This English translation is provided for convenience only. The original Spanish version prevails for all legal purposes.
Privacy Policy
SHOP AND ROLL (and/or its corresponding affiliated companies) is committed to protecting and respecting your privacy while you visit this website (the “Website”).
This “Privacy Notice” or “Policy” (together with other documents referenced in it) describes what personal information we collect and how we collect, use and process it.
This Privacy and Cookies Policy applies to SHOP AND ROLL websites and other group companies and, specifically, to:
- SHOP AND ROLL, S.L. Spain, registered office at C/ Montalbán no. 7, postcode 28014, Madrid, with Tax ID (CIF) number B-87705323.
- SHOP AND ROLL ESPAÑA, S.L., registered office at San Miguel Industrial Estate, C/ Río Martín no. 6, postcode 50830, Villanueva de Gállego, Zaragoza, with Tax ID (CIF) number B70717160.
SHOP AND ROLL, S.L. is the entity owning the websites shopandroll.com and tiendashopandroll.com.
This legal notice also applies to SHOP AND ROLL’s other assets, including all SHOP AND ROLL entities: mobile applications, websites, domains, subdomains and pages and profiles of any of them on social networks.
Please note that some of the websites above may have particular or specific terms derived from their nature. We recommend you access and read them before browsing.
Data protection and cookies notice
1.1. Identity of the data controller
This data protection policy regulates the data processing carried out by the SHOP AND ROLL companies identified above.
1.2. Purposes of data processing
The data provided by the user through different means (forms, contracts, etc.) are collected by the responsible company in accordance with current data protection legislation. In each of these means we inform of the purpose of the data processing, which is carried out solely and exclusively if you have authorised that processing.
Below we detail the information related to the different purposes for which we may collect your data. The details of the processing of your data, according to the collection purpose, are:
| Processing | What we will use your data for | How long we will keep your data |
|---|---|---|
| User registration and management | Data will be processed for contractual management, to provide the service or product you purchase, accounting management, and to improve our services and products. We will build a commercial and credit profile based on the information provided. | We will retain your data while the commercial relationship with you continues. Once it ends, we will keep the minimum information required by commercial and tax legislation. |
| Commercial communications | We will send you information about our products, services and activities. | Your personal data will be kept until you request to unsubscribe. You may ask for them to be deleted at any time using the information shown in each communication. |
| Contact channels | We will process your data to reply to your request, questions or queries. | Your personal data will be kept until your request has been answered and the appropriate actions have been carried out. They will then be deleted, except where they involve company liabilities or actions. |
No automated decisions are made from the data provided.
Only the data you have provided will be processed for the purpose you were informed of and authorised. Your data will not be transferred to third parties unless you have expressly authorised it.
The legal basis for processing your data is the management and provision of the services and products you have requested and expressly authorised.
1.3. Sharing your data with third parties
Data may be communicated to the other group companies if there is a legitimate interest on our part or if you request it, and where applicable to third parties (invoicing, satisfaction surveys, training, etc.) for purposes of customer management, order tracking, invoicing, system security, etc.
This management of your data is carried out solely and exclusively to guarantee the effectiveness of the services we offer you.
SHOP AND ROLL has rules and protocols that govern the security of the processing of your data and guarantee that they will not be used for any other purpose or by third-party companies other than those you have authorised and been informed of.
1.4. International transfer of personal data
Your personal data will not be transferred outside the European Economic Area nor to countries that do not have a level of compliance equivalent to that required by law, without your prior express authorisation.
1.5. Voluntary nature of the information provided and accuracy of data
You provide your data to us voluntarily at all times and therefore guarantee that the personal data supplied are true; you are in any case responsible for the truthfulness of the data provided. We reserve the right to exclude from the services any user who has provided false data, without prejudice to any other legal action.
1.6. Your rights when providing us with your data
At any time you can exercise the rights recognised by applicable legislation, including:
- Access your data: request which data we hold about you and how we use them, and even ask us to hand them over so you can port them to another company.
- Rectify your data: request the modification or correction of inaccurate data.
- Delete your data: request that your data be removed and no longer processed, beyond what the law requires us to keep.
- Object to a processing activity: ask us not to make a specific use of your data.
To do so, you can send a letter indicating which right you wish to exercise (access, rectification, deletion, opposition or data portability), attaching a copy of an identification document, to the postal address or registered office of the Data Protection Officer.
You can also request more information at privacy@shopandroll.com or contact our Data Protection Officer at dpd@shopandroll.com.
Remember that, if you are not satisfied with the way we process your data, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es).
If you wish to stop receiving email communications, you can unsubscribe through the link provided in each email you receive from SHOP AND ROLL or any of its subsidiaries.
Information about cookies and other trackers used by SHOP AND ROLL
SHOP AND ROLL, through its applications and websites, uses cookies and other trackers for different purposes. Cookies are files generated on your device when you browse any of SHOP AND ROLL’s applications or websites. These files may store information about your browsing habits or simply remember that you are a registered user. SHOP AND ROLL or third parties may access the information contained in these files, which is why it is important that you decide whether or not to accept this processing.
You can access the Cookie Policy at this link.
Record of Processing Activities
We have prepared a document where you can find information about the processing categories carried out in the company.
SHOP AND ROLL’s information quality and security policy
SHOP AND ROLL has implemented an information quality and security management system to try to meet or exceed the expectations of its users, contacts, clients, workers and suppliers. The established processes are audited periodically and are reviewed whenever processes are improved or an event relevant to SHOP AND ROLL occurs. The main objectives of these processes are:
- Mitigate risks by keeping technical and organisational security measures in place.
- Guarantee the confidentiality, availability and integrity of both personal data and industrial secrets.
- Be proactive in complying with the full set of regulations applicable to the business activity.
- Choose only suppliers that meet equivalent or higher standards on quality and security.
- Keep a secure record of assets and their changes.
- Achieve a high level of credibility and trust among third parties and suppliers.
- Raise awareness among workers and collaborators about physical and logical security through an ongoing training process.
The processing of personal data is carried out by SHOP AND ROLL always after applying appropriate technical and organisational measures to guarantee a level of security appropriate to the risk. Each of these measures seeks to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services. Likewise, SHOP AND ROLL regularly performs verification, evaluation and assessment processes on the effectiveness of the technical and organisational measures to guarantee processing security. The minimum measures that SHOP AND ROLL has deployed are as follows:
a) Physical
- “Clean desk” policy.
- Minimum use of paper or similar media.
- Password-protected printer with output trays inaccessible to third parties.
- Document destruction service.
- Fire-resistant materials for storing data and paper-based information.
- Documents classified and labelled.
- Workplaces protected by in-house and outsourced security measures, with systems that restrict or mitigate access by unauthorised persons.
b) Logical
- At SHOP AND ROLL we only and always use original, up-to-date, officially licensed software.
- Dual-use terminals have a dedicated profile for professional purposes only.
- Disk encryption and, additionally, per-file encryption.
- Ability to quickly restore the availability of and access to personal data in the event of a physical or technical incident, through a dedicated service.
- Firewall and up-to-date endpoint protection systems on all terminals.
- For remote access, mobile tethering is used except on trusted networks.
- Different passwords for each application, changed on a regular basis.
- 2FA systems on applications and websites.
- SHOP AND ROLL’s websites have encryption and specific security systems. The status of security measures is reviewed regularly, both manually and through forensic tools designed for these tasks.
- Other usual protection tools: session lockout when device use stops, privacy screen filters for mobile use, password-protected screensavers, etc.
Security measures are reviewed periodically, both manually and through specific software.
c) Organisational and training
SHOP AND ROLL has secure data management protocols such as systems that separate access to data by department, an active privileges table or continuous training for all workers on personal data protection and information security.
d) Mandatory rules for resource management
Email and other data storage or communication tools, as well as fixed or mobile terminals, are work tools provided exclusively by SHOP AND ROLL for the performance of labour or commercial duties as set out in the contract, and may not be used for personal or domestic purposes, or for professional purposes other than those agreed. SHOP AND ROLL may make backups and access the content arising from the use of these resources solely for the purpose of monitoring compliance with labour, statutory or contractually established obligations and to safeguard the integrity of those devices. In any case, access will be carried out in accordance with data protection regulations and with due regard for the privacy of those concerned.
Applicable regulations and dispute resolution channels
This legal, privacy and cookies notice is written in Spanish, will remain accessible via the internet on this same website and must be interpreted in accordance with the regulations applicable in Spain.
If you want more information, report any issue or ask any question, you can contact SHOP AND ROLL through the addresses indicated at the beginning of this notice.
This policy was last reviewed on 26/09/2024.
