Privacy is of great importance to Arimar Moda, S.L. and we want to maintain an open and transparent attitude when dealing with your personal data, so we have a policy that sets out how they are treated and protected.
Who is responsible for the processing of your personal data?
Arimar Moda, S.L. is responsible for the processing of personal data you provide and is responsible for such personal data, in accordance with applicable regulations on data protection.
The access data are:
Arimar Moda SL
VAT NUMBER B66841537
With registered office in:
C/Energia 7, First Block, second floor
Contact email: firstname.lastname@example.org
Where do we store your data?
The data we collect about you is stored on a server hosted within the European Economic Area ("EEA"). Any transfer of your personal data will be carried out in accordance with applicable laws.
To whom do we communicate your data?
We never pass, sell, or exchange your personal data with third parties outside the Arimar Moda Group.
Your data is only used, by Arimar Moda, S.L., to send your orders and newsletters about news.
What is the legal basis for the processing of your personal data?
In each specific treatment of personal data collected about you, we will inform you whether the communication of personal data is a legal or contractual requirement, or a necessary requirement to enter into a contract, and whether you are obliged to provide the personal data, as well as the possible consequences of not providing such data.
What are your rights?
Right of access:
Everyone has the right to obtain confirmation as to whether or not Fashmask is processing personal data concerning them. You can ask Arimar Moda, s.l. to send you the personal data we are processing about you by email.
Right of portability:
Whenever Arimar Moda processes your personal data through automated means based on your consent or an agreement, you have the right to obtain a copy of your data in a structured, commonly used and machine-readable format transferred to your name or to a third party. This will include only the personal data that you have provided to us.
Right of rectification:
You have the right to request the rectification of your personal data if it is inaccurate, including the right to complete data that is incomplete.
If you have an account with Fashmask, you can edit your personal data in that account.
Right of deletion:
You have the right to obtain without undue delay the deletion of any personal data processed by Arimar Moda at any time, except in the following situations:
* you have a pending matter with the Customer Service
* you have a pending order that has not yet been shipped or whose shipment has not been completed
* has an outstanding debt with Arimar Moda regardless of the method of payment
* you are suspected or confirmed to have misused our services in the last four years
* your debt has been referred to a third party in the last three years, or in the last year in the case of deceased customers
* you have made a purchase so we will keep your personal data in relation to the transaction for accounting purposes.
Right to oppose the processing of data on the basis of legitimate interest
You have the right to oppose the processing of your personal data based on the legitimate interest of Arimar Moda, which will not continue to process personal data unless we can prove legitimate compelling reasons for the processing that prevail over your interests, rights and freedoms, or for the formulation, exercise or defense of claims.
Right to oppose direct marketing:
You have the right to object to direct marketing, including profiling carried out for such direct marketing.
You may opt out of direct marketing at any time in the following ways:
* by following the instructions given in each marketing mail
* editing your Fashmask account settings.
Right to file a complaint with a supervisory authority:
If you feel that Arimar Moda is treating your data incorrectly, you can contact us. You also have the right to file a complaint with the competent data protection authority.
Right to limitation of treatment:
You have the right to request that Arimar Moda limits the processing of your personal data in the following circumstances:
* if you object to the processing of your data based on the legitimate interest of Arimar Moda, therefore Arimr Moda must limit any processing of such data pending verification of the legitimate interest.
* if you claim that your personal data is incorrect, Arimar Moda must limit any processing of such data until the accuracy of the data is verified.
* if the processing is illegal, you may object to the deletion of the personal data and, instead, request the limitation of its use.
* if Arimar Moda no longer needs the personal data, but you need them for the formulation, exercise or defense of claims.
Exercise of rights:
We take data protection very seriously and therefore have dedicated customer service staff to deal with your requests in relation to the above rights. You can always contact them at: email@example.com
Data Protection Delegate:
We have appointed a data protection officer to ensure that we continuously process your personal data in an open, accurate and legal manner. You can contact our Data Protection Officer at: firstname.lastname@example.org and write GRPD as the subject.
Right to lodge a complaint with a supervisory authority
If you believe that Arimar Moda treats your data in an incorrect way, you can contact us. You also have the right to file a complaint with the competent data protection authority.
Updates to our Privacy Notice:
Why do we use your personal data?
We will use your personal data to administer your online purchases at Fashmask by processing your orders and returns through our online services, and to send you notifications about the delivery status or in case of problems with the shipment of the items.
We will use your personal data to manage your payments.
We will also use your details to deal with any complaints or product warranty issues.
Your personal data will be used to identify you and to make online purchases.
What personal data do we process?
We will process the following categories of personal data:
* contact information such as: name, address, email and phone number
* order information
We do not store data on bank accounts, card numbers or payment gateway keys, such as Paypal
Who has access to your personal data?
Your personal data will only be accessed by Arimar Moda staff and in case of marketing campaigns, we will have to use the email addresses and names, to launch the campaign from external professional services, which have their own data protection clauses, so that such data will not be transferred to third parties for such use.
If the payment method selected is Stripe or Paypal, your personal data will be processed by that platform, which has its own privacy policies and are alien to Arimar Moda. If you want to know more about the privacy policies of these platforms, we invite you to visit their respective websites and read their data protection policies.
What is the legal basis for processing your personal data?
The processing of your personal data by Fashmask is necessary for the fulfillment of the service of administration and delivery of the order on your behalf.
How long do we keep your data?
We store your data for as long as you remain an active customer.
Users must guarantee the truthfulness, accuracy, authenticity and validity of the personal data collected from them.
Protection of minors
We do not collect personal data from minors. It is the responsibility of the parent/legal guardian to protect the privacy of children, and to do everything possible to ensure that they have given their consent to the collection and use of their child's personal information.
Through our website you can access the social networks Facebook, and Instagram open access to all users. These are websites where the user can register and follow us for free. In these social networks users can learn about our activities, opinions, access photos and videos. Users of these social networks should be aware that this place is independent of the Fashmask website and is open, that is, it is visible to all its users, and the privacy policies to be applied to this content are those set by Facebook, and Instagram. Arimar Moda does not own the social networks
ATTENTION TO THE EXERCISE OF RIGHTS
The data controller shall inform all employees of the procedure for dealing with the rights of the data subjects, clearly defining the mechanisms by which the rights may be exercised (electronic means, reference to the Data Protection Officer if any, postal address, etc.) and taking into account the following
o Upon presentation of their national identity card or passport, the holders of the personal data (data subjects) may exercise their rights of access, rectification, deletion, opposition, portability and limitation of the processing. The exercise of the rights is free of charge.
o The data controller must reply to data subjects without undue delay and in a concise, transparent and intelligible manner, using clear and simple language, and must keep proof of compliance with the duty to reply to requests to exercise rights.
o If the request is made by electronic means, the information shall be provided by such means where possible, unless the data subject requests otherwise.
o Requests must be responded to within 1 month of receipt, with the possibility of extension by a further two months taking into account the complexity or number of requests, but in this case the interested party must be informed of the extension within one month of receipt of the request, indicating the reasons for the delay.
RIGHT OF ACCESS: The right of access will provide the interested parties with a copy of the personal data available together with the purpose for which they have been collected, the identity of the recipients of the data, the periods of conservation foreseen or the criterion used to determine it, the existence of the right to request the rectification or suppression of personal data as well as the limitation or opposition to their processing, the right to file a complaint with the Spanish Data Protection Agency and if the data have not been obtained from the interested party, any available information regarding their origin. The right to obtain a copy of the data may not adversely affect the rights and freedoms of other data subjects.
- Form for the exercise of the right of access.
RIGHT OF DELETION: In the right of deletion, the data subjects will be deleted when they express their refusal of the treatment and there is no legal basis that prevents it, they are not necessary in relation to the purposes for which they were collected, they withdraw the consent given and there is no other legal basis that legitimizes the treatment or it is illegal. If deletion results from the exercise of the data subject's right to object to the processing of his/her data for marketing purposes, the data subject's identification data may be retained in order to prevent future processing. If the data have been communicated by the data controller to other parties, he or she must notify them of the deletion of the data unless this is impossible or would require a disproportionate effort, providing the data subject with information about such recipients, if requested.
- Form for the exercise of the right of deletion.
RIGHT TO OPPOSE: In the right to oppose, when the interested parties express their refusal to the processing of their personal data before the person responsible, this person will stop processing them as long as there is no legal obligation to do so. When the processing is based on a mission of public interest or on the legitimate interest of the responsible, upon a request to exercise the right to oppose, the responsible will stop processing the data unless there are compelling reasons that prevail over the interests, rights and freedoms of the data subject or are necessary for the formulation, exercise or defense of claims. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
- Form for the exercise of the right to oppose.
PORTABILITY RIGHT: In the portability right, if the processing is carried out by automated means and is based on consent or is done in the framework of a contract, the data subjects may request to receive a copy of their personal data in a structured, commonly used and machine-readable format. They also have the right to request that they be transferred directly to a new controller, whose identity must be communicated, where technically possible.
- Form for the exercise of data portability
RIGHT OF LIMITATION TO THE PROCESSING: In the right of limitation to the processing, the data subjects may request the suspension of the processing of their data in order to contest its accuracy while the controller carries out the necessary verifications or in case the processing is carried out on the basis of the legitimate interest of the controller or in fulfilment of a public interest mission, while it is verified whether these grounds prevail over the interests, rights and freedoms of the data subject. The data subject may also request the retention of the data if he or she considers the processing to be unlawful and, instead of deletion, requests the limitation of the processing, or if the data controller no longer needs them for the purposes for which they were collected, the data subject needs them for the formulation, exercise or defence of claims. The fact that the processing of the data subject's data is limited must be clearly stated in the controller's systems. If the data have been communicated by the controller to other controllers, the controller must notify them of the limitation of the processing of the data unless this is impossible or would require a disproportionate effort, providing the data subject with information about such recipients, if requested.
- Form for the exercise of the limitation of processing.
If the data subject's request is not acted upon, the data controller shall inform him/her, without delay and no later than one month after receipt of the request, of the reasons for his/her failure to act and of the possibility of lodging a complaint with the Spanish Data Protection Agency and of taking legal action.
Based on the type of treatment you have indicated when completing this form, the minimum security measures you should take into account are as follows:
INFORMATION TO BE KNOWN BY ALL STAFF WITH ACCESS TO PERSONAL DATA
All personnel with access to personal data must be aware of their obligations in relation to the processing of personal data and will be informed about these obligations. The minimum information that will be known by all staff is as follows:
- DUTY OF CONFIDENTIALITY AND SECRECY
o Access to personal data by unauthorized persons must be prevented. To this end, personal data must not be left exposed to third parties (unattended electronic screens, paper documents in publicly accessible areas, media containing personal data, etc.). This consideration includes screens that are used to display images from the video surveillance system. When absent from the workstation, the screen shall be locked or the session closed.
o Paper documents and electronic media shall be stored in a secure location (cabinets or restricted access rooms) 24 hours a day.
o Documents or electronic media (cd, pen drives, hard disks, etc.) containing personal data shall not be disposed of without guaranteeing their effective destruction
o Personal data or any other information of a personal nature will not be communicated to third parties, paying particular attention not to disclose protected personal data during telephone consultations, e-mails, etc.
o The duty of secrecy and confidentiality persists even when the employee's employment relationship with the company ends.
- VIOLATIONS OF PERSONAL DATA SECURITY
o When security violations of personal data occur, such as theft or improper access to personal data, the Spanish Data Protection Agency shall be notified within 72 hours of such security violations, including all information necessary to clarify the facts that would have led to the improper access to personal data. The notification will be made by electronic means through the electronic headquarters of the Spanish Data Protection Agency at the address https://sedeagpd.gob.es/sede-electronica-web/.
o When the same computer or device is used for the processing of personal data and personal use purposes, it is recommended to have several different profiles or users for each of the purposes. Professional and personal use of the computer should be kept separate.
o It is recommended to have profiles with administration rights for the installation and configuration of the system and users without administration privileges or rights for access to personal data. This will prevent access privileges from being obtained or the operating system from being modified in the event of a cyber security attack.
o The existence of passwords for access to personal data stored in electronic systems shall be guaranteed. The password shall have at least 8 characters, a mixture of numbers and letters.
o Where personal data are accessed by different persons, a specific username and password shall be available to each person with access to the personal data (unambiguous identification).
o The confidentiality of passwords must be guaranteed, avoiding their exposure to third parties. To manage passwords, you can consult the guide to privacy and security on the Internet of the Spanish Data Protection Agency and the National Institute of Cybersecurity. Under no circumstances will passwords be shared or written down in a common place and access by persons other than the user will not be allowed.
DUTY OF CARE
The following are the minimum technical measures to ensure the safeguarding of personal data:
o UPDATING COMPUTERS AND DEVICES: The devices and computers used to store and process personal data must be kept up to date as far as possible.
o MALWARE: The computers and devices where the automated processing of personal data is carried out shall have an antivirus system that guarantees, as far as possible, the theft and destruction of information and personal data. The antivirus system must be updated regularly.
o FIREWALL: To avoid undue remote access to personal data, a firewall shall be activated and correctly configured in those computers and devices where the storage and/or processing of personal data is carried out.
o DATA ENCRYPTION: When it is necessary to extract personal data outside the premises where it is processed, either by physical or electronic means, the possibility of using an encryption method to ensure the confidentiality of personal data in case of improper access to the information should be assessed.
o SECURITY COPY: Periodically a backup copy will be made in a second support different from the one used for the daily work. The copy will be stored in a safe place, different from the one where the computer with the original files is located, in order to allow the recovery of personal data in case of loss of information.
The security measures will be reviewed periodically, the review may be done by automatic mechanisms (software or computer programs) or manually. Consider that any computer security incident that has happened to anyone you know can happen to you, and prevent it.
If you want more information or technical guidance to ensure the security of personal data and information handled by your company, the National Institute of Cybersecurity (INCIBE) on its website www.incibe.es, offers tools with a business approach in its section "Protect your company" where, among other services, it has
- a training section with a video game, challenges for incident response and interactive videos for sectorial training,
- an employee awareness kit,
- various tools to help the company improve its cybersecurity, including policies for the employer, technical staff and employees, a catalogue of companies and security solutions and a risk analysis tool.
- thematic dossiers complemented by videos and computer graphics and other resources,
- guidelines for the entrepreneur,
In addition, INCIBE, through the Internet Security Office, also makes available free computer tools and additional information that may be useful for your company or professional activity.
Shipping and Returns
Sending the package
As a general rule, packages are sent within 48 hours of receipt of payment, via UPS with a tracking number and delivery without a signature. If you prefer certified shipping via UPS Extra, an additional charge will apply. Please contact us before requesting this option. Whichever shipping method you choose, we will provide you with a link to track your order online.
Shipping charges include handling and packaging fees as well as postage costs. Handling fees are fixed, whereas transport fees vary according to total weight of the package. We advise you to group your items in one order. We cannot combine two distinct orders placed separately, and shipping fees will apply to each of them. We cannot be responsible for any damage to your package after it has been dispatched, but we do our best to protect fragile items.
The boxes are large and your items will be well protected.
Forms of Payment
-Secure payment by card
With SSL and through the Stripe Gateway
At Fashmask you can pay with the following cards, both credit and debit:
-Secure payment with Paypal
At Fashmask we offer you the alternative of secure payment through PayPal, that way you can pay with PayPal without entering your debit or credit card details.
How do I use PayPal?
To pay with PayPal, select 'Pay with your credit or debit card or your PayPal account' as your payment method. You will be redirected to choose the PayPal funding source you wish to use to pay for your order.
You will receive two emails, one from PayPal confirming your payment and another from Dosfarma confirming your order.
* Can I use PayPal without opening an account?
Yes, you can pay with PayPal without opening an account. This means that PayPal will not save your data after the purchase. This operation has a limit of 10 transactions, which is what PayPal lets you do without opening an account.
* Possible PayPal errors
Unfortunately, there are times when there is a problem creating or processing orders with PayPal. Therefore, here are some of the error messages that may appear while you are placing your order:
- If you are redirected to an error page or if you do not receive the confirmation email from Dosfarma, it is most likely that an error has occurred that has prevented you from making the payment. In this case, please log in to your Dosfarma.com account and if your order does not appear as 'Paid' within the next few minutes, it means that the operation could not be completed correctly by PayPal. If you receive an email from PayPal indicating that you have paid for your purchase, but you do not receive an email from us confirming the order, please contact us (indicating your name, email address of your PayPal account and order number) so that we can verify the payment and find your payment.
- When using a Switch/Maestro card with PayPal, you may be redirected to the PayPal page when you make your payment, and so on and so forth, entering a loop in which you are asked for your card details (even if they already have them and you have bought before with PayPal). In addition, if you enter your data again, it is very likely that you will get another error message. If this happens, PayPal recommends entering the details of a different credit/debit card. If you need help with an issue like this, please contact PayPal.
- 'Buyer is limited'. This message, which may appear during your payment through PayPal, means that PayPal has restricted your account and therefore it is impossible to proceed with the order and payment. In such a case, please contact PayPal so that they can resolve this issue for you. If you want to continue shopping, you can change the payment method.
- Buyer cannot pay, transaction refused'. This message indicates that PayPal believes that you cannot pay for the order. In this case, please contact PayPal to resolve the issue. If you want to continue with your purchase, you know that you can change the payment method.
- There is no source of financing'. This message indicates that the funding source chosen to pay for your order is not linked to your PayPal account or your order. Please contact PayPal to resolve this issue. As we have already indicated, if you wish to continue your purchase, you can change the payment method.
- Transaction rejected by risk customer'. In this case, PayPal has considered that, for security reasons, your account may be high risk and does not allow your payment to be processed. Please contact PayPal to solve the problem. If you wish, you can continue with your purchase by changing the payment method.
-Secure payment by transfer
If you prefer, you can choose to make a transfer to us. In this case your order will be held until the payment is confirmed in our bank
Privacy is of great importance to Arimar Moda, S.L. and we want to maintain an open and transparent attitude when dealing with your personal data, so we have a policy that sets out how they are treated and protected.