In compliance with the provisions of the General Data Protection Regulation 2016/679 (GDPR)
and the Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD) of
December 5, 2018, we inform:

PERSON IN CHARGE OF THE PROCESSING

Identity: Janette Lockett with NIE X0945597K hereinafter “the Owner”
Address: URB. ALHAURÍN GOLF BUZON 114; 29120; ALHAURIN EL GRANDE – MÁLAGA
Phone: 687 366315
Contact email: janette@art-equus.com

PURPOSE OF DATA PROCESSING

We inform you that the data you provide will be processed for the purposes of marketing our
products, managing orders and purchases made through the website, and issuing invoices. This
includes handling any incidents related to the order, responding to contact requests, inquiries,
and/or questions received through the contact channels available on the website. It also
includes facilitating, expediting, and fulfilling the commitments established between the
Controller and the user, as well as maintaining the resulting relationship.
In accordance with the provisions of the GDPR, a record of processing activities is maintained,
specifying, according to their purposes, the processing activities carried out and the other
circumstances established by the Regulation.
Personal information will not be used for purposes other than those related to the contracted
services or purchased products. No automated decisions will be made based on such profiles.

 LEGAL BASIS FOR DATA PROCESSING

The legal basis for data processing is as follows:
The consent given by the user by accepting this Policy and checking the corresponding
box. 
The user has provided their personal data within the framework of a contractual or
pre-contractual relationship for the purpose of responding to their request and/or
inquiry, making the processing necessary to maintain that relationship. 
The legal obligations applicable to the Controller that require the processing of
personal data, in accordance with the services provided or in relation to tax matters.

PERSONAL DATA PROCESSED AND SOURCE 

Depending on the user’s interaction with the website, the personal data we may process
includes: identifying information, contact details, browsing data, access or account data (if the
user creates an account), and financial or payment data (if a purchase is made). These data are
provided by the user when contacting the Controller, filling out the relevant form(s), or using
other functionalities offered on the website. 

The use of contact sections, forms, and/or other website functionalities is voluntary. However,
completing certain fields or providing data may be necessary to correctly manage your
request. Therefore, refusal to provide the required information may prevent the Controller
from properly handling and responding to it.
The user guarantees that the data provided is truthful, accurate, and complete. Data will be
canceled, deleted, or blocked when inaccurate, incomplete, or no longer necessary or relevant
for the purposes for which they were collected, in accordance with applicable law.
If the personal data provided belongs to a third party, the user guarantees that they have
informed said third party about this Privacy Policy and obtained their authorization to provide
the data for the purposes described. The user is also responsible for ensuring the data is
accurate and up to date and shall be liable for any direct or indirect damages that may arise
from non-compliance with this obligation.

DATA PROTECTION FOR MINORS 

According to the GDPR and the LOPDGDD (Spanish Data Protection Law), only individuals over
14 years of age may legally consent to the processing of their personal data. For minors under
14, the consent of their parents or legal guardians is required.

LINK POLICY AND SOCIAL MEDIA 

The website may include links to third-party websites, such as social media platforms where
the Controller has a presence. These sites have not been reviewed and are not subject to
control by the Controller. The Controller is not responsible for any content freely posted by the
user. Users should be aware that their posts may be visible to others and, therefore, they are
primarily responsible for their own privacy.

DATA RETENTION PERIOD

The personal data provided by the user will be retained while the user remains registered for
the service, while the business relationship remains in effect, or until the user requests its
deletion, or for the legally established period. Data may also be retained as necessary to
comply with legal obligations or for the formulation, exercise, or defense of legal claims.
If the user withdraws consent or exercises their rights to object or request deletion, the data
will be blocked and made available to the judicial authorities during the legally established
periods to address any potential liabilities arising from the data processing. This will not
condition the provision of the service and/or execution of contracts with the Controller.
The withdrawal of consent shall not affect the lawfulness of processing based on prior consent.

 CONFIDENTIALITY AND SECURITY OF PERSONAL DATA

The Controller undertakes to adopt the necessary technical and organizational measures,
appropriate to the level of risk, to ensure the security of personal data and to prevent its
accidental or unlawful destruction, loss, alteration, or unauthorized access or disclosure. 

Personal data will be treated as confidential, and the Controller will ensure, by legal or
contractual obligation, that such confidentiality is respected by employees, collaborators, and
any other individuals who may have access to the data.

DISCLOSURE AND RECIPIENTS OF PERSONAL DATA

Your personal data will only be disclosed when legally required to comply with obligations
applicable to the Controller or when necessary to fulfill the purposes described above.
Data may also be disclosed to service providers contracted by the Controller, with whom the
corresponding data processing agreements have been signed to ensure the security and
confidentiality of the data.

USER RIGHTS

 What are your rights when you provide us with your data?
The user has the right to obtain confirmation as to whether their personal data is being
processed. They also have the right to access their data and request the rectification of
inaccurate data, or request its deletion when it is no longer necessary for the purposes for
which it was collected. In certain cases, the user may request the restriction of processing, in
which case the data will only be retained for the exercise or defense of legal claims.
In specific circumstances, and for reasons related to their personal situation, the user may
object to the processing of their data. In that case, the Controller will cease processing the
data unless there are compelling legitimate grounds or for the exercise or defense of legal
claims. Where legally applicable, the user has the right to data portability, allowing them to
receive the personal data provided and transmit it to another controller.
Users may exercise their rights of access, rectification, deletion, objection, restriction of
processing, data portability, and opposition to automated individual decision-making by
sending a written request, including a copy of their ID for identification purposes, with the
reference “GDPR Rights” to the following email address: janette@art-equus.com
Furthermore, users are informed that they may file a complaint with the Spanish Data
Protection Agency (AEPD) via www.aepd.es , the competent supervisory authority in Spain.