Legal notice & privacy policy

Respecting the provisions of current legislation, Andresrigo.com (hereinafter referred to as the “website”) commits to adopting the necessary technical and organizational measures, according to the appropriate level of security for the risk associated with the collected data.

Laws incorporated into this Privacy policy: This Privacy policy is adapted to the current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
• Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights (LOPD-GDD).
• Royal Decree 1720/2007 of 21 December, which approves the Regulation implementing Organic Law 15/1999 of 13 December on the Protection of Personal Data (RDLOPD).
• Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

The data controller responsible for the personal data collected on www.andresrigo.com is:

• Responsible identity: Andrés Rigo (hereinafter referred to as the “data controller”)
• Address: C/ Paseo del Marqués de Monistrol 5, 28011 Madrid, Spain.
• Email: andresd.rigo [at] gmail.com

The processing of the user’s personal data will be subject to the following principles as outlined in Article 5 of the GDPR and Article 4 and subsequent articles of Organic Law 3/2018, of 5 December, on the Protection of Personal data and guarantee of digital rights:

• Principle of lawfulness, fairness, and transparency: The user’s consent will be required at all times, following complete transparency about the purposes for which personal data is collected.
• Principle of purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.
• Principle of data minimization: The personal data collected will be only the strictly necessary data in relation to the purposes for which they are processed.
• Principle of accuracy: Personal data must be accurate and kept up to date at all times.
• Principle of storage limitation: Personal data will only be retained in a form that allows the identification of the user for the time necessary for the purposes of its processing.
• Principle of integrity and confidentiality: Personal data will be processed in a way that ensures its security and confidentiality.
• Principle of proactive responsibility: The data controller will be responsible for ensuring that the above principles are adhered to.

The user has the right to withdraw their consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, the withdrawal of consent will not affect the use of the website.

In situations where the user must or can provide their data through forms to make inquiries, request information, or for reasons related to the content of the website, they will be informed if the completion of any of these forms is mandatory because they are essential for the proper execution of the operation.

Personal data is collected and managed by Andresrigo.com with the purpose of facilitating, expediting, and fulfilling the commitments established between the website and the user, or for maintaining the relationship established in the forms that the user fills out or to address a request or inquiry.

Likewise, the data may be used for commercial purposes such as personalization, operational and statistical purposes, and activities related to the corporate purpose www.andresrigo.com. This includes data extraction, data storage, and marketing studies to tailor the Content offered to the user, as well as to improve the quality, functionality, and navigation of the website.

Personal data will only be retained for the minimum time necessary for the purposes of its processing, and in any case, for a period not exceeding the following: 24 months, or until the user requests its deletion.

The user’s personal data will be shared with the following recipients or categories of recipients: Google Ireland, Ltd.

In the event that the data controller intends to transfer personal data to a third country or international organization, at the time when personal data is obtained, the user will be informed about the third country or international organization to which the data is intended to be transferred, as well as the existence or absence of a commission adequacy decision.

Andresrigo.com is committed to implementing the necessary technical and organizational measures, according to the appropriate level of security based on the risk of the collected data, to ensure the security of personal data and prevent the destruction, loss, or accidental or unlawful alteration of personal data transmitted, stored, or otherwise processed, as well as unauthorized access or disclosure of such data.

The website has an SSL certificate (Secure Socket Layer), which ensures that personal data is transmitted securely and confidentially. The transmission of data between the server and the user, as well as any feedback, is fully encrypted.

However, since Andresrigo.com cannot guarantee the invulnerability of the internet or the complete absence of hackers or others who may fraudulently access personal data, the data controller commits to promptly notifying the user when a breach of the security of personal data occurs that is likely to result in a high risk to the rights and freedoms of individuals. In accordance with Article 4 of the GDPR, a breach of the security of personal data is understood as any breach that results in the destruction, loss, or accidental or unlawful alteration of personal data transmitted, stored, or otherwise processed, or the unauthorized access or disclosure of such data.

The data controller will treat personal data as confidential and commits to informing and ensuring, through legal or contractual obligations, that this confidentiality is respected by its employees, associates, and anyone to whom the information is made accessible.

The user has the following rights, recognized by the GDPR and Organic Law 3/2018, of 5 December, on the protection of personal data and guarantee of digital rights, with respect to www.andresrigo.com, and may exercise them against the data controller:

1. Right of access: The user has the right to confirm whether Andresrigo.com is processing their personal data and, if so, to obtain specific information about their personal data and the processing carried out by Andresrigo.com. This includes information about the origin of the data and the recipients of any communications or planned communications of that data.
2. Right of fectification: The user has the right to have their inaccurate or incomplete personal data modified, taking into account the purposes of the processing.
3. Right to erasure (“right to be forgotten”): The user, unless current legislation dictates otherwise, has the right to request the erasure of their personal data when it is no longer necessary for the purposes for which it was collected or processed, when the user has withdrawn their consent and there is no other legal basis for the processing, when the user objects to the processing, when the personal data has been unlawfully processed, when it must be erased to comply with a legal obligation, or when the personal data has been collected in relation to the offer of information society services. In addition to erasing the data, the data controller, considering available technology and the cost of implementation, must take reasonable measures to inform other data controllers processing the personal data of the user’s request for the erasure of any links to that data.
4. Right to restriction of processing: The user has the right to restrict the processing of their personal data when challenging the accuracy of their personal data, when the processing is unlawful, when the data controller no longer needs the personal data but the user requires it to assert legal claims, or when the user has objected to the processing.
5. Right to data portability: If processing is carried out by automated means, the user has the right to receive their personal data from the data controller in a structured, commonly used, and machine-readable format and to transmit this data to another data controller, where technically feasible. The data controller will transmit the data directly to the other controller whenever possible.
6. Right to object: The user has the right to object to the processing of their personal data by Andresrigo.com.
7. Right not to be subject to automated decision-making: The user has the right not to be subject to a decision based solely on automated processing, including profiling, unless current legislation dictates otherwise.

Therefore, the user can exercise these rights by sending a written communication to the data controller with the reference “GDPR-www.andresrigo.com”, specifying:

• Name and surname of the user and a copy of their ID. In cases where representation is accepted, the identification of the person representing the user, along with proof of representation, will also be necessary. The photocopy of the ID can be replaced by any other legally valid means of identifying oneself.
• Request with the specific reasons for the request or the information to be accessed.
• Address for notifications.
• Date and signature of the requester.
• Any document supporting the request.

This request and any accompanying documents can be sent to the following email address: andresd.rigo [at] gmail.com

The website may include hyperlinks or links that allow access to third-party websites other than www.andresrigo.com and are therefore not operated by Andresrigo.com. The owners of these websites will have their own data protection policies, and they will be responsible for their own files and privacy practices in each case.

All the website images and the website design are the property of Andresrigo.com. Any sale, copy or distribution of the same without the explicit consent of the owner is prohibited. The user can contact the owner of the website using the contact email.

If the user believes that there is a problem or a violation of current regulations in the way their personal data is being processed, they have the right to effective judicial protection and to file a complaint with a supervisory authority, particularly in the state where they have their habitual residence, place of work, or the place of the alleged violation. In the case of Spain, the supervisory authority is the Spanish data protection agency (https://www.aepd.es/).

It is necessary for the user to have read and agreed to the conditions regarding the protection of personal data contained in this Privacy policy, as well as to accept the processing of their personal data for the data controller to proceed with it in the manner, within the time frames, and for the purposes indicated. The use of the website implies acceptance of its Privacy policy.

Andresrigo.com reserves the right to modify its Privacy policy according to its own criteria or due to legislative, jurisprudential, or doctrinal changes by the Spanish data protection agency. Changes or updates to this Privacy policy will not be explicitly notified to the user. It is recommended that the user periodically consult this page to stay informed about the latest changes or updates.

This Privacy policy was updated to comply with regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and Organic law 3/2018, of 5 December, on the Protection of personal data and guarantee of digital rights.