Privacy policy

BASIC INFORMATION ON DATA PROTECTION
Controller ESCURA BABY FOOD, S.L.
Purpose We use your data, among other purposes, to manage the purchase of products and services, handle your enquiries, and where applicable, send you personalised communications.
Legal basis The legal basis for processing your data is primarily your consent and the proper performance of the contractual relationship with ESCURA BABY FOOD, S.L.
Recipients Your data will be processed by third-party collaborators working with us, whether located inside or outside the European Union.
Rights You have the right to access, rectify, erase, object to, restrict and request the portability of your personal data.
Additional information You can consult additional and detailed information on how we manage your personal data and the rights available to you by reading the full Privacy Policy below, as well as the Cookie Policy.

ADDITIONAL INFORMATION ON DATA PROTECTION

ESCURA BABY FOOD, S.L., as data controller, is committed to adopting at all times the technical and organisational measures necessary to ensure that the processing of your data complies with the provisions of Regulation (EU) 2016/679 (hereinafter, "GDPR") and Organic Law 3/2018.

The Company processes your personal data lawfully and fairly, ensuring that it receives adequate protection and is not subject to improper use. It is also the Company's intention to be transparent in the management of its customers' and users' personal data, providing them with all necessary information about the collection and processing of their data.

The purpose of this Privacy Policy is to inform you about who will process your personal data, why we collect this data, how long we will retain it, who we will share it with, and what your rights are in this regard.

By providing us with your personal information and using our Website, we understand that you have read and understood the information on personal data protection set out in this Privacy Policy and in the Cookie Policy.

1. WHO IS THE DATA CONTROLLER?

The data controller for your personal data is:

Company Name: ESCURA BABY FOOD, S.L. Tax ID: B75608091 Postal Address: Calle Comte d'Urgell n.º 240 - P. 7 PTA. B, (08036), Barcelona. Email: hola@tinyriots.es

2. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

Depending on the products, services or features requested by customers and users, the Company will need to process different types of data, which will generally include the following:

  • Identification and contact details: name, surname, contact phone number, date of birth, postal address, billing address, delivery address, email address and ID number, among others.
  • Financial information, including credit card, debit card and financial account numbers, payment card information, financial account data, transaction details, payment method, payment confirmation and other payment-related information.
  • Data associated with the performance of a purchase or service contract with the Company: identification and contact details, payment data, information about purchases, orders and returns, among others.
  • Account information, including username, password, security questions, preferences and settings.
  • Transaction information, including items you browse, add to your cart, save to your wishlist, purchase, return, exchange or cancel, as well as your previous transactions.
  • Communications with us, including information you provide in your communications with us, for example when submitting a complaint to customer service.
  • Automatically collected data: when interacting with our Website, certain browsing data is collected automatically. This information is gathered through cookies, the regulation of which is detailed in the Company's Cookie Policy.
  • Information we may collect automatically relates to your use of our Website and the devices you use to access and interact with it. Some of the data we collect includes: the IP address of the device you are using, the browser software you use, your operating system, the date and time of access to the Website, the internet address of the website through which you accessed our Website, geolocation data, information about the pages visited by the user within the Website and time spent on each page.
  • Data about your personal tastes and preferences.

Personal data collected is processed for the following purposes:

  • Managing the purchase of products and services offered by the Company: to provide you with the product or service you request, to operate our business internally (in terms of accounting, auditing and other internal functions) and to manage payment for products and services.
  • Quality analysis: conducting customer and user satisfaction surveys regarding the quality of the products and services offered by the Company.
  • Customer and user support: when a user submits an enquiry or request to Tiny Riots through any of the channels available on the website, the Company will respond through the same channel. Tiny Riots may also send commercial and advertising communications by email, SMS, WhatsApp or any other social network, as well as by any electronic or physical means that allows commercial communications. In all cases, commercial communications will be sent by Tiny Riots and will relate to its products and services, as well as its suppliers or collaborators.
  • Advertising and marketing activities: this primarily includes personalising the services we offer and making recommendations based on your interactions with the Company through its website (e.g. based on purchase and browsing history). If you give us your consent, your personal data will be used to periodically send you information about new products that may be of interest to you and to offer you promotions.
  • Improving the user experience on the Website: conducting analytical and statistical studies on how users navigate the Company's Website.

3. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA?

The legal basis that allows us to process your personal data depends on the purpose for which we process it, as detailed below:

  • Managing the purchase of products and services offered by the Company. The processing of your data is necessary for the proper conclusion and performance of the contractual relationship with the Company. The legal basis also includes your own consent (when you decide to purchase our products or services) and the Company's legitimate interest in carrying out relevant checks to identify and prevent possible fraud, as well as for security reasons.
  • Quality analysis. The legal basis is the Company's legitimate interest in analysing customer and user satisfaction in order to offer products and services of the highest quality.
  • Customer and user support. The legal basis is the Company's legitimate interest in handling your requests and complaints in order to assist you properly and resolve your queries. Where complaints or incidents relate to a purchased product or service, the processing of your data is necessary for the Company to fulfil its contractual obligations. Where queries relate to the exercise of your legally recognised data protection rights, the Company requires the processing of your data to comply with its legal obligations in this area.
  • Advertising and marketing activities. The legal basis for processing your data for advertising and marketing purposes is the consent you provide for the sending of commercial communications (which may be personalised) and the Company's legitimate interest in sending similar communications regarding services or products previously purchased or in which you have shown interest.

Please note that if you have given us your consent to process your data for any purpose, you have the right to withdraw it at any time.

  • Improving the user experience on the Website. The legal basis is the Company's legitimate interest in understanding the degree of user satisfaction and taking appropriate corrective measures to improve the quality of our services.

4. HOW LONG DO WE RETAIN YOUR DATA?

Your personal data will be duly retained for the time strictly necessary for the purposes for which it was collected.

Personal data will be stored, with appropriate security measures to ensure its accuracy and integrity, for as long as its processing is necessary for the purpose for which it was collected or until you exercise your right to erasure or restriction of processing.

In such cases, we will keep your personal data blocked, without any further processing, for the periods provided by law to address any potential liabilities and to demonstrate compliance with our legal and contractual obligations. The Company will subsequently permanently delete your personal data.

5. WITH WHOM MAY WE SHARE YOUR DATA?

Your personal data will be processed by members of the Company acting on behalf of the organisation, with whom the appropriate contracts have been formalised, setting out specific obligations of confidentiality and diligent management of personal data in accordance with applicable legislation.

In certain cases, in order to fulfil the purposes set out in this Privacy Policy, the Company needs to share your personal data with the following third parties:

  • Financial institutions.
  • Technology and analytics service providers.
  • Logistics, transport and delivery service providers and collaborators, and/or their associated establishments.
  • Customer service providers.
  • Marketing and advertising service providers and collaborators.
  • Public authorities and bodies: to comply with a court order, summons or investigation, or for any other legally required reason; to address potential liabilities arising from the processing of personal data; to prevent illegal use of our Website or violations of our Website policies; to respond to third-party claims; to contribute to the prevention and investigation of fraud, among others.

These third-party collaborators only have access to the personal information necessary to carry out the relevant services and are required not to use it for any purpose other than that requested. The Company also requires these third parties to apply the same level of protection and confidentiality that we apply in the management of your personal information. All of them are also subject to the obligations set out in their respective data processing agreements with the Company.

Certain third-party collaborators are located in countries or territories outside the European Union. In these cases, the Company transfers your data in accordance with the legally required safeguards:

  • We verify whether the third party is located in a country or territory that has been declared to provide an adequate level of protection by the European Commission.
  • In the absence of the above, we verify whether any of the following safeguards apply: execution of a contract containing standard data protection clauses approved by the European Commission; implementation of binding corporate rules approved by the competent supervisory authority; the third party's adherence to a Code of Conduct or certification mechanism.
  • In the absence of the above, to transfer your data we request your express consent or the express authorisation of the competent supervisory authority.

6. RELATIONSHIP WITH SHOPIFY

The Services are hosted on Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve them for you. To offer and improve the Services, the information you submit through the Services will be transmitted to and shared with Shopify and third parties who may be located in countries other than your own. Additionally, to help protect, develop and improve our business, we use certain advanced Shopify features that incorporate data and information obtained from your interactions with our store, with other merchants and with the Shopify platform itself. To provide these advanced features, Shopify may use personal information collected about your interactions with our store, with other merchants and with the Shopify platform. In these circumstances, Shopify is the data controller for your personal information, including responding to your requests to exercise your rights regarding the use of that information for such purposes. For more information about how Shopify uses your personal information and the rights you may have, please see the Shopify Consumer Privacy Policy. Depending on where you reside, you may exercise certain rights regarding your personal information here: Shopify Privacy Portal.

7. WHAT ARE YOUR RIGHTS?

You are entitled to exercise the following rights in relation to the processing of your personal data:

  • Access (art. 15 GDPR): allows you to obtain certain information about the purposes for which your data is being processed, the recipients to whom it is disclosed, or the categories of data being processed, among others.
  • Rectification (art. 16 GDPR): allows you to request the data controller to correct inaccurate personal data and to complete incomplete data.
  • Erasure (art. 17 GDPR): allows you to request the erasure, without undue delay, of your personal data being processed by the controller, in the following cases: the controller no longer needs the data for the purposes for which it was originally collected; the processing is based on your consent and you decide to withdraw it, provided there is no other legal basis for processing; you object to the processing and the controller's interests do not override yours, provided there is no other processing that does not admit objection; the personal data has been processed unlawfully; the personal data must be erased to comply with a legal obligation; the data was obtained in the context of the offer of information society services.
  • Restriction of processing (art. 18 GDPR): allows you to obtain restriction of processing from the controller when any of the following conditions apply: when you contest the accuracy of your personal data, for a period enabling the controller to verify its accuracy; the processing is unlawful and you oppose erasure and request restriction of use instead; the controller no longer needs your personal data for processing purposes, but you need it for the establishment, exercise or defence of legal claims; you have objected to processing, pending verification of whether the controller's legitimate grounds override yours.
  • Portability (art. 20 GDPR): allows you to receive your personal data or have it transmitted to a third party, in a structured, commonly used and machine-readable format, provided the following conditions are met cumulatively: the legal basis for processing is your consent or the performance of a contract; and the processing is carried out by automated means.
  • Objection (art. 21 GDPR): allows you to object to the processing of your data by the controller. However, this right may only be exercised against processing based on public interest or the controller's legitimate interest.
  • Objection to automated processing (art. 22 GDPR): allows you not to be subject to decisions based solely on automated processing of your data, including profiling, that produce legal effects or similarly significantly affect you.

7.1. How can I exercise my rights?

To exercise your data protection rights, the Company makes the following means available to you:

  • By written and signed request addressed to the Company (Calle Comte d'Urgell n.º 240 - P. 7 PTA. B, (08036), Barcelona), indicating the reason for your request and the right you wish to exercise, and attaching a photocopy of your ID or equivalent document proving your identity.
  • By sending a completed and signed form, together with a photocopy of your ID or equivalent document proving your identity, to the following email address: hola@tinyriots.es

The forms to exercise each right are available at the following links:

  • Right of rectification: https://www.aepd.es/sites/default/files/2019-09/formulario-derecho-de-rectificacion.pdf
  • Right of access: https://www.aepd.es/sites/default/files/2019-09/formulario-derecho-de-acceso.pdf
  • Right of erasure: https://www.aepd.es/sites/default/files/2019-09/formulario-derecho-de-supresion.pdf
  • Right to restriction of processing: https://www.aepd.es/sites/default/files/2019-09/formulario-derecho-de-limitacion.pdf
  • Right to portability: https://www.aepd.es/sites/default/files/2019-09/formulario-derecho-de-portabilidad.pdf
  • Right of objection: https://www.aepd.es/sites/default/files/2019-09/formulario-derecho-de-oposicion.pdf
  • Right to object to automated processing: https://www.aepd.es/sites/default/files/2019-09/formulario-derecho-de-oposicion-decisiones-automatizadas.pdf

For more information about how Shopify uses your personal information and the rights you may have — including those related to data processed by Shopify — please visit https://privacy.shopify.com/en

You also have the right to contact the relevant supervisory authority for data protection with any complaint arising from the processing of your personal data: the Spanish Data Protection Agency (Complaint Submission Form).

8. CHANGES TO THE PRIVACY POLICY

This Privacy Policy is subject to continuous review by the Company and will be modified whenever necessary to adapt it to current legislation or to any changes to our Website.

You can consult the details of all changes made to the Privacy Policy through the "updates table" located on the first page of this document. Should an update to the Policy involve a substantial change in the processing of your personal data, we will notify you of such modification through our Website (via a banner, pop-up or push notification) so that you can review and consider it.

We therefore recommend reviewing the Privacy Policy periodically to stay informed about any updates related to the processing of your personal data.