PRIVACY POLICY

Royal Tapestry Factory

The Royal Tapestry Factory, hereinafter the RFT as per the Spanish, is committed to the User’s privacy and the protection of their personal data. E In compliance with current legislation, specifically the European Regulation on data protection(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data) (General Data Protection Regulation), we inform you of the following: Data Controller This Privacy Policy establishes the basis on which the RFT, in the capacity of Data Controller, with address at Calle Fuenterrabía 2 (28014) Madrid and Tax Identification Code (CIF) G81628679, processes the personal data of its visitors, as well as its users provided through the website https://realfabricadetapices.com/ (hereinafter, the Website). For any additional information you can make any inquiry through the following means:
  • Email contact: informacion@realfabricadetapices.com
  • Telephone:+ 34 91 434 05 50
We remind you that every time you provide us with or it is necessary for us to access any type of information that due to its characteristics allows us to identify you, such as your name and surname, email, billing or shipping addresses, telephone number, type of device or debit or credit card number, etc. (hereinafter, “Personal Data”), either to browse the same, buy our products or make use services or features, such data falls under the application of this Privacy Policy, along with the Terms of Use of the Website, as well as other referenced documents in force at all times, and you should review these texts to ensure that you agree with them. This Privacy Policy and our Terms of Use may be amended. It is your responsibility to read them periodically, since those that are in force at the time of use of the Website will be applicable. Our commitment to privacy
  • We respect the privacy of the user.
  • We ensure that privacy and security are built into all activities carried out by the RFT.
  • We do not send marketing communications unless requested by the user. In the event of requesting same, you may change your mind at any time.
  • We neither offer nor sell users’ data to third parties.
  • We are committed to keeping your data safe and secure, which means that we work only with trusted suppliers with whom we have regulated the processing of data that they may carry out in relation to the provision of a service, if any.
  • We do not use your data for purposes other than those we have informed you.
  • We respect your rights and always try to accommodate your requests in accordance with our own legal responsibilities.
For more information about our privacy practices, below we set out what types of personal data we may collect, how we may use these, with whom we may share them, how we protect them, and how you can exercise your rights with respect to that data, in compliance with the Privacy Policy at all times. Collection of personal data and purpose of processing We remind you that before you start using any of the services offered by the RFT, you should carefully read this Policy. Failure to provide certain information indicated as mandatory, may result in not being able to use certain features or services available through the Website. The user guarantees that the Personal Data provided are true and accurate and undertakes to notify any change or modification thereof. Any loss or damage caused to the Website, the Data Controllers or any third party through the communication of erroneous, inaccurate or incomplete information in the registration forms shall be the sole responsibility of the user. What data are collected? The different data processing activities carried out by the RFT are listed below
Activity Visitor services
Purpose General management of bookings and services for visitors to the RFT
Data subjects Clients and users; Legal Representative
Categories of data Identifying data National Identification number (DNI/NIF), name and surnames, telephone number, postal address, email address
Legitimacy Execution of an agreement, with consent of the data subject Legal Representative
Recipients of communications Not foreseen
International transfers Not foreseen
Term of retention Minimum 6 years
Activity Access control
Purpose Control and monitoring of security at facilities
Data subjects Employees, Clients and users; Legal Representative.
Categories of data Identifying data National Identification number (DNI/NIF), name and surnames, address, signature, image/voice
Legitimacy Legitimate interest of the Data Controller to guarantee the security of the facilities, execution of a contract (employment)
Recipients of communications Security forces
International transfers Not foreseen
Term of retention 30 days
Activity Video surveillance
Purpose Management of maintenance of security of the RFT through video surveillance systems
Data subjects Employees, Clients and users; Legal Representative
Categories of data Identifying data: image/voice
Legitimacy Public interest, legitimate interest of the data subject to protect the assets of the RFT
Recipients of communications Security forces
International transfers Not foreseen
Term of retention 30 days
Activity Newsletter Subscribers
Purpose Provision of electronic communication services. Contains data on newsletter recipients
Data subjects Clients and users
Categories of data Identifying data: name and surnames, email address
Legitimacy Consent of the data subject
Recipients of communications Not foreseen
International transfers Not foreseen
Term of retention At the request of the interested party, while the service is offered
Activity Purchase of Products
Purpose General management of the purchase and delivery of products through the website
Data subjects Clients and users; Legal Representative
Categories of data Identifying data National Identification number (DNI/NIF), name and surnames, telephone number, postal address, email address, bank card number
Legitimacy Execution of an agreement, with consent of the data subject Legal Representative
Recipients of communicationss Not foreseen
International transfers Not foreseen
Term of retention Minimum 6 years
Who can access your personal data? Your data are not assigned to third parties unless legally obliged to do so. In particular, they may be communicated to the State Agency of Tax Administration and to banks and financial institutions for the collection of the services rendered or products purchased, where applicable. In case of purchase or payment, if you choose any application, web, platform, bank card, or any other online service, your data will be communicated to that platform or processed in its environment, always with the utmost security. We always endeavour to ensure that all third parties we work with maintain the security of your personal data. International transfers Not international transfers of data to countries outside the European Economic Area are foreseen. How long do we retain your personal data? The retention periods are indicated for each form of processing, however, in general, we only retain the Personal Data provided for the period established by law in order to meet the needs of users or to comply with legal obligations. To determine the data retention period of your Personal Data, we use the following criteria:
  • For the duration of our contractual relationship.
  • When contacting RFT for an inquiry: for as long as it takes to deal with your inquiry.
  • Cookies that are installed on your computer: stored for the time necessary to achieve their purposes and for a maximum of 365 days.
As we have already made clear, one of the purposes of data retention is to comply with legal and regulatory obligations. The data will be automatically cancelled when they are no longer necessary for the purpose for which they were collected and will be automatically deleted from our systems when possible. Are my personal data stored securely? The RFT commits to storing your personal data securely, taking into account all the precautions established by the European Regulation and the Law. Links to third parties Our websites and applications may contain links to and from the websites of our partner networks and sponsors. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible for these policies. Consult these policies before sending personal data to these websites. ¿Utilizamos cookies? Do we use cookies. Your rights and options The RFT, in compliance with the European Regulation and the Personal Data Protection Act, facilitates users to exercise their rights under the respective rules mentioned. These rights are the following:
  • Right to information: the right to obtain clear, transparent and easy-to-understand information about how we use your personal data and about your rights.
  • Right of access: the right to access personal data held by the RFT in relation to the data subject.
  • Right to rectification: the right to have your personal data rectified when they are inaccurate or no longer valid or to have them completed when they are incomplete.
  • Right to erasure / right to be forgotten: The right to have your personal data deleted or erased.
  • Right to opposition: the right to not have data processed or to stop the processing when the consent of the data subject is not necessary for the processing, due to the existence of a legitimate and well-founded reason.
  • Right to portability: the right to move, copy or transfer data from our database to another database. It is only possible to exercise this right with respect to data you have provided when the processing is based on the performance of a contract or on your consent and the processing is carried out by automated means.
  • Right to limitation of processing: the right to request the limitation of the processing of your data.
Any person has the right to obtain confirmation as to whether the RFT is processing personal data concerning them, or not, and if so, to access the same, and request the rectification of inaccurate data or, where applicable, request the erasure thereof when, among other reasons, the data are no longer necessary for the fulfilment of the purposes for which they were originally collected and in compliance with current legislation. In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case, they will only be kept for the exercise or defence against possible complaints In specific cases and for reasons related to their particular situation, data subjects may object to the processing of their data. The RFT will stop processing the data, except for compelling legitimate reasons or in the exercise or defence against possible complaints. The data subject also has the right to receive the personal data they have provided to the RFT in a structured, commonly used and machine-readable format. To exercise the aforementioned rights, you may request a form from us, or use the forms provided by the Spanish Data Protection Agency or third parties. These forms must be signed electronically or be accompanied by a photocopy of your DNI; in case of representation, a copy of the user’s DNI must be attached, or the user must sign it with his/her electronic signature. Forms can be submitted in person, by post or by email to the contact address of the Data Protection Officer infopdp@realfabricadetapices.com We will respond as soon as possible, and no later one month from the receipt of the request. If the issue is very complex and we need more time, we will notify you about it and explain the reasons.