Privacy Policy

PRIVACY POLICY "HIPERJOYA.COM"

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (General Data Protection Regulation or GDPR), Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), and Law 34/2002, on Information Society Services and Electronic Commerce (LSSI-CE), this Privacy Policy informs about the collection, processing and protection of personal data provided by the user through the website https://www.hiperjoya.com .

At "Andrés García Bastante," we work to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this. We care about your privacy and believe we should be transparent about it.

Therefore, for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter, "GDPR") concerning the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, "LSSI"), "Andrés García Bastante" informs the user that, as data controller, it will incorporate the personal data provided by users into an automated file.

Our commitment begins by explaining the following to you:

- Your data is collected to improve the user experience, taking into account your interests and needs.

- We are transparent about the data we collect about you and the reason we do so.

- Our intention is to offer you the best possible experience. Therefore, when we use your personal information, we will always do so in compliance with regulations, and when necessary, we will request your consent.

- We understand that your data belongs to you. Therefore, if you decide not to authorize us to process it, you can request that we stop processing it.

- Our priority is to guarantee your security and process your data in accordance with European regulations.

If you wish to obtain more information about the processing of your data, please consult the different sections of the privacy policy located below: https://www.hiperjoya.com/politica-de-privacidad

Owner: Andrés García Bastante

ID/Tax ID: 05921783L

Address: C/ Aduana 14, 13500, Puertollano (Ciudad Real), Spain

Contact email: joyeria.andres38@gmail.com

Our website address is: https://www.hiperjoya.com/

At "Andrés García Bastante" we process the information provided by interested parties for the following purposes:

• Manage orders or contract any of our services, either online or at our physical locations.
• Manage the sending of information that is requested from us.
• Develop commercial actions and maintain and manage the relationship with the user, as well as manage the services offered through the website and information tasks, including performing automatic evaluations, obtaining profiles, and segmenting customers in order to personalize the treatment according to their characteristics and needs and improve the customer's online experience.
• Develop and manage contests, raffles, or other promotional activities that may be organized.
• In some cases, it will be necessary to provide information to the Authorities or third-party companies for audit purposes, as well as to handle personal data from invoices, contracts and documents to respond to claims from customers or Public Administrations.

We inform you that the personal data obtained as a result of your registration as a user will be part of the Register of Activities and Processing Operations (RAT), which will be updated periodically in accordance with the provisions of the GDPR.

The principles of data protection

The data protection law establishes the following principles to support good practices and fairness in the processing of personal information. These principles stipulate that:

• Personal data should be processed in a lawful, fair and transparent manner;
• Personal data may only be collected for specific, explicit and legitimate purposes;
• Personal data must be adequate, relevant and limited to what is necessary for its processing;
• Personal data must be accurate and kept up to date, with all efforts made to delete or rectify it without delay;
• Personal data shall be kept in a form which permits identification of the data subject only for as long as is necessary for the purposes for which they were collected;
• Personal data must be processed in a manner that ensures adequate security; and
• The data controller must be able to demonstrate compliance with the other data protection principles (proactive accountability).

In accordance with current regulations on the Protection of Personal Data, we inform you that the data provided has been incorporated into the client file, the owner and data controller of which is "Andrés García Bastante" , with CIF: 05921783L and registered office at C/ Aduana 14, CP 13500 Puertollano (Ciudad Real).

"Andrés García Bastante" has appointed an external Data Protection Officer. If you wish to make a query regarding the processing of your personal data, you can contact him via email at info@lcprivacidad.com.

The personal data that the user may provide:

• Name, address, and date of birth.
• Phone number and email address.
• Location.
• Information regarding payments and returns.
• IP address, date and time you accessed our services, the internet browser you use, and data about the device's operating system.
• Any other information or data that you choose to share with us .

In some cases, completing the registration form is mandatory to access and enjoy certain services offered on the website; likewise, failure to provide the requested personal data or failure to accept this data protection policy means that it will be impossible to subscribe, register, or participate in any promotions that require personal data.

The processing of your data may be based on the following legal bases:

• Consent of the interested party for the contracting of services and products, for contact forms, requests for information or registration in e-newsletters.

• Legitimate interest in processing the data of our clients in direct marketing actions and express consent of the interested party for everything related to automated evaluations and profiling.

• Compliance with legal obligations for fraud prevention, communication with public authorities, audits, and defense against claims and third-party claims.

• Customer service and query management.

• Order management and service delivery.

• Sending commercial communications related to products or services.

• Customer service and query management.

• Promotional actions such as contests or raffles.

• Access, rectification and deletion of data, as well as other rights, as explained in the additional information: https://www.hiperjoya.com/politica-de-privacidad

The data obtained by "Andrés García Bastante" through forms on this website or contact forms are only intended for the legitimate purpose of providing services specific to "Andrés García Bastante" .

"Andrés García Bastante" keeps contact form submissions for a certain period for customer service purposes, but we do not use the information submitted through them for marketing purposes.

The data controller has adopted the necessary technical and organizational measures to guarantee the security of personal data and prevent its alteration, loss, unauthorized processing or access, in accordance with the state of technology and the nature of the data stored.

"Andrés García Bastante" does not make any decisions based on algorithms or other automated processing that significantly affects you.

Generally, data is stored within the EU. For data sent to third parties outside the EU, we will ensure that they offer an adequate level of protection, either because they have Binding Corporate Rules (BCR) or because they are within the "EU-US Privacy Shield Framework".

The processing and storage of your personal data will only be maintained to the extent that we need it in order to use it according to the purpose for which it was collected, and according to the legal basis for processing it in accordance with applicable law.

In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or any type of judicial, legal or contractual liability may arise from its processing, which must be addressed and for which its recovery is necessary.

Once blocked, your data will be inaccessible to the Data Controller and will not be processed except to make it available to public administrations, judges and courts, to address any liabilities arising from the processing, as well as for the exercise and defense of claims before the Spanish Agency for Data Protection.

In some cases, and only when necessary, "Andrés García Bastante" will provide user data to third parties. However, data will never be sold to third parties. External service providers (e.g., payment providers or delivery companies) with whom "Andrés García Bastante" works may use the data to provide the corresponding services; however, they will not use this information for their own purposes or for transfer to third parties .

"Andrés García Bastante" strives to guarantee the security of personal data when it is sent outside the company and ensures that third-party service providers respect confidentiality and have the appropriate measures to protect personal data. These third parties are obligated to ensure that the information is processed in accordance with data privacy regulations.

In some cases, the law may require that personal data be disclosed to public bodies or other parties; only what is strictly necessary for compliance with such legal obligations will be disclosed.

You can direct your communications and exercise your rights by sending a request to the following email address: joyeria.andres38@gmail.com .

Pursuant to the provisions of the GDPR, you can request:

• Right of access: you can request information about any personal data we hold about you.
• Right of rectification: you can communicate any changes to your personal data.
• Right to erasure and to be forgotten: you can request the deletion of personal data after prior blocking.
• Right to restrict processing: This involves restricting the processing of personal data.  
• Right to object: you can withdraw your consent to the processing of your data, objecting to its continued processing.
• Right to portability: in some cases, you can request a copy of your personal data in a structured, commonly used and machine-readable format for transmission to another controller.
• Right not to be subject to automated individual decision-making: you can request that decisions not be made based solely on automated processing, including profiling, that produces legal effects or significantly affects the data subject.

The cost of the procedure for exercising the rights will in principle be free, except in cases involving unfounded or excessive requests, and with a repetitive component, in which case the controller, in accordance with articles 12 et seq. of the GDPR, may charge a reasonable fee based on the costs incurred in responding to the request.

The data controller bears the burden of proof to demonstrate and justify the unfounded or excessive nature of the request.

The procedure that the company has adopted is as follows:

Communication should be addressed to the person in charge through any means made available to interested parties in this section of the website (giving preference to the email address: joyeria.andres38@gmail.com ), and the person must have been previously informed.

For informational purposes, the aforementioned communication from interested parties must contain at least the following information: name and surname of the interested party, photocopy of their ID or NIE (National Identity Number for Non-Residents), and if applicable, if submitted through a representative, the representative's ID and the document proving their representation, a detailed description of the request specifying the application, electronic address for notifications, date and signature of the applicant.

The time limit for responding to inquiries from those affected should be as short as possible from the time the request is received, with a maximum of one month and the possibility of extending it by two more months if necessary, taking into account the complexity of the request and the number of requests received.

In some cases, the request may be rejected if you request the deletion of data necessary for compliance with legal obligations.

Likewise, if you have any complaints about the processing of your data, you can file a complaint with the data protection authority.

If you believe that your rights have been disregarded by our organization, you can file a complaint with the Spanish Agency for Data Protection, using one of the following methods:

Electronic headquarters: https://www.aepd.es

Postal address: Spanish Agency for Data Protection, C/ Jorge Juan, 6, 28001, Madrid

Phone: 901.100.099 and 912.663.517

Filing a complaint with the Spanish Agency for Data Protection is free of charge and does not require the assistance of a lawyer or solicitor.

The user is solely responsible for the veracity and accuracy of the data provided, exempting "Andrés García Bastante" from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity, and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the registration or subscription form. "Andrés García Bastante" reserves the right to terminate the contracted services with users if the data provided is false, incomplete, inaccurate, or not up-to-date.

"Andrés García Bastante" is not responsible for the veracity of information that is not of its own making and for which another source is indicated, and therefore assumes no responsibility whatsoever for any hypothetical damages that may arise from the use of such information.

"Andrés García Bastante" reserves the right to update, modify, or delete the information contained on its web pages, and may even limit or deny access to said information. "Andrés García Bastante" is exempt from liability for any damage or harm that the user may suffer as a consequence of errors, defects, or omissions in the information provided by "Andrés García Bastante," provided that it originates from sources outside of its control.

Likewise, the user certifies that they are over 14 years of age and possess the necessary legal capacity to provide consent regarding the processing of their personal data.

Our services are not primarily aimed at minors. However, should any of our services be directed at children under fourteen years of age, in accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, of 5 December (LOPDGDD), "Andrés García Bastante" will require the valid, free, unequivocal, specific and informed consent of their legal guardians to process the personal data of minors. In this case, the DNI or other form of identification of the person giving consent will be required.

In the case of individuals over fourteen years of age, data may be processed with the user's consent, except in cases where the law requires the assistance of the holders of parental authority or guardianship.

"Andrés García Bastante" does not receive data from third parties and other entities, except for those protected by a duly stipulated and normatively regulated basis of legitimacy.

"Andrés García Bastante" has adopted the legally required security levels for the protection of Personal Data, and strives to install any other additional technical means and measures within its reach to prevent the loss, misuse, alteration, unauthorized access, and theft of Personal Data provided to "Andrés García Bastante" .

"Andrés García Bastante" is not responsible for any hypothetical damages that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operational functioning of this electronic system, caused by reasons beyond the control of "Andrés García Bastante"; for delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Center, in the Internet system or in other electronic systems, as well as for damages that may be caused by third parties through illegitimate intrusions outside the control of "Andrés García Bastante" . However, the user should be aware that security measures on the Internet are not impenetrable .

Therefore, "Andrés García Bastante" has adopted an information encryption policy with the aim of safeguarding the confidentiality, integrity and authenticity of the personal data processed by the organization.

Among other policies adopted, we highlight the following:

• Use of electronic signature: Electronic signatures will be used in commercial transactions and in procedures with Public Administrations.
• SSL web certificates: The company must purchase a web certificate to ensure the security of information on a website.
• Encryption of sensitive data when contracting external services: It must be verified that the contracted external service uses encrypted channels for communications and encryption tools in the processing of sensitive information.
• Encryption of sensitive data when requesting application development: It must be verified that access credentials are encrypted when requesting web or app development that involves user logins.

The website https://www.hiperjoya.com/ may contain links to other websites. By clicking on one of these links and accessing an external website, the visitor will be subject to the privacy policy of that website, and "Andrés García Bastante" will be disassociated from any responsibility regarding its privacy policy.

The website of "Andrés García Bastante" uses cookies to optimize and personalize your browsing experience. Cookies are physical information files that are stored on the user's terminal. The information collected through cookies serves to facilitate user navigation on the portal and optimize the browsing experience. The data collected through cookies may be shared with their creators, but in no case will the information obtained by them be associated with personal data or data that could identify the user.

However, if the user does not wish cookies to be installed on their hard drive, they can configure their browser to prevent the installation of these files. For more information, please consult our Cookie Policy via the following link: https://www.hiperjoya.com/

Can the privacy policy be modified?

Yes. This privacy policy may be modified. We recommend that you review the privacy policy periodically. However, we will notify you when any revision occurs. (Last revision 15-05-2025).