PRIVACY POLICY

This privacy policy applies to the processing of personal data of customers and/or users of www.panchisburguer.com, hereinafter referred to as the WEBSITE, owned by BIBABURG S.L with Tax Identification Number B05286802, hereinafter referred to as the DATA CONTROLLER. Applicable Regulations Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR EU 2016/679, and insofar as it does not contradict the aforementioned Regulation, by the provisions set forth in Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, hereinafter LOPDGDD 3/2018. By providing us with your data, the customer and/or user declares to have read and understood this Privacy Policy, giving their unequivocal and express consent to the processing of their personal data in accordance with the purposes and terms expressed herein. Basic Information on Data Protection
BASIC INFORMATION ON DATA PROTECTION
Data Controller BIBABURG S.L
Purpose To respond to information requests and queries raised by customers and/or users, provide customer service, and send commercial communications about our services via mail, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic means, provided that the interested party has consented to the processing of their personal data for this purpose.
Legal Basis Performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures requested by the data subject. Legitimate interests pursued by the data controller. Consent of the data subject.
Recipients Data is not transferred to third parties, except legal obligation.
Rights You have the right to access, rectify, and delete data, as well as other rights, as indicated in the additional information, which you can exercise by contacting the data controller at [email protected]
Additional Information You can consult additional and detailed information on Data Protection in the annexed clauses found at www.panchisburguer.com
Additional Information on Data Protection The data controller is:
  • Name: BIBABURG S.L.
  • Tax Identification Number: B05286802
  • Address: Rosalía de Castro, 4-6 27700 Ribadeo, Lugo (Spain)
  • Phone: 982129880
  • Email: [email protected]
Purposes and Legal Basis of Processing
  1. Generally:
The DATA CONTROLLER processes the personal data provided by its customers and/or users for the following purposes:
  • Purpose: To respond to information requests and queries raised by customers and/or users, provide customer service, carry out administrative, commercial, accounting, and tax management, and send commercial communications about our services via mail, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic means, provided that the interested party has consented to the processing of their personal data for this purpose.
  • Legal Basis for this Processing: Performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures. Legitimate interest. Consent of the data subject, which may be withdrawn at any time.
  1. Website Electronic Forms:
The DATA CONTROLLER processes the personal data provided by customers and/or users through the electronic data collection forms on the WEBSITE for the following purposes:
  • In relation to the “Contact Form” and other inquiries (those that can be made through the email accounts listed on the WEBSITE):
  • Purpose: To contact the interested party, respond to information requests received, answer queries, and send commercial communications about our services via mail, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic means, provided that the interested party has consented to the processing of their personal data for this purpose.
  • Legal Basis for this Processing: Consent of the data subject, which may be withdrawn at any time.
When the data requested in the electronic forms is necessary, the DATA CONTROLLER will indicate this mandatory nature at the time of data collection from customers and/or users, and not providing it implies that the corresponding request cannot be fulfilled. What Type of Data Do We Process? For the purposes stated in the previous section, the Customer’s data is processed, which can be divided into the following sources and categories:
  1. a) Data Provided Directly by the Customer and/or User: Data provided directly by the customer and/or user, either at the time of requesting the service through the completion of electronic data collection forms or in paper format provided for this purpose, such as those provided during the contractual relationship through various means such as complaints or information requests submitted to Customer Service. The customer and/or user is responsible for its accuracy and updating.
  • Identifying Information (name and surname, ID, NIE, passport, postal address, email address, telephone, mobile, manual, handwritten or digitized signature, social media profiles, IP addresses, username, and password)
  • Economic Data (banking details)
  1. b) Data Obtained from Sources Other than the Customer and/or User: Data obtained from sources other than the customer and/or user, either with their consent or by any other legal authorization (legitimate interest, compliance with a legal obligation, etc.).
  2. c) Data Derived from the Development of the Commercial Relationship: Data indirectly provided by the customer and/or user resulting from the provision of the contracted service and the maintenance of this activity. This category includes traffic data, payment history, browsing data through the public website, or access to the private area, or other similar data.
Register of Processing Activities We inform you that the personal data obtained from the customer and/or user as a result of filling out the electronic forms on the WEBSITE are part of the Processing Activities Register (PAR) of the DATA CONTROLLER, which will be periodically updated in accordance with the provisions of GDPR EU 2016/679 and LOPDGDD 3/2018. Recipients The personal data of the interested parties will be communicated to the recipients indicated below:
  1. a) Generally:
  • The providers of the DATA CONTROLLER as data processors, within the framework of the corresponding provision of services (lawyers, accounting and tax advisors, consultants, and information technology service providers – website hosting and email service).
  • The competent authorities and bodies, to the extent necessary to comply with legal obligations.
  1. b) In relation to the “Contact Form” and other inquiries (those that can be made through the email accounts listed on the WEBSITE):
  • Data is not transferred to third parties, except legal obligation.
Transfers to Third Countries Data transfers to third countries without an adequate level of protection are not foreseen. Data Retention Periods Personal data will be kept:
  1. a) Generally:
  • The data will be kept until the data subject requests its deletion and, in any case, for the years necessary to comply with legal obligations.
  1. b) In relation to the “Contact Form” and other inquiries (those that can be made through the email accounts listed on the WEBSITE):
  • Personal data will be kept until the end of the relationship between the DATA CONTROLLER and the customer and/or user, unless the data subject requests their deletion beforehand, or until the data subject withdraws the consent granted at any time, without affecting the legality of the processing based on the consent prior to its withdrawal.
For these purposes, the data subject is reminded that they must inform the DATA CONTROLLER as the recipient to whom they communicate personal data, of any rectification or deletion of the data of their representatives, authorized persons, and other contact persons. Once the relationship is concluded, to the extent that the personal data of the interested parties are relevant for the responsibility of the DATA CONTROLLER towards customers and/or users, this data will be kept, properly blocked, available to the competent judicial authorities or public administrations, for the enforcement of liabilities arising from the processing for the prescription period of said liabilities. Rights of Data Subjects Customers and/or users of the WEBSITE may exercise, to the extent applicable, the following rights before the DATA CONTROLLER: access to personal data, rectification, deletion (right to be forgotten), limitation of processing, data portability, opposition to processing, and not to be subject to automated individual decisions. Additionally, when the processing is based on consent, the right to withdraw it at any time. Customers and/or users may exercise these rights by written and signed request sent to the postal address of the DATA CONTROLLER located at Avenida Rosalia de Castro, 4-6 27700 Ribadeo, Lugo (Spain), or via email to [email protected], attaching, in both cases, valid proof of identity in law, such as a photocopy of their ID/NIE or equivalent document, and clearly indicating the right they wish to exercise. Customers and/or users also have the right to lodge a complaint with the competent supervisory authority (Spanish Data Protection Agency) if they observe that the processing does not comply with current regulations or consider that their rights regarding the protection of their personal data have been violated, especially if they have not obtained satisfaction in the exercise of their rights, through the website https://www.aepd.es. These rights will be addressed by the DATA CONTROLLER within 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received so requires. All this without prejudice to the obligation to retain certain data in legal terms and until the possible liabilities derived from processing are prescribed, or, if applicable, from a contractual relationship. In addition to the above, and in relation to data protection regulations, Users who request it have the possibility to organize the destination of their data after their death. Sending Commercial Communications In compliance with the provisions of the second final provision of Law 9/2014, of May 9, on Telecommunications, which amends Law 34/2002, of July 11, on services of the information society and electronic commerce, commercial communications made electronically must be clearly identifiable as such, and the natural or legal person on whose behalf they are made