PRIVACY POLICY

The disclosure of the rayerbag.com sites is provided pursuant to art. 13 Legislative Decree 196/2003 and art. 13 EU Reg. 2016/679 (“General Data Protection Regulation” or “GDPR”).

HOLDER / S OF THE TREATMENT

The data controller of your personal data is Rayerbag, with registered office in Via C / Brosoli 4, 08003, Barcelona (ES) [PI B65353011] which is the company that owns the rayerbag.com website

Rayerbag, with registered office in Barcelona, C / Brosoli 4, 08003 ES, VAT number B65353011 , as Data Controller (hereinafter “Owner” or “Company“) guarantees the utmost confidentiality in the processing of personal data of Interested, in accordance with the provisions of current legislation on the protection of personal data.

OBJECT OF THE PROCESSING / TYPES OF DATA PROCESSED

The Data Controller takes care of the protection of your personal data and complies with the applicable legislation on the protection of personal data (Privacy Code and GDPR 12016/679). Your personal data are treated confidentially and are transferred to third parties solely on the basis of the provisions of this Policy, or with your consent. We process the personal data you provide to us when using the website and/or after registering on the website.

In particular we deal with:

  1. Navigation data: This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.

  2. Data provided voluntarily by the user: The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender’s address to respond to requests, as well as any other data entered in the format .

Furthermore, the following data may be processed:

  • user identification data (for example, name, surname, date of birth, language and country from which you work with us, tax code, etc.);

  • contact details (for example: e-mail address, telephone number, address …)

  • transactional data (for example, your payment or card details, information relating to purchases made by you, orders, returns, etc.);

  • connection, geolocation and navigation data (if, for example, IP address, mobile app, cookies or similar technologies);

  • commercial data (for example, newsletter subscription),

  • data relating to tastes and preferences.

Depending on the services and/or functionalities requested, some data may be required in mandatory form as they are necessary for the purpose of providing the requested service or product or to allow access to the requested functionality.

Therefore these data are necessary for the exact fulfillment by us of obligations deriving from the contract, or necessary to fulfill obligations deriving from applicable provisions of law or regulation.

Failure to enter such data could make it impossible to complete your registration as a user or the inability to receive such services or products or to benefit from the requested functionality.

PURPOSE OF THE TREATMENT, LEGAL BASIS AND STORAGE PERIOD

PURPOSE

DESCRIPTION OF THE PURPOSES

LEGAL BASIS

STORAGE PERIOD

Management of registration as a user of the Digital Properties.

If you decide to register on the rayerbag.com website, some of your personal data will be processed in order to identify you as a user and authorize you to access the various features and services of the same.

Terms governing the use of the website (Article 6.1.b GDPR)

Until the consumer’s request to cancel the account

Fulfillment and execution of the contract for the purchase of goods and / or services

Personal data are processed in the following cases:

  • Payment management

  • Returns management

  • Management of requests for information on the availability of items, booking of products

  • Provision of services such as eg. customization of products

  • Use of vouchers, coupons, discount coupons and / or gift cards

  • Provision of sales documents and / or invoices relating to the transactions carried out

  • Activation of mechanisms to control and avoid potential scams during the purchase transaction

  • Contact the consumer for updates or information communications related to the features, products and services purchased

(Article 6.1.b GDPR)

Not later than 24 months from the conclusion of the contract

Fulfillments connected with joining the loyalty program

Your personal data will be processed to allocate loyalty points, rewards and allow you to take advantage of the various benefits associated with the loyalty program.

(Loyalty program regulations) (Article 6.1.b GDPR)

The personal data are kept until the request for cancellation of the consumer from the loyalty program. Transaction data are kept for up to 24 months from the purchase.

Processing of requests received through customer service channels

Your personal data will be processed to manage requests, process complaints and product warranties, provide technical support through e-mails, telephone calls and social media.

Legitimate interest (Article 6.1.f GDPR)

For the time strictly necessary for the management of requests (and in any case no later than two years from the date of receipt of the request).

Marketing purposes

We will process your personal data to manage your newsletter subscription and to send you personalized information about our products or services through the use of various electronic means of communication (for example, e-mail or SMS). Furthermore, we may also send you such newsletters and communications via push notifications, in case of activation of this service on your mobile device. You can unsubscribe from the Newsletter at any time by:

  • Specific link at the bottom of each Newsletter;

  • Special link indicated in the My Area.

  • Request to the Contact center.

To stop receiving push notifications, you can disable this feature on your mobile device. To carry out promotional actions (for example, to carry out competitions or to forward your list of items saved to the e-mail address you indicated). Dissemination on the Platform or on social networks through our channels, of publicly shared photos or images, with your express authorization.

Consent (Article 6.1.a GDPR)

24 months from the date of issue of the marketing consent or from the date of the last interaction with the Data Controller.

Purpose of profiling

We will use data relating to your web browsing behavior, social interaction and transactional data to define consumer clusters, in order to improve communications and the offer of products and services dedicated to you.

Consent (Article 6.1.a GDPR)

24 months

Analysis of the use of the platform and services in order to improve the user experience and the offer.

When you access our digital properties, we inform you that your navigation and interaction data with social channels will be processed for analytical and statistical purposes, that is, to understand how users interact with our Platform and allow us to improve it.

Consent (Article 6.1.a GDPR)

Until the navigation data is made anonymous

METHOD OF TREATMENT

The processing of data for each of the aforementioned purposes is carried out using automated or electronic methods and, in particular, by email, telephone (e.g. automated calls, SMS, MMS), fax and any other IT channel (e.g. websites , mobile, app) suitable for guaranteeing security and confidentiality according to the so-called data protection by default, i.e. the application of measures designed to minimize the risks of data dissemination.

The processing of your personal data is carried out by means of the operations indicated in art. 4, no. 2) of the Regulations, to which reference should be made for any useful purpose.

NATURE OF DATA PROVISION AND CONSEQUENCES OF THE REFUSAL TO RESPOND

The provision of data is optional. However, failure to provide the requested data may make it impossible to establish or continue, in whole or in part, the contractual relationship and to follow up on requests for the provision of services.

Only with the explicit consent of the Participant, the data may be used for sending advertising and promotional material and for confidential offers (by e-mail, text message, messaging applications, mail, telephone contact) as well as for the creation of personalized services. through the study of its tastes and consumption habits.

It should be noted that any refusal to provide data for marketing and profiling purposes will make it impossible to follow up on the related activities.

ACCESS TO DATA

The personal data processed by the Data Controller will not be disclosed, that is, it will not be disclosed to indeterminate subjects, in any possible form, including that of making them available or simple consultation. Instead, they may be communicated to the workers who work for the Owner and to some external subjects who collaborate with them. In particular, your data may be made accessible to:

  1. Employees and collaborators of the Data Controller, consultants authorized to manage the site and provide the related services (by way of example: customer services, IT department, etc.), in their capacity as internal managers and / or persons in charge of the processing of personal data and / o System administrators;

  2. Third-party companies or other subjects (by way of example only: credit institutions, professional firms, consultants, insurance companies, etc.) who carry out outsourced activities on behalf of the Data Controller, in their capacity as external managers and / or persons in charge of the processing of personal data.

Your data may also be communicated, within the strictly necessary limits, to the subjects entitled to access it by virtue of the provisions of the law, regulations, community regulations.

COMMUNICATION OF DATA

Without your express consent (pursuant to Article 24 letter a), b), d), Privacy Code and art. 6 lett. b), c), GDPR), the Data Controller may communicate your data for the purposes indicated to Supervisory Bodies, Judicial Authorities as well as to all other subjects to whom the communication is mandatory by law for the accomplishment of said purposes.

TRANSFER OF DATA ABROAD

The management and storage of personal data will take place on servers, located within the European Union, of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors.

Between these:

  • Franchise partner.

  • Financial institutions and companies specialized in online payments and in the detection and prevention of scams.

  • Technology service providers.

  • Suppliers and collaborators of logistics, transport and delivery services.

  • Customer service related service providers.

  • Suppliers, collaborators and partners of marketing and advertising services.

The data are not currently being transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers within the European Union and / or to non-EU countries. In this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in accordance with Articles. 44 ff. of the Regulations and the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection.

NAVIGATION DATA

The computer systems and software procedures used to operate the site may acquire, during their normal activity, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified (ie parameters relating to the operating system and the IT environment user). These data are used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing.These data can also be used to ascertain responsibility in the event of hypothetical computer crimes against the Site.

COOKIES

When you use our site, cookies are stored on your computer. Cookies consist of small text files that are saved on your computer and provide us with certain information. They are widely used in order to make websites work or work more efficiently to improve the user experience, as well as to provide certain information to the owners of the site. Our site uses cookies that remain on your computer for different times. Some expire at the end of each session and some stay longer so that when you return to our Site, you can benefit from a better user experience. Web browsers allow you to exercise some control over Cookies through your browser settings. Most browsers allow you to block cookies or block cookies from certain sites. Browsers can also help you delete cookies when you close your browser. However, you should keep in mind that this could mean that any opt-outs or preferences he has set on the site will be lost. We invite you to consult the technical information relating to your browser for instructions. If you choose to disable the cookie setting or if you refuse to accept a cookie, some parts of the service may not function properly or may be considerably slower.

SUBJECTIVE LIMITATIONS

If the person providing the data is under the age of 16, this processing is lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility for whom the identification data are acquired.

RIGHTS OF THE INTERESTED PARTY

In your capacity as an interested party, you have the rights referred to in art. 7, Privacy Code and art. 15, GDPR and precisely the rights of:

  1. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

  2. obtain the indication: a) of the origin of the personal data; b) the purposes and methods of the processing; c) of the logic applied in case of treatment carried out with the aid of electronic instruments; d) the identity of the owner, manager and the representative appointed pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers or agents;

  3. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proves impossible or involves the use of means that are manifestly disproportionate to the protected right;

  4. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and / or through traditional marketing methods by telephone and / or paper mail. It should be noted that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition also only partially. Therefore, the interested party can decide to receive only communications using traditional methods or only automated communications or neither of the two types of communication.

Where applicable, it also has the rights referred to in Articles. 16 – 21, GDPR (Right of rectification, right to be forgotten, right to limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority.

METHOD OF EXERCISE OF RIGHTS

You have the right to ask the Data Controller for access to the Data concerning you, their rectification or cancellation, the integration of incomplete Data, the limitation of processing; to receive the Data in a structured format, commonly used and readable by an automatic device; to revoke any consent given in relation to the processing of your sensitive data at any time and to object in whole or in part to the use of the data; to lodge a complaint with the Authority, as well as to exercise the other rights recognized by the applicable regulations.
You can exercise your rights at any time by sending:
an email to: info@rayerbag.com.

CHANGES TO THE INFORMATION

This document may be subject to changes. It is therefore advisable to check this document regularly and refer to the most up-to-date version.

Barcelona , October 27, 2021

Current version:  October 2021