WEBSITE PRIVACY POLICY

www.zappegnostudio.com

I. PRIVACY AND DATA PROTECTION POLICY

In compliance with current legislation, Zappegno Studio Web (hereinafter, the “Website”) undertakes to adopt the necessary technical and organizational measures, according to the appropriate level of security for the risk of the data collected.

Laws incorporated into this Privacy Policy

This Privacy Policy complies with current Spanish and European regulations on the protection of personal data online, specifically:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).

  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPD-GDD).

  • Royal Decree 1720/2007, of December 21, implementing Organic Law 15/1999 on Personal Data Protection (RDLOPD).

  • Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The controller of the personal data collected on Zappegno Studio Web is:
Maria Victoria Zappegno, NIF: 33201104 (hereinafter, the Data Controller).

  • Address: Calle 6 Norte Bis esquina Av. 45 N S/N Col. Centro, Playa del Carmen, Q. Roo, Mexico

  • Phone: +52 9841115751

  • Email: hello@zappegnostudio.com

Registration of Personal Data

In compliance with the GDPR and LOPD-GDD, the personal data collected through the Website’s forms will be incorporated and processed in our file for the purpose of facilitating, streamlining, and fulfilling the commitments established between the Website and the User, maintaining the relationship indicated in such forms, or responding to a request or inquiry.

Unless the exception in Article 30.5 GDPR applies, a record of processing activities is maintained, specifying the purposes and circumstances of processing.

Principles of Data Processing

The processing of personal data will be governed by the following principles:

  • Lawfulness, fairness, and transparency: User consent will be obtained with prior transparency.

  • Purpose limitation: Data will only be collected for specific, legitimate purposes.

  • Data minimization: Only data strictly necessary will be collected.

  • Accuracy: Data must be accurate and updated.

  • Storage limitation: Data will be retained only as long as necessary.

  • Integrity and confidentiality: Data will be processed securely and confidentially.

  • Accountability: The Controller ensures compliance with these principles.

Categories of Data

Only identifying data are processed. No special categories of data (Article 9 GDPR) are processed.

Legal Basis

The legal basis for processing personal data is consent. The User may withdraw consent at any time, as easily as it was given. Withdrawal will not affect the lawful use of the Website.

Purposes of Processing

Personal data are collected to:

  • Fulfill commitments between the Website and the User.

  • Respond to inquiries or requests.

  • For commercial, statistical, and marketing purposes, to improve content, functionality, and user experience.

Data Retention

Data will be retained only for the necessary period and, in any case, for 24 months, or until the User requests their deletion.

Recipients

User data will not be shared with third parties unless expressly indicated at the time of collection.

Children’s Data

Only individuals over 14 years may lawfully give consent to the processing of their personal data. For children under 14, parental or guardian consent is required.

Data Security and Confidentiality

The Website uses an SSL (Secure Socket Layer) certificate, ensuring encrypted and confidential transmission of data.

However, due to the nature of the internet, the Data Controller cannot guarantee absolute security against hacking or unauthorized access. In case of a security breach likely to pose a high risk to User rights, the User will be informed without undue delay.

Personal data will be treated as confidential, and all employees, collaborators, or third parties with access will be legally bound to confidentiality.

User Rights

The User may exercise the following rights under the GDPR and LOPD-GDD:

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Right not to be subject to automated decision-making, including profiling

Requests must include:

  • Full name and copy of ID (or representation documents, if applicable).

  • Specific reason for the request.

  • Address for notifications.

  • Date and signature.

  • Supporting documents.

Requests can be sent to:

  • Postal address: Calle 6 Norte Bis esquina Av. 45 N S/N Col. Centro, Playa del Carmen, Q. Roo, Mexico

  • Email: hello@zappegnostudio.com

Third-Party Links

The Website may include links to third-party websites not operated by Zappegno Studio Web. These third parties are responsible for their own privacy policies and practices.

Complaints

If the User believes their rights are infringed, they may file a complaint with the competent supervisory authority in their place of residence, work, or where the infringement occurred. In Spain, the authority is the Spanish Data Protection Agency (https://www.aepd.es/).

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

Use of the Website implies full acceptance of this Privacy Policy.

Zappegno Studio Web reserves the right to modify this Privacy Policy at any time, whether for legal, case-law, or regulatory reasons. Users are advised to consult this page periodically for updates.

This Privacy Policy was last updated to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on Personal Data Protection and digital rights.