WHO ARE WE?

We are responsible for processing your data. Therefore, the following aspects concerning the data controller are expressly, precisely, and unequivocally communicated to both interested parties and competent bodies:

Trade name: LUPER

Company name: ÓPTICAS LUPER S.L, hereinafter referred to as the "Company" or the "Controller".

Tax ID (CIF): B67829432 Registered Address: AVENIDA CANALEJAS, 3 MURCIA.

Postal Code: 30002, MURCIA, SPAIN.

Phone: +34 868 96 61 51

Email for data protection communications: hola@luper.es

Download OPTICAS LUPER S.L Privacy Policy

APPLICABLE REGULATIONS

Our Privacy Policy has been designed in accordance with the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and insofar as it does not contradict the aforementioned Regulation, by the provisions of the Spanish legislative framework on Personal Data Protection.

By providing us with your data, you declare that you have read and understand this Privacy Policy, giving your unequivocal and express consent to the processing of your personal data in accordance with the purposes and terms expressed herein.

The Company may modify this Privacy Policy to adapt it to legislative, jurisprudential developments or interpretations by the Spanish Data Protection Agency.

These privacy conditions may be supplemented by the Legal Notice, Cookie Policy, and the General Terms and Conditions that, where applicable, are established for certain products or services, if such access involves any particularity regarding the protection of personal data.

WHAT PROCESSING DO WE CARRY OUT WITH YOUR PERSONAL DATA?

In compliance with Regulation (EU) 2016/679 and the Organic Law on Personal Data Protection, we inform you that your personal data may be subject to some of the following processing activities:

• TR04 – Advertising campaigns (Legal basis: Law 34/1988, of November 11, General Advertising Law.)

• TR08 – Gathering opinions of data subjects (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)

• TR03 – Internal staff selection (Legal basis: Royal Legislative Decree 3/3015, of October 23, approving the revised text of the Employment Law.)

• TG01 – Own accounting and book management, as controller. (Legal basis: Royal Decree 1514/2007, of November 16, regulating the General Accounting Plan.)

• TG25 – Data collection for own tax management (Legal basis: Law 58/2003, of December 17, General Tax Law.)

• TG12 – Own labor management: data collection (Legal basis: Royal Legislative Decree 1/1994, of June 20, approving the Revised Text of the General Social Security Law.)

• TR09 - Security measures regarding technical and organizational aspects in applied software (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)

• TE08 - Personal Data Protection (Legal basis: Regulation (EU) 2016/679 and Organic Law 3/2018.)

• TE02 - Occupational risk prevention (Legal basis: Law 31/1995, of November 8, on Occupational Risk Prevention.)

• TE07 - Document destruction (Legal basis: Regulation (EU) 2016/679)

• TV01 - Sales / Provision of Services (Legal basis: Commercial and Tax Legislation)

• TE03 - Transportation and/or package delivery service (Legal basis: Royal Decree of August 22, 1885, publishing the Commercial Code.)

• TR05 - Emails (Legal basis: Commercial Code and other applicable legislation.)

• TR01 - Information requests received (Legal basis: Commercial Code and other commercial provisions.)

• TR07 - Management of incidents and/or security breaches (Legal basis: Regulation (EU) 2016/679 on data protection and LOPD.)

• TE04 - Management of own legal matters (Legal basis: Applicable commercial and labor legislation.)

• TE01 - Maintenance of IT systems (Legal basis: Commercial Code.)

RETENTION PERIOD OF YOUR DATA

We will retain your personal data from the moment you give us your consent until you revoke it or request the restriction of processing. In such cases, we will keep your data blocked for the legally required periods.

PURPOSES - WHY DO WE USE YOUR PERSONAL DATA?

In this organization, we may process your personal data exclusively for the purposes indicated below:

• To verify that all necessary technical measures are being taken for the proper management of personal data with the applied software.

• Sending commercial and/or advertising information by email.

• Managing information requests received from the data subject about our products or services.

• Exclusive management of internal incidents detected in compliance with GDPR requirements.

• Conducting advertising campaigns to promote our services and/or products.

• Gathering opinions of data subjects.

• Personnel selection to fill necessary job vacancies.

• Complying with all requirements set forth in the Occupational Risk Prevention Law.

• Package and mail delivery.

• Managing any legal issue affecting the company.

• Managing, maintaining, and repairing IT storage systems.

• Actions to carry out own labor management.

• Actions to carry out own tax and accounting management.

• Complying with the principle of limitation of the retention period of personal data.

• Complying with the requirements of Regulation (EU) 2016/679 and Organic Law 3/2018.

• Carrying out the sale or provision of the contracted service.

A commercial or user profile may be created based on the information provided or obtained. It is expressly stated that, under no circumstances, will profiles be created using the data of a minor.

The personal data provided by you will be kept for the duration of the contractual relationship or, where applicable, until you exercise your right to object or withdraw the consent granted. To do this, you can go to the corresponding section on our website or send an email to the address indicated in the section regarding the controller.

LEGAL BASIS

The legal basis for processing your data is the express consent granted through a positive and affirmative act (filling out the corresponding form and ticking the acceptance box for this policy) at the time you provide us with your personal data.

By filling out the forms, ticking the "I accept the Privacy Policy" box and clicking to submit the data, or by sending emails to the Company through the accounts enabled for this purpose, the User declares to have read and expressly accepted this privacy policy, and gives their unequivocal and express consent to the processing of their personal data according to the indicated purposes.

We are legitimately entitled to process your personal data for the following reasons:

• Your unequivocal, informed, and express consent, in cases where it is legally required, without, in any case, its withdrawal conditioning the execution of other processing activities whose legal basis is different, and without such withdrawal affecting the legality of the processing prior to its withdrawal.

• A legal obligation of the data controller.

• The execution of the service provision contract and/or the purchase and sale of the corresponding products, signed by you.

• The legal basis for processing your data is a legitimate interest of the controller. This interest is supported by a prior proportionality or balancing test between the legitimate interest of the controller and the interests or rights and freedoms of the data subjects. This balancing has involved assessing the interest, assessing the impact of the processing on the data subjects, balancing the two aforementioned concepts, and implementing additional safeguards. With the final balance being favorable to the controller, the processing can be carried out in accordance with the applicable regulations on personal data protection. For any questions or clarifications, you can contact us via the email provided in the section corresponding to the data controller.

WHAT DATA DO WE PROCESS AND HOW DID WE OBTAIN IT?

Your personal data will be incorporated into the following files, owned by the organization:

• FG01 Own accounting management.

• FG02 Own labor management.

• FG15 Own tax management. Data collection.

• FE01 IT maintenance.

• FE02 Occupational risk prevention.

• FE03 Transport and shipping.

• FE04 Own legal matters.

• FR01 Information requests received.

• FR03 Own personnel selection.

• FR04 Advertising campaigns.

• FR05 Emails.

• FR07 Incident and/or security breach management.

• FR08 Gathering opinions of data subjects.

• FR09 Software and hardware security.

• FE07 Document destruction.

• FE08 Personal Data Protection.

• FP01 Customers.

The personal data we process in our organization comes from the following sources:

• The data subject themselves.

RECIPIENTS - WITH WHOM CAN WE SHARE YOUR PERSONAL DATA?

Your personal data will be communicated to the following companies and organizations:

• Tax Agency.

• State Public Employment Service.

• General Treasury of the Social Security.

• Spanish Data Protection Agency.

• Banks and savings banks.

• Shopify.com

SECURITY AND CONFIDENTIALITY

As part of our commitment to guaranteeing the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to ensure the security of personal data and prevent its alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the data stored, and the risks to which they are exposed, according to Art. 32 of GDPR EU 679/2016.

USER RIGHTS

We guarantee the exercise of your rights regarding the processing of your personal data. In particular, we inform you that you have the right to:

• Obtain confirmation as to whether your data is being processed.

• Exercise the right to access the personal data we hold, obtaining information about the purposes of processing, the category of data processed, the possible recipients, the retention period, the origin of the data, and, where applicable, the creation of profiles or automated decision-making.

• Exercise the right to rectification. To this end, we remind you that the personal data we hold must always be a faithful reflection of reality, so do not hesitate to exercise your right if any data undergoes modification, change, or cancellation. You guarantee that the personal data you have provided to us by any means is true and accurate, and you undertake to notify us of any change or modification thereto, being solely responsible for any loss or damage caused to the controller or any third party due to the communication of erroneous, inaccurate, or incomplete information.

• Exercise the right to rectification. To this end, we remind you that the personal data we hold must always be a faithful reflection of reality, so do not hesitate to exercise your right if any data undergoes modification, change, or cancellation. You guarantee that the personal data you have provided to us by any means is true and accurate, and you undertake to notify us of any change or modification thereto, being solely responsible for any loss or damage caused to the controller or any third party due to the communication of erroneous, inaccurate, or incomplete information.

• Request the erasure of your personal data when, among other reasons, they are no longer necessary for the purposes described above or we no longer have the legitimacy to process them.

• Request the portability of your data, when processing is carried out by automated means and provided that it is linked to our entity based on a signed contract or you have given consent for the processing carried out. In these cases, you will have the right to receive your personal data in a structured, commonly used and machine-readable format, or to have them transmitted directly to another controller, where technically feasible.

• In certain circumstances, you may request the restriction of processing of your data, in which case we will only retain them for the exercise or defense of claims.

• Object to automated decision-making, including profiling. Such rights may be exercised free of charge, except in legally provided cases, by written request signed by you or, where applicable, by your representative, addressed to the controller, at the addresses provided for this purpose in the first section, or physically at any of our establishments.

• You also have the right to lodge complaints, either with the Spanish Data Protection Agency (on the website https://www.agpd.es/) or with the corresponding supervisory authority.

• Likewise, you may resort to the Courts of Justice to claim compensation.

• Finally, you have the right to withdraw your consent, with the same ease with which you granted it. To do this, you can go to our website, where you will find the necessary information to quickly and easily cancel the authorization you have given us to carry out these communications. You can also send an email to the address indicated in the section regarding the controller.

• We also inform you that for each processing of your personal data, the possible threats and impacts that may arise as a consequence are determined, mitigating or eliminating, if possible, the potential harms, through the application of the corresponding security measures that are periodically reviewed to determine their effectiveness. Our control system also allows us to comply with the principles of data processing, being able to demonstrate to the data subject the principle of purpose limitation, the principle of storage limitation, the principle of data minimization, as well as the principle of integrity and confidentiality.

• Finally, we also inform you that you will periodically receive surveys that will allow us to know your opinion on any suggestion related to the processing of your personal data, as well as to comply with the principle of transparency and accuracy of the processed data.

For any questions or clarifications, you can contact us via email: hola@luper.es