Privacy Policy

I. PRIVACY AND DATA PROTECTION POLICY

In compliance with current legislation, Aisthetic Agency (hereinafter also referred to as “the Website”) undertakes to adopt the necessary technical and organizational measures according to the appropriate level of security corresponding to the risk of the collected data.

Laws Incorporated into This Privacy Policy

This Privacy Policy is adapted to the current Spanish and European regulations on the protection of personal data on the internet. In particular, it complies with the following:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR).
  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
  • Royal Decree 1720/2007, of 21 December, approving the Regulation implementing Organic Law 15/1999, of 13 December, on the Protection of Personal Data (RDLOPD).
  • Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The data controller responsible for processing personal data collected on Aisthetic Agency is:

Marnoria Media, SL 
VAT No.: ESB72534613
(hereinafter, the “Data Controller”)

Contact details:
Address: Frederic Soler 68, 1-1
City: Cornella de Llobregat (Barcelona)
Zip Code: 08940
Email: info@aisthetic.agency

Registration of Personal Data

In compliance with the provisions of the GDPR and the LOPD-GDD, you are informed that personal data collected by Aisthetic Agency, through the forms provided on its web pages, will be incorporated into and processed in our file for the purpose of facilitating, expediting, and fulfilling the commitments established between Aisthetic Agency and the User, or maintaining the relationship established in the forms completed by the User, or to respond to a request or inquiry.

In accordance with Article 30.5 of the GDPR, unless exempted, a record of processing activities is maintained that specifies, according to its purposes, the processing operations carried out and all other circumstances required by the GDPR.

Principles Applicable to the Processing of Personal Data

The processing of the User’s personal data shall be subject to the following principles, as set out in Article 5 of the GDPR and Articles 4 et seq. of Organic Law 3/2018:

  1. Lawfulness, fairness, and transparency: The User’s consent shall be required at all times following transparent information about the purposes for which the data is collected.
  2. Purpose limitation: Data shall be collected for specified, explicit, and legitimate purposes.
  3. Data minimization: Data collected shall be adequate, relevant, and limited to what is necessary for the purposes of processing.
  4. Accuracy: Data must be accurate and kept up to date.
  5. Storage limitation: Data shall be kept only as long as necessary for processing purposes.
  6. Integrity and confidentiality: Data shall be processed in a manner ensuring appropriate security and confidentiality.
  7. Accountability: The Data Controller shall be responsible for ensuring compliance with all of the above principles.

Categories of Personal Data

The categories of data processed by Aisthetic Agency are strictly identification data.
No special categories of personal data, as defined in Article 9 of the GDPR, are processed.

Legal Basis for Data Processing

The legal basis for the processing of personal data is consent.
Aisthetic Agency undertakes to obtain the express and verifiable consent of the User for the processing of their personal data for one or more specific purposes.

The User may withdraw their consent at any time. Withdrawal shall be as easy as giving consent. As a general rule, withdrawal of consent shall not affect the use of the Website.

Whenever the User is required to provide personal data through forms (e.g., to make inquiries or requests), the User shall be informed whether completion of the form is mandatory because such data is necessary for the proper execution of the intended operation.

Purposes of Processing Personal Data

Personal data are collected and managed by Aisthetic Agency in order to facilitate, expedite, and fulfill the commitments established between the Website and the User, or to maintain the relationship established in the forms completed by the User, or to respond to a request or inquiry.

Additionally, the data may be used for commercial, operational, and statistical purposes, as well as for activities related to the corporate purpose of Aisthetic Agency, including data extraction, storage, and marketing research aimed at adapting the content offered to the User and improving the quality, functionality, and browsing experience of the Website.

At the time personal data are obtained, the User shall be informed of the specific purpose(s) for which the data will be processed.

Data Retention Periods

Personal data will only be retained for the minimum period necessary for the purposes of processing and, in any case, for no longer than 18 months, or until the User requests their deletion.

At the time personal data are collected, the User shall be informed of the retention period or, if this is not possible, of the criteria used to determine such period.

Recipients of Personal Data

The User’s personal data will be shared with the following recipient:
Marnoria Media, SL

If the Data Controller intends to transfer personal data to a third country or international organization, the User shall be informed at the time of data collection of the destination country or organization and the existence or absence of an adequacy decision by the European Commission.

Personal Data of Minors

In compliance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, only Users aged 14 or older may lawfully give consent for their personal data to be processed by Aisthetic Agency. For minors under 14, the consent of parents or guardians is required, and processing shall be lawful only to the extent that such authorization has been provided.

Confidentiality and Security of Personal Data

Aisthetic Agency undertakes to adopt the necessary technical and organizational measures appropriate to the level of risk to ensure the security of personal data and prevent their accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

The Website is secured with an SSL (Secure Socket Layer) certificate, ensuring that all data transmissions between the server and the User are encrypted and confidential.

However, as Aisthetic Agency cannot guarantee the absolute invulnerability of the internet or the total absence of fraudulent access by third parties, the Data Controller commits to notifying the User without undue delay of any personal data breach that may pose a high risk to the rights and freedoms of natural persons, in accordance with Article 4 of the GDPR.

Personal data shall be treated as confidential by the Data Controller, who shall ensure, by legal or contractual obligation, that such confidentiality is respected by all employees, partners, and any person granted access to the information.

Rights of the User

The User has, and may therefore exercise against Aisthetic Agency, the following rights recognized in the GDPR and Organic Law 3/2018:

  • Right of access: To obtain confirmation of whether or not their data is being processed and to access such data and related information.
  • Right to rectification: To correct inaccurate or incomplete personal data.
  • Right to erasure (“right to be forgotten”): To request the deletion of their data when it is no longer necessary, consent has been withdrawn, or the data has been unlawfully processed, among other reasons.
  • Right to restriction of processing: To limit processing in certain circumstances (e.g., contesting accuracy, unlawful processing, etc.).
  • Right to data portability: To receive their personal data in a structured, commonly used, and machine-readable format and transmit it to another controller where technically feasible.
  • Right to object: To object to the processing of their data.
  • Right not to be subject to automated decision-making, including profiling: To refuse any automated processing that produces legal effects or significantly affects them.

To exercise these rights, the User may send a written communication to the Data Controller, referencing “GDPR – [https://www.aisthetic.agency/]”, including:

  • Full name and a copy of the User’s ID or equivalent document (and proof of representation, where applicable).
  • Specific request detailing the information or right being exercised.
  • Address for notifications.
  • Date and signature.
  • Any supporting documentation.

Requests shall be sent to:
Postal address: Frederic Soler, 68, 1-1, Cornella de Llobrega (08940)
Email: info@aisthetic.agency

Links to Third-Party Websites

The Website may contain hyperlinks to third-party websites not operated by Aisthetic Agency. The owners of such websites are responsible for their own data protection policies and practices.

Complaints to the Supervisory Authority

If the User believes that their personal data are being processed in violation of applicable data protection regulations, they have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement.
In Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD): https://www.aepd.es/

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and agree with the conditions regarding personal data protection contained in this Privacy Policy and must consent to the processing of their data so that the Data Controller may proceed in accordance with the purposes and timeframes stated herein. Use of the Website implies acceptance of this Privacy Policy.

Aisthetic Agency reserves the right to modify this Privacy Policy at its own discretion or as a result of legal, jurisprudential, or regulatory changes.
Changes or updates will not be explicitly notified to the User. Users are encouraged to review this page periodically to remain informed of any updates.

This Privacy Policy was last updated to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights.