WEBSITE PRIVACY POLICY

keygara.shop

I. PRIVACY AND DATA PROTECTION POLICY

Respecting the provisions of current legislation, KeyGara (hereinafter, also Website) undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the data collected.

Laws incorporated in this privacy policy This privacy policy is adapted to the Spanish and European regulations currently in force regarding the protection of personal data on the internet. Specifically, it respects the following rules:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

• Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD).

• Royal Decree 1720/2007, of December 21, approving the Regulations for the development of Organic Law 15/1999.

• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller The controller responsible for the processing of personal data collected in KeyGara is: Pablo Jose Mendoza Iglesias, with Tax ID (NIF): 48776962B (hereinafter, Data Controller).

Contact Details:

• Address: Pasaje Venezuela 4, Piso 2, 5

• Contact telephone: 622133915

• Contact email: contact@keygara.shop

Registration of Personal Data In compliance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by KeyGara through the forms on its pages will be incorporated and processed in our file in order to facilitate, expedite and fulfill the commitments established between KeyGara and the User, or the maintenance of the relationship established in the forms that the User fills out, or to attend to a request or inquiry thereof.

Principles applicable to the processing of personal data The processing of the User’s personal data will be subject to the following principles set out in Article 5 of the GDPR:

• Principle of lawfulness, fairness, and transparency: User consent will be required at all times following completely transparent information on the purposes for which personal data is collected.

• Principle of purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes.

   

• Principle of data minimization: Personal data collected will be only strictly necessary in relation to the purposes for which they are processed.

   
   

• Principle of accuracy: Personal data must be accurate and always up to date.

   

• Principle of storage limitation: Personal data will only be maintained in a way that allows the identification of the User for the time necessary for the purposes of its processing.

   

• Principle of integrity and confidentiality: Personal data will be treated in a manner that ensures its security and confidentiality.

Categories of personal data The categories of data processed in KeyGara are only identifying data (Name, email, address, IP, etc.). In no case are special categories of personal data processed within the meaning of Article 9 of the GDPR (such as health, biometric, or ideology data).

Legal basis for the processing of personal data The legal basis for the processing of personal data is consent and the execution of a contract. KeyGara processes data because it is necessary to fulfill the purchase contract (ship the product) and complies with legal obligations (taxes/invoicing).

Purposes of the treatment to which the personal data are destined Personal data is collected and managed by KeyGara for the purpose of being able to facilitate, expedite, and fulfill the commitments established between the Website and the User (Processing orders, shipping, and customer support). Likewise, the data may be used for a commercial purpose of personalization, operational and statistical, and marketing studies to adapt the Content offered to the User, as well as improve the quality, operation, and navigation of the Website.

Retention periods of personal data Personal data will only be retained for the minimum time necessary for the purposes of its processing and to comply with legal obligations (e.g., tax regulations requiring transaction records for several years) or until the User requests its deletion.

Recipients of personal data To fulfill the purposes indicated in this Privacy Policy, strictly necessary data may be shared with the following recipients or categories of recipients:

1. Hosting & Technology Providers: (e.g., Hostinger).

2. Payment Gateways: (e.g., Stripe, PayPal, Redsys) to process payments securely.

3. Logistics & Suppliers: (e.g., Transport companies, Dropshipping suppliers) strictly for the purpose of delivering the order to the User’s address.

International Transfers: KeyGara operates with dropshipping suppliers. Therefore, some data (Name, Address, Phone) may be transferred to suppliers located outside the European Economic Area (e.g., China) solely for the purpose of executing the shipping contract. By placing an order, the User acknowledges that this transfer is necessary for the performance of the contract.

Personal data of minors Only those over 14 years of age may grant their consent for the processing of their personal data lawfully by KeyGara.

Secrecy and security of personal data KeyGara undertakes to adopt the necessary technical and organizational measures to ensure the security of personal data and avoid destruction, loss, or accidental or unlawful alteration. The Website has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially.

Rights derived from the processing of personal data The User may exercise the following rights recognized in the GDPR against the Data Controller:

• Right of access: To know what data we hold about you.

• Right of rectification: To correct inaccurate data.

• Right of deletion (“the right to be forgotten”): To request deletion of data when it is no longer necessary.

• Right to limitation of treatment.

• Right to data portability.

• Right of opposition.

The User may exercise their rights by written communication addressed to the Data Controller with the reference “GDPR-keygara.shop”, specifying the request and attaching a copy of their ID/Passport, to:

• Postal address: Pasaje Venezuela 4, Piso 2, 5

• Email: contact@keygara.shop

Links to third-party websites The Website may include hyperlinks or links that allow access to web pages of third parties other than KeyGara (e.g., Social Networks). KeyGara is not responsible for the privacy policies of those external sites.

Claims before the supervisory authority If the User considers that there is a problem or violation of current regulations in the way their personal data is being processed, they have the right to file a claim with the Spanish Data Protection Agency (https://www.aepd.es/).

II. ACCEPTANCE AND CHANGES IN THIS PRIVACY POLICY

It is necessary that the User has read and is satisfied with the conditions on the protection of personal data contained in this Privacy Policy. The use of the Website implies the acceptance of the Privacy Policy thereof. KeyGara reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a legislative change. Users are recommended to check this page periodically.