1. INFORMATION TO THE USER

Planetavegetal.com, hereinafter CONTROLLER, is responsible for the processing of the User’s personal data and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of April 27 (GDPR) and Organic Law 3/2018 of December 5 (LOPDGDD). Therefore, the following processing information is provided: Purpose of processing: to maintain a commercial relationship with the User. The planned processing operations are:

In the event of contracting services or purchasing GPP products, to maintain the contractual relationship, as well as the management, administration, information, provision, and improvement of the service.
Sending information requested by the interested party.
Publish the comments you make on the blog.
Sending commercial advertising communications by email, fax, SMS, MMS, social media, or any other electronic or physical means, present or future, that enables commercial communications. These communications will be made by the CONTROLLER and related to its products and services, or those of its collaborators or suppliers with whom it has reached a promotional agreement. In this case, third parties will never have access to personal data.
Conduct statistical studies.
Process orders, requests, or any type of request made by the user through any of the contact methods made available.
Forward the website newsletter.

We remind you that you can opt out of receiving commercial communications at any time by sending an email to the address indicated above.

Legal basis for processing: Your data is processed based on the legal basis of your request for information and/or the contracting of GPP services. The terms and conditions of these services will be made available to you prior to any contracting.
If you do not provide your information, or if you provide it inaccurately or incompletely, we will be unable to process your request, making it impossible to provide you with the requested information or complete the contracting process for services.

The processing of your data will also be legitimized by the legal basis of free, specific, informed, and unequivocal consent. We will provide you with clear information about our privacy policy regarding the processing of the data collected, providing mechanisms so that, prior to providing your data, you can access this information and, if you agree, proceed to accept it through a declaration or clear affirmative action.

We remind you that you have the right to withdraw consent for any specific purpose granted at that time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

Data retention criteria: The personal data provided will be retained as long as there is a mutual interest in maintaining the purpose of the processing and for the period during which liabilities may arise for the services provided to the interested party: 6 years – accounting books, invoices, etc. – Art. 30 Commercial Code, 5 years: Art. 1,964 Civil Code (personal actions without a special period), 4 years: Art. 66 et seq. of the General Tax Law (taxes, etc.).
When no longer necessary for such purposes, they will be deleted using appropriate security measures to ensure pseudonymization of the data or their complete destruction.

Data communication: Data will not be communicated to any third party outside of GPP, unless legally required or expressly informed.

User rights: As an interested party who has provided us with your personal data, you have the full right to obtain confirmation as to whether GPP is processing your personal data. Specifically, you are entitled to exercise the following rights granted to you by data protection regulations, in accordance with the provisions therein:

Right to withdraw consent at any time.
Right of ACCESS to your personal data.
Right to request rectification of inaccurate data
Right to request the DELETION of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, you may request that processing of your data be restricted, in which case we will only retain it for the exercise or defense of legal claims.
In certain circumstances and for reasons related to their particular situation, data subjects may exercise their right to OBJECT to the processing of their data. We will stop processing the data except for compelling legitimate reasons or to exercise or defend against potential legal claims.
In certain circumstances and for reasons related to your particular situation, you may request your right to data portability.

Furthermore, in the event that any of your rights have been violated, as an interested party, you are entitled to file a claim with the Spanish Data Protection Agency (AEPD), at C/ Jorge Juan, 6, 28001-Madrid or through the AEPD’s electronic headquarters: https://sedeagpd.gob.es/sede-electronica-web/.

Contact information to exercise your rights:
GPP Avenida de Córdoba nº15 Pol. Ind. La Carrehuela – 28343 Valdemoro – Madrid. email: info@planetavegetal.com

2. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER

By checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, Users expressly, freely, and unequivocally accept that their data is necessary for the provider to fulfill their request. The inclusion of data in the remaining fields is voluntary. The User guarantees that the personal data provided to the CONTROLLER is accurate and is responsible for communicating any changes to said data.
The CONTROLLER expressly informs and guarantees users that their personal data will not be transferred to third parties under any circumstances, and that whenever any type of transfer of personal data is made, the express, informed, and unequivocal consent of the Users will be requested beforehand. All data requested through the website is mandatory, as it is necessary to provide an optimal service to the User. If not all data is provided, there is no guarantee that the information and services provided will be completely tailored to the User’s needs.

3. SECURITY MEASURES

That in accordance with the provisions of current regulations on personal data protection, the CONTROLLER is complying with all provisions of the GDPR regulations for the processing of personal data under its responsibility, and manifestly with the principles described in Article 5 of the GDPR, by which they are processed in a lawful, fair and transparent manner in relation to the data subject and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The CONTROLLER guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR in order to protect the rights and freedoms of Users and has provided them with the appropriate information so they can exercise them.