Data Protection Policy

Version 1.0
Last updated: 27/11/2024

1. Introduction

Shopery Networks SL ("the Company") is committed to protecting the personal data of its customers, employees, and other stakeholders in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Spanish data protection laws, including the Ley Orgánica de Protección de Datos y Garantía de los Derechos Digitales (LOPDGDD). This policy outlines the principles and practices we follow to ensure the security, confidentiality, and lawful processing of personal data.

2. Scope

This policy applies to all personal data processed by Shopery in connection with its services, including data collected from customers, authorized users, suppliers, and third parties. It covers data processed through Shopery’s platform, documentation, and any related activities.

3. Key Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person (the "Data Subject").
  • Processing: Any operation performed on personal data, such as collection, storage, use, sharing, or deletion.
  • Controller: Shopery, determining the purposes and means of personal data processing.
  • Processor: Any third party processing data on behalf of Shopery.
  • Data Subject: Individuals whose personal data is processed by Shopery.

4. Data Processing Principles

Shopery adheres to the following principles when processing personal data:

  1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and transparently.
  2. Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in incompatible ways.
  3. Data Minimization: Only the data necessary for the intended purposes is processed.
  4. Accuracy: Personal data is accurate and kept up to date.
  5. Storage Limitation: Data is retained only as long as necessary for the specified purposes.
  6. Integrity and Confidentiality: Data is processed securely to prevent unauthorized access, loss, or destruction.

5. Lawful Basis for Processing

Shopery processes personal data under one or more of the following lawful bases:

  • Consent: Where the Data Subject has provided clear and informed consent.
  • Contractual Necessity: To perform a contract with the Data Subject or take steps prior to entering into a contract.
  • Legal Obligation: To comply with a legal or regulatory requirement.
  • Legitimate Interests: To pursue Shopery's legitimate interests, provided these do not override the rights and freedoms of Data Subjects.

6. Rights of Data Subjects

Shopery respects and upholds the following rights of Data Subjects:

  1. Access: The right to access personal data held by Shopery.
  2. Rectification: The right to correct inaccurate or incomplete data.
  3. Erasure ("Right to Be Forgotten"): The right to request deletion of personal data under specific conditions.
  4. Restriction of Processing: The right to restrict data processing in certain circumstances.
  5. Data Portability: The right to receive data in a structured, commonly used format and transfer it to another controller.
  6. Objection: The right to object to data processing, particularly for direct marketing purposes.
  7. Automated Decision-Making: The right not to be subject to decisions based solely on automated processing.

Requests related to these rights can be made by contacting Shopery’s Data Protection Officer at [insert contact details].

7. Data Security

Shopery implements appropriate technical and organizational measures to protect personal data, including but not limited to:

  • Encryption of sensitive data.
  • Access controls and user authentication.
  • Regular vulnerability assessments.
  • Data backup and disaster recovery protocols.
  • Employee training on data protection.

8. Data Sharing and Transfers

Personal data is only shared with third parties, including processors, where necessary and under strict agreements that ensure compliance with GDPR. Transfers of personal data outside the European Economic Area (EEA) are conducted only with appropriate safeguards in place, such as Standard Contractual Clauses.

9. Retention Policy

Shopery retains personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations.

10. Breach Notification

In the event of a personal data breach, Shopery will notify the relevant supervisory authority (Agencia Española de Protección de Datos) within 72 hours and, where applicable, affected Data Subjects without undue delay.

11. Roles and Responsibilities

  • Data Protection Officer (DPO): Shopery has appointed a DPO responsible for overseeing compliance with data protection laws and responding to data-related inquiries.
  • Employees: All employees are required to adhere to this policy and report potential data protection breaches immediately.

12. Policy Updates

This policy may be updated from time to time to reflect changes in laws, regulations, or operational practices.

13. Contact Information

For questions or concerns about this policy or Shopery’s data protection practices, please contact:

Data Protection Officer (DPO)

Email: dpo@shopery.com