I. PRIVACY POLICY AND DATA PROTECTION

In compliance with current legislation, santiagoballerini.com (hereinafter also referred to as the “Website”) undertakes to adopt the necessary technical and organizational measures appropriate to the level of security required for the risk associated with the data collected.

Laws Incorporated into This Privacy Policy

This privacy policy is adapted to current Spanish and European regulations on the protection of personal data on the internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

  • Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).

  • Royal Decree 1720/2007 of 21 December approving the Regulations implementing Organic Law 15/1999 of 13 December on the Protection of Personal Data (RDLOPD).

  • Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

 

Identity of the Data Controller

The controller of the personal data collected on the Website is: Santiago José Ballerini, Tax ID (NIF): Y8329249C (hereinafter, the “Data Controller”).

Contact details:

Contact phone number:
Contact email:

 

Personal Data Records

In compliance with the GDPR and the LOPD-GDD, we inform you that personal data collected by the Website through the forms provided on its pages will be incorporated into and processed within our data files for the purpose of facilitating, streamlining, and fulfilling the commitments established between the Website and the User, maintaining the relationship established through the forms completed by the User, or responding to requests or inquiries.

Likewise, in accordance with the GDPR and the LOPD-GDD, unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained specifying, according to their purposes, the processing activities carried out and other circumstances established in the GDPR.

 

Principles Applicable to the Processing of Personal Data

The processing of the User’s personal data shall be subject to the following principles set out in Article 5 of the GDPR and Articles 4 and following of Organic Law 3/2018:

  • Lawfulness, fairness, and transparency: The User’s consent will be required at all times after fully transparent information has been provided regarding the purposes for which personal data are collected.

  • Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes.

  • Data minimization: Only personal data strictly necessary for the purposes for which they are processed will be collected.

  • Accuracy: Personal data must be accurate and kept up to date.

  • Storage limitation: Personal data will be kept only for as long as necessary for the purposes of processing.

  • Integrity and confidentiality: Personal data will be processed in a manner that ensures appropriate security and confidentiality.

  • Accountability: The Data Controller shall be responsible for ensuring compliance with the above principles.

 

Categories of Personal Data

The categories of data processed on the Website are solely identifying data. Under no circumstances are special categories of personal data processed within the meaning of Article 9 of the GDPR.

 

Legal Basis for Processing Personal Data

The legal basis for processing personal data is consent. The Website undertakes to obtain the User’s express and verifiable consent for the processing of personal data for one or more specific purposes.

The User shall have the right to withdraw consent at any time. It shall be as easy to withdraw consent as to give it. As a general rule, withdrawal of consent will not condition the use of the Website.

When the User must or may provide data through forms to make inquiries, request information, or for reasons related to the Website’s content, the User will be informed if the completion of any of them is mandatory because they are essential for the proper completion of the operation carried out.

 

Purposes of Processing Personal Data

Personal data are collected and managed by the Website in order to facilitate, streamline, and fulfill the commitments established between the Website and the User, maintain the relationship established in the forms completed by the User, or respond to a request or inquiry.

Likewise, the data may be used for commercial purposes such as personalization, operational and statistical purposes, and activities related to the corporate purpose of the Website, as well as for data extraction, storage, and marketing studies to adapt the Content offered to the User and improve the quality, operation, and navigation of the Website.

At the time personal data are obtained, the User will be informed of the specific purpose or purposes for which the personal data will be processed.

 

Retention Periods for Personal Data

Personal data will be retained only for the minimum time necessary for the purposes of their processing and, in any case, only for the following period: 18 months, or until the User requests their deletion.

When personal data are obtained, the User will be informed of the period for which the personal data will be stored or, when that is not possible, the criteria used to determine that period.

 

Recipients of Personal Data

The User’s personal data will not be shared with third parties.

In any case, at the time personal data are obtained, the User will be informed about the recipients or categories of recipients of the personal data.

 

Personal Data of Minors

In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only persons over 14 years of age may lawfully give consent for the processing of their personal data by the Website. If the User is under 14 years of age, parental or guardian consent will be required, and processing will only be considered lawful to the extent that such consent has been granted.

 

Secrecy and Security of Personal Data

The Website undertakes to adopt the necessary technical and organizational measures appropriate to the level of security required for the risk associated with the data collected, in order to ensure the security of personal data and prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

The Website has an SSL (Secure Socket Layer) certificate, ensuring that personal data are transmitted securely and confidentially, as data transmission between the server and the User is fully encrypted.

However, since the Website cannot guarantee the absolute security of the internet or the complete absence of hackers or others who fraudulently access personal data, the Data Controller undertakes to notify the User without undue delay in the event of a personal data security breach likely to result in a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a personal data breach means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Personal data will be treated as confidential by the Data Controller, who undertakes to inform and ensure—by means of a legal or contractual obligation—that such confidentiality is respected by employees, associates, and any person to whom the information is made accessible.

 

Rights Arising from the Processing of Personal Data

The User may exercise the following rights recognized in the GDPR and Organic Law 3/2018:

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Right not to be subject to a decision based solely on automated processing, including profiling

The User may exercise these rights by written communication addressed to the Data Controller with the reference “GDPR-www.santiagoballerini.com,” specifying:

  • Name and surname of the User and a copy of ID (or equivalent identification).

  • Specific request and reasons.

  • Address for notification purposes.

  • Date and signature.

  • Any supporting documentation.

The request may be sent to the contact details indicated above.

 

Links to Third-Party Websites

The Website may include hyperlinks to third-party websites not operated by the Website. The owners of such websites will have their own data protection policies and will be responsible for their own files and privacy practices.

 

Complaints to the Supervisory Authority

If the User considers that there is a problem or infringement of current regulations in the way their personal data are processed, they shall have the right to effective judicial protection and to lodge a complaint with a supervisory authority, particularly in the State where they have their habitual residence, place of work, or place of the alleged infringement. In Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/).

 

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and agreed to the conditions regarding personal data protection contained in this Privacy Policy and accept the processing of their personal data so that the Data Controller may proceed in the manner, for the periods, and for the purposes indicated. Use of the Website implies acceptance of this Privacy Policy.

The Website reserves the right to modify this Privacy Policy at its discretion or due to legislative, jurisprudential, or doctrinal changes from the Spanish Data Protection Agency. Changes or updates will not be explicitly notified to the User. Users are advised to review this page periodically to stay informed of any changes.

This Privacy Policy was updated to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights.