Privacy Policy

I. Privacy and Data Protection Policy

In compliance with current legislation, celiavivar.com (hereinafter also referred to as the “Website”) commits to adopting the necessary technical and organizational measures, according to the appropriate level of security for the risk of the data collected.

Laws incorporated into this privacy policy

This privacy policy is adapted to the current Spanish and European regulations on the protection of personal data on the Internet. Specifically, it complies with the following laws:

• Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons regarding the processing of personal data and on the free movement of such data (GDPR).
• Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
• Royal Decree 1720/2007, of December 21, approving the implementing regulations of Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the data controller

The data controller for the personal data collected on celiavivar.com is: Celia Vivar del Río, with NIF: 76428385Y (hereinafter, the Data Controller). Contact details:

• Address: Avda Carlos Haya 60 9a Málaga (29010), Málaga, Spain
• Phone number: +34 639 97 66 10
• Email: celia@celiavivar.com

Personal data registration

In accordance with the GDPR and LOPD-GDD, we inform you that the personal data collected by celiavivar.com through the forms on its web pages will be incorporated into and processed in our file for the purpose of facilitating, streamlining, and fulfilling the commitments established between celiavivar.com and the User or the relationship established in the forms completed by the User, or to address a request or inquiry. Furthermore, unless the exception set out in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying the processing activities carried out and other circumstances as established in the GDPR.

Principles applicable to the processing of personal data

The User’s personal data will be processed in accordance with the following principles as set out in Article 5 of the GDPR and Articles 4 and following of Organic Law 3/2018:

• Lawfulness, fairness, and transparency: The User’s consent will always be required after fully transparent information on the purposes of data collection.
• Purpose limitation: Data is collected for specific, explicit, and legitimate purposes.
• Data minimization: Only the data strictly necessary for the intended purposes will be collected.
• Accuracy: Data must be accurate and kept up to date.
• Storage limitation: Data will be retained only as long as necessary for the purposes of processing.
• Integrity and confidentiality: Data will be processed in a manner that ensures security and confidentiality.
• Accountability: The Data Controller will be responsible for ensuring compliance with the above principles.

Categories of personal data

The categories of data processed by celiavivar.com are solely identifying data. In no case are special categories of personal data processed as defined in Article 9 of the GDPR.

Legal basis for processing personal data

The legal basis for processing is the User’s consent. celiavivar.com undertakes to obtain express and verifiable consent from the User for processing their personal data for one or more specific purposes.

The User has the right to withdraw consent at any time, and doing so will be as easy as giving it. As a general rule, withdrawal of consent will not affect use of the Website.

If the User provides data through forms for queries, information requests, or other site-related reasons, they will be informed if the completion of any form is mandatory due to being essential for proper handling.

Purposes of personal data processing

Personal data is collected and managed by celiavivar.com for the purpose of facilitating, streamlining, and fulfilling the commitments established between the Website and the User or maintaining the relationship in forms filled out by the latter, or for addressing requests or inquiries.

Data may also be used for commercial, operational, and statistical personalization purposes, and activities within the scope of celiavivar.com’s business, as well as for data extraction, storage, and marketing studies to tailor content to the User and improve quality, operation, and website navigation.

When data is collected, the User will be informed about the specific purpose(s) of its processing, i.e., the intended use of the collected information.

Retention period for personal data

Personal data will be retained only for the minimum time necessary for processing and, in any case, only for the following period: 18 months, or until the User requests its deletion.

When data is collected, the User will be informed about the data retention period or, if not possible, the criteria used to determine that period.

Recipients of personal data

The User’s data may be shared with the following recipients or categories of recipients:

• Google Analytics
• Google Search Console

If the Data Controller intends to transfer data to a third country or international organization, the User will be informed of the destination and whether a Commission adequacy decision exists at the time of data collection.

Personal data of minors

In accordance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only individuals over the age of 14 may lawfully consent to personal data processing by celiavivar.com. If the user is under 14, parental or guardian consent is required, and processing will be considered lawful only to the extent that it was authorized.

Confidentiality and security of personal data

celiavivar.com undertakes to implement appropriate technical and organizational measures, according to the level of risk, to ensure the security of personal data and prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

The Website uses an SSL certificate (Secure Socket Layer), ensuring that personal data is transmitted securely and confidentially between the server and the User via encrypted transmission.

However, as celiavivar.com cannot guarantee the complete security of the Internet or the absence of hackers or other fraudulent access, the Data Controller commits to notifying the User without undue delay if a data breach likely to result in a high risk to their rights and freedoms occurs. Per Article 4 of the GDPR, a data breach is any security incident that causes accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Personal data will be treated as confidential by the Data Controller, who ensures—via legal or contractual obligation—that confidentiality is respected by employees, partners, or any party given access to such information.

Rights related to personal data

Users have the following rights under the GDPR and Organic Law 3/2018:

• Right of access: To know whether celiavivar.com is processing their data and access that information.
• Right to rectification: To correct inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”): To delete personal data when it is no longer needed, when consent is withdrawn, when processing is unlawful, or under other legal obligations.
• Right to restriction of processing: To request restriction in cases of contested accuracy, unlawful processing, or pending resolution of an objection.
• Right to data portability: To receive personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to object: To oppose the processing of their data by celiavivar.com.
• Right not to be subject to automated decision-making: Including profiling, unless permitted by law.

Users may exercise these rights by writing to the Data Controller with the reference “GDPR-celiavivar.com,” including:

• Name, surname(s), and ID copy (or valid legal substitute).
• Specific request or access details.
• Notification address.
• Date and signature.
• Supporting documents for the request.

Requests can be sent to:

• Postal address: Avda Carlos Haya 60 9a Málaga (29010), Málaga, Spain
• Email: celia@celiavivar.com

Links to third-party websites

The Website may contain links to third-party websites not operated by celiavivar.com. Each site will have its own privacy policy, and its operators are responsible for their own data handling practices.

Complaints to supervisory authorities

If the User believes their personal data is being mishandled or there is a violation of the law, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority. In Spain, this authority is the Spanish Data Protection Agency.

II. Acceptance and Changes to this Privacy Policy

It is necessary for the User to have read and agreed with this Privacy Policy, as well as consent to the processing of their personal data for the Data Controller to carry out such processing in the manner, periods, and purposes stated. Use of the Website implies acceptance of this Privacy Policy.

celiavivar.com reserves the right to modify this Privacy Policy, based on its own discretion or due to legislative, jurisprudential, or regulatory changes. Changes will not be explicitly notified to the User. Users are advised to review this page regularly.

This Privacy Policy was last updated to comply with Regulation (EU) 2016/679 and Organic Law 3/2018. Last updated: 10/04/2025.