obligates a clear and simple description of the circumstances and conditions of the processing and the request for authorisation for the same, according to criteria of conciseness, transparency, and ease of understanding and access.

Principle of Accuracy

Requires the implementation of active prevention and procedures to guarantee the authenticity, veracity, accuracy and validity of the personal data processed as soon as they are collected.

Security Principle

Claims the implementation of appropriate technical and organisational security measures to ensure the integrity, confidentiality, availability and resilience of the systems and files related to the processing, and that of the data processed.

Principle of Personal Control

Determines the highest standards in the selection, training and supervision of any person in charge of the processing of personal data, should it become necessary to hire such a person, based on criteria of qualification, knowledge, competence and professional suitability.

Principle of Care

It provides an adequate and prompt response to any request for additional information, consultation, doubt or support to interested parties and third parties in relation to their personal data; especially to ensure the effectiveness of the rights of access, rectification, deletion, limitation, portability and opposition according to the applicable regulatory framework.

 

6.   Safety

The Controller endeavours to combine legal and technical expertise in the creation and operation of this website to ensure full compliance with the applicable laws and regulations on the processing of personal data.

Data Protection by Design and by Default

During the creation of this website, technical and organisational measures have been optimised in anticipation of data processing to ensure that, by default, only the data strictly necessary for each purpose are processed, also taking into account their quantity, extent of processing, storage period and accessibility limited to the decision of the Controller.

Security in the processing

The nature, scope, context and purpose of the processing operations to be carried out, as well as the possible risks of probability and seriousness for the rights and freedoms of the data subjects, have been determining factors when assessing the security measures applicable to each process.

In any case, an assessment has been made of the risk posed in the processing of data in the event of intentional or accidental destruction, loss or alteration in order to determine the most appropriate technical and organisational measures to guarantee the confidentiality, integrity, availability and resilience of the systems and files involved in each processing, and that of the data specifically processed.

In addition, measures have been articulated to guarantee a rapid restoration of the data and access to the same in the event of any incident.

Concluding with a policy of periodic reviews for the correct evaluation and verification of the effectiveness of the measures described in this section.

Procedure for Security Breaches

In view of the risk posed by possible security breaches in the system that may affect the correct processing of personal data, a protocol has been developed that includes:

1. Notification to the competent supervisory authority within 72 hours of the occurrence of
2. Immediate, clear and comprehensible notification of the security breach to the holders of the personal data when there is a verifiable risk to their rights and
3. Analysis of its causes, effects and measures implemented for its correction, as well as the documentation of each

 This protocol has been tested and verified.

Computer security

The computer security measures applied in the management of this website are made available under the heading Computer Security in the TERMS & CONDITIONS.

7.   Limitation of Liability

The users of this website are responsible for the accuracy and quality of the data provided to the Responsible in terms of its authenticity, truthfulness, accuracy and validity, and must communicate any modification or incident relating to the same after its delivery.

They are equally responsible for the data of third parties provided, having to obtain the corresponding consent, without prejudice to the actions carried out by the Data Controller to adapt irregular or illegal treatments or situations.

Minors will not be able to contract the products offered in the commercial catalogue of this website, nor send any information or consultation through its forms or contact mailboxes without the authorization of their parents, tutors or legal representatives, who will be in any case responsible for such actions.

 

8.   Terminology

The definitions in this section clarify the understanding of the information on data processing in this section.

The definitions in this section clarify the understanding of the information on data processing in this section.

Personal data: any information relating to an identified or identifiable natural person (“data subject”), whose identity can be established, directly or indirectly, by means of an identifier.

Processing: any operation or set of operations which is performed upon personal data or sets of personal data (collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction).

Limitation of processing: the marking of retained personal data for the purpose of limiting their processing in the future.

Third party: natural or legal person, public authority, service or body other than the data subject, the Controller, the processor and the persons authorised to process personal data under the direct authority of the Controller or the processor.

Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s agreement, either by a statement or by a clear affirmative action, to the processing of personal data relating to him or her.

Seudonymisation: the processing of personal data in such a way that they can no longer be attributed to a data subject without using additional information, provided that such additional information is separately identified and is subject to technical and organisational measures intended to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller: the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing.

Control authority: the independent public authority established by a Member State of the European Union.

Cross-border processing: a) processing of personal data carried out in the context of the activities of establishments in more than one Member State of a Controller or a processor in the Union, if the Controller or the processor is established in more than one Member State; or b) processing of personal data carried out in the context of the activities of a single establishment of a Controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one State.

Controller: a) processing of personal data carried out in the context of the activities of a single establishment of a Controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one State.

The Controller shall respond to any queries for a better understanding of any of the above concepts developed in this section.

 

9.   Modifications

The Controller reserves the right to modify the terms and conditions in this privacy policy to adapt them to any changes in the commercial offer provided in its catalogue, in its commercial sector or to modifications in the regulations applicable to any of the headings in this section.

The Controller reserves the right to modify the terms and conditions in this privacy policy to adapt them to any changes in the commercial offer provided in its catalogue, in its commercial sector or to modifications in the regulations applicable to any of the headings in this section.

The date of modification of this section will be updated and any significant change will be brought to the attention of users and customers whose personal data is being processed so that they may make the allegations they deem appropriate and, in the cases provided for by law, may grant their consent again.

The data will be processed in accordance with the terms of this Privacy Policy.

In no case shall the changes that may be made affect the rights derived or that may derive from the commercial transactions carried out prior to such modifications.

Treatments after the date of modification shall be carried out in accordance with the new conditions in this section.

 

10. Questions and Suggestions

For any questions or suggestions regarding any of the contents of this privacy policy, please contact the Data Controller through any of the means below:

Name: POLEMO SL

CIF: B87880241

Legal Address: Calle San Joaquín, 16 Local 4 28004 Madrid (Spain)

Telephone: +34 910 267 996

E-mail: contact@polemoshop.com

Last reviewed/amended: 1 April 2024.