Privacy Policy

1. RESPONSIBLE PARTY DATA

Company Name: RO. PA. FASHION GROUP, S.L. (hereinafter, the "Company" or the "Controller").

Tax ID Number: B74245242

Address: POLIGONO INDUSTRIAL OLLONIEGO, ZONA C, PARCELA 4 - 33660 - OVIEDO - ASTURIAS

Phone: 985792850

Email for data protection communications: info@walkinpitas.com

1.1. Applicable Regulations

Our Privacy Policy has been designed in accordance with the General Data Protection Regulation of the EU 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.

By providing us with your data, you declare that you have read and understood this Privacy Policy, giving your unequivocal and express consent to the processing of your personal data in accordance with the purposes and terms expressed herein.

The Company may modify this Privacy Policy to adapt it to legislative, jurisprudential, or interpretation novelties of the Spanish Data Protection Agency. These privacy conditions may be supplemented by the Legal Notice, Cookies Policy, and the General Conditions that, if applicable, are collected for certain products or services, if such access involves any specialty in the protection of personal data.

1.2. Data Protection Officer

No Data Protection Officer appointed.

2. PURPOSE OF PROCESSING PERSONAL DATA

The processing we carry out of your personal data responds to the following purposes:

  • Manage your registration as a user in the store owned by ROPA (www.walkinpitas.com). However, in any case, the user must verify and validate their registration on each platform by entering their username and password through consent.
  • Manage orders for products and/or services made through the Website, as well as the corresponding billing and shipping.
  • Periodically send (via email, postal mail, and/or SMS) electronic communications with offers, promotions, and news related to our online platforms unless otherwise indicated or the user opposes or revokes their consent.
  • Produce anonymous statistical reports regarding access habits and activity conducted by users on the Website.
  • Create a commercial profile of the user and carry out commercial actions tailored to it, using their data derived from the management of purchased products (browsing data, access habits, traffic), unless the user opposes or revokes their consent.
  • Comply with legally established obligations.

2.1. Data Retention Period

We will retain your personal data from when you give us your consent until you revoke it or request the limitation of processing. In such cases, we will keep your data blocked for the legally required periods.

3. LEGITIMATION AND DATA COLLECTED

The legal basis for the processing of your data is the express consent granted through a positive and affirmative act (filling out the corresponding form and checking the acceptance box of this policy) at the time of providing us with your personal data.

3.1. Consent to Process Your Data

By filling out the forms, checking the box "I accept the Privacy Policy" and clicking to submit the data, or by sending emails to the Company through the accounts enabled for this purpose, the User states that they have read and expressly accepted this privacy policy, and grants their unequivocal and express consent to the processing of their personal data in accordance with the purposes indicated.

3.2. Data Categories

The collected data refers to the category of identifying data, such as: Name and Surnames, Telephone, Postal Address, Gender, Date of Birth, Company, Email, as well as the IP address from which access to the data collection form is made.

4. SECURITY MEASURES

Within our commitment to guarantee the security and confidentiality of your personal data, we inform you that the technical and organizational measures necessary to guarantee the security of personal data and prevent its alteration, loss, treatment or unauthorized access have been adopted, given the state of technology, the nature of the stored data, and the risks to which they are exposed, according to Art. 32 of the GDPR EU 679/2016.

5. DATA TRANSFER

Your data may be transferred to those service providers to manage the data processing described in the privacy policy, in accordance with current data protection regulations. These providers will not process your data for their own purposes that have not been previously informed by ROPA.

No data transfers or international transfers of your data are foreseen, except for those authorized by tax, commercial, and telecommunications legislation, as well as in cases where a judicial authority requires it.

6. USER RIGHTS

Any interested party has the right to obtain confirmation as to whether we are processing personal data concerning them or not. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected. Under certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. For reasons related to their particular situation, interested parties may object to the processing of their data. The Controller will cease processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.

In accordance with current legislation, you have the following rights: right to request access to your personal data, right to request rectification or deletion of your data, right to request the limitation of its treatment, right to oppose the treatment, right to data portability, and also to revoke the consent given. Likewise, you have the right to file a complaint with the Spanish Data Protection Agency.

6.1. How to exercise my rights?

To exercise your rights, you must contact the controller, requesting the corresponding form for the exercise of the chosen right. Optionally, you can go to the competent Control Authority to obtain additional information about your rights. The contact details to exercise your rights are the email: info@walkinpitas.com. Remember to attach a copy of a document that allows us to identify you.

7. CONSENT FOR SENDING ELECTRONIC COMMUNICATIONS

Also, and in accordance with the provisions of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, by completing the data collection form and checking the corresponding box "I accept the sending of electronic communications," you are giving express consent to send to your email address, telephone, fax, or other electronic means the sending of information about the Company.

8. COMMENT FUNCTION ON OUR BLOG

We offer users the possibility to leave individual comments on each of the articles on our blog, which is located on the controller's website. A blog is a web-based service, publicly accessible, through which one or more persons called bloggers or blog authors can publish articles on different topics. Blog posts are usually commented on by third parties.

If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information about the date of the comment and about the user (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also recorded. This storage of the IP address takes place for security reasons, in case the data subject violates the rights of third parties, or publishes illegal content through a specific comment. The storage of this personal data is, therefore, in the interest of the data controller, so that they can exculpate themselves in the event of an infringement.

This personal information collected will not be transmitted to third parties, unless such transfer is required by law or serves the purpose of the defense of the data controller.