COOKIE AND PRIVACY POLICY OF THE WEB PLATFORM

Version: Date 24 July 2019

This Policy (hereinafter the “Cookie and Privacy Policy”) regulates the cookie and privacy policy of the web platform https://www.nightologyparfums.com/ (hereinafter “the Web Platform”) owned by PERFUMES Y DISEÑO COMERCIAL, S.L. (hereinafter “PyD”), a corporation registered with the Madrid Trade Registry, volume 8986 General of Section 8 of the Book of Companies, folio 60, page M-144571, entry no. 1, with tax registration no. B-81061616 and registered office at Calle Isla de Java, no. 33, Madrid. The contact details for this cookie and privacy policy are:

E-mail: privacidad@pyd.es

Telephone: +34 91658 8820

1. USE, PURPOSE AND APPLICABLE LEGAL PROVISIONS

The Platform is a communication and support mechanism that PyD makes available to internet users to provide adequate, sufficient legal corporate information on its products, services and initiatives corresponding to its legitimate economic and business activities. Those activities are governed by Spanish law and, with regard to:

The provision of information society services, essentially by the Information Society Services and E-Commerce Act no. 34/2002 of 11 July.
Personal data processing, by the Spanish and European laws on personal data protection currently in place. In particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter the “GDPR”) is directly applicable, as indicated herein, and to the extent applicable, the Data Protection and Digital Rights Guarantee Act no. 3/2018 of 5 December (Ley Orgánica 3/2018, de Protección de Datos y de Garantía de los Derechos Digitales).

2. DATA SUBJECTS

This cookie and privacy policy is addressed to both users of the Platform and users registered within the framework of the Platform with regard to the processing of their personal data, whether mere users of the Platform and its services or customers of PyD. In all cases, data subjects are advised that this Platform is intended for users aged over 18 and use by minors is forbidden.

Any users who wish to register and/or access any contents or services provided through the Platform, for example to participate in personnel selection procedures (to work with PyD), receive or subscribe to news and information on PyD, submit consultations or suggestions using the contact form provided for this purpose, etc. must specifically provide their personal data on the corresponding forms provided by PyD in each case, after reading and accepting the policies and legal conditions governing those specific services or contents. Otherwise, the user will not be allowed to use them.

The information and personal data provided by users wishing to register with the Platform or, in general, provided later by registered users, shall be:

Sufficient, albeit brief, limited and proportionate to the legitimate purpose of processing informed by PyD, with the utmost respect for the principles of purpose limitation and data minimisation (Article 5(1)(b) and (c) GDPR).
Accurate, up-to-date and true, so that the identity, capacity and, where appropriate, representation of the user can be checked and verified, and so that the processing can be adjusted in each case to the specific needs and real situation of the users. All this shall comply with the principle of data quality and accuracy (section 4 of the Spanish Data Protection and Digital Rights Guarantee Act no. 3/2018 of 5 December; and Article 5(1)(d) GDPR).

Users are fully responsible for the correct use of their user accounts and the associated passwords. If a registered user believes that the security of their account and password may have been compromised, they shall promptly contact PyD through the contact details provided at the beginning of this Policy and report the situation or incident, so that PyD can take appropriate measures as soon as it is notified by the user. Users shall be liable for all damages deriving from inadequate use and personal management of their accounts and their passwords, releasing PyD from all liability.

3. DUTY TO PROVIDE INFORMATION

In pursuance of prevailing personal data protection laws and regulations, particularly Articles 12 to 14 GDPR and section 11 of the Spanish Data Protection and Digital Rights Guarantee Act no. 3/2018 of 5 December, data subjects are advised as follows:

The processor is PERFUMES Y DISEÑO COMERCIAL, S.L., with tax registration no. B-81061616, registered office at calle Isla de Java no. 33, Madrid and website: https://www.nightologyparfums.com/
The personal data provided by customers and/or users through the Platform will be processed to enable them to browse and have full access to and use of the information, contents and services provided in each case through that Platform, and/or to respond to any specific requests they may make.
The legal basis for processing is principally the user’s consent, although when the user completes and sends the form to participate in any personnel selection procedures at PyD, the legal basis for processing may be to take steps at the request of the data subject prior to entering into the contract, pursuant to Article 6 GDPR.
The personal data collected through the Platform may be disclosed to other companies in the same group as PyD (Tous Perfumes, S.A., , Perfumes y Diseño Holding, S.L. and Perfumes y Diseño Beauty Advisor, S.L) for internal administrative purposes, including processing of the personal data of users, customers or employees having a legitimate interest in the transfer of their personal data for these purposes within that business group. Outside these cases, the personal data of data subjects may not be transferred to any third party unless there is a legal obligation to do so.
No international transfers of personal data are contemplated and the necessary safeguards are taken in this regard.
Pursuant to Article 30 of the Spanish Commercial Code, when the data subject is a customer of PyD, at the end of the relationship between the parties, the customer’s personal data may be kept by PyD for a period of six years. If the data subject is not a customer, their user data will be kept for the time strictly necessary to allow correct browsing, access and use of the Platform contents requested, in accordance with the provisions of this cookie and privacy policy and the laws and regulations applicable in each case.
Data subjects may exercise their rights of access, rectification, erasure, restriction of processing, data portability and opposition by sending an e-mail to privacidad@pyd.es with the Ref. “Exercise of Rights”, attaching a copy of their national identity document or equivalent (passport, foreigner identification number (NIE), etc.). If they consider that their personal rights have not been duly respected, they may lodge a complaint with the competent supervisory authority, in this case the Spanish Data Protection Agency.

4. CONSENT OF THE DATA SUBJECT

By accepting this policy, end users grant their unequivocal consent to the processing of their personal data for the processing purposes indicated in section 3 of this cookie and privacy policy. In the specific case of cookies, the provisions of section 7 of this legal policy will be applicable.

PyD may refuse use of the Platform and the associated services, contents and functions if data subjects do not accept this Policy or do not agree to the processing of their personal data in accordance with the provisions hereof.

5. SECURITY

PyD has adopted and applies the security levels required by law to the personal data for which it is responsible, according to the corresponding security levels detected, and endeavours to install and/or apply additional technical or organisational means and measure of protection to reinforce the general security of personal data processing, systems, communications environment and corporate organisation. Nevertheless, users are advised that internet security measures are not by any means impregnable. For this reason, the company pays particular attention to the security measures and other security obligations established in the GDPR, especially Article 32 GDPR.

6. DUTY OF SECRECY AND CONFIDENTIALITY

PyD undertakes to comply with the duty of secrecy and confidentiality regarding the personal data and information provided by users of the Platform and under its control and responsibility, complying with all legal provisions applicable from time to time.

7. COOKIE POLICY

As established in Recital 30 GDPR, natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them. For this reason, PyD has a cookie policy coherent with the applicable legal provisions.

7. 1. Applicable legal provisions

Pursuant to section 22 of Act 34/2002 of 11 July on information society services and e-commerce, addressing the rights of the recipients of commercial communications sent by electronic means, service providers may only use data storage and recovery devices at the recipients’ terminal equipment when the recipients have been duly informed and given their consent.

For this purpose, these recipients and end users must be given full, clear information on their use and, in particular, the purposes of processing the data, pursuant to the Spanish Data Protection and Digital Rights Guarantee Act no. 3/2018 of 5 December. Therefore, whenever this is technically possible and effective, the recipient’s consent to processing of their data may be given through the use of adequate parameters in the browser or other applications.

The foregoing will not preclude any possible technical access or storage for the sole purpose of sending a communication via an electronic communications network or, to the extent that this is strictly necessary, to provide an information society service expressly requested by the recipient.

7.2. User’s consent and cookies: general rule and exception

In general, when the installation and/or use of cookies entails personal data processing, regardless of whether they are first or third party cookies and session or persistent, PyD, as controller, shall request the user’s prior, informed consent to install and/or use them. Consequently, both obligations should be met: the duty to provide information and obtaining the user’s consent.

Only those cookies that exclusively permit communication between the user’s equipment and the network and strictly those used to provide a service requested by the user are excluded from that consent. For example, “technical cookies” (e.g. those required for browsing on the Platform or application), “personalisation cookies” (e.g. those that enable the web page to recognise the user’s language, etc.) and “security cookies” (e.g. those that detect repeated wrong attempts to connect to a website) would be excluded.

7.3. Are cookies used on the Platform? What are they?

The Platform uses cookies, that is, small files that are downloaded onto the user’s terminal equipment (computer, smartphone, tablet, etc.), regardless of its nature, to store data that can be updated and recovered by the entity responsible for their installation.

Cookies allow browsing on the Platform and certain utilities and services provided thereon, so users are advised that disabling or blocking them may impair use of the Platform and of said utilities and services.

7.4. What cookies do we use on the Platform?

Cookies can be first party or third party. First party cookies are those sent to or downloaded onto the user’s terminal equipment from the Platform (editor) and managed by the latter, while third party cookies are those sent to or downloaded onto the user’s terminal equipment from other domains or equipment not handled by the Platform (editor), but by another entity processing the data obtained through the cookies.

The aforesaid cookies can be session or persistent cookies. The former are a type of cookies designed to collect and store data while the user accesses the Platform for the main purpose of storing information that is only kept to provide the service requested by the user on a single occasion. However, the latter remain stored on the user’s terminal and may be accessed and processed over a time defined by the entity responsible for the cookie.

Cookies can also be technical, permitting the user to browse the Platform and use the different options or services provided through it, such as controlling the traffic and communication of data, identifying the session, accessing restricted access parts, recalling the elements of a contractual request, using security elements during browsing, storing content for the showing of videos or audio, or sharing content through the social networks.

They may also be personalisation cookies, i.e. those allowing the user access to the service with some pre-defined characteristics according to certain criteria associated with their terminal, such as the type of browser through which they access the service, the regional set-up from which the service is accessed, etc.

Our cookies may be analytical, which would enable PyD to monitor and analyse the behaviour of users on the Platform when they browse it. The information collected through this type of cookies is used to measure the activity of the Platform and prepare browsing profiles of users on it, with a view to making improvements based on an analysis of the data regarding the use made by users of the Platform.

We include below an INFORMATIVE SUMMARY TABLE of the specific cookies that PyD currently uses on the Platform:

Cookies Owner Storage time Purpose

Analytical cookies Google Analytics Continuous use on website Collect information on a user’s activity in our digital asset to improve their experience and the performance of the asset through an analytic tool. Used to monitor and measure the performance of our website. Blocking or erasing the analytical cookies could adversely affect the quality of the user’s browsing experience on our website.

7.5. Who uses the cookies?

The information collected through the cookies used on the Platform may be used by the owner or a third party providing a service to that owner.

7.6. Management and set-up of cookies

According to the information offered in this policy, we include information below on how to manage the cookies used in the Platform through the different options offered by the most common browsers.

You can control and even block the use of cookies, depending on the browser installed on your computer. You can find information on how to manage them at the following links:

Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/block-websites-storing-site-preferences
Microsoft Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/kb/ph21411?locale=en_US

8. Modification of Cookie and Privacy Policy

PyD reserves the right to modify this policy in order to adapt it to future applicable changes in law, doctrine or case law or for technical, operational, commercial, corporate or business reasons, giving prior, reasonable notice to users of the changes whenever possible. In any case, users are recommended to read this Policy carefully every time they access this Platform.

If you have any queries regarding our cookie and privacy policy, please contact us at privacidad@pyd.es.

9. Social networks

We inform you that social networks also collect information about the contents that you share in them through their own cookies. PyD has no control over the activity of these social networks, but we inform you that all of them have their own privacy and cookies policies. As an example, below we attach the links to the legal documents of the social networks / platforms in which we facilitate you to share our contents, so that you can be properly informed:

Facebook:

Cookies policy: https://www.facebook.com/help/cookies/

Twitter:

Cookies policy: https://support.twitter.com/articles/20170514#

Instagram:

Cookies policy: https://www.facebook.com/policies/cookies/

Pinterest:

Cookies policy: https://policy.pinterest.com/es/cookies

Vimeo:

Cookies policy: https://vimeo.com/cookie_policy