The terms of the privacy policy set forth here provide the users of the website of (WWW.CRISOLAR.COM) hereinafter “the website” in a clear and extensive manner, information about the processing of the data collected from each user, and its protection under the legislative framework that the General Data Protection Regulation (GDPR) approved on May 25, 2018 and Spanish data protection legislation provide.

Therefore, in accordance with legal requirements, the subsequent Privacy Policy provides:

• The nature of the personal information processed.

• The purposes and means of processing personal information.

• The identity and contact details of the data controllers.

• The contact details of the Data Protection Officer (DPO).

• Any third party involved in processing activities.

• The retention period for personal information.

• The security measures adopted to protect personal information.

• The privacy rights of users.

Exercise of your GDPR rights

We inform you that you may exercise the following rights:

• Right of access to your personal data to know which ones are being processed and the processing operations carried out with them.

• Right to rectify any inaccurate personal data.

• Right to deletion of your personal data, when this is possible.

• Right to request the limitation of the processing of your personal data when the accuracy, legality or necessity of the processing of the data is doubtful, in which case, we may retain the data for the exercise or defense of claims.

• Right to object to the processing of your personal data, when the legal basis that enables us to process it as indicated in the table above is legitimate interest. The Company will stop processing your data unless it has a compelling legitimate interest or it is necessary to defend claims.

• Right to limit the conservation and storage of your personal data that will be kept for the time established by law.

You may exercise your rights at any time and free of charge by sending an email to CRISOLAR@CRISOLAR.COM indicating the right you wish to exercise and your identifying information.

This privacy policy applies exclusively to “the website” and does not refer to any other website that may be redirected from this website.

Under no circumstances can users under sixteen years of age consent to the processing of personal information without parental authorization.

1. Controller

The GDPR indicates in its legislation the need for control and supervision of data by a subject who, alone or jointly with others, determines the purposes and means of processing personal information.

Under the framework of the new legislation, the controllers designated for the processing and supervision of “web” data are:

CRISOLAR SA

At CRISOLAR you can contact the Data Protection Officer designated to ensure that our website processes personal information in accordance with the GDPR, through the following email address: CRISOLAR@CRISOLAR.COM.

“Personal Information” means any information about users that personally identifies them, whether alone or in combination with other information.

Personal information is collected automatically by the CRISOLAR website or received through multiple sources: forms, chat, email, applications, devices, social networks and other media.

Navigation data

The site collects non-sensitive browsing data by automated means to enable and improve user browsing (e.g. IP address, date/time of visit and its length, any referring URLs, pages visited on the site, device used and other information).

The processing of such information allows users to access the site and fully enjoy its functions and services. Additionally, browsing data may be used to verify that the Site is functioning properly.

From time to time, browsing data is processed anonymously for statistical purposes.

The browsing data is unlikely to allow the identification of the relevant data subject. However, by its very nature, browsing data may allow the identification of users if it is associated with other information.

The browsing data described above is stored only temporarily in accordance with applicable law.

Orders

At checkout, the Site asks users to provide personal information for the essential purpose of fulfilling their purchase orders and fulfilling contractual obligations (for example, first and last name, address email, delivery address, etc.).

Such personal information is also essential for Customer Service to assist customers with inquiries and any related needs, before or after the sale (for example, regarding order delivery status or product returns).

Personal information related to orders will be stored for as long as necessary to comply with contractual obligations and applicable tax and financial reporting obligations.

The Site may also verify payment instruments used by customers to purchase on the Site for the primary purpose of preventing fraudulent or criminal activities. Under no circumstances does CRISOLAR or its controllers store information related to our clients’ cards and entrust third parties with the verification of payment for purchases made within “the website”.

Likewise, personal information, as well as the shipping address, is considered essential for the correct execution of the order, therefore, the lack of it will prevent users from completing their order within it.

With the aim of improving the user experience, “the website” may send communications by email, with product suggestions, discounts, requests for comments or other updates. Customers can always unsubscribe from such email communications (for example, by clicking the “unsubscribe link” at the bottom of each email).

However, e-mails of a transactional nature, that is, they contain confirmation of the payment of the order, as well as its details or assistance with its payment, can never be subject to unsubscription, since by their nature They form an indispensable part of the purchase and sale contract.

Site registration

When users choose to register a personal account within the CRISOLAR site they are asked to submit personal information. The site clearly indicates what personal information is required (or not) to set up a site account.

Users are required to submit personal information that is true and accurate at the time of registration and are encouraged to keep their personal information up to date. To proceed with any modification thereof, you must log in to your personal account to make all relevant changes.

Users who choose to enable or log into their Site account through a social network should note that when they connect their Site account to a social media account, the Site collects certain personal information that the user has already provided. to those social networks (for example, the email address and the public profile on Facebook).

The Controllers do not monitor or control such social media services or user profiles on these services, and do not establish privacy settings or rules about how personal information on those services will be used. Users are strongly advised to read all policies and information on applicable social media services to learn more about how they process personal information.

Newsletter and marketing communications

On the Site, users can choose to receive informative newsletters and commercial communications.

WWW.CRISOLAR.COM always collects explicit, free and unequivocal consent from users before sending informative newsletters and marketing communications to any user.

In such cases, users may be invited to submit personal information in addition to their email address in order to have newsletters and marketing communications tailored to the user’s profile.

At any time, users can always withdraw their consent to receive newsletters and commercial communications through their account settings, by clicking on the “unsubscribe” link in any such email or simply by email indicating such effect.

Under the user’s explicit consent, newsletters and marketing communications can be adapted to the user’s “profile”, based on the personal information and browsing data that the site collects or receives about the user in question.

The main objective of CRISOLAR is to propose products, services and initiatives that best respond to the tastes, purchasing habits and interests of users and clients.

Personal information may also be used for remarketing, retargeting or profiling purposes, including through third parties (e.g. social networks, etc.).

2. Cookies policy

Cookies are used to save the preferences and settings of the user’s browser.

user in order to make navigation more efficient and faster, thus speeding up the website loading processes in a future visit. They are a small text file with information that is stored in the browser of the user’s device (computer/tablet/Smartphone) when they visit a specific website. Cookies are also used to track users throughout a website. In this way it is possible to recognize if the user is registered, what products they visit or how long it takes the user to visit us again.

Our website WWW.CRISOLAR.COM uses two types of cookies:

1. Analytical cookies: If a user browses our website through cookies, we collect analytical information in the form of data (completely anonymously) about the user’s navigation and their interaction with the different products offered by CRISOLAR.

2. Advertising cookies: The function of advertising cookies is to collect user information to create an advertising profile (completely anonymous) to offer the most interesting advertisements possible based on their behavior patterns and interaction with our website.

List of companies that use the cookies we collect at WWW.CRISOLAR.COM for analysis or advertising purposes:

activecampaign

Adform

Adwords

Adroll

Facebook

Luckyorange

hotjar

Acceptance of cookies:

If you expressly accept our cookie policy or if you decide to continue browsing our website, we will understand that you accept the use of cookies for the analytical and advertising purposes described above.

If, on the other hand, you prefer not to accept them or block the installation of cookies, we inform you that you may not be able to access certain services offered on our website normally or that browsing may be slowed down.

Disable cookies:

If you decide to block or disable cookies, you must do so through the settings of your browser on your computer, smartphone or tablet. In the following list you can find a link where you will find instructions on how to disable cookies in each browser:

Internet Explorer

Mozilla Firefox

Google Chrome

Safari

iOS

Windows Phone

Chrome Mobile

Opera Mobile

3. Management and use of personal information

Within the use of the personal data that users provide to “the Web”, it may be necessary for CRISOLAR to use external digital marketing tools, such as email marketing tools, for example, to which relevant information will be transferred to the aforementioned use, and solely and exclusively for direct use in actions relevant to CRISOLAR, in no case will they be used for the benefit of third parties.

To this end, the Controllers may transfer customers’ personal information to third-party providers, acting as “data processors” (the “Processors”), for the purpose of carrying out commercial operations.

It is the responsibility of CRISOLAR’s controllers to ensure that all Processors apply their best practices to protect personal information and that they will not use personal information for any purpose other than that agreed with the Controllers.

Users may request an updated list of processors involved in the processing of personal information relevant to the site’s activities by writing an email to: CRISOLAR@CRISOLAR.COM.

CRISOLAR Controllers always reserve the right to disclose personal information about users as required by law (for example, in response to law enforcement requests), and when necessary to protect the rights of the Controllers or their affiliates or third parties. . In any other case, the sharing of personal information will be conditional on the user’s preliminary and explicit consent, unless processing is permitted under an alternative legal basis. The Controllers will not transfer any personal information outside the European Economic Area (EEA) unless the user has explicitly authorized such transfer or the transfer of personal information outside the EEA is permitted by the GDPR on another legal basis.

4. Processing methods and security measures

The Controllers process users’ personal information with computer, automatic and electronic tools and, in limited cases, through the use of documentary means. In accordance with the GDPR, specific security measures have been implemented to prevent data loss, illegal or inappropriate use and unauthorized access.

Only authorized employees of the Controllers and authorized employees of third-party providers acting as Processors on behalf of the Controllers have access to personal information related to the activities of the Site. Data processing agreements are in place with processors to ensure that They always comply with the level of security required by the GDPR while processing personal information related to site activities.

Although the Site adopts primary security measures to prevent the loss, destruction or dissemination of personal information, at the same time it cannot exclude the security risks that are naturally involved in the transmission of data online. The user accepts the inherent risks of providing personal information over the Internet and will not hold the Site responsible for any breach of security, unless such failure is due to the negligence or willful default of the Site.

5. Storage of personal information

The Controllers will store personal information for as long as necessary to provide users and customers with the required services or to comply with legal or tax obligations or for the minimum period prescribed by law.

In determining the appropriate storage period for personal information, Controllers will take into account multiple factors to ensure that personal information is not stored for longer than is necessary or appropriate. Such criteria will also include:

• The purpose for which the Site contains personal information; legal, tax and regulatory obligations in relation to that personal information.

• The type of ongoing relationship with the user or customer in question (how often the user logs into their account on the site, whether users continue to receive marketing communications, how often they browse or purchase from the site, etc.).

• Any specific user request regarding deletion of personal information.

• Legitimate business interests.

The site will immediately delete or anonymize personal information that is no longer needed or is not maintained in accordance with the law.

6. Connection to third party websites or platforms

The site may contain banners, advertising messages and other links to third-party websites or platforms. The Controllers cannot control or be responsible for the conduct of such third party websites or platforms with respect to privacy law. Users are recommended to read their privacy policies to verify how they collect and process personal information.

7. User rights

Users have the right to receive confirmation if Controllers contain personal information about them. In that case, users may, under the protection of the GDPR:

• Be informed about the collection and use of your personal information;

• Access your personal information at no cost;

• Rectify or complete inaccurate personal information (when it is incomplete);

• Delete personal information (“the right to be forgotten”);

• Under certain conditions, obtain the restriction or deletion of your personal information;

• Obtain and reuse your personal information for its own purposes in different services when the processing is based on a contract or consent, and the processing is carried out by automated means (“the right to data portability”);

• Under specific conditions, object to the processing of your personal information;

• Object at any time to the use of personal information for the purposes of “profiling” or “automated decision-making”;

• The right to lodge complaints regarding the collection and processing of personal information to the competent supervisory authority;

• The right to withdraw consent to the processing of personal information at any time.

Users can contact the site with any questions and exercise their privacy rights at the following email address: CRISOLAR@CRISOLAR.COM.

8. Changes to this privacy policy

Any future changes to this Privacy Policy will be posted on the Site and, where applicable, notified to users by email. Users are advised to read this Privacy Policy frequently for updates or changes.