1. DATA CONTROLLER
Company name: ROTISSERIE BY LOLA, S.L.
Número d'Identificació Fiscal: B65945578
Número d'Identificació Fiscal: Calle Muntaner 340, 5º1ª, 08021 Barcelona.
Inscription in the Mercantile Registry: Inscribed in the Mercantile Registry of Barcelona Volume 43541 Folio 204 Page 431852.
The data obtained by RESTAURANT PETIT PAU is used for the correct functioning of the Web tools. In the event of any refusal or error in the provision of data, RESTAURANT PETIT PAU will not be able to adequately offer the services and benefits requested.
3 . PURPOSE OF DATA PROCESSING
RESTAURANT PETIT PAU will process the data for the following purposes:
- User registration and reservation management.
- Sending of gift vouchers.
- To send, by any means, including electronic means, commercial communications in relation to the products and services offered by RESTAURANT PETIT PAU, communications that may be addressed in response to the User's consumption habits, browsing or use of the Web.
- Sending of commercial and technical communications regarding promotions, discounts or raffles organized by RESTAURANT PETIT PAU, unless the user objects.
The legitimacy of the data processing is the User's consent.
4. CATEGORY OF DATA
RESTAURANT PETIT PAU will collect the following data:
- identification data: name, surname, telephone, e-mail address, postal address, image, etc.
The data will be processed as long as no deletion, opposition or revocation of consent is requested. Once the data has been blocked, RESTAURANT PETIT PAU will keep them for the legally established period in order to take any personal or civil liability action.
Under no circumstances will RESTAURANT PETIT PAU transfer the data to third parties without previously informing the User and requiring her consent.
5. DATA COMMUNICATION
The data will be communicated to public bodies for the fulfilment of the corresponding legal obligations. Likewise, the data will be provided to the service providers with whom RESTAURANT PETIT PAU has a contractual relationship for the correct development and operation of the service. Such providers may include, but are not limited to: program developers, security companies, mailing, payment processors and legal advisory services.
RESTAURANT PETIT PAU will watch to obtain confirmation from these suppliers that carry out the correct processing of User data for the exclusive purposes of the commercial relationship and with adequate security protocols according to the data processed.
The User declares that he/she is of legal age and that the data provided are true and accurate, otherwise the User will be responsible for filling in the forms with false, inaccurate, incomplete or outdated data.
Users may exercise the following rights:
Right of rectification: It is the User's right to have his/her personal data modified if they are inaccurate or, taking into account the purposes of the processing, incomplete.
• Right to erasure: ("the right to be forgotten"): It is the right of the User, provided that current legislation does not provide otherwise, to obtain the deletion of his personal data when these are no longer necessary for the purposes for which they were collected or processed to continue with this; the personal data have been processed unlawfully; the personal data must be deleted in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years. In addition to deleting the data, the Controller, taking into account the available technology and the cost of its implementation, shall take reasonable steps to inform the controllers who are processing the personal data of the data subject's request for deletion of these links to these personal data.
• Right to restriction of processing: It is the right of the User to limit the treatment of his personal data. The User has the right to obtain the limitation of the processing when he challenges the accuracy of his personal data; the processing is unlawful; the controller no longer needs the personal data but the User needs it to make claims; and when the User has opposed the processing.
• Right to data portability: In the event that the processing is carried out by automated means, the user shall have the right to receive from the data controller his personal data in a structured format, of common use and mechanical reading, or to transmit them to another data controller. Whenever technically possible, the data controller will transmit the data directly to this other controller.
• Right to object: It is the right of the user not to carry out the processing of their personal data or cease the processing thereof by ROTISSERIE BY LOLA, S.L.
• Right not to be the object of a decision based solely on automated processing, including profiling: It is the right of the user not to be the object of an individualized decision based solely on the automated processing of personal data, including profiling, existing unless current legislation provides otherwise. Those affected can exercise their rights of access, rectification, deletion, limitation and portability, as well as all those that the current regulations grant to the citizen before ROTISSERIE BY LOLA, S.L. by writing to its headquarters at Calle Muntaner nº340, 5º1ª, 08021 in Barcelona.
In the event that the user considers that he/she has a problem or infringement of the regulations in force in the way in which his/her personal data are being processed, he/she will have the right to effective judicial protection and to present a claim before the control authority, particularly in the State in which he/she has his/her habitual residence, place of work or place of the alleged infringement. In the case of Spain, the Control Authority is the Spanish Data Protection Agency (http: //www.agpd.es).
RESTAURANT PETIT PAU has adopted technical and organizational security measures to prevent their alteration, loss, misuse, unauthorized access or theft.
However, because ROTISSERIE BY LOLA, S.L. cannot guarantee the impregnability of the Internet or the total absence of hackers or others who fraudulently access personal data, the data controller undertakes to inform the User without undue delay when there is a breach of personal data security that is likely to involve a high risk to the rights and freedoms of individuals. In accordance with article 4 of the RGPD, a breach of the security of personal data is understood to be any breach of security that results in the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or in the unauthorized communication of or access to such data.
The personal data will be treated as confidential by the Controller, who undertakes to inform and ensure by means of a legal or contractual obligation that this confidentiality is respected by its employees, partners, and any person to whom you make the information accessible.