Basic information on Data Protection

Responsible: Caroline Sommer LTD

Purpose: Provision of online services, Web user management, Commercial communications related to our services.

Legitimacy: Express consent and legitimate interest, performance of a contract.

Addressees: No data is passed on to third parties, unless legally obliged to do so.

Rights: Access, rectify and delete the data, as well as other rights, as explained in the additional information.

Additional information: Further and more detailed information on Data Protection can be found at annexed clauses to be found at https://caroline-sommer.systeme.io/PrivacyPolicy

At Caroline Sommer LTD we work to provide you with the best possible experience with our products and services. In some cases, it is necessary to collect information to achieve this. We care about your privacy and believe we should be transparent about this.

Therefore, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter "GDPR") on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002 of 11 July 2002 on Information Society Services and Electronic Commerce (hereinafter, "LSSI"), Caroline Sommer LTD informs the user that, as data controller, it will incorporate the personal data provided by users in an automated file.

Our commitment begins by explaining the following:

- Your data is collected to improve the user experience by addressing your interests and needs.

- We are transparent about what data we collect about you and why we collect it.

- Our intention is to provide you with the best possible experience. Therefore, when we use your personal information, we will always do so in a compliant manner, and where necessary, we will ask for your consent.

- We understand that your information belongs to you. Therefore, if you choose not to give us permission to process it, you can ask us to stop processing it.

- Our priority is to ensure your security and to process your data in accordance with EU law.

For more information on how we process your data, please see the different sections of the privacy policy below:

Who is responsible for the processing of your personal data?

Identity: Caroline Sommer LTD

Registered Office: Unit 1303, 13/F., Hollywood Centre, 233 Hollywood Road, Sheung Wan, Hong Kong

CR 2214764

Email: caroline@caroline-sommer.com

Caroline Sommer LTD has appointed a Data Protection Officer or an internal contact person within its organisation. If you wish to make an enquiry regarding the processing of your personal data, you can contact her by emailing caroline@caroline-sommer.com.

What personal data do we collect?

The personal data that the user may provide:

- Name, address.

- Telephone number and e-mail address.

- Location.

- Information relating to payments and returns.

- IP address, date and time you access our services, internet browser you use and details of your device's operating system.

- Any other information or data you choose to share with us.

Information collect

The website collects personal data through:

- Contact form.

- By browsing the website

We proceed to process your data in a lawful, fair, transparent, adequate, relevant, limited, accurate and up-to-date manner. And as long as you do not inform us to the contrary, we will understand that your data have not been modified and that you undertake to notify us of any variation, at the same time confirming that the data you provide us with are true and that you are the owner of the same, exempting Caroline Sommer LTD from any responsibility for any fraudulent use on your part of data for which you do not have express authorization, or of which you are not the owner.

Purpose of the data collected and consent to its processing

Users, by ticking the boxes or filling in the forms, may expressly and freely and unequivocally accept that their personal data will be processed by the Provider for the following purposes

- Respond to queries, provide information requested by the User.

- Carry out any provision of services and/or products contracted or subscribed by the User.

- Sending commercial advertising communications by email related to products or services offered by the Provider, as well as by collaborators or partners with whom the Provider has reached an agreement for commercial promotion among its customers. In this case, third parties will never have access to personal data. In any case, commercial communications will be carried out by the Provider and will be products and services related to the Provider's sector.

- To carry out statistical studies.

The data requested through the Website are mandatory, as they are necessary for the provision of an optimal service to the user and for the sale, invoicing and delivery of products or services. In the event that all the data is not provided, the provider does not guarantee that the information and services provided will be completely tailored to your needs.

The user agrees to provide complete and correct information in the contact, subscription or order form.

The User declares to have been informed of the international transfer of data that occurs, exclusively due to the location of the facilities of the contracted service providers and data processors of Caroline Sommer LTD.

Why and for what purpose do we process your data?

At Caroline Sommer LTD we process the information provided to us by interested parties for the following purposes:

- To manage bookings or contract of any of our services.

- To manage the sending of the information you request from us.

- Develop commercial actions and perform the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and the work of information, being able to perform automatic assessments, profiling and segmentation work of customers in order to customize the treatment according to their characteristics and needs and improve the customer's online experience. In some cases it will be necessary to provide information to the Authorities or third party companies for auditing purposes, as well as to handle personal data from invoices, contracts and documents in order to respond to claims from customers or Public Administrations.

We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of Processing Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the GDPR.

What is the legal basis for the processing of your data?

The processing of your data may be based on the following legal bases:

- Consent of the data subject for the contracting of services and products, for contact forms, requests for information or registration in e-newsletters.

- Legitimate interest for the processing of our customers' data in direct marketing actions and express consent of the data subject for all matters relating to automatic assessments and profiling.

- Compliance with legal obligations for fraud prevention, communication with public authorities and third party claims.

Contact forms

Along with each form for collecting personal data, in the services that the user may request from Caroline Sommer LTD , will inform the user of the existence and acceptance of the particular conditions of the processing of their data in each case, informing them of the responsibility of the file created, the possibility of exercising their rights of access, rectification, opposition, deletion, limitation of processing and potability, the purpose of processing and data communications to third parties where appropriate.

Likewise, the owner informs you that it complies with Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce and will request your consent to the processing of your e-mail for commercial purposes at all times.

The personal data collected through the web form for the request for information is for the purpose of sending commercial information about our products and services. The processing of the data in this case is legitimized by the express consent that you give us by accepting the sending of the information provided through the form.

Data collected for the provision of a service

The personal data you provide for the provision of a service will be the minimum required to be able to draw up the contract as well as to be able to offer you the services you contract and to comply with legal obligations.

The data will be kept for the legally established periods.

In accordance with the rights conferred by Regulation (EU) 2016/679 on the protection of personal data, you may exercise your rights of access, rectification, limitation of processing, deletion, portability and opposition to the processing of your data by sending your request to the postal address indicated or to the email address caroline@caroline-sommer.com. In order to exercise these rights, you must identify yourself by presenting your National Identity Document (DNI).

Similarly, the user may unsubscribe from any of the subscription services provided by clicking on the unsubscribe section of all emails sent by the provider.

If you receive the aforementioned e-mails, you have given your prior authorization, as the provider does not engage in SPAM practices.

How long do we keep your data?

The processing of data for the purposes described above will be kept for the time necessary to fulfill the purpose for which it was collected (for example, for the duration of the commercial relationship), as well as for compliance with the legal obligations arising from the processing of the data.

To which recipients is your data disclosed?

In some cases, only when necessary, Caroline Sommer LTD will provide user data to third parties. However, data will never be sold to third parties. External service providers (e.g., payment providers or partners) with whom Caroline Sommer LTD works may use the data to provide the relevant services, however, they will not use such information for their own purposes or to pass it on to third parties.

Caroline Sommer LTD endeavors to ensure the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have appropriate measures in place to protect personal data. These third parties are obliged to ensure that the information is handled in accordance with data privacy regulations.

In some cases, personal data may be required by law to be disclosed to public bodies or other parties, only what is strictly necessary for the fulfillment of such legal obligations will be disclosed.

Where is your data stored?

In general, data is stored within the EU. For data sent to third parties outside the EU, we will ensure that they offer a sufficient level of protection, either because they have Binding Corporate Rules (BCR) or because they have signed up to the Privacy Shield.

What rights do you have and how can you exercise them?

You can send your communications and exercise your rights by sending a request to the following e-mail address: caroline@caroline-sommer.com.

Pursuant to the provisions of the GDPR, you may request:

Right of access: you can request information about the personal data we hold about you.

Right of rectification: you can communicate any change in your personal data.

Right to erasure and the right to be forgotten: you can request the deletion of your personal data after it has been blocked.

Right to limit processing: this means restricting the processing of personal data. Right to object: you can withdraw your consent to the processing of your data, opposing further processing.

Right to portability: in some cases, you may request a copy of the personal data in a structured, commonly used and machine-readable format for transmission to another controller.

Right not to be subject to individualized decisions: you can ask not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or significantly affect the data subject.

In some cases, your request may be refused if you request the deletion of data necessary for compliance with legal obligations.

You can also lodge a complaint with the data protection authority if you have a complaint about the processing of your data.

Who is responsible for the accuracy and veracity of the data provided?

The user is solely responsible for the veracity and correctness of the data included, exonerating Caroline Sommer LTD from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the registration or subscription form. Caroline Sommer LTD reserves the right to terminate the contracted services concluded with users, in the event that the data provided is false, incomplete, inaccurate or not up to date.

Caroline Sommer LTD is not responsible for the veracity of the information that is not of its own elaboration and of which another source is indicated, so it does not assume any responsibility for hypothetical damages that may arise from the use of such information.

Caroline Sommer LTD reserves the right to update, modify or delete the information contained in its web pages and may limit or deny access to such information. Caroline Sommer LTD is exonerated from liability for any loss or damage that the user may suffer as a result of errors, defects or omissions in the information provided by Caroline Sommer LTD provided that it comes from outside sources.

Likewise, the user certifies that he/she is over 14 years of age and that he/she has the necessary legal capacity to consent to the processing of his/her personal data.

How do we handle personal data of minors?

Our services are not specifically aimed at minors. However, in the case of persons over fourteen years of age, data may be processed with the consent of the user, except in those cases where the law requires the assistance of the holders of parental authority or guardianship.

Links to other websites

The website https://caroline-sommer.com/ may contain links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of that website, and Caroline Sommer LTD disclaims any responsibility for its privacy policy.

Social Networking

The website offers the User links and services related to the different social networks. So if you are a member of a social network and click on the corresponding link, the social network provider may link your profile data with information about your visit to the website.

Social networks we use: Facebook, Instagram,linkedin and WhatsApp

You can access the privacy policies of the different social networks at any time, as well as configure your profile to guarantee your privacy:

Facebook: https://www.facebook.com/about/privacy/

Instagram: https://help.instagram.com/

LinkedIn: https://es.linkedin.com/legal/privacy-policy

WhatsApp: https://www.whatsapp.com/legal/updates/privacy-policy/

Embedded content from other websites and tools used on the website

Articles and products on this website may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

YouTube video integration

Caroline Sommer LTD has the ability to embed YouTube videos into website pages, these videos are stored on www.youtube.com and can be played directly from our websites. They are all included in the "extended privacy mode", d. h. that does not transfer data about you as a user to YouTube if you are not playing the videos. Only when you play the videos, the data is transferred.

We have no influence on this data transfer. This happens regardless of whether YouTube provides a user account to which you are logged in or whether there is no user account. When you are logged into Google, your data will be assigned directly to your account.

If you do not wish to be associated with your YouTube profile, you must log out of YouTube before you play the video. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or personalized design of its website. You have the right to object to the creation of these user profiles, and must be directed to YouTube to use them.

The use of YouTube is in the interest of Caroline Sommer LTD to be able to show the products in a more graphical and attractive way and thus improve the experience of the users of the site. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 f GDPR.

For more information on the purpose and scope of its data collection and processing through YouTube, please read YouTube's privacy policy. YouTube is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Analytics and advertising

This website uses functions of the web analytics service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored in accordance with Art. 6 para. 1 f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimise both its website and its advertising.

Demographics in Google Analytics

This website uses the demographic data function of Google Analytics. As a result, reports may be produced containing statements about the age, gender and interests of visitors to the site. This data comes from Google interest-based advertising and third party visitor data.

This information cannot be assigned to a specific person. We use Google Tag Manager. This service allows website tags to be managed through a single interface. Google Tag Manager only implements Google tags activates other tags that may collect data. Google Tag Manager does not have access to this information.

More information about Google Tag Manager can be found at

http://www.google.com/tagmanager/usepolicy.html

Google Web Fonts

For a uniform representation of fonts, this site uses web fonts provided by Google. When you open a page, your browser loads the necessary web fonts into your browser's cache in order to display the texts and fonts correctly.

To do this, your browser must establish a direct connection to Google's servers. Google recognizes that our website has been accessed via your IP address. The use of Google web fonts is in the interest of a uniform and attractive presentation of our plug-in. This constitutes a justified interest in accordance with Art. 6 (1) (f) GDPR. If your browser does not support web fonts, your computer uses a standard font.

Further information on the handling of user data can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/ .

Facebook pixels

Our website uses the Facebook visitor action pixel for conversion measurement, Facebook Inc., 1601 S. California Ave. California Ave, Palo Alto, CA 94304, USA. ("Facebook").

In this way, the behavior of site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures can be optimized.

The collected data is anonymized for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, whereby it is possible to establish a connection to the respective user profile and Facebook may use the data for its own advertising purposes in accordance with Facebook's data usage policy. As a result, Facebook may allow advertisements to be displayed on Facebook and outside Facebook.

This data use cannot be influenced by us as the site operator.

Please refer to Facebook's privacy policy for more information on how to protect your privacy:

https://www.facebook.com/about/privacy/.

You can also disable the Remarketing Custom Audiences feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can opt out of receiving Facebook-based advertising on the website of the European Interactive Digital Advertising Alliance:

http://www.youronlinechoices.com/preferentialmanagement/.

Akismet

We collect information about visitors who comment on sites that use our anti-spam service, Akismet. The information we collect depends on how the user sets up Akismet on the site, but typically includes the commenter's IP address, the user's browser, the referring site and the site URL (as well as other information directly provided by the commenter, such as their name, username, email address and the comment itself).

How we protect your data

User data is stored in databases managed by Caroline Sommer LTD or its partners and are encrypted and only authorized and properly identified personnel have access to them. Occasionally, for maintenance purposes only, security and maintenance personnel from the company providing the hosting services may access the servers but they will never have access to the content of the databases.

What procedures do we use against data breaches?

Caroline Sommer LTD has taken into account the risks presented by processing as a result of accidental or unlawful destruction, loss or alteration that is transmitted, retained or processed, or unauthorized communication or access to such data in assessing the level of security applied. When security breaches occur, such as theft or improper access to personal data and in compliance with Articles 33 and 34 of the Personal Data Regulation (EU) 2016/679, the procedure for recording the detected security breach will be followed.

For the management of the data security breach or violation, the security officer shall act by carrying out a procedure of analysis and logging of the situation.

The analysis shall take into account whether the breach of the affected data poses a risk to the rights and freedoms of individuals that could lead to physical, material or immaterial damages or that could entail:

- problems of discrimination

- identity theft or fraud

- financial loss

- damage to reputation

- loss of confidentiality of data subject to professional secrecy

- unauthorized reversal of pseudonymisation or any other significant economic or social harm.

It is also analyzed whether the data breach is likely to deprive data subjects of their rights and freedoms or prevent them from exercising control over personal data they disclose:

- racial or ethnic origin

- political opinions

- religion or philosophical beliefs

- trade union membership

- the processing of genetic data

- data concerning health or sex life data

- data relating to criminal convictions and offenses or related security measures Cases in which personal aspects are assessed are analyzed.

If the above analysis concludes that the breach affects or may pose a risk to natural persons, the breach will be notified in the Register of the Spanish Data Protection Agency and the data subject will be notified.

Notification of data security breaches

In the event that it is necessary to notify the security breach, the notification shall be made within 72 hours of the data controller becoming aware of it. It will be made electronically through the electronic headquarters of the Spanish Data Protection Agency at the following address: https://sedeagpd.gob.es, providing all the information necessary to clarify the facts that have given rise to the incident. The notification includes:

- The nature of the breach, categories of data and data subjects affected.

- The measures imposed by the controller to resolve the breach.

Where appropriate, the measures taken to mitigate any adverse impact on data subjects. Notification to data subjects will be made within the same timeframe and in the same manner as described above.

How do we use cookies?

The Caroline Sommer LTD website uses cookies in order to optimise and personalize your browsing experience. Cookies are physical information files that are stored in the user's own terminal, the information collected through cookies is used to facilitate the user's navigation through the portal and to optimise the browsing experience. The data collected through cookies may be shared with the creators of the same, but in no case will the information obtained by the same be associated with personal data or data that can identify the user.

However, if you do not want cookies to be installed on your hard drive, you can configure your browser to prevent the installation of these files. For more information, please see our Cookies Policy https://caroline-sommer.com/cookies-policy.

Can the privacy policy be changed?

This privacy policy is subject to change. We recommend that you review the privacy policy from time to time.

periodically.