logo-final2

| ES | EN |

Política de privacidad

I. Privacy and Data Protection Policy

Complying with the current legislation, Farho (henceforth also Website) undertakes to adopt the necessary technical and organizational measures according to level of security appropriate to the data of risk presented.

Laws included in this Privacy Policy

This privacy policy is adapted to existing Spanish and European regulations regarding personal data protection on the internet. Namely, it follows the rules below:

  • Regulation (UE) 2016/679 of the European Parliament and the Council of 2016, April 27, regarding protection of individuals with regard to the processing of personal data and free movement of such data (RGPD – Spanish acronym)
  • Organic Law 3/2018, December 5, regarding Personal Data Protection and guaranty of digital rights (LOPD-GDD – Spanish acronym).
  • The Royal Decree 1720/2007, December 21, which adopts the Regulation of the development of the Organic Law 15/1999, December 13, regarding Personal Data Protection (RDLOPD – Spanish acronym).
  • The Law 34/2002, July 11, for the Information and Electronic Commerce Services Societies (LSSI-CE – Spanish acronym).

Identity of the personal data controller

Address: Polígono Industrial Tabaza II Parcelas 9-13. 33439 Carreño, Principado de Asturias, España

Contact telephone number: 985 514 082 – 657 893 910

Contact email: e-commerce@farho.com

Personal Data Record

In compliance with the stipulations set forth in the RGPD and LOPD-GDD (Spanish acronyms), we inform you that the personal data obtained by Farho through the forms of its Website will be incorporated in our files and processed with the aim of facilitating, expediting and fulfilling the commitments established between Farho and the User, and in order to maintain the relationship established in the filled forms or respond to a request or enquiry. Likewise, as provided in RGPD and LOPD-GDD (Spanish acronyms), unless the exemption provided in Article 30.5 of the RGPD (Spanish acronym) is applicable, a register of treatment activities, according to their purpose, treatment activities carried out and other conditions set by the RGPD (Spanish acronyms).

Principles governing the processing of personal data

The processing of the User’s personal data shall be subjected to the following principles established in the Article 5 of the RGPD (Spanish article) and in the Article 4 et seq. of the Organic Law 3/2018, December 5, regarding Data Protection and guarantee of Digital Rights:

  • Principles of lawfulness, loyalty and transparency: the consent of the User will be required at all times after transparent information have been received regarding the purposes for the collection of personal data.
  • Principle of purpose limitation: the personal data will be collected with specific explicit and legitimate purposes.
  • Principle of data minimisation: the personal data collected will only be the strictly needed according to the purposes for which they are processed.
  • Principle of accuracy: the personal data must be exact and updated at all times.
  • Principle of data retention period limitation: the personal data will only be kept so it allows for the User’s identification during the required time for the purposes of their treatment.
  • Integrity and confidentiality principles: the personal data will be processed so as to ensure their safety and confidentiality.
  • Principle of proactive responsibility: The controller will be responsible for ensuring that the principles previously stated are fulfilled.

Categories of personal data

The data categories processed in Farho will only be identifying data. Under no circumstances are special personal data categories within the meaning of Aticle 9 of the RGPD (Spanish acronym) processed.

Legal basis for the personal data processing

The legal basis for the processing of personal data is consent. Farho is committed to seek the User’s explicit and verifiable consent for the processing of their personal data for one or several specific purposes.

The User is entitled to withdraw their consent at any time. Withdrawing consent is as easy as giving it. As a general rule, the consent withdrawal will not condition the use of the Website. In the occasions where the User must provide their data through forms in order to hold consultations, request information or other reasons relating to the content of the Website, they will be informed in case that the filling of any of them is obligatory when they are crucial to the effective development of the operation performed. 

Purposes of the processing operation for which personal data are intended

The personal data are gathered and managed by Farho in order to facilitate, expedite and fulfil the commitments made by the Website and the User and to maintain the relationship established in the forms filled by the user or respond to a request or enquiry. Likewise, these data can be used for personalising, operational and statistical commercial purposes and for those activities referring to the company purposes of Farho, as well as for data extraction and storage and marketing studies intended to adapt the Content offered to the User and improve the quality, functioning and browsing through the website.

In the moment when personal data are obtained, the User will be informed about the specific purpose or purposes of the processing of their personal data processing; that is, the use or uses that shall be given to the gathered information.

Personal data retention period

The personal data will only be kept for the minimum time necessary for the purposes of their processing and, in any case, over only the following period: 12 months, or until the User requests its suppression.  When the personal data are obtained, the user will be informed about the period within which personal data shall be stored or, when this is not possible, the criteria used to determine this period.

Recipients of personal data

The User’s personal data shall be shared with the following recipients or categories of recipients:

In case that the personal data controller intends to transfer personal data to a third country or international organisation, the User will be informed about the third country/international organisation where their data shall be transferred to and about the existence or absence of a Commission decision of adequacy.

Personal data of underage individuals

In accordance with the Articles 8 of the RGPD (Spanish acronym) and 7 of the Organic Law 3/2018, December 5, on Personal Data Protection and guarantee of digital rights, only people over 14 will be able to lawfully give their consent to the processing of their personal data by Farho. Individuals under 14 years old will need the consent of their parents or legal guardians for the processing of these data, and this will only be considered licit to the extent to which they have authorised.

Secret and safety of personal data

Farho is committed to adopting the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data obtained, in order to guarantee the safety of the personal data and avoid the destruction, loss and accidental or illicit alteration of the data transmitted, kept or processed this way, or the communication or non-authorised access to these data.

The Website has a SSL Certificate (Secure Socket Layer) which ensures that the personal data are transmitted in a safe and confidential way, this transfer occurring between the server and the User, with feedback and completely encrypted. 

However, since Farho can not guarantee absolute security of the internet or complete absence of hackers or others who can fraudulently access the data, the Controller of the processing is committed to informing the User without undue delay in case of any safety breach of personal data that may suppose a high risk for the rights and freedoms of individuals.

In accordance with the Article 4 of RGPD (Spanish acronym), a data safety breach is every safety breach that may result in the destruction, loss or accidental/illicit alteration of the personal data transmitted, kept or differently processed, or the communication or non-authorised access to such data.

Personal data shall be treated as confidential by the Controller of the processing, who has a legal obligation to inform the User about it and guarantee that such confidentiality is respected by employees, associates and any other person with access to the information. 

Rights derived from the processing of personal data

The User shall be able to exercise the following rights against the controller of the processing, recognised in the RGPD (Spanish acronym) and the Organic Law 3/2018, December 5, on Personal Data Protection and digital rights guarantee:

  • Right to access: The User has the right to obtain information about whether Farho is processing their personal data and, if so, about their specific personal data or their processing made by Farho, as well as about the available information on the source of such data and the receipts of the communications performed or planned with them, among others.
  • Right to rectification: The User has the right to modify their personal data that happen to be inexact or incomplete, having into account the purpose of their processing.
  • Right to erasure (“the right to be forgotten”): When permitted by law, the User has the right to obtain the erasure of their personal data when these are no longer necessary for the purposes for which they were collected or processed; when the User has withdrawn their consent to their data processing and this has no legal base; when the User opposes to their data processing and there are no grounds for continuing with it; when the personal data have been illegally processed; when the personal data must be erased in pursuance of a legal obligation; or when the personal data have been obtained from the direct offering of information society services to a person under the age of 14. Apart from erasing the data, the Controller of the processing shall have to adopt the reasonable measures according to the technology available and the costs of applying it, in order to inform the professionals that are processing the User’s personal data about the wish of the User to erase any link to them.
  • Right to the limitation of the processing: The User has the right to limit their personal data’s processing. The User has the right to obtain this limitation when the accuracy of their personal data is contested; the processing is illegal; the Controller of the treatment does no longer need the personal data, but the User needs them to make a claim; and when the User has opposed to their data processing.
  • Right to data portability: When the processing is performed by automated means, the User shall have the right to receive their personal data in a structured, common use and machine-readable format by the Controller of the processing, as well as to transmit them to another controller of the treatment. Wherever technically feasible, the Controller of the processing shall directly transmit the data to the other controller.
  • Right to opposition: The User has the right to avoid the processing of their personal data or to stop such processing by Farho.
  • Right not to be object of a decision based solely on automated processing, including profiling: The User has the right not to be object of an individualised decision based solely on existing data automated processing, including profiling, unless current laws require otherwise.

Therefore, the User will be able to exercise their rights by means of a written statement addressed to the Controller of the processing with the reference “RGPD-https://farho.com/es/” specifying:

  • User name, surname and copy of ID card (DNI). In the cases when representation is admitted, the person representing the User must be identified by the same means and provide the document accrediting the representation. The copy of the ID card (DNI) can be substituted by any other valid form of identification.
  • Application with the specific reasons for the request or the information the User wants access to.
  • Address for notification purposes.
  • Date and signature of the petitioner.
  • Every document supporting the request made.

This application and any other attached document can be sent to the following address and/or email:

Address: Polígono Industrial Tabaza II Parcelas 9-13. 33439 Carreño, Principado de Asturias, España.

Email: e-commerce@farho.com

Links to third party websites

The website can include hyperlinks or links to access third party websites that do not belong to Farho and are therefore not controlled by Farho. The owners of these websites shall have their own data protection policy and they are the responsible for their own files and privacy practices.

Claims to the supervisory authority

In case that the User sees a problem or infringement according to the current laws regarding the way their personal data are being processed, they will have the right to effective judicial review and to lodge a complaint with the supervisory authority, in particular, in the State in which they usually reside or work, or where the alleged infringement has taken place. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).

II. Acceptance and changes in this privacy policy

It is required for the User to read and agree with the personal data protection conditions that appear in this Privacy Policy, as well as to accept the processing of their personal data so that the Controller of the processing can perform it in the ways and time indicated and for the stated purposes. By using the website, you are agreeing to its Privacy Policy.

Farho reserves the right to modify their Privacy Policy, under its own criteria or as the result of any legislative, jurisprudential or doctrinal change coming from the Spanish Data Protection Agency. The changes or updates of this Privacy Policy will not be explicitly notified to the User. The User is advised to regularly check this website to keep up with the latest changes or updates.

This Privacy Policy was updated to adapt to the EU-regulation 2016/679 of the European Parliament and the Council of 2016, April 27, regarding the protection of individuals with respect to the processing of their personal data and the free movement of such data (RGPD – Spanish acronym), as well as to the Organic Law 3/2018, December 5, on Personal Data Protection and guarantee of digital rights.