This site has limited support for your browser. We recommend switching to Edge, Chrome, Safari, or Firefox.

Monchosummer toiletry bag FREE on purchases +50€ Only for members!

Free shipping on orders over €30 in Spain (mainland only) I Delivery between 24-48h

Free sample on every order you place!

Privacy Policy

1.- OBJECTIVE OF THE POLICY

The purpose of this "Privacy and Data Protection Policy" is to make known the conditions that govern the collection and processing of your personal data by MMO 2021 SL to ensure fundamental rights, your honor and freedoms, all in compliance with current regulations that regulate the Protection of Personal Data according to the European Union and the Spanish Member State.

In accordance with these regulations, we need to have your authorization and consent for the collection and processing of your personal data, so below, we indicate all the details of your interest regarding how we carry out these processes, for what purposes, what other entities could have access to your data and what are your rights.

For all of the above, once our Data Protection Policy has been reviewed and read, it is essential that you accept it as proof of your conformity and consent.

2.- DEFINITIONS

  • "Personal Data": Any information about an identified or identifiable natural person ("the user of the Website"); an identifiable natural person is any person whose identity can be determined, directly or indirectly, in particular by means of an identifier, such as a name, an identification number, location data, an online identifier or one or more elements of identity physical, physiological, genetic, psychological, economic, cultural or social of said person.
  • "Treatment": any operation or set of operations performed on personal data or sets of personal data, whether by automated procedures or not, such as collection, recording, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of authorization of access, comparison or interconnection, limitation, deletion or destruction.
  • "Limitation of processing": the marking of the personal data stored in order to limit its processing in the future.
  • "Profiling": any form of automated processing of personal data consisting of using personal data to evaluate certain personal aspects of a natural person, in particular to analyze or predict aspects related to professional performance, economic situation, health, personal preferences, interests , reliability, behavior, location or movements of said natural person.
  • "Pseudonymization": the processing of personal data in such a way that it can no longer be attributed to a data subject without the use of additional information, provided that such additional information is listed separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
  • "File": any structured set of personal data, accessible according to certain criteria, whether centralized, decentralized or distributed functionally or geographically.
  • "Responsible for the treatment" or "controller": the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the treatment; if Union or Member State law determines the purposes and means of processing, the controller or the specific criteria for his appointment may be established by Union or Member State law.
  • "Processor" or "processor": the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
  1. "Recipient": the natural or legal person, public authority, service or other body to which personal data is communicated, whether or not it is a third party. However, public authorities that may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered recipients; The processing of such data by said public authorities will be in accordance with the data protection regulations applicable to the purposes of the processing.
  • "Third Party": natural or legal person, public authority, service or body other than the data subject, the data controller, the data processor and the persons authorized to process personal data under the direct authority of the data controller or processor.
  • "Consent of the interested party": any expression of free, specific, informed and unequivocal will by which the interested party accepts, either through a declaration or a clear affirmative action, the processing of personal data concerning him.
  • "Breach of personal data security": any breach of security that results in the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized disclosure of or access to such data;
  • "Genetic data": personal data relating to the inherited or acquired genetic characteristics of a natural person that provide unique information about that person's physiology or health, obtained in particular from the analysis of a biological sample from that person.
  • "Biometric data": personal data obtained from a specific technical treatment, related to the physical, physiological or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or dactyloscopic data.
  • "Health-related data": personal data relating to the physical or mental health of a natural person, including the provision of healthcare services, revealing information about their state of health.
  • "Main establishment": a) in the case of a controller with establishments in more than one Member State, the place of its central administration in the Union, unless decisions on the purposes and means of processing are taken in another establishment of the controller in the Union and the latter establishment has the power to enforce such decisions, in which case the establishment that has taken such decisions shall be considered as the main establishment; b) in the case of a processor with establishments in more than one Member State, the place of its central administration in the Union or, if it does not have one, the establishment of the processor in the Union in which the operations are carried out; main processing activities in the context of the activities of a processor's establishment to the extent that the processor is subject to specific obligations under this Regulation.
  • "Representative": a natural or legal person established in the Union who, having been appointed in writing by the controller or processor pursuant to Article 27 of the GDPR, represents the controller or processor with regard to their respective obligations in under this Regulation.
  • "Company": natural or legal person engaged in an economic activity, regardless of its legal form, including companies or associations that regularly carry out an economic activity.
  • "Supervisory Authority": the independent public authority established by a Member State in accordance with the provisions of Article 51 of the GDPR. In the case of Spain it is the Spanish Data Protection Agency.
  • In the case of Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit.
  • In the case of Austria, you can contact the Österreichische Datenschutzbehörde.
  • In the case of Belgium, you can contact the Autorité de protection des données Gegevensbeschermingsautoriteit.
  • In the case of Bulgaria, you can contact the Commission for Personal Data Protection.
  • In the case of Denmark you can go to Datatilsynet.
  • In the case of Slovakia, you can go to https://dataprotection.gov.sk/uoou/
  • In the case of Slovenia, you can go to https://www.ip-rs.si/ .
  • In the case of Estonia you can go to https://www.aki.ee/et
  • In the case of Spain it is the Spanish Data Protection Agency.
  • In the case of Finland, you can contact the Oyce of the Data Protection Ombudsman
  • In the case of France, you can contact the Commission Nationale de l'Informatique et des Libertés
  • In the case of Greece, you can contact the Hellenic Data Protection Authority
  • In the case of Hungary, you can contact the Oyce of the Commissioner for Fundamental Rights of Hungary
  • In the case of Ireland, you can contact the Data Protection Commission
  • In the case of Italy, you can contact the Guarantor for the Protection of Personal Data
  • In the case of Latvia, you can go to https://www.dvi.gov.lv/lv
  • In the case of Lithuania you can contact the State Data Protection Inspectorate
  • In the case of Luxembourg, you can contact the Commission Nationale pour la Protection des Données
  • In the case of Malta, you can contact the Information and Data Protection Commissioner
  • In the case of the Netherlands, you can go to https://autoriteitpersoonsgegevens.nl/en
  • In the case of Poland, you can go to https://archiwum.giodo.gov.pl/
  • In the case of Portugal, you can contact the Comissão Nacional de Proteção de Dados
  • In the case of the United Kingdom, you can contact the Information Commissioner's Oyce
  • In the case of Romania, you can contact the Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal
  • In the case of Sweden, you can contact the Swedish Authority For Privacy Protection
  • In the case of the Czech Republic, you can go to https://www.uoou.cz/
  • In the case of Cyprus you can contact the Oyce of the Commissioner for Personal Data Protection

Data Protection Authorities (other European countries):

  • In the case of Andorra, you can contact the Andorran Agency for the Protection of Dades
  • In the case of Croatia, you can contact the Croatian Personal Data Protection Agency
  • In the case of Iceland you can go to https://www.personuvernd.is/
  • In the case of Liechetenstein, you can go to https://www.llv.li/
  • In the case of Macedonia you can go to https://dzlp.mk/
  • In the case of Monaco, you can contact the Commission de Contrôle des Informations Nominatives
  • In the case of Norway you can go to Datatilsynet
  • In the case of Switzerland you can go to https://www.edoeb.admin.ch/edoeb/de/home.html

Other International Data Protection Authorities:

  • In the case of Canada, you can go to https://www.priv.gc.ca/en/
  • In the case of Hong Kong you can go to https://www.pcpd.org.hk/
  • "Cross-border processing" means (a) the processing of personal data carried out in the context of the activities of establishments in more than one Member State of a controller or processor in the Union, if the controller or processor is established in more than a Member State, or b) the processing of personal data carried out in the context of the activities of a single establishment of a controller or a processor in the Union, but which substantially affects or is likely to substantially affect data subjects in more than one Member state.
  • "Information society service" means any information society service, that is, any service normally provided for remuneration, remotely, electronically and at the individual request of a service recipient.

3.- IDENTITY OF THE DATA CONTROLLER

Who collects and processes your data?

The person responsible for Data Processing is that natural or legal person, public or private, or administrative body, which alone or jointly with others determines the purposes and means of processing personal data; in the event that the purposes and means of processing are determined by the Law of the European Union or the Spanish Member State.

In this case, our identifying data as the person responsible for the Treatment are the following:

MMO 2021 SL CIF B09656927

Your personal data is processed by all the entities of our Group of managers or MMO Corporate Group,

composed of, in addition to the entity detailed above, the following organizations:

Monone 2018, SL (B88048103)

  • Address: calle Velazquez 76. 28001, Madrid (Madrid), Spain
  • Contact: 915222009 - administracion@monchomoreno.com

Hairdressers Moncho Moreno, SL (B86153939)

  • Address: Calle Columela 17. 28001, Madrid (Madrid), Spain
  • Contact: 915222009 - administracion@monchomoreno.com

Moncho Moreno, SL, (B82303405)

  • Address: Obelix 73. 28529, Rivas Vaciamadrid (Madrid), Spain
  • Postal address: Lagasca 3. 28001, Madrid (Madrid), Spain
  • Contact: 915222009 - online@monchomoreno.com

How can you contact us?

  • Postal address and our offices: C/Velázquez 76 bajo derecha. 28001, Madrid (Madrid), Spain.
  • Registered office: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Email: online@monchomoreno.com
  • Telephone: 628652769

Who can help you with our Data Protection Policy?

We have a person or entity specialized in data protection, which is in charge of ensuring proper compliance in our entity with current legislation and regulations. This person is called the Data Protection Officer (DPO) and, if needed, you can contact him as follows:

4.- APPLICABLE LAWS AND REGULATIONS

This Privacy and Data Protection Policy is developed based on the following data protection regulations and laws:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data. Hereinafter GDPR.
  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Hereinafter LOPD/GDD.
  • Law 34/2002, of July 11, on Services of the Information Society and Electronic Commerce. Hereinafter LSSICE.

5.- PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The personal data collected and processed through this website will be treated in accordance with the following principles:

  • Principle of legality, loyalty and transparency: All processing of personal data carried out through this Website will be lawful and fair, making it completely clear to the user when personal data concerning him or her is being collected, used, consulted or processed. The information related to the treatments carried out will be transmitted in advance, easily accessible and easy to understand, in simple and clear language.
  • Purpose limitation principle: All data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a way that is incompatible with the purposes for which they were collected.
  • Principle of data minimization: The data collected will be adequate, pertinent and limited to what is necessary in relation to the purposes for which they are processed.
  • Principle of accuracy: The data will be accurate and, if necessary, updated, adopting all reasonable measures so that personal data that is inaccurate with respect to the purposes for which it is processed is deleted or rectified without delay.
  • Principle of limitation of the conservation period: The data will be kept in such a way that the identification of the interested parties is allowed for no longer than necessary for the purposes of the processing of personal data.
  • Principle of integrity and confidentiality: The data will be processed in a way that guarantees adequate security of personal data, including protection against unauthorized or illegal treatment and against accidental loss or damage, through the application of appropriate technical and organizational measures.
  • Principle of proactive responsibility: The entity that owns the Website will be responsible for compliance with the principles set forth in this section and will be able to demonstrate it.

6.- SAFETY MEASURES

What do we do to guarantee the privacy of your data?

MMO has taken all required measures to protect personal data; Likewise, MMO has adopted the technical measures available to prevent data loss, unfair use, alteration, unauthorized access or theft of data. However, the user will be aware that Internet security measures are not completely indestructible.

MMO adopts the necessary organizational and technical measures to guarantee the security and privacy of your data, prevent its alteration, loss, treatment or unauthorized access, depending on the state of the technology, the nature of the data stored and the risks to which they are exposed.

Among others, the following measures stand out:

  • Guarantee:

Confidentiality: The information processed by MMO will be made available or disclosed exclusively to authorized persons at the time and by the established means.

Integrity: The information processed by MMO will be complete, accurate and valid, and the content will be provided by the interested parties and will be subject to no manipulation of any kind.

Availability: The information processed by MMO will be accessible and usable by authorized persons at any given time, guaranteeing its persistence against any eventuality.

  • Restore availability and access to personal data quickly, in the event of a physical or technical incident.
  • Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to guarantee the safety of the treatment.
  • Pseudonymize and encrypt personal data, in case it is sensitive data.

MMO assumes the responsibility of supporting and encouraging the establishment of the organizational, technical and control measures necessary to comply with the above security guidelines.

On the other hand, MMO manages the information systems according to the following principles:

  • Principle of regulatory compliance: All information systems will comply with the regulations of regulatory and sectoral legal application that affect the security of information, especially those related to the protection of personal data, security of systems, data, communications and electronic services.
  • Risk management principle: Risks will be minimized to acceptable levels and a balance between security controls and the nature of the information will be sought. Security objectives should be established, reviewed, and consistent with information security aspects.
  • Principle of awareness and training: Training, awareness programs and awareness campaigns will be articulated for all users with access to information, in terms of information security.
  • Principle of proportionality: The implementation of controls that mitigate the security risks of assets will be carried out seeking a balance between security measures, nature and information and risk.
  • Principle of responsibility: All members of the Treatment Manager will be responsible for their conduct in terms of information security, complying with the established rules and controls.
  • Principle of continuous improvement: The degree of effectiveness of the security controls implemented in the organization will be reviewed on a recurring basis to increase the ability to adapt to the constant evolution of risk and the technological environment.

7.- PURPOSES OF THE PROCESSING

Why do we want to process your data?

Below, we detail the intended uses and purposes:

Website inquiries

Response to inquiries received through the electronic form on the web

commercial communications

Marketing, advertising and commercial prospecting

WhatsApp website chat

Response to user queries through WhatsApp chat on the web. Management and contact with users

Cookies, pixel and tracking

Implement web analytics to understand how users search, access and navigate. To carry out these analyzes, personal data may be processed, such as the user's IP address, connection location, software functions and browsing navigation, etc.

Share information on social networks. “Fav”, “Like”, “+1” and similar buttons

Identify problems and offer advertising tailored to your preferences

Obtain statistical data on user browsing.

Retain user preferences during their stay on a website.

Streaming video and third-party maps. A feature or plug-in provided by a third party establishes a direct connection between the user's browser and Internet domains owned by the third party, allowing the feature to be downloaded and executed.

App Store and Google Play

Allow app download depending on device

Process payments for purchases made

Registration in the App or web

Process the orders placed

Process the registrations, information and payments of the people who register in the App

Management online purchases in the App or Web

Collections, returns, billing and management of the online shopping cart

electronic commerce

Online purchase of products on the web or App

Social networks

Sharing information on Social Networks

Email

Communications via email

How long do we keep your data?

We use your data for the time strictly necessary to fulfill the purposes indicated above. Unless there is a legal obligation or requirement, the expected conservation periods are:

Website inquiries: During a period of 1 year from the last confirmation of interest. The data will be deleted after one year from the contact as long as that contact does not become a customer.

Commercial communications: As long as its deletion is not requested by the interested party. The data will be kept until the owner notifies us of his opposition.

WhatsApp web page chat: For a period of 1 year from the last confirmation of interest. The personal data provided will be kept as long as they are necessary or pertinent for the purpose for which they were collected or registered, and as long as the consent given is not revoked.

Cookies, pixels and tracking : You must access our cookie policy to know the conservation time of each cookie, as well as the information that has been collected.

App Store and Google Play: As long as the contractual relationship is maintained

Registration in the App or web: The data is processed until the user or subscriber cancels their account.

Management of online purchases in the App or Web: For a period of 5 years from the last confirmation of interest. We will keep your personal information as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to delete, cancel and/or limit the processing of your data. In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or some type of judicial, legal or contractual responsibility may arise from its treatment, which must be addressed and for which its recovery is necessary.

Social networks: As long as their deletion is not requested by the interested party

Email: For a period of 6 years from the last confirmation of interest

8.- LEGITIMATION OF THE TREATMENT

Why do we process your data?

The collection and processing of your data is always legitimized by one or more legal bases, which are detailed below:

Website inquiries

  • (Art. 6.1.a GDPR) Consent of the interested party

commercial communications

  • (Art. 6.1.a GDPR) Consent of the interested party
  • (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract

WhatsApp website chat

  • Explicit consent of the interested party

GDPR: 6.1.a) Consent of the interested party... The legal basis for sending information related to professional practice or professional interest and for the provision of voluntary services is the consent that you give, which you can withdraw at any time.

Cookies, pixel and tracking

  • (Art. 6.1.a GDPR) Consent of the interested party

App Store and Google Play

  • (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract

Registration in the App or web

  • (Art. 6.1.a GDPR) Consent of the interested party
  • (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract

Management online purchases in the App or Web

  • Explicit consent of the interested party
  • (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract

Social networks

  • Explicit consent of the interested party

Email

  • Legitimate interest of the Data Controller or third parties

9.- RECIPIENTS OF YOUR DATA

To whom do we transfer your data within the European Union?

Sometimes, in order to comply with our legal obligations and our contractual commitment to you, we are faced with the obligation and need to transfer some of your data to certain categories of recipients, which we specify below:

Website inquiries: Companies dedicated to advertising or direct marketing; Business group entities

Commercial communications: Companies dedicated to advertising or direct marketing; Business group entities

Cookies, pixels and tracking: Companies dedicated to advertising or direct marketing. Partners that appear in the consent management banner.

App Store and Google Play : Data is shared with APPLE and GOOGLE.

Registration in the App or web: Entities of the business group

Online purchase management in the App or Web: Tax Administration; Banks, savings banks and rural banks; Business group entities. Courier companies. Suppliers of the electronic store.

Social networks: Entities that provide social networking services

Management online purchases in the App or Web

Monone 2018, SL (Company with which personnel and infrastructure resources are shared): Identification data; Economic, financial and insurance; credit information; Other categories; Transactions of goods and services)

Peluquerías Moncho Moreno, SL (Company with which personnel and infrastructure resources are shared): Identification data; Economic, financial and insurance; credit information; Other categories; Transactions of goods and services)

Moncho Moreno, SL, (Company with which personnel and infrastructure resources are shared): Identification data; Economic, financial and insurance; credit information; Other categories; Transactions of goods and services)

Do we carry out International Transfers of your data outside the European Union?

In the processes of processing your data carried out by our entity, we need to hire external services that could imply that your data is stored and/or processed by organizations that are established or operate from outside the European Union, which would imply that we make transfers international of your data.

10.- DATA PROCESSING ACTIVITIES

The data processing activities carried out through the website are detailed below, specifying each of the following sections:

  • Activity: Name of the data processing activity
  • Purposes: Each of the uses and treatments that are carried out with the data collected
  • Legal basis: The legal basis that legitimizes the processing of the data
  • Data processed: Type of data processed
  • Origin: Where the data is obtained from
  • Conservation: Period during which the data is kept
  • Recipients: Third parties or entities to whom the data is provided
  • International transfers: cross-border shipments of data outside the European Union

10.1- Treatment activities

They are those data processing activities whose purposes are necessary for the provision of services.

APP STORE AND GOOGLE PLAY

  • Legal bases (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through a pre-contract contract
  • Purposes Allow downloading the app depending on the device; Process payments for purchases made
  • Categories of data and groups Users registered in the App or on the web (Identifying data; Other categories; Economic, financial and insurance; Special categories of data)
  • Origin of data The interested party or his legal representative
  • Recipient category Data is shared with APPLE and GOOGLE.
  • International transfer Not foreseen
  • Conservation period While the contractual relationship is maintained
  • Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:
  1. The ability to guarantee the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
  2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
  3. A process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures to guarantee the security of the treatment.
  4. Pseudonymization and encryption of personal data.

EMAIL

  • Legal bases Legitimate interest of the Data Controller or third parties
  • Purposes Communications via email
  • Data categories and groups Suppliers (Identifying data). Web users (Identifying data). Users registered in the App or on the web (Identifying data). Job candidates (Identifying data). Employees (Identifying data). Clients (Identifying data)
  • Origin of data The interested party or his legal representative
  • Category of recipients They are not foreseen
  • International transfer Not foreseen
  • Conservation period For a period of 6 years from the last confirmation of interest

WEBSITE INQUIRIES

  • Legal bases (Art. 6.1.a GDPR) Consent of the interested party
  • Purposes Response to inquiries received through the electronic form on the web
  • Data categories and groups Web contacts / Newsletter (Identifying data). Web users (Identifying data; Other categories)
  • Origin of data The interested party or his legal representative
  • Recipient category Companies engaged in advertising or direct marketing; Business group entities
  • International transfer Not foreseen
  • Conservation period For a period of 1 year from the last confirmation of interest. The data will be deleted after one year from the contact as long as that contact does not become a customer.

BUSINESS COMMUNICATIONS

  • Legal bases (Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party through contract or pre-contract
  • Purposes Marketing, advertising and commercial prospecting
  • Data categories and groups Web contacts / Newsletter (Identifying data)
  • Origin of data The interested party or his legal representative
  • Category of recipients Companies dedicated to advertising or direct marketing, Entities of the business group
  • International transfer Not foreseen
  • Conservation period As long as its deletion is not requested by the interested party. The data will be kept until the owner notifies us of his opposition.

CHAT WEBSITE WHATSAPP

  • Legal bases Explicit consent of the interested party (RGPD: 6.1.a) Consent of the interested party.
  • Purposes Management and contact with users; Response to user queries through WhatsApp chat on the web.
  • Categories of data and groups Users of the web (Identifying data)
  • Origin of data The interested party or his legal representative
  • Category of recipients They are not foreseen
  • International transfer Not foreseen
  • Conservation period For a period of 1 year from the last confirmation of interest. The personal data provided will be kept as long as they are necessary or pertinent for the purpose for which they were collected or registered, and as long as the consent given is not revoked.

COOKIES, PIXEL AND TRACKING

  • Legal bases (Art. 6.1.a GDPR) Consent of the interested party
  • Purposes Share information on social networks. “Fav”, “Like”, “+1” and similar buttons; Identify problems and offer advertising tailored to your preferences; Obtain statistical data on user navigation.; Retain user preferences during their stay on a website; Streaming video and third-party maps. A feature or plug-in provided by a third party establishes a direct connection between the user's browser and Internet domains owned by the third party, allowing the feature to be downloaded and executed; Implement web analytics to understand how users search, access and navigate. To carry out these analyzes, personal data may be processed, such as the user's IP address, connection location, software functions and browsing navigation, etc.
  • Categories of data and groups Users of the web (Identifying data; Other categories).
  • Origin of data The interested party or his legal representative.
  • Recipient category Companies engaged in advertising or direct marketing; Partners that appear in the consent management banner.
  • International transfer They are not foreseen.
  • Conservation period You must access our cookies policy to know the conservation time of each cookie as well as the information that has been collected.

REGISTRATION IN THE APP OR WEB

  • Legal bases (Art. 6.1.a GDPR) Consent of the interested party; (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party by means of a contract or pre-contract.
  • Purposes Process the orders placed; Process the registrations, information and payments of the people who register in the App.
  • Data categories and groups Users registered in the App or on the web (Identifying data; Economic, financial and insurance data; Credit information; Other categories).
  • Origin of data The interested party or his legal representative.
  • Category of recipients Entities of the business group
  • International transfer They are not foreseen.
  • Conservation period The data is processed until the user or subscriber cancels their account.
  • Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:
  1. The ability to guarantee the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
  2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
  3. A process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures to guarantee the security of the treatment.
  4. Pseudonymization and encryption of personal data.

ONLINE PURCHASES MANAGEMENT IN THE APP OR WEB

  • Legal bases Explicit consent of the interested party; (Art. 6.1.b GDPR) Existence of a contractual relationship with the interested party by means of a contract or pre-contract.
  • Purposes Collections, returns, billing and management of the online shopping cart; electronic commerce; Online purchase of products on the web or App.
  • Data categories and groups Users registered in the App or on the web (Identifying data; Economic, financial and insurance data; Credit information; Other categories). Ecommerce Customers (Identifying data; Economic, financial and insurance; Transactions of goods and services). Employees (Identifying data)
  • Origin of data The interested party or his legal representative; The data has been provided by the user in the purchase process of one of our products.
  • Category of recipients Tax Administration; Banks, savings banks and rural banks; Business group entities; Courier companies. Suppliers of the electronic store.

Monone 2018, SL (CIF: B88048103); Hairdressers Moncho Moreno, SL (CIF: B86153939); Moncho Moreno, SL, (CIF: b 82303405);

  • International transfer They are not foreseen.
  • Conservation period For a period of 5 years from the last confirmation of interest. We will keep your personal information as long as there is a contractual and/or commercial relationship with you, or as long as you do not exercise your right to delete, cancel and/or limit the processing of your data. In these cases, we will keep the information duly blocked, without giving it any use, as long as it may be necessary for the exercise or defense of claims or some type of judicial, legal or contractual responsibility may arise from its treatment, which must be addressed and for which its recovery is necessary.
  • Security measures The relevant security measures have been applied to mitigate the existing risk. In any case, the security measures of article 32 of the GDPR will apply:
  1. The ability to guarantee the permanent confidentiality, integrity, availability and resilience of treatment systems and services.
  2. The ability to quickly restore availability and access to personal data in the event of a physical or technical incident.
  3. A process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures to guarantee the security of the treatment.
  4. Pseudonymization and encryption of personal data.

SOCIAL NETWORKS

  • Legal bases Explicit consent of the interested party.
  • Purposes Share information on Social Networks.
  • Data categories and groups Followers (Identifying data).
  • Origin of data The interested party or his legal representative.
  • Category of recipients Entities that provide social networking services.
  • International transfer They are not foreseen.
  • Conservation period As long as its deletion is not requested by the interested party.

11.- DATA OF MINORS

Minors under 14 years of age may not use the services available through the Website without the prior authorization of their parents, guardians or legal representatives, who will be solely responsible for all acts carried out through the Website by minors under their care, including the completion of the electronic forms with the personal data of said minors and the marking, where appropriate, of the boxes that accompany them.

In compliance with the provisions of article 8 of the GDPR and article 7 of the LOPD/GDD, only those over 14 years of age may grant their consent for the processing of their personal data lawfully by MMO.

12.- ORIGIN AND TYPES OF DATA PROCESSED

Where did we get your data from?

Website inquiries

  • Web contacts / Newsletter: The interested party or his legal representative
  • Web users: The interested party or his legal representative

commercial communications

  • Web contacts / Newsletter: The interested party or his legal representative

WhatsApp website chat

  • Web users: The interested party or his legal representative

Cookies, pixel and tracking

  • Web users: The interested party or his legal representative

App Store and Google Play

  • Users registered in the App or on the web: The interested party or his legal representative

Registration in the App or web

Users registered in the App or on the web: The interested party or his legal representative

Management online purchases in the App or Web

  • Users registered in the App or on the web: The interested party or his legal representative
  • Ecommerce customers: The interested party or his legal representative. The data has been provided by the user in the purchase process of one of our products.
  • Employees: The interested party or his legal representative

Social networks

  • Followers: The interested party or his legal representative

Email

  • Suppliers: The interested party or his legal representative
  • Web users: The interested party or his legal representative
  • Users registered in the App or on the web: The interested party or his legal representative
  • Job candidates: The interested party or his legal representative
  • Employees: The interested party or his legal representative
  • Clients: The interested party or his legal representative

What types of your data have we collected and processed?

Website inquiries

  • Web contacts / Newsletter

Identification data (Name and Surname; Electronic address)

  • web users

Identification data (Email address; IP address; Name and Surname; Telephone; WhatsApp profile (Telephone number, name, nickname, image))

Other categories (Message; Web)

commercial communications

  • Web contacts / Newsletter

Identification data (Email address)

WhatsApp website chat

  • web users

Identification data (WhatsApp profile (phone number, name, nickname, image))

Cookies, pixel and tracking

  • web users

Identification data (IP address)

Other categories (ID generated by the Pixel or Cookie)

App Store and Google Play

  • Users registered in the App or on the web

Identification data (Email address; Name and Surname; Telephone)

Other categories (Password)

Economic, financial and insurance (Subscription payment through Google Pay and iTunes)

Special categories of data (Biometric data)

Registration in the App or web

  • Users registered in the App or on the web

Identification data (Email address; Name and Surname; Telephone)

Economic, financial and insurance (PayPal; Shop Pay; Apple Pay; Google Pay)

Credit information (Bank, debit or credit card data.)

Other categories (Password)

Management online purchases in the App or Web

  • Users registered in the App or on the web

Identification data (Email address; Name and Surname; Telephone)

Economic, financial and insurance (PayPal; Shop Pay; Apple Pay; Google Pay)

Credit information (Bank, debit or credit card data.)

Other categories (Password)

  • E-commerce customers

Identification data (Name and Surname; Postal address; NIF / NIE / Passport; Email address; Telephone)

Economic, financial and insurance (Bank details; Credit cards; PayPal; Shop Pay; Google Pay)

Transactions of goods and services (Financial transactions)

  • Employees

Identification data (Email address)

Social networks

  • followers

Identification data (Name and Surname; Electronic address)

Email

  • Suppliers

Identification data (Email address)

  • web users

Identification data (Email address)

  • Users registered in the App or on the web

Identification data (Email address)

  • Job Candidates

Identification data (Email address)

  • Employees

Identification data (Email address; Postal address)

  • Customers

Identification data (Email address)

13.- RIGHTS OF INTERESTED PARTIES

What are the rights that protect you?

The current data protection regulations protect you in a series of rights in relation to the use that we give to your data. Each and every one of your rights are personal and non-transferable, that is, they can only be exercised by the owner of the data, after verifying their identity.

Next, we indicate what are the rights that assist you:

  • Right of access: It is the right that the user of the Website has to obtain confirmation of whether or not the person responsible for the Treatment is treating their personal data and, if so, to obtain information about their specific personal data and the treatment that the Responsible of the Treatment has been carried out or carried out, as well as, among other things, the information available on the origin of said data and the recipients of the communications carried out or foreseen in them.
  • Right of rectification: It is the right that the user of the Website has to modify their personal data that turns out to be inaccurate or, taking into account the purposes of the treatment, incomplete.
  • Right of deletion: It is usually known as the "right to be forgotten", and it is the right that the user of the Website has, provided that current legislation does not establish otherwise, to obtain the deletion of their personal data when they are no longer necessary for the users. purposes for which they were collected or processed; the User has withdrawn his consent to the treatment and this does not have another legal basis; the User opposes the treatment and there is no other legitimate reason to continue with it; the personal data has been unlawfully processed; the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the person responsible for the Treatment, taking into account the available technology and the cost of its application, will adopt reasonable measures to inform other possible controllers who are processing the personal data of the request of the interested party to delete any link to those personal data.
  • Right to limit data: It is the right of the Website User to limit the processing of their personal data. The User of the Website has the right to obtain the limitation of the treatment when they challenge the accuracy of their personal data; the treatment is illicit; the person responsible for the Treatment no longer needs the personal data, but the User needs it to make claims; and when the User of the Website has opposed the treatment.
  • Right to data portability: In those cases where the treatment is carried out by automated means, the User of the Website shall have the right to receive from the person responsible for the Treatment their personal data in a structured format, of common use and mechanical reading, and to transmit them to another person in charge of the treatment, whenever technically possible, the person in charge of the treatment will directly transmit the data to that other person in charge.
  • Right of opposition: It is the right of the User not to carry out the processing of their personal data or to cease their processing by the person responsible for the Treatment.
  • Right not to be subject to automated decisions and/or profiling: The Website User's right not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, existing unless the current legislation establishes otherwise.
  • Right to revoke consent: It is the right of the Website User to withdraw, at any time, the consent given for the processing of their data.
  • Right to file a claim : regarding data protection before the Control Authority: Spanish Agency for Data Protection.

The interested party can exercise any of the aforementioned rights by contacting the person responsible for the Treatment and prior identification of the

  • User using the following contact information:
  • Responsible: MMO 2021 SL
  • Address: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

You can also exercise your rights before the Data Protection delegate:

How can you exercise your rights in relation to your data?

To exercise your rights of access, rectification, deletion, limitation or opposition, portability and withdrawal of your consent, you can do so in the following way:

Website inquiries

  • Responsible: MMO 2021 SL
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

commercial communications

  • Responsible: MMO 2021 SL
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

WhatsApp website chat

  • Responsible: MMO 2021 SL
  • Address: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

Cookies, pixel and tracking

  • Responsible: MMO 2021 SL
  • Address: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

App Store and Google Play

  • Responsible: MMO 2021 SL
  • Address: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

Registration in the App or web

  • Responsible: MMO 2021 SL
  • Address: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

Management online purchases in the App or Web

  • Responsible: MMO 2021 SL
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com
  • Website: https://www.monchomoreno.com

Social networks

  • Responsible: MMO 2021 SL
  • Address: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com

Email

  • Responsible: MMO 2021 SL
  • Address: C/Velázquez 76 lower right. 28001, Madrid (Madrid), Spain
  • Telephone: 628652769
  • E-mail: online@monchomoreno.com

How can you file a claim?

In addition to your rights, if you believe that your data is not being collected or processed in accordance with current Data Protection regulations, you may file a claim with the Control Authority, whose contact information is indicated below:

  • Spanish Data Protection Agency

C/. Jorge Juan, 6. 28001, Madrid (Madrid), Spain

Email: info@aepd.es- Telephone: 912663517

Web: https://www.aepd.es

  • In the case of Germany, you can contact the Berliner Beauftragte für Datenschutz und Informationsfreiheit
  • In the case of Austria, you can contact the Österreichische Datenschutzbehörde.
  • In the case of Belgium, you can contact the Autorité de protection des données Gegevensbeschermingsautoriteit
  • In the case of Bulgaria, you can contact the Commission for Personal Data Protection.
  • In the case of Denmark you can go to Datatilsynet.
  • In the case of Slovakia, you can go to https://dataprotection.gov.sk/uoou/
  • In the case of Slovenia, you can go to https://www.ip-rs.si/ .
  • In the case of Estonia you can go to https://www.aki.ee/et
  • In the case of Finland, you can contact the Oyce of the Data Protection Ombudsman
  • In the case of France, you can contact the Commission Nationale de l'Informatique et des Libertés
  • In the case of Greece, you can contact the Hellenic Data Protection Authority
  • In the case of Hungary, you can contact the Oyce of the Commissioner for Fundamental Rights of Hungary
  • In the case of Ireland, you can contact the Data Protection Commission
  • In the case of Italy, you can contact the Guarantor for the Protection of Personal Data
  • In the case of Latvia, you can go to https://www.dvi.gov.lv/lv
  • In the case of Lithuania you can contact the State Data Protection Inspectorate
  • In the case of Luxembourg, you can contact the Commission Nationale pour la Protection des Données
  • In the case of Malta, you can contact the Information and Data Protection Commissioner
  • In the case of the Netherlands, you can go to https://autoriteitpersoonsgegevens.nl/en
  • In the case of Poland, you can go to https://archiwum.giodo.gov.pl/
  • In the case of Portugal, you can contact the Comissão Nacional de Proteção de Dados
  • In the case of the United Kingdom, you can contact the Information Commissioner's Oyce
  • In the case of Romania, you can contact the Autoritatea Naţională de Supraveghere a Prelucrării Datelor cu Caracter Personal
  • In the case of Sweden, you can contact the Swedish Authority For Privacy Protection
  • In the case of the Czech Republic, you can go to https://www.uoou.cz/
  • In the case of Cyprus you can contact the Oyce of the Commissioner for Personal Data Protection

Data Protection Authorities (other European countries):

  • In the case of Andorra, you can contact the Andorran Agency for the Protection of Dades
  • In the case of Croatia, you can contact the Croatian Personal Data Protection Agency
  • In the case of Iceland you can go to https://www.personuvernd.is/
  • In the case of Liechetenstein, you can go to https://www.llv.li/
  • In the case of Macedonia you can go to https://dzlp.mk/
  • In the case of Monaco, you can contact the Commission de Contrôle des Informations Nominatives
  • In the case of Norway you can go to Datatilsynet
  • In the case of Switzerland you can go to https://www.edoeb.admin.ch/edoeb/de/home.html

14.- ACCEPTANCE

Accepting and making this document available to you indicates that you understand and accept all the clauses of our privacy policy, which is why you authorize the collection and processing of your personal data in these terms. This acceptance is made by activating the "Reading and Acceptance" checkbox of our Privacy Policy.

MMO reserves the right to modify this Privacy Policy, according to its own criteria, or motivated by a legislative, jurisprudential or doctrinal change of the Spanish Agency for Data Protection or the rest of the European control authorities mentioned in point former. Changes or updates made to this Privacy Policy that affect the purposes, retention periods, data transfers to third parties, international data transfers, as well as any right of the Website User, will be explicitly communicated to the user.

This policy will be maintained, updated and adapted to the MMO's needs and aligned with its strategic risk management principles. With that {n, it will be reviewed at planned intervals or whenever significant changes arise to ensure its adequacy and effectiveness.

In order to offer you Klarna's payment methods, we may pass your personal data in the form of contact information to Klarna, as well as order details at checkout, in order for Klarna to assess whether you qualify for its payment methods. payment and also adapt the means of payment available to you. Your transferred personal data is processed in accordance with the Klarna privacy notice.