At LittleSecrets we are committed to ensuring that your professional and personal information is protected and not misused.
This document explains who the data controller is, the purposes for which your personal information will be processed, the legitimacy of the processing, how we collect it, why we collect it, how we use it, your rights and also explains the processes we have put in place to protect your privacy.
By providing us with your personal information and using our websites, we understand that you have read and understood the terms relating to personal data protection information set out. LittleSecrets. assume responsibility for complying with applicable national and European data protection legislation, and aim to treat your data in a lawful, fair and transparent manner.
SCOPE OF APPLICATION
This document applies to the websites www.littlesecrets.store .
CONSIDERATIONS TO TAKE INTO ACCOUNT
WHO IS THE DATA CONTROLLER?
The definition of a data controller is described in the General Data Protection Regulation, and is as follows:
CONTROLLER” OR “DATA CONTROLLER” MEANS
The natural or legal person, authority, service or other body which alone or jointly with others determines the purposes and means of processing.
If you have any queries, comments or concerns, or if you would like to make any suggestions about how we use personal information, you can email the LittleSecrets Data Protection Officer at firstname.lastname@example.org.
INFORMATION ABOUT LittleSecrets.
Innovation is one of the hallmarks of LittleSecrets. We are constantly introducing new products in areas as diverse as technology adapted to sexual health, supplements to improve the quality of people’s sexual life, fashion, food supplements and sexual culture.
FOR WHAT PURPOSE DO WE COLLECT YOUR PERSONAL OR PROFESSIONAL INFORMATION?
The main reason we collect your personal information is to facilitate and improve the service, which you as a customer expect from us.
We collect your personal information to process your purchases, orders or requests that you make through our websites or apps, by telephone or on a paper form.
The following are the main purposes we have identified at LittleSecrets:
Compliance with legal obligations, including, but not limited to, the Law 10/2010 on the Prevention of Money Laundering.
Management of the contracting of products or services offered by any of the companies of the LittleSecrets Group, including distance selling and management of shipments and returns.
Create and manage a personal account with unique registration to be used in the purchase of products and services offered on any website of the companies of the LittleSecrets Group.
Channel requests for information, suggestions and complaints from customers for management and resolution.
Surveys to improve our services.
Evaluations of the quality of our products.
Market research and commercial prospecting, reports on consumer habits, statistical data and market trends, in order to offer you products and services that may be of interest to you.
To keep you informed about our latest products, offers, opportunities, etc. The channels we usually use are: email, post, telephone, SMS, but only if you give us your consent.
To capture images of people for security purposes and to assist in emergency and evacuation plans for buildings on LittleSecrets premises.
HOW DO WE COLLECT INFORMATION ABOUT YOU?
We collect personal information about you by different means, in some cases you will contact us to share your personal information, and in other cases we collect your personal information using other means. Below, we will explain the different ways in which we collect personal information about you and some examples of where we use that information.
INFORMATION YOU PROVIDE TO US
We collect personal information that you provide to us via some of the LittleSecrets websites, email, mobile phone, when you sign up for a service, when you fill in a form, or otherwise. In any case, at the time of collection, you will be informed of the data controller, the purpose of the processing, the recipients of the information, as well as how to exercise your rights under current data protection legislation.
For example: you are likely to provide us with information when you contact our customer service, place a professional purchase order, register on our websites, update your preferences and account information, fill in a questionnaire, etc.
Generally, the personal information you provide us with are: name and surname, address, ID card number, date of birth, email address, contact telephone number and payment details. In 100% of the cases we collect data on personal characteristics, professional, commercial information, social or business circumstances.
If you have never asked us to send you commercial communications, you can sign up for the different newsletters that we make available to you or send us an e-mail to email@example.com.
INFORMATION WE COLLECT FROM YOUR VISITS TO OUR WEBSITES
We collect and store limited personal information and anonymous aggregate statistics from all users who visit our websites, whether you actively provide us with such information or are simply browsing our websites. The information we collect includes the Internet protocol (IP) address of the device you are using, the browser software you are using, your operating system, the date and time of access, the Internet address of the website through which you accessed our websites and also information about how you use our websites.
We use this information to find out how long our websites take to load, how they are used, the number of visits to the different sections and the type of information that most attracts professionals. It also helps to identify if the website is working correctly, and if we detect faults or errors in the operation, to solve them and improve the performance of our websites, in order to offer a better service to all users.
The use of social media is becoming increasingly common and LittleSecrets is present on most social media sites and is another way of contacting you.
The information we collect through social media sometimes includes personal information that is available online and to the public. We always ensure that all information we use is either correctly attributed to its source or anonymised.
These social networks are likely to have their own privacy policies, which will explain how they use and share your personal information. We recommend that you carefully review their privacy policies before using these social networks to ensure that you are happy with the way in which your personal information is collected and shared.
LittleSecrets is continually developing App’s to enhance the shopping experience. When using the APPs, LittleSecrets has a geolocation tool whose main purpose is to know your location in order to show you the closest establishment to your location. Having the geolocation function activated on your mobile device allows you to benefit from all the functionalities of the Apps. If you do not have geolocation activated, we will inform you and ask for your permission beforehand with a notification.
This geolocation service will not be used to provide your location to third parties, unless required by law.
Most mobile devices provide users with the ability to disable location services. This is most likely to be found in the device’s settings menu. If you are unsure how to disable location services on your device, we recommend that you contact your mobile operator or the manufacturer of your device.
To disable location services on your Android device, select Location Services from your phone’s settings menu. Most Android devices allow you to disable location services for the entire phone, such as GPS services and location services from other carriers. Generally, when you do not check the box to enable location services, location services will remain disabled.
To disable location services on your iPhone device, you can disable location services on all iPhone models by going to the Settings menu and selecting Location. To disable location services for the entire device, swipe the bar until you see the Disable option. To disable location services for a specific application, swipe the bar next to each application name until you see the Disable option.
WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL INFORMATION?
For the processing of your personal information we rely on the legitimacy for several reasons:
For the performance of a contract and/or business relationship.
To comply with various legal obligations.
For legitimate interests, e.g. for security reasons, fraud prevention, to improve our services and products through market research, or to handle requests, queries or possible complaints that may arise.
With your consent, e.g. to send you personalised offers from LittleSecrets.
TO WHOM MAY WE DISCLOSE YOUR PERSONAL INFORMATION?
If you have given us your consent, the information you provide will be passed on to the LittleSecrets companies for the purposes described above. Not all of the purposes described above involve the transfer of data.
In some cases, it is necessary for us to disclose the information you have provided to us to third parties in order to provide you with the requested service, e.g. logistics, transport and delivery services.
There are also companies that provide us with other types of services such as: information technology (storage and processing of information), security services, financial services, auditing services, etc.
These third parties only have access to the personal information they need to perform these services. They are required to keep your personal information confidential and may not use it in any way other than as we have requested.
In all cases, LittleSecrets. assumes responsibility for the personal information you provide to us, and we require those companies with whom we share your personal information to apply the same level of information protection as we do.
In addition, your personal information will be available to public authorities, judges and courts, for the attention of possible liabilities arising from the processing.
The personal information we collect resides in Spain, although some LittleSecrets group companies may have a presence in other countries and your personal information may be collected in the country in which you reside.
In certain cases, services are contracted in Cloud Computing mode in the USA, with international data transfers taking place. In these cases, appropriate safeguards are in place to protect your information and you may obtain further information by writing to firstname.lastname@example.org.
Security of data access by Call Centres: All littlesecrets.store webservices are securely encrypted and independently registered. We have implemented different levels of call control when different levels of the agent organisation access customer data.
LINKS TO THIRD PARTY WEBSITES
Where we provide links to websites that are not operated or controlled by LittleSecrets, you will be promptly informed that LittleSecrets has no control over such websites and is not responsible for the content of such websites, has no control over the way in which third parties collect and use your personal information and is not responsible for and makes no representations whatsoever about third party websites.
These websites may have their own privacy policies explaining how they use and share your personal information. We encourage you to carefully review their privacy policies before using these websites to ensure that you are happy with the way in which your personal information is collected and shared.
HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?
We only store your personal or professional information to the extent that we need it in order to use it for the purpose for which it was collected, and in accordance with the legal basis for processing it in accordance with applicable law. We will keep your personal information for as long as there is a contractual and/or business relationship with you, or as long as you do not exercise your right to erasure and/or restriction of processing of your data.
In these cases, we will keep the information duly blocked, without making any use of it, while it may be necessary for the exercise or defence of claims or may derive some kind of judicial, legal or contractual liability from its processing, which must be attended to and for which its recovery is necessary.
HOW CAN YOU EXERCISE YOUR RIGHTS?
Data protection regulations allow you to exercise your rights of access, rectification, objection, erasure, restriction of processing, portability and the right not to be subject to individualised decisions before the data controller.
These rights are characterised by the following:
The exercise of these rights is free of charge
If the requests are manifestly unfounded or excessive (e.g. repetitive nature) the controller may:
Charge a fee proportional to the administrative costs incurred.
Refuse to act.
Requests must be responded to within one month, although, taking into account the complexity and number of requests, the deadline may be extended for a further two months.
The controller is obliged to inform you about the means to exercise these rights. These means must be accessible and this right cannot be denied on the sole ground that you choose another means.
If the request is made by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.
If the data controller does not comply with the request, it shall inform the data subject within one month of the reasons for its failure to act and of the possibility of lodging a complaint with a supervisory authority.
You may exercise your rights directly or through your legal representative.
It is possible that the person in charge may be the one to deal with your request on behalf of the data controller if both have established this in the contract or legal act that binds them.
RIGHT OF ACCESS
The right of access means that you may contact the data controller to find out whether or not the controller is processing your personal data.
RIGHT OF RECTIFICATION
The right of rectification means that you may obtain rectification of your personal data that is inaccurate without undue delay from the controller.
Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of an additional statement.
In your request, you should indicate which data you are requesting and the correction to be made. In addition, where necessary, your request must be accompanied by documentation justifying the inaccuracy or incompleteness of your data.
Download the right of correction form here
RIGHT OF OPPOSITION
The right to object, as its name suggests, means that you may object to the controller processing your personal data in the following cases:
When they are subject to processing based on a public interest mission or legitimate interest, including profiling.
Where the processing is carried out for the purpose of direct marketing, including also the aforementioned profiling.
Download the right to object form here
RIGHT OF ERASURE
The right of erasure may be exercised against the data controller by requesting the erasure of your personal data in the following circumstances:
If your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
If the processing of your personal data has been based on the consent you provided to the controller, and you withdraw your consent, provided that the processing is not based on another legitimate ground.
The controller’s processing was based on legitimate interest or on the performance of a task carried out in the public interest, and no other grounds have prevailed to legitimise the processing of your data.
To have your personal data processed for the purposes of direct marketing, including profiling in connection with such marketing.
If your personal data have been unlawfully processed.
However, this right is not unlimited, so that it may be feasible not to proceed to erasure when the processing is necessary for the exercise of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of public powers vested in the controller, for reasons of public interest, in the field of public health, for archiving purposes in the public interest, for scientific or historical research purposes or statistical purposes, or for the formulation, exercise or defence of claims.
The data controller is obliged to block the data when rectifying or deleting them.
The blocking of the data consists of the identification and reservation of the data, adopting technical and organisational measures to prevent their processing, including their visualisation, except for making the data available to judges and courts, the Public Prosecutor’s Office or the competent Public Administrations, in particular the data protection authorities, for the enforcement of possible liabilities arising from the processing and only for the period of limitation of the same.
Once this period has elapsed, the data must be destroyed.
Download the right of erasure form here
RIGHT TO LIMITATION OF PROCESSING
This new right consists of obtaining the limitation of the processing of your data by the data controller, although it can be exercised in two ways:
You may request the suspension of the processing of your data:
When you contest the accuracy of your personal data, for a period of time that allows the data controller to verify it.
When you have objected to the processing of your personal data carried out by the controller on the basis of legitimate interest or public interest mission, while the controller verifies whether these grounds prevail over yours.
Ask the data controller to keep your data:
Where the processing is unlawful and you have objected to the erasure of your data and instead request the restriction of its use.
When the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the formulation, exercise or defence of claims.
Download the form right of restriction here
RIGHT TO PORTABILITY
The purpose of this new right is to further strengthen the control of your personal data, so that where processing is carried out by automated means, you receive your personal data in a structured, commonly used, machine-readable and interoperable format and can transmit them to another controller, provided that the processing is legitimate on the basis of consent or in the context of the performance of a contract.
However, this right, by its very nature, cannot apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the controller.
Download the right of portability form here
WHERE CAN YOU EXERCISE YOUR RIGHTS?
In order to exercise your rights, LittleSecrets provides you with the following means:
By written and signed request addressed to LittleSecrets, Polígono Industrial Los Palillos calle uno 3 ,41500 Alcalá de Guadaira, Sevilla, attaching a photocopy of your ID card or document proving the identity of the applicant.
By sending the completed and signed form together with a photocopy and/or scanned copy of the DNI or document accrediting the identity of the applicant to the e-mail address email@example.com.
You may file a complaint with the Spanish Data Protection Agency, especially when you are not satisfied with the response to the exercise of your rights. For further details, please consult the website www.agpd.es.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We are committed to protecting your personal information. We use appropriate technical and organisational measures to protect your personal information and privacy and we review these measures regularly. We protect your personal information by using a combination of physical, computer and logical security controls, including access controls that restrict and manage how your personal information and personal data is processed, administered and managed. We also ensure that our employees are properly trained to protect your personal information. Our procedures indicate that we may ask you for proof of identity before we share your personal information with you.
In accordance with our guarantee of security and confidentiality, we are particularly interested in offering you the highest level of security and protecting the confidentiality of the personal information you provide us with. Therefore, business transactions are conducted in a secure server environment under SSL (Secure Socket Layer) protocol.
The Internet is a medium that makes it possible to carry out commercial transactions over the network. Therefore, one of the main concerns of users who use the Internet is the security of data on the network.
An e-commerce transaction is understood as the whole process of making a commercial agreement including the contact between both parties: customer and company. The aspects that all commercial transactions must include are:
Authentication, which guarantees the legal or physical personality with which we are communicating.
Integrity, which means that the content of the communication between both parties cannot be modified.
Confidentiality, which consists of the guarantee that no unauthorised person can know the content of the communication.
We are particularly concerned about security and ensuring the confidentiality of the data provided by you. That is why we are members of Confianza Online, a system for resolving possible disputes that may arise between consumers and companies in the field of e-commerce and interactive advertising, supported by a large number of business associations, the National Institute of Consumer Affairs, the Spanish Data Protection Agency and the Ministry of Science and Technology.
ARE CHILDREN’S DATA PROCESSED?
Dremlove is only aimed at the professional public with an incorporated company or a duly registered freelancer. For this reason, our access control to our websites is limited to professionals over 18 years of age.
If we discover that we have inadvertently obtained personal information from a minor, we will delete this information as soon as possible.
WHAT PRECAUTIONS SHOULD BE TAKEN INTO ACCOUNT?
These are some of the precautions that we advise our customers to take:
Do not give your username or password to anyone.
Do not write it down in easily accessible places: computer, diary, etc.
Always use our SSL security system.
Always disconnect the browser session after having accessed a security zone or after having entered the user name or password into the system.
Changes to this data protection information
We will review and update the data protection information when there are changes in the law or in any of the procedures for processing your personal information.
TRANSFER OF INFORMATION TO LittleSecrets’ PARTNERS
Any information you share with LittleSecrets may not be shared with or transferred to any LittleSecrets affiliated entities (including LittleSecrets LLC and , Inc.), regardless of where you are located, for the purpose of providing services to you and improving the site. This includes LittleSecrets partner entities located outside the European Union (“EU”) or Switzerland.
This data protection information was last reviewed and updated in July 2020.