Data Protection

DATA PROTECTION POLICY OF PACHA MERCHANDISE, S.L.

  1. Basic information regarding data protection


BASIC DATA PROTECTION INFORMATION

  1. Controller of the processing

PACHA MERCHANDISE, S.L.

  1. Address of the controller

Avenida Ocho de Agosto nº 27, 07800, Ibiza, Balearic Islands (Spain)

  1. Spanish Tax Identification number (N.I.F.)

B-57129793.

  1. Mercantile data

Company duly registered in the Mercantile Registry of Ibiza, under Volume 131, Sheet 13, Page nº IB-6.005.

  1. Purpose

Your data will be used to be able to deal with your requests and provide our services.

  1. Advertising

We will only send you advertising with your prior authorization, which you can provide us by marking the corresponding box provided for this purpose.

  1. Consent

We will only process your data with your prior consent, which you can provide us by marking the corresponding box provided for this purpose.

  1. Recipients

In general, only duly authorized personnel of our company are able to have knowledge of the information that we request from you.

  1. Rights

You have the right to know what information we have about you, to correct it and to eliminate it, as explained in the additional information available on our website.

  1. Additional information

More information in the section “YOUR SECURE DATA” of our corporate website (www.pachashop.com).




  1. Data protection policy


The Corporate Management and the Governing Body of PACHA MERCHANDISE, S.L. (hereinafter, the “data processing controller”), assume the utmost responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing ongoing improvement by the data controller with the objective of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation” or “GDPR”) (OJEU L 119/1, 04-05-2016), and with Spanish personal data protection legislation (Organic Law on Data Protection, specific industry legislation and implementing regulations).


The Data Protection Policy of PACHA MERCHANDISE, S.L. is based on the proactive responsibility principle, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy and is able to demonstrate it to the relevant supervising authorities.


In this regard, the data controller will be governed by the following principles that must be used by all its personnel as a guide and frame of reference in personal data processing:


  1. Data protection by design: the data controller will implement, both at the time of determining the means of processing and at the time of the processing, appropriate technical and organizational measures, such as pseudonymization, designed to effectively apply data protection principles such as data minimization, and integrate the necessary guarantees in the processing.


  1. Data protection by default: the data controller will apply the appropriate technical and organizational measures in order to guarantee that, by default, only the personal data necessary for each of the specific purposes of the processing will be processed.


  1. Data protection in the information lifecycle: the measures that guarantee personal data protection will be applicable during the entire lifecycle of the information.


  1. Lawfulness, fairness and transparency: personal data will be processed in a manner that is lawful, fair and transparent for the interested party.


  1. Restriction of purpose: personal data will be collected for specific, explicit and legitimate purposes, and will not be further processed in a manner incompatible with said purposes.


  1. Data minimization: personal data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.


  1. Accuracy: personal data will be accurate and, if necessary, updated; all reasonable measures will be taken so that personal data that are inaccurate with respect to the purposes for which they are processed are deleted or rectified without delay.


  1. Restriction of the conservation period: the personal data will be kept in a way that allows the identification of the interested parties for no more time than is necessary for the purposes of personal data processing.


  1. Integrity and confidentiality: personal data will be treated in such a way as to ensure the adequate security of personal data, including protection against unauthorized or illegal treatment and against loss, destruction or accidental damage thereof, through the implementation of the appropriate technical or organizational measures.


  1. Information and training: one of the keys to guarantee the protection of personal data is the training and information provided to the personnel involved in their processing. During the information life cycle, all personnel with access to data will be properly trained and informed about their obligations in relation to compliance with data protection regulations.


The Data Protection Policy of PACHA MERCHANDISE, S.L. is communicated to all the personnel of the data controller and made available to all interested parties.


As a consequence, this Data Protection Policy involves all the personnel of the data controller, who must have knowledge of it and agree to it, considering it as their own, with each member responsible for implementing it and verifying the data protection rules applicable to his/her activity, as well as identifying and contributing to whatever opportunities for improvement he/she considers appropriate with the aim of achieving excellence in compliance.


This Policy will be reviewed by the Corporate Legal Department of PACHA MERCHANDISE, S.L., under the supervision of the Company’s Corporate Management and the Governing Body, as many times as deemed necessary, to bring it in line, at all times, with current personal data protection provisions.