We consider ensuring the right to the protection of personal data as a fundamental commitment, therefore we will devote all the resources and efforts necessary to process your data in full compliance with EU Regulation 2016/679 (the "General Data Protection Regulation" or "GDPR"), as well as any other applicable legislation in the field.
As one of the essential principles of this legal framework is transparency, we have prepared this document to inform you about how we collect, use, transfer and protect your personal data when interacting with us regarding products and services. ours, including through our website or through the applications available on our mobile phone.
Site - the online store hosted at the web address Masksuperstar.com and its sub-domains.
Who we are and how you can contact us
Company: Matavit Ltd.,
Avenida de los Pirineos 9, nave 9.
28703 San Sebastian de los Reyes - Madrid, Spain
What categories of personal data we process
In general, we collect your personal data directly from you, so that you have control over the type of information you provide to us. By way of example, we receive information from you as follows:
When you create an account on the Site, you send us: email address, first and last name;
When placing an order, you provide us with information such as: the desired product, first and last name, delivery address, billing details, payment method, telephone number, etc.
We may also collect and process certain information about your behavior during the visit of our website, to personalize your online experience and to make you offers tailored to your profile. We invite you to learn more details in this regard by consulting the section regarding the purposes of processing below.
On the Site we can store and collect information in cookies and similar technologies, according to the Cookies Policy provided in the Terms and Conditions.
We do not collect or otherwise process sensitive data, included in the General Regulation on data protection in special categories of personal data. Also, we do not want to collect or process data of minors who have not reached the age of 16 years.
What are the purposes and grounds for processing
We will use your personal data for the following purposes:
To provide the services available on the Site for your benefit.
This general purpose may include, as appropriate, the following:
a) Creation and administration of the account within the Site;
b) Processing of orders, including taking, validating, shipping and invoicing;
c) Solving cancellations or problems of any kind related to an order, to the purchased goods;
d) Returning the products according to the legal provisions;
e) Reimbursement of the value of the products according to the legal provisions;
f) Providing support services, including providing answers to your questions regarding your orders or the goods available on the Site.
The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between the Company and you. Also, certain processing subordinated to these purposes is required by the applicable law, including tax and accounting law.
To improve our services
We always want to offer you the best online shopping experience. To do this, we may collect and use certain information regarding your Buyer behavior, we may invite you to complete satisfaction questionnaires following the completion of an order or we may conduct, directly or with the help of partners, market research and research.
We base these activities on our legitimate interest in conducting business, always taking care that your fundamental rights and freedoms are not affected.
We want to keep you updated on the best offers for the products / services you are interested in. In this regard, we can send you any type of message (such as: e-mail / SMS / telephone / mobile push / webpush / etc.) containing general and thematic information, information on products similar or complementary to those on which have you purchased them, information on offers or promotions, information on products added in the "My Account / My Cart" section or "My Account / Favorites" section or have shown interest in purchasing them, as well as other commercial communications such as research market and opinion polls, and we can display personalized recommendations on the Site. To provide you with information of interest to you, we may use certain data about your buyer behavior (eg products viewed / added to the wish list / purchased) to create a profile for you. We always ensure that such processing is carried out in compliance with your rights and freedoms, and that the decisions made thereunder have no legal effect on you and do not affect you in any significant way.
In most cases, we base your marketing communications on your prior consent. You may change your consent and withdraw your consent at any time, either through the settings available on the Site, in your account, by accessing the unsubscribe link displayed in the messages you receive from us, or by contacting the Company using the contact details described above. up.
In certain situations, we can base our marketing activities on our legitimate interest in promoting and developing our commercial activity. In any situation where we use information about you for our legitimate interest, we take care and take all necessary measures so that your fundamental rights and freedoms are not affected. However, you may at any time request us, by the means described above, to stop the processing of your personal data for marketing purposes, and we will comply with your request.
For the defense of our legitimate interests
There may be situations in which we will use or transmit information to protect our rights and commercial activity.
These may include:
- Measures to protect both the Site and the users of the Site from cyber-attacks;
- Measures to prevent and detect fraud attempts, including the transmission of information to the competent public authorities;
- Measures to manage various other risks.
The general basis of these types of processing is our legitimate interest in defending our commercial activity, being understood that we ensure that all the measures we take guarantee a balance between our interests and your fundamental rights and freedoms.
Also, in certain cases we base our processing on legal provisions such as the obligation to ensure the protection of goods and values provided by the applicable legislation in this area.
How long we keep your personal data
As a general rule, we will store your personal data as long as you have an account on the Site. You can ask us at any time to delete certain information or close the account and we will respond to these requests, subject to the preservation of certain information including after closing the account, in cases where applicable law or our legitimate interests require it.
To whom we transmit your personal data
Where appropriate, we may transmit or provide access to certain personal data of your own to the following categories of recipients:
- companies within the same group of companies;
- courier service providers;
- payment / banking service providers;
- marketing / telemarketing service providers;
- market research service providers;
- insurance companies;
- IT service providers;
- to other companies with which we can develop joint programs for offering our goods on the market.
If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose certain personal data to some public authorities.
We make sure that access to your data by third parties legally owned by private law is made in accordance with the legal provisions regarding data protection and confidentiality of information, based on contracts concluded with them.
In which countries we transfer your personal data
We are currently storing and processing your personal data across the EU. However, we may transfer certain personal data of you to entities located in the European Union or outside the Union, including in countries where the European Commission has not recognized an adequate level of personal data protection.
We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Transfers to service providers and other third parties will always be protected by contractual commitments and, where appropriate, other guarantees, such as standard contractual clauses issued by the European Commission or certification schemes, such as the Privacy Shield for the protection of personal data. transferred from within the EU to the United States of America.
You can contact us anytime, using the contact details set out above, to find out more about the countries in which we transfer your data, as well as the guarantees we have made regarding these transfers.
How we protect the security of your personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, in accordance with industry standards.
The transmission of your personal data is done using state-of-the-art encryption algorithms and we store them on secure servers, while ensuring data redundancy.
Despite the measures taken to protect your personal data, we would like to point out that the transmission of information over the Internet, in general, or through other public networks, is not completely secure, with the risk that the data may be viewed and used by third parties. unauthorized parts. We cannot be held responsible for such vulnerabilities of systems that are not under our control.
What rights do you have?
The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You may request access to your data, correct any errors in our files, and / or object to the processing of your personal data. You may also exercise your right to complain to the competent supervisory authority or to bring justice. If applicable, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
More information on each of these rights can be obtained by consulting the table presented below.
In order to exercise your rights, you may contact us using the contact details set out above. Please note the following if you wish to exercise these rights:
Identity. We take the privacy of all records containing personal data seriously. For this reason, please send us your requests regarding such registrations using the email address of your account on the Site. Otherwise, we reserve the right to verify your identity by requesting additional information that aims to confirm your identity.
Fees. We will not charge a fee to exercise any right to you regarding your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before we resolve your request.
Duration of response. We aim to respond to any valid requests within a maximum of one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within a maximum of two months. We'll let you know if we need more than a month. We may ask you if you can tell us exactly what you want to receive or what you are worried about. This will help us act faster and shorten your response time to your request.
Rights of third parties. We should not comply with a request if it would adversely affect the rights and freedoms of other data subjects.
1. The consumer may at any time request information about the personal data managed by the Company, respectively the consumer who owns an account on the Site may modify them at any time by logging in to his account.
The consumer is entitled to receive personal data in legible format (for example, JSON, CSV, XML).
The consumer has the right to request the deletion of personal data concerning him.
2. At the Consumer's request, the Company shall provide information regarding
- the data they manage,
- the data processed by him or a third party authorized person,
- the legal basis, duration and purpose of data processing,
- the name, address and data management activities of the data processor,
- the circumstances and effects of an incident regarding the management of personal data, if any, respectively the measures taken to eliminate its effects,
- in the case of the transmission of the personal data of the consumer, the legal basis on which the data transmission is made as well as the recipient of the transfer.
The company will provide in writing the requested information within 30 days of submitting the application.
In order to control a data protection incident, respectively consumer information, the Company will keep track of the scope of the consumer's personal data, the consumer's personal data, the number of persons affected and / or affected by the data protection incident, the circumstances. the incident, the effects and actions taken to counter them, as well as other information provided by the law on the protection of personal data.
3. You can exercise your rights to the following contacts:
Avenida de los Pirineos 9, nave 9.
28703 San Sebastian de los Reyes - Madrid, Spain
Customer service email: email@example.com
The consumer can contact the Company with any questions or comments related to data management through the contact details above.
4. The consumer may at any time request the rectification or deletion of incorrectly recorded data. Some of the data may be corrected by the Consumer on the Site; in other cases, the Company will delete the data, in which case they will not be recoverable. The cancellation does not apply to the processing of data required by law (for example, accounting regulations) and these are kept by the Company for the required period.
5. The Consumer may also request the blocking of his data. The company must block personal data, if requested by the consumer or if, based on the information available, it can be assumed that the deletion will violate the legitimate interests of the consumer. Personal data blocked in this way will only be handled during data management, which has made it impossible to delete personal data.
If the Company does not comply with the request for rectification, blocking or cancellation of the Client, it must provide, within 30 days from the receipt of the request, the factual and legal reasons that were the basis for refusing the request for rectification, blocking or cancellation.
The consumer may oppose the processing of his personal data. The company examines the application as soon as possible after the application is submitted, but within 15 days it decides on the validity and informs the applicant in writing about its decision.
7. If, during the registration process on the Site, the Consumer has provided the personal data of a third party or caused damages during the use of the Site, the Company has the right to seek compensation. In such a case, the Company will provide all possible assistance to the authorities acting to establish the identity of the person who has broken the law.