OA Well-Made is a brand that allows its users (“you”) to buy any available items through its website. We are OA S.L. (“us”), as owner and responsible for your data treatment, manage and process our website.
We appreciate the trust that you place in us by giving us you personal. We will always use your personal information in a way that is fair and worthy. We are very committed to act safely and confidentially when treating the personal data you give us during the purchase process or subscription to our services.
- WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA TREATMENT?
- PERSONAL DATA
- WHAT DATA WE COLLECT?
- WHY AND FOR WHAT WE COLLECT YOUR DATA?
- WHAT DO WE DO WITH YOUR DATA?
- WITH WHO WE SHARE YOUR DATA?
- THIRD PARTIES AND EXTERNAL LINKS
- HOW LONG DO WE KEEP YOUR DATA?
- WHERE ARE THEY COLLECTED?
- WHO IS RESPONSIBLE FOR PRECISION AND VERACITY OF PROVIDED DATA?
- ABOUT MINORS
- COOKIES AND OTHER WEB TECHNOLOGIES
- YOUR RIGHTS AND HOW TO EXERCISE THEM
- INTERNATIONAL TRANSFERS
- CHANGES IN OUR POLICIES
- DATA PROTECTION REPRESENTATIVE
- HOW TO CONTACT WITH US
1. WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA TREATMENT?
Brand name: WE ARE OA S.L. (henceforth OA or “us”)
Who we are: a Spanish company with VAT number B-93627230, registered in the Commercial Register of Malaga, volume 5746, page 150, entry 145996.
Registered office: C/ JOSEFA DEL RÍO PEÑA, 2 – 29018 MÁLAGA
CIF number: B93627230
Email: if you want to make a legal enquiry or have any question about your personal data treatment, do not hesitate to email us at email@example.com
2. PERSONAL DATA
“Personal data” refers to any personal information that allows the identification of the individual, either directly or indirectly, such as name, phone number, address, email, birthdate, password and payment method. Anonymous data are not included.
During our commercial transactions, we collect and process your personal data in several ways. We can collect personal data directly provided to us, but also through your interaction with our services such as our website cookies.
In addition, we can receive information from third parties.
You can choose not to provide your personal information. However, in order to complete your purchase and delivery process in our website, we need you to provide us with some data. Also, we may need some information in case you need to contact our Customer service.
You can identify required information in our website through some signs. If you do not provide us with required information, we won’t be able to process your purchase.
3. WHAT DATA WE COLLECT?
You will need to provide the following data collection in order to use our subscription services or buy products:
- Name, address and birth date
- Telephone number and email
- Payment and return information
- IP address, date and hour in which you had access to our services, browser and operating system data
- Any other information or data you decide to share with us
Occasionally it will be mandatory to fill in the registration form in order to access and enjoy some services offered in our website. Also, if you do not provide the required personal data or you do not accept this data protection policy you will not be allowed to subscribe, sign in or participate in any promotion that requires personal data.
- Direct information requested and collected: If you buy in our website, we will request you and collect the following information: full name, telephone number, full address, email, list of purchase products. If you only use our newsletter subscriptions services, we will only request your email.
- Direct information requested but not collected: If you buy in our website, we will request your payment data. We want you to know that this information will be handled by the chosen payment platform, so we do not see, collect or have any access to this information. This information is safely and confidentially processed by the payment platform. If you have any doubt about the treatment of this data, we recommend you to talk to the payment platform supplier in order to clarify any information relating to the safely treatment of this information. In any case, we promise you that we only choose reliable and renowned payment platforms that offer maximum guarantee in collection and treatment of this information.
We explain you below in detail which kind of information we collect (directly or indirectly) from any user of our website, any subscriber to our information services or any buyer:
Personal information provided by you: we collect and keep the information provided by you through our website or other ways, as detailed in the previous point.
Information about third parties: if you buy on behalf of another person (when you buy a gift, for example), you should provide his or her personal data. You need to have his or her permission before giving us his or her personal data.
Information from other sources: we may receive personal data about you from other member entities, from our commercial partners and from independent third parties that could mix with the rest of our collected personal data about you. So if you access our website through a link belonging one of our commercial partners and you have signed up with that partner, this one could share with us some information such as your contact data and your profile. For example: if you use the services of third parties (such as social media services) through our website or before visiting it, we will may collect some information like your full name, email and any other services offered by these services.
Automatic information collection: we automatically collect some information from your computer or mobile device when you visit our website. For example, we collect your profile data, including your IP address, your browser and the source website.
We may collect some information about your online activity, such as the content you have viewed, the websites you have visited and your search inside our website. We automatically collect this information in order to better know your interests and preferences and to personalize your experience in our web.
Geolocation and other information collected from your mobile phone: when you visit our website from your mobile device, we can collect and use information from your device as described in the previous point.
4. WHY AND FOR WHAT WE COLLECT YOUR DATA?
We use you the collected personal data only for specific goals such as:
- Offer you brand information, develop and handle our commercial and promotional activities (including emails campaigns, targeting, retargeting, users profiling and segmentation), and carry out studies and internal researches for reporting activities as well as brand improvement.
- Process orders or hire some of our services (online or physical stores)
- Sometimes we will need to provide information to the authoritiesor other companies because of an audit, as well as manipulate personal data from invoices, agreements and documents because of clients’ complaints or public administration.
- Develop and manage contests, draws or other promotional activities that we may organize.
- Develop commercial actions and perform the maintenance and management of the relation with the user, as well as the management of the services offered through the website and the information tasks, being able to perform automatic valuations, obtaining profiles and tasks of customer segmentation in order to customize the treatment according to their characteristics and needs and improve customer's online experience.
- Manage the delivery of the information requested.
Your personal data collected from your registration as user will be part of the Register of Activities and Treatment Operations (RAT), that will be periodically updated according to the GDPR.
5. WHAT DO WE DO WITH YOUR DATA?
When you buy something from our store, we collect personal data that you provide us such as name, address and email as a part of the trade process.
When you browse our online store, we automatically receive the Internet Protocol (IP) from your computer in order to provide us with helpful information that will let us know your browser and operating system.
Email marketing: We can email you about our store, offers and services, new items and others updates if you authorize us.
Besides commercial messages, we often send emails in order to know your level of satisfaction regarding the purchase item, the purchase process, the brand, as well as to know your opinion about future processes, items and improvements related to the brand.
Our main communication tool is the email, but sometimes we may use other contact channels such as SMS or WhatsApp, notifications in your browser (only if you have agreed to receive them), etc.
Anytime you receive any kind of information, you can let us know if you do not want to receive it anymore o reject automatic notifications. You can unsubscribe yourself from our commercial communications anytime by clicking the link “cancel subscription” in the footer of our communications or by emailing us at firstname.lastname@example.org
Please have in mind that although you have not clicked the option that agrees to receive our notifications, or even if you have cancelled your subscription, we may send you special communications such as messages relating to your purchases status.
How do you get my consent? When you provide us with personal data in order to complete any transaction, verify your credit card, place an order, arrange a shipment or request a return, our agreement for collection and use of your data for this specific raison is implied.
When we ask for your personal data for another reason such as marketing, we will ask for your express agreement o we will give you the chance of reject it.
How can I cancel my agreement? If you change your mind after the agreement, you can cancel your agreement for communication, collection, use or shareof your information anytime by emailing us at email@example.com or writing us at: We are OA S.L. Calle Josefa del Río Peña 2, Málaga, AN, 29018, Spain.
Deactivate your OA Well-Made account: you can notify us your unsubscription by emailing us at firstname.lastname@example.org We will notify your account deactivation by email. You will not have access to your historical purchases after deactivating your account.
7.WITH WHOM DO WE SHARE YOUR DATA?
We can share your personal data if law requires us or if you break our Terms of Service.
We can share your personal data with other entities such as brand partners or subsidiaries, third parties or any of our commercial partners or dealers. If we totally or partially sell or dischargeour business and that includes your personal data, or if we merge with another business, we would share your personal data with the new business owner or with the merge partner, depending on the case. If law requires us to do it, we will share your personal data in order to protect our clients and our website, as well as our business, rights and property.
We require all third parties the respect of personal data safety and its treatment according to the law. Our external services suppliers do not own our permission to use personal data for their own goals, and we only allow them to treat them for specific goals and under our instructions.
We show you more information about entities that could have access to you personal data:
Storage service suppliers and shipping company: We share your information with our storage service suppliers and shipping company so they can process your order, deliver it and resolve any incidence relating to this delivery.
External service providers that give us their services or act on our behalf, specifically, to: conduct business analysis; process data or payments; provide customer service, marketing or public relations services; disclose surveys or prize draws; or for fraud prevention purposes. Keep in mind that the payment service provider processes itself the payment information, and we or other providers of ours do not have access to it. This payment information is encrypted and secure.
In addition, we may also authorize them to collect information on our behalf, which includes, for example, what required in order to use the features of our website or provide the distribution of personalized online ads according to your interests as a user. External service providers will have access to the information and will be able to collect it insofar as they require it to perform their duties. They are not allowed to share it or use it for any other purpose.
Affiliate sides: If you have been redirected to our website from another website or app, we can share information about you.
We can also share your information with third parties if we believe that it is necessary following the next circumstances:
- In order to obey summons, court orders or other legitimate and demandable legal process; to establish or exercise our legal rights; to protect us from judicial actions o any other case required by law. In those cases, we reserve the right to report or withdraw any objection or legal right belonging to us.
We will share collected data with police forces and other government bodies if we are legally required to do it.
- In order to investigate, prevent or take measures regarding to illegal or allegedly illegal activities; to protect and defend our rights, our property, our safety, our users and other people; and according to these use conditions or other agreements, even with our partners or dealers.
- Relating to a corporate transaction, like asettlement, merge, purchase, consolidation or asset sale or in the unlikely event of bankruptcy.
Apart from these regulations, and when necessary according to the applicable legislation, you will be informed when your data will be shared with third parties, and, if you wish, you can ask us not to share them.
We also may share anonymous or provided information with third parties, including advertisers and investors. For instance, we may communicate to our advisers the website visitors number or bestseller items. This information doesn’t include any data.
Our store is hosted on Shopify Inc. They supply the online trading platform that allows us to sell our goods and services.
Your data are stored through Shopify data storage, database and Shopify general app. Your data are stored in a safety server protectedbya firewall.
If you chose a direct payment method in order to complete your order, Shopify will store your credit card data, which is encoded through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transactions data are only stored when necessary in order to complete your purchase. Once it is completed, your purchase transaction information is deleted.
All direct payment gateways join the standards established by the PCI-DSS as indicated by the PCI Security council, which is a joint effort from brands like Visa, MasterCard, American Express and Discover.
Requirements from PCI-DSS help us to guarantee the safe management of credit card information by shops and their suppliers.
If you wish simpler information, you should read Shopify Service Conditions or its Privacy statement.
9.THIRD PARTIES AND EXTERNAL LINKS
In general terms, our third parties suppliers will only collect, use and share your information when they need it in order to perform the supplied services.
For these suppliers, we recommend you to read the privacy policies in order to understand the way in which your personal data will be process.
Remember that some suppliers may be placed in a jurisdiction other than ours.
Then, if you want to proceed with a transaction that includes third parties supplier services, your data can be subject to the jurisdiction law in which the supplier is located.
For instance, if you are in Canada and your transaction is processed by a payment gateway located in the United States, then your personal data necessary to complete the transaction may be shared according to the United States legislation, including the Patriot Act.
10.HOW LONG DO WE KEEP YOUR DATA?
Data processing with described goals will be kept during the time required to meet its collection goal (for instance, during our trade relationship), as well as legal obligations derived from data processing.
We can store some of the information related to your purchase or your subscriptions, mainly for purposes of analysis or for the maintenance of such records. The retention period of your personal data depend on collection goals and on our use of them.
We will only keep your personal information during the time required to meet goals described in section 4 or to meet our legal obligations.
The storage time for commercial purposes will be 3 years from the date of your last activity (which means your last purchase), or the interaction or reading of some of our newsletter. After this time, we will ask you again for denoting if you want to keep receiving this information and staying in contact with us. We will renew this contact only in the case that you confirm your interest. Otherwise, we will not keep any trade contact with you and it will be reactivated only if you make a new order or you subscribe yourself again to our newsletters.
We may store certain personal information during longer time if we need it for meeting our legal obligations, keeping our safety, preventing scams or abuses and defending or exercising our rights. If you decide to request the complete elimination of your personal data in our system, we commit ourselves to deregister them from our website usually within 14 days.
11.WHERE ARE THEY COLLECTED?
In general terms, data are stored within the EU. We will provide enough safety to the data sent to third parties not belonging to the EU, either because they have Binding Corporate Rules (BCR) or because they have joined the Privacy Shield.
12.WHO IS RESPONSIBLE FOR PRECISION AND VERACITY OF PROVIDED DATA?
User is responsible for the veracity and correction of included data, exonerating WE ARE OA S.L. from any responsibility.
Users guarantee and answer for veracity, validity or authenticity of provided personal data and they undertake to keep them updated. User agrees to provide complete and correct information in the registration form. WE ARE OA S.L. reserves the right to finish hired services by users in the event that provided data are false, incomplete, imprecise or not current.
WE ARE OA S.L. takes no responsibility for veracity of external information in which other source is indicated, so neither takes responsibility for hypothetical damages originated by the use of this information.
WE ARE OA S.L. reserves the right to update, modify or delete content information in their websites, having the right of limiting or forbidding the access to this information. WE ARE OA S.L. is not responsible for any damage or harm suffered by any user due to mistakes, imperfections or omissions in the information provided by WE ARE OA S.L. when it comes from external sources.
Additionally, the user assures to be older than 18 and to have enough legal capacity to agree the personal data treatment.
When you use this website, you agree to assure that you are an adult in your place of residence, or that you are an adult in your place of residence and you give us your consent to allow that a minor under your tutelage uses this site.
NOTE: our services are not directed to minors. However, if any of them are directed to users under fourteen, according to section 8 on GDPR and section 7 on Law LO3/2018, December 5th (LOPDGDD), WE ARE OS S.L. will request for a valid, free, unequivocal, specific and informed consent of their legal guardian for the treatment of minor personal data. In this case, the person who gives the consent has to provide an ID or any other form of identification.
In the case of a user older than fourteen, its consent is enough to treat the data, except in those cases in which the law requires the assistance of the custodial parent or legal guardian.
In order to protect your personal information, we take some reasonable precautions and we carry out the best practices of the industry to be sure that your personal data will not suffer any inappropriate losses, misuses, accesses, divulgations, changes or destructions.
We want you to use our website confidently. For it, we undertake to protect collected information. Although no website can ensure total security due to difficulties attached to online businesses, we have introduced and kept organizational, technical, administrative and physical measures suitable to protect your provided personal data against unauthorized or illegal access, information disclosure,as well as against accidental loss, damages, changes or destruction. We also use third parties services able to provide us with technologies with the same level of guarantee, safety and confidence.
If you give us your credit card information, this information will be encrypted and encoded. Although any online transmission method or digital storage is 100% safe, we meet all the requirements and introduce additional rules approved by the industry.
We have also taken the personal data protection safety levels that are legally required. And we also try to introduce other additional ways and technical measures at your disposal to avoid the loss, misuse, change, unauthorized access and theft of your provided personal data.
We are not responsible for hypothetical damages or harms caused by interferences, omissions,interruptions, viruses, telephone troubles or disconnections in the operational functioning of this electronic system, driven by external reasons; for delays or blockades of this digital system caused by failures or overloading of telephone lines or overloading in the Data Process Center, in the Internet o in other digital systems, as well as damages caused by third parties through illegal interferences that WE ARE OA S.L. can not control. However, the user must be aware that Internet security measures are not invulnerable.
15.COOKIES AND OTHER WEB TECHNOLOGIES
In compliance with the Directive 2009/136/CE, developed in our legislation by second section of article 22 of the Law of Information Society Services, following the guidelines of the Spanish Data Protection Agency, we proceed to inform you in detail of the use that is made in our web.
Cookies are small files recorded in the browser used by each visitor of our website so that the server can remember that user’s visit later when he/she returns to our contents. This information does not reveal your identity or any personal data, or access to the content stored in your computer, but it does allow our system to identify you as a certain user who has visited the web previously, viewed certain pages, etc. and also allows to save your personal preferences and technical information such as visits made or specific pages you visit.
The purpose of Cookies is to provide the User with faster access to the Services selected.
If you do not want cookies to be stored in your browser or you prefer to receive information each time a cookie requests to install, you can set up your browsing options to make it that way. Most browsers allow the management of cookies in 3 different ways:
- Cookies are always rejected;
- The browser asks if the user wants to install each cookie;
- Cookies are always accepted;
Your browser may also include the possibility of choosing in detail the cookies that you want to install on your computer. Specifically, the user can usually accept one of the following options:
- Reject cookies from certain domains;
- Reject third parties cookies;
- Accept cookies as non persistent (they are deleted when the browser is closed);
- oAllow the server to create cookies for a different domain.
In order to allow, to know, to block or to delete the cookies installed on your computer you can do it by setting up the options of the browser installed on your computer.
You can find information about how to configure the most used browsers in the following locations:
- Internet Explorer: Tools -> Internet options -> Privacy -> Setting. For more information, you can check the Microsoft support or the browser Help.
- Firefox: Tools -> Options -> Privacy -> History -> Custom settings. For more information, you can check the Mozilla support or the browser Help.
- Chrome: Settings -> Show advanced settings -> Privacy -> Content settings. For more information, you can check the Google support or the browser Help.
- Safari: Preferences -> Security. For more information, you can check Apple support or the browser Help.
Please find below some of the cookies that we use. We show them to you so you can choose whether keep them or not.
_session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
_secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
16.YOUR RIGHTS AND HOW TO EXERCISE THEM
You can exercise your rights making a request at the email email@example.com We will write you back as soon as possible so you can exercise those rights within a month as time limit. We can ask you to provide us a copy of your ID so you can confirm your identity and we can guarantee you the right to access to your personal data (or exercise any other of your rights). This is a security measure aimed to ensure that personal data are not revealed to anyone who does not have the right to receive them.
We may also contact you asking for more information about your request in order to accelerate our answer.
According to the GDPR you can request:
- Right of access: you can request information about our collected personal data from you
- Right of rectification: you can manifest any change in your personal data
- Right of elimination and to be forgotten: you can request the elimination of your personal data after blockade
- Right of limitation: it implies the restriction of personal data treatment
- Right of disagreement: you can withdraw your consent for data treatment and object to its treatment
- Right of portability: sometimes, you can ask for a copy of your personal data in a structured format, of common useand machine-readable to share it with other responsible.
- Right of not being subject of individual decisions: you can request that decisions are not taken basing on automatic treatment, including profiling, that it produces legal effects or significantly affect the applicant.
Sometimes, we may reject your request if you request to delete necessary data for legal obligations.
If you have any complaint about data processing you can make a complaint to the data protection authority.
Personal data transfer are made:
- to countries or companies which have the European Commission acknowledgment for providing a correct protection level; or
- to countries which do not offer a correct protection but whose transfers are based on standard contract terms of the European Commission.
18.CHANGES IN OUR POLICIES
If our shop is purchased or merged with another company, your information can be transferred to the new owners to keep selling you goods.
19.DATA PROTECTION REPRESENTATIVE
20.HOW TO CONTACT WITH US
If you want to contact us to exercise your rights, fill a complaint or you just want more information, you can email us at firstname.lastname@example.org or contact us by postal mail in the address Calle Josefa del Río Peña 2 (29018 Málaga – Spain).