Privacy Policy

This Privacy Policy regulates the processing of personal data provided by users of the website www.brotjewellery.com (hereinafter, the "Website"), the provisions of Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter the GDPR, as well as Organic Law 3/2018, of December 5, on Data Protection and Digital Rights (hereinafter, LOPDGDD) and other applicable regulations.

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

  • Headline : Júlia Ventura Rosa
  • Tax address : Calle Tamarit 108, PPAL 1ª, Barcelona (08015), Spain
  • Address for communications : Calle Villarroel 46, Bajos 2, Barcelona (08011), Spain
  • NIF : 48084339X
  • Email : hola@brotjewellery.com

2. WHAT PERSONAL DATA DO WE COLLECT?

All information collected will be processed fairly, lawfully, and transparently. Furthermore, the data requested in each of the processing operations will consist only of those strictly necessary to achieve the intended and disclosed purpose in each case.

This way, the data you collect will be adequate, relevant, and not excessive in relation to the purposes for which it is processed in each case.

In general terms, within the framework of the different treatments of activities carried out in the organization, the following types are collected:

  • Identification data.
  • Contact information.
  • Billing and shipping information.
  • Payment information (managed by external secure platforms).
  • Browsing preferences and habits (through cookies, with your consent).

3. WHAT IS THE PURPOSE OF PROCESSING YOUR DATA?

In general terms, we process your personal data for the following purposes:

  • Management, compliance and execution of the purchase contract.
  • Respond to queries or requests received through the forms.
  • Send commercial communications if you have given your consent.
  • Develop and organize promotional activities.
  • Improve your web browsing experience.
  • Comply with our legal, tax and accounting obligations.
  • Create commercial profiles based on your consumer habits and personal and social characteristics. Profiling will not, under any circumstances, lead to automated decision-making that could be harmful to you.

4. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA?

As a general rule, the data subject's express consent is the legal basis for processing data for the purposes described above. This consent is expressed through a clear and unambiguous statement or affirmative action in legally valid forms, such as checking a checkbox provided for this purpose.

Likewise, and specifically for the treatments indicated below, the following legitimate bases are used:

  • For compliance with legal and regulatory obligations : including but not limited to: the General Law for the Defense of Consumers and Users, the General Tax Law, the Corporate Tax Law, the Audit Law, the Value Added Tax Law, the Civil Code, the Commercial Code, as well as the existence of a specific law or regulation that authorizes or requires the processing of the data subject's data, which will be announced in the corresponding information clause.
  • For the execution of a contract : that is, for the management of purchases, shipments and customer service.
  • Legitimate interest : Data processing based on the controller's legitimate interest will be primarily for the purpose of sending communications or commercial events about products or services similar to those contracted. According to Article 21.2 of the Information Society Services Act, this processing will only be valid if, as a customer, you have not expressly refused to do so at the time of data collection or in any of the communications we send.

In any case, this consent may be revoked at any time by contacting the responsible data subject through their contact methods. Generally, we will request your consent for uses other than those for which you initially granted it.

5. HOW LONG DO WE KEEP YOUR DATA?

Generally speaking, personal data is processed for the time necessary to fulfill the purpose for which it was collected, while the service or contractual relationship is maintained, there is a mutual interest, and/or for the period provided for in the relevant regulations.

Once the established timeframes have been met, the data will be deleted. This deletion will result in the data being blocked, and it will be kept solely for the public authorities, judges, and courts to address potential liabilities arising from the processing, during the statute of limitations for such liabilities. Once this period has elapsed, the information will be destroyed.

6. WHO DO WE COMMUNICATE YOUR DATA TO?

As a general rule, your data is not transferred or communicated to third parties, except in the following cases:

  • Providers of services necessary for operations (payment platforms, transportation, Meta, etc.), without in any case using said information for their own purposes or transferring it to third parties.
  • Public administrations, when required by tax or legal regulations.

In any case, all data transfers will be carried out with appropriate safeguards in accordance with the GDPR, and third-party service providers will ensure that confidentiality is respected and that appropriate measures are in place to protect personal data. These third parties are required to ensure that information is processed in accordance with data privacy regulations.

Furthermore, the communication of data to third parties excludes data regarding acceptance and consent of text messages.

7. WHAT ARE YOUR RIGHTS?

You can exercise the following rights at any time:

  • Right of Access , the right to request information from the person responsible for a file about whether your personal data is being processed.
  • Right of Rectification , a right that allows the affected person to request the modification of data that is inaccurate or incomplete.
  • Right to Object , the right of a person to object to the processing of their personal data or to its cessation.
  • Right to automated individual decision-making , right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him or her
  • Right of Limitation , right to suspend the processing of the user's personal data in certain cases
    Right to Deletion or Forgetting, right to erasure of the data subject's personal data
  • Right to Data Portability : the right to request that the data controller provide personal data in a structured and clear format to another controller.
  • Right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with current regulations.

You can exercise them by writing to:

In both cases, documentation proving the applicant's identity may be required if necessary. Additionally, in some cases, the request may be rejected if you request the deletion of data necessary for compliance with legal obligations.

In addition, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es

8. WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

The data requested in the established fields marked with an asterisk, identified as mandatory, or provided in the media where the information is provided, are those strictly necessary in relation to the purpose for which they are collected, or for the provision of an optimal service to the data subject, or by a legal obligation imposed on the data controller or a requirement necessary to enter into a contract. The inclusion of data in the remaining fields is voluntary.

If not all data is provided, there is no guarantee that the information and services provided will be fully tailored to your needs.

Therefore, if the required information is not provided, or is provided inaccurately or incompletely, your request cannot be processed, making it impossible to provide the requested information or complete the contracting of services.

Likewise, the user guarantees that the information submitted in any of the forms is truthful, accurate, and corresponds to the user's own data.

9. HOW ARE PROFILES CREATED?

A commercial profile may be created based on the information provided by the data subject and their interactions with the content offered, for the purpose of sending them personalized information about our products or services, including by electronic means. The legitimate basis for profiling is the legitimate interest in understanding the data subject's profile in their communications and services in order to offer them personalized information and content tailored to their interests and activity. No automated decisions will be made based on this profile. The user may object to the profiling of their information at any time through the channel provided for this purpose.

Subscription to our Newsletters: We will process your identification and contact information to send you personalized information about our products, promotions, offers, as well as products and offers from our partners. To accomplish this, we create a user profile that allows us to personalize the information we send you, adapting it to the tastes and preferences we know based on your browsing habits, purchase history, or even information collected through the use of cookies and other similar technologies (for more information on the use of cookies, visit our Cookie Policy ).

Other marketing and advertising purposes : We will use your data to suggest products or offers based on the profile you create based on your purchase history, the products you view while browsing our platforms, or the products you leave in your cart after completing the purchase process. These suggestions and reminders about your cart status may be sent to you via push notifications, banners, SMS, or even to your email via the abandoned cart feature. We will also process your data to show you advertising on other websites, apps, or social media platforms that you frequently visit. This advertising is often based on a profile created based on your purchases, purchase history, or preferences.

10. WHAT SECURITY MEASURES DO WE APPLY TO PROTECT YOUR PERSONAL DATA?

We have implemented the necessary technical and organizational measures to guarantee the security, confidentiality, and integrity of your personal data, preventing its alteration, loss, unauthorized processing, or access, in accordance with Article 32 of the GDPR.

In any case, Júlia Ventura Rosa is not liable for any hypothetical damages or losses that may arise from interference, omissions, interruptions, computer viruses, telephone breakdowns, or disconnections in the operational functioning of this electronic system due to causes beyond its control, nor for delays or blockages in the use of the Website caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Center, in the Internet system, or in other electronic systems, as well as for damages that may be caused by third parties through illegitimate interference beyond the control of the owner of the Website. Therefore, the user must be aware that Internet security measures are not impregnable.

11. HOW DO WE PROCESS THE PERSONAL DATA OF MINORS?

Although our services are specifically aimed at adults, if any of them are directed at minors under the age of fourteen, in accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018 of December 5 (LOPDGDD), the valid, free, unequivocal, specific, and informed consent of their legal guardians will be required to process the minors' personal data. In this case, the DNI (National Identity Document) or another form of identification of the person providing consent will be required.

In the case of individuals over the age of fourteen, data processing may be carried out with the user's consent, except in cases where the law requires the assistance of the holders of parental authority or guardianship.

12. WHAT HAPPENS IF YOU PROVIDE US WITH THIRD PARTY DATA OR IF A THIRD PARTY HAS PROVIDED US WITH YOUR DATA?

We offer features or services that require us to process the personal data of a third party that you provide to us (such as for Gift Card activation and delivery; Gift Ticket processing; or when you authorize a third party to collect an order). If you provide us with the personal data of third parties, or if we need to request it, you guarantee that you have informed them about the purposes and how we need to process their personal data.

If a third party has provided us with your data, or you have provided it yourself as a result of a feature or service requested by one of our users, we will use it to manage the feature or service being developed in each case, within the purposes set out in this Privacy Policy.

13. CAN THE PRIVACY POLICY BE MODIFIED?

This Privacy Policy may be revised and modified from time to time. These changes will be effective upon posting on the website, so it is important that you review this Privacy Policy regularly to stay informed of any changes.

14. HOW DO WE USE COOKIES?

We use our own and third-party cookies for analytical and personalization purposes when browsing the Website.

The data collected through cookies may be shared with their creators, but under no circumstances will the information obtained be associated with personal data or data that could identify the user. However, if you do not wish cookies to be installed on your hard drive, you can configure your browser to prevent the installation of these files.

You can obtain more information and manage your preferences at any time in our Cookie Policy .