Privacy Policy

20 April 2022

This privacy policy applies to the use of the personal data of users and customers (“data subjects”) of the website www.spainrevealed.com (“the website”). When you provide personal data and agree to our privacy policy, you agree to the use of your data in accordance with the following terms. For this reason we ask you to read the content carefully beforehand and if you have any doubts or questions, contact us by one of the methods detailed below.

1. Information about us

The vendor’s information is as follows:

  • Commercial name: Spain Revealed
  • Vendor name: Spain Revealed SL
  • NIE (Foreigner’s Identity Number): B72994320
  • Business address: Calle Hermosilla 48, 1 Dcha, 28001, Madrid, Spain
  • Business activity: Ebooks and online courses
  • Telephone: +34 910 82 10 72
  • Email: hello at spainrevealed dot com

2. Data Processing Purposes

Data can be collected for the purposes described in the data collection form, which includes:

To manage the provision of products or services contracted, as well as to manage payment and other related operations.

  • To provide information requested by the user.
  • To analyse user behaviour on the website to improve its use.
  • To send commercial communications.
  • To fulfil legal obligations, such as tax/fiscal obligations.

3. Lawful Basis for Processing Information

The lawful bases for processing personal data as defined in Art. 6 or the GDPR are as follows:

  • The data subject’s consent for one or more specific purposes.
  • The performance of a contract to which the data subject is party.
  • The compliance with a legal obligation to which the controller is subject.
  • The purpose of legitimate interests pursued by the controller or by a third party, including:
    • To offer customer services (answering requests, complaints, issues, etc.)
    • To analyse website use in order to improve the same.
    • To protect the controller’s rights if any dispute arises.

4. Categories of Personal Data

The data collected and processed, depending on the purpose, is the following:

  • Identity data: name, email address, IP address.
  • Commercial data: (you can detail specific data here, i.e. data for commercial communications).
  • Economic and transactions data: (you can detail specific data here, i.e. credit card details).

5. Transfer and Sharing of Data

This website uses third party service providers to offer the services detailed below. Be aware that by using our website or any of these third party services, your personal data can be processed by them, in accordance with their own data protection policy and that, on occasions, these service providers can be located outside the European Economic Area (usually in the U.S.), and do not offer a level of data protection comparable to the EU. It must be taken into consideration that regarding the U.S. there is an absence of an adequacy decision by the European Commission. In these cases, we make sure that our providers offer appropriate safeguards regarding data protection.

These are the main third party service providers used on the website:

Payment services.

  • Stripe, Inc. Located in the U.S. and Ireland; it is an internet payment provider and is used when purchasing any product or service on the website. You can find further information about their personal data processing here and GDPR compliance here.
  • PayPal. Located in the U.S. and Luxembourg; it is an internet payment provider and is used when chosen as a method of payment for any product or service on the website. You can find further information about their personal data processing here and GDPR compliance here.
  • Google Pay. Located in the U.S.; it is an internet payment provider and is used when chosen as a method of payment for any product or service on the website. You can find further information here.
  • Apple Pay. Located in the U.S.; it is an internet payment provider and is used when chosen as a method of payment for any product or service on the website. You can find further information here.

Marketing and email services.

  • Kajabi. Located in the U.S.; it is an all-in-one business platform including website builder and payment gateway, among others. You can find further information here.

Analysis services.

  • Google Analytics. Located in the U.S.; it is a web analytics service that provides statistics and basic analytical tools for search engine optimization (SEO) and marketing purposes, collecting personal data via “cookies”. You can find further information here.

Necessary services.

  • Kajabi. Located in the U.S.; it is an all-in-one business platform including website builder and payment gateway, among others. You can find further information here.
  • Siteground. With servers in the EU, UK, U.S., Australia and Singapore; it is a web hosting company. You can find further information here.
  • Cloudflare. Located in the U.S.; it is a security and performance suite for web-based applications. You can find further information here.

 

6. Data Storage Period

Personal data will be kept:

  • While it is needed to carry out the purposes for which it has been collected or to fulfil the contract with the user.
  • While there is a legal obligation for the controller to keep it.
  • As a general rule, personal data of users purchasing or acquiring products or services will be kept for a period of 4 years to comply with tax/fiscal obligations.
  • Other data will be kept for a period of 5 years, unless the user exercises his/her right to delete, limit, or oppose the processing of their data.

7. Withdrawal of Consent

The data subject has the right to withdraw his/her consent at any time, when the data processing is based on consent (Art. 6.1.a) GDPR).

You can request your right to withdraw your consent to the controller at the following email address: hello at spainrevealed dot com.

8. Arsulipo Rights

The data subject can exercise the following rights:

  • Right of Access (Art. 15 GDPR). The right to obtain confirmation from the controller about whether his/her personal data is being processed and, if it is the case, to obtain access to the personal data; and to ask for a copy.
  • Right to Rectification (Art. 16 GDPR). The right to ask the controller to rectify inaccurate personal information.
  • Right to Erasure (Art. 17 GDPR). The right to ask the controller to erase personal data in certain circumstances.
  • Right to Restriction of Processing (Art. 18 GDPR). The right to ask the controller to restrict processing of personal data in certain circumstances.
  • Right to Data Portability (Art. 20 GDPR). The right to receive personal data in a structured format from the controller and the right to transfer it to another controller, in certain circumstances.
  • Right to Object (Art. 21 GDPR). The right to object to the processing of personal data, in certain circumstances.

You can request your rights to the controller at the following email address: hello at spainrevealed dot com.

9. Complaints to the Regulatory Authority

The data subject has the right to make a complaint to the responsible data protection regulatory authority, which in this case is the Spanish Data Protection Agency (Agencia Española de Protección de Datos). You can find more information on their website: https://www.aepd.es/.

10. Why Personal Data is Required

The personal data marked as obligatory on the forms, is a necessary requirement in order to fulfil requests made. Therefore, not granting this information or not accepting this privacy policy, will prevent the processing of these requests. In order to process the said data, user consent will always be required.

11. Automated Decision-Making and Profiling

In general, this website does not carry out automated decision-making or user profiling.