WARM STUDIO

Privacy Policy

Last updated: *****

1. Who we are

This website (the «Website») is operated by:

  • Legal/Trade name: *****
  • Tax ID (NIF/CIF): *****
  • Registered address: *****
  • Contact email: *****
  • Website address: https://warmstudio.es

For the purposes of the applicable data protection legislation, the entity identified above acts as the Data Controller of the personal data collected through this Website.

Data Protection Officer (DPO), if appointed: ***** (contact: *****). If no DPO has been appointed, data subjects may direct any data protection enquiry to the contact email indicated above.

This Privacy Policy explains what personal data we collect, the purposes and legal bases for processing it, who we share it with, how long we keep it, and the rights you can exercise. It is governed by Regulation (EU) 2016/679 (the General Data Protection Regulation, «GDPR») and, where applicable, Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights («LOPDGDD»).

2. What personal data we collect and why

Comments

When visitors leave comments on the site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user-agent string to help with spam detection.

An anonymized string created from your email address (also called a «hash») may be provided to the Gravatar service to check whether you are using it. The Gravatar service privacy policy is available at https://automattic.com/privacy/. After your comment has been approved, your profile picture is visible to the public in the context of your comment.

  • Purpose: publishing and managing comments, and preventing spam and abuse.
  • Categories of data: name, email address, website (optional), comment content, IP address, browser user-agent string.
  • Legal basis: your consent when you choose to submit a comment (Art. 6(1)(a) GDPR), and our legitimate interest in maintaining a secure, spam-free site (Art. 6(1)(f) GDPR).

Media

If you upload images to the Website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the Website can download and extract any location data from images published on the Website.

Contact form / enquiries

If the Website includes a contact form, the section below applies; otherwise it may be removed.

When you contact us through the contact form (powered by *****, e.g. Contact Form 7 / Gravity Forms / WPForms) or by email, we collect the data you provide.

  • Purpose: responding to your enquiry and, where relevant, managing a potential or existing professional relationship.
  • Categories of data: name, email address, *****, and any information included in your message.
  • Legal basis: your consent (Art. 6(1)(a) GDPR) and/or the performance of pre-contractual measures taken at your request (Art. 6(1)(b) GDPR).

Cookies

This Website uses cookies. For full details on the cookies used, their purpose and duration, please see our Cookie Policy at *****.

If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience, so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen-options cookies last for a year. If you select «Remember Me», your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after one day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics and measurement

If the Website uses web analytics or tag-management tools, the section below applies; otherwise it may be removed.

This Website may use ***** (e.g. Google Analytics 4 / Google Tag Manager) to understand how visitors use the site.

  • Purpose: measuring and analysing traffic and usage to improve the Website.
  • Legal basis: your consent, obtained through the cookie consent banner (Art. 6(1)(a) GDPR).

3. Who we share your data with

We do not sell your personal data. We share it only with the providers and in the situations described below:

  • Hosting provider: the Website is hosted by *****, which stores the data on our behalf as a data processor.
  • Gravatar / Automattic Inc.: an anonymized hash of your email address may be sent to Gravatar (Automattic Inc.) as described in the «Comments» section above.
  • Spam-detection service: visitor comments may be checked through an automated spam-detection service (*****, e.g. Akismet by Automattic Inc., if enabled on this site).
  • Other processors: ***** (e.g. email/CRM provider, form provider, analytics provider), each acting under a data processing agreement.

If you request a password reset, your IP address will be included in the reset email.

We may also disclose personal data where required to comply with a legal obligation or a lawful request from a competent authority.

4. International data transfers

Some of the providers listed above (for example, Automattic Inc., which operates Gravatar and Akismet) are established in the United States. Where personal data is transferred outside the European Economic Area, such transfers are carried out subject to appropriate safeguards under Chapter V of the GDPR, such as the EU-US Data Privacy Framework and/or the European Commission’s Standard Contractual Clauses.

The specific transfer mechanism applicable to each provider should be verified with that provider: *****.

5. How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically, instead of holding them in a moderation queue.

For users who register on our Website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except that they cannot change their username). Website administrators can also see and edit that information.

For other data (e.g. contact enquiries), we retain it only for as long as necessary to fulfil the purpose for which it was collected, and thereafter for the period required to meet our legal, accounting or security obligations: *****.

6. What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Under the GDPR and the LOPDGDD, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data («right to be forgotten»), where applicable.
  • Restrict the processing of your data in certain circumstances.
  • Data portability, receiving your data in a structured, commonly used, machine-readable format.
  • Object to processing based on our legitimate interests.
  • Withdraw your consent at any time, without affecting the lawfulness of processing carried out before its withdrawal.

To exercise these rights, please contact us at ***** (you may be asked to verify your identity).

You also have the right to lodge a complaint with a supervisory authority. In Spain, this is the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), www.aepd.es.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

7. Where your data is sent

Visitor comments may be checked through an automated spam-detection service. Beyond the cases described in this Policy, your data is processed within the European Economic Area, except for the international transfers detailed in section 4.

8. Security of your data

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure, taking into account the state of the art, the costs of implementation, and the nature, scope and purposes of the processing.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable legislation. The version in force is the one published on this Website, with the «Last updated» date shown at the top.

10. Contact

If you have any questions about this Privacy Policy or about how we process your personal data, please contact us at: *****.