WEBSITE PRIVACY POLICY
I. PRIVACY AND DATA PROTECTION POLICY
In compliance with applicable laws, Mary Heathcliff (hereinafter, also referred to as the "Website") is committed to implementing the necessary technical and organizational measures, ensuring a level of security appropriate to the risk of the data collected.
Laws Incorporated into This Privacy Policy
This privacy policy aligns with current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it adheres to the following laws:
Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons concerning the processing of personal data and the free movement of such data (GDPR).
Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
Royal Decree 1720/2007 of December 21, approving the Regulations implementing Organic Law 15/1999 of December 13, on the Protection of Personal Data (RDLOPD).
Law 34/2002 of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).
Identity of the Data Controller
The data controller for the personal data collected on Mary Heathcliff is: Mary Heathcliff, with Tax ID (NIF/CIF): 3218974 (hereinafter, the "Data Controller"). Contact details are as follows:
Address: 7630 NW 25th Street #2B, Miami, Florida 33122, USA.
Phone: 321-865-4789
Email: info@maryheathcliff.com
Registration of Personal Data
In compliance with the GDPR and LOPD-GDD, we inform you that the personal data collected by Mary Heathcliff through forms on its pages will be incorporated into and processed in our database to facilitate, expedite, and fulfill the commitments established between Mary Heathcliff and the User or to maintain the relationship established in the forms filled out by the User. Additionally, in accordance with the GDPR and LOPD-GDD, unless the exception under Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying the purposes of the processing and other circumstances as required by the GDPR.
Principles Applicable to the Processing of Personal Data
The processing of the User’s personal data will adhere to the following principles outlined in Article 5 of the GDPR and Article 4 and subsequent articles of Organic Law 3/2018 of December 5:
Lawfulness, Fairness, and Transparency: The User’s consent will always be required after providing clear information about the purposes for which personal data is collected.
Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes.
Data Minimization: Only the personal data strictly necessary for the purposes of processing will be collected.
Accuracy: Personal data must be accurate and kept up to date.
Storage Limitation: Personal data will be retained only as long as necessary for the purposes of processing.
Integrity and Confidentiality: Personal data will be processed in a manner that ensures its security and confidentiality.
Proactive Accountability: The Data Controller is responsible for ensuring compliance with the above principles.
Categories of Personal Data
The categories of data processed on Mary Heathcliff are limited to identifying information. Under no circumstances are special categories of personal data as defined in Article 9 of the GDPR processed.
Legal Basis for Processing Personal Data
The legal basis for processing personal data is consent. Mary Heathcliff is committed to obtaining the User’s explicit and verifiable consent for the processing of their personal data for one or more specific purposes.
The User has the right to withdraw their consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, withdrawing consent will not affect the use of the Website.
In cases where the User must or may provide their data through forms to make inquiries, request information, or for reasons related to the Website’s content, they will be informed if filling out any form is mandatory because it is essential for the proper execution of the operation.
Purposes of Personal Data Processing
Personal data is collected and managed by Mary Heathcliff to facilitate, expedite, and fulfill the commitments established between the Website and the User or to maintain the relationship established in the forms filled out by the User.
Additionally, the data may be used for commercial purposes such as personalization, operational and statistical analysis, and activities related to Mary Heathcliff’s business objectives, as well as for data extraction, storage, and marketing studies to tailor the content offered to the User and improve the quality, functionality, and navigation of the Website.
At the time personal data is collected, the User will be informed about the specific purpose or purposes of the processing.
Retention Periods for Personal Data
Personal data will only be retained for the minimum time necessary for the purposes of processing and, in any case, for no longer than 24 months or until the User requests its deletion.
At the time personal data is collected, the User will be informed about the retention period or, if that is not possible, the criteria used to determine this period.
Recipients of Personal Data
The User’s personal data will not be shared with third parties.
In any case, at the time personal data is collected, the User will be informed about the recipients or categories of recipients of the data.
Personal Data of Minors
In accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018 of December 5, only individuals aged 14 or older may lawfully consent to the processing of their personal data by Mary Heathcliff. For minors under 14, parental or guardian consent is required, and processing will only be considered lawful to the extent that such consent has been granted.
Confidentiality and Security of Personal Data
Mary Heathcliff is committed to implementing the necessary technical and organizational measures, ensuring a level of security appropriate to the risk of the data collected, to guarantee the security of personal data and prevent its accidental or unlawful destruction, loss, alteration, or unauthorized access or disclosure.
The Website has an SSL (Secure Socket Layer) certificate, ensuring that personal data is transmitted securely and confidentially, as the transmission of data between the server and the User is fully encrypted.
However, since Mary Heathcliff cannot guarantee the impregnability of the internet or the complete absence of hackers or others who may fraudulently access personal data, the Data Controller commits to notifying the User without undue delay in the event of a personal data breach likely to result in a high risk to the rights and freedoms of individuals.
Rights Derived from the Processing of Personal Data
The User may exercise the following rights recognized in the GDPR and Organic Law 3/2018 of December 5 against the Data Controller:
Right of Access: The User’s right to confirm whether Mary Heathcliff is processing their personal data and, if so, obtain information about the specific data and the processing.
Right to Rectification: The User’s right to correct inaccurate or incomplete personal data.
Right to Erasure ("Right to Be Forgotten"): The User’s right to have their personal data deleted when it is no longer necessary for the purposes for which it was collected, the User withdraws consent, or the data has been unlawfully processed.
Right to Restriction of Processing: The User’s right to restrict the processing of their personal data under certain circumstances.
Right to Data Portability: The User’s right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
Right to Object: The User’s right to object to the processing of their personal data.
Right Not to Be Subject to Automated Decision-Making: The User’s right not to be subject to a decision based solely on automated processing, including profiling.
To exercise these rights, the User must submit a written request to the Data Controller at the following address or email:
Postal Address: 7630 NW 25th Street #2B, Miami, Florida 33122, USA.
Email: info@maryheathcliff.com
Links to Third-Party Websites
The Website may include hyperlinks or links that allow access to third-party websites not operated by Mary Heathcliff. These websites have their own privacy policies, and the owners are responsible for their own files and privacy practices.
Complaints to the Supervisory Authority
If the User believes there is an issue or violation of current regulations regarding the processing of their personal data, they have the right to effective judicial protection and to file a complaint with a supervisory authority, particularly in the country of their residence, workplace, or the place of the alleged violation. In Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/).
II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
The User must read and agree to the conditions regarding the protection of personal data contained in this Privacy Policy and accept the processing of their personal data so that the Data Controller may proceed with it in the manner, for the periods, and for the purposes indicated. Use of the Website implies acceptance of its Privacy Policy.
Mary Heathcliff reserves the right to modify its Privacy Policy at its discretion or due to legislative, judicial, or doctrinal changes by the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. It is recommended that the User check this page periodically to stay informed of any changes or updates.
This Privacy Policy was updated to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons concerning the processing of personal data and the free movement of such data (GDPR) and Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
