Privacy Policy
At JOYERIA JOSE LUIS, S.L., we understand that it is essential to maintain a transparent relationship with you; therefore, below, we present our Privacy Policy, so that you are duly informed at all times about how we collect and securely process any data you provide to us.
Your data will be processed in accordance with current legislation and, specifically, in accordance with the provisions of Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Also regarding Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights.
A careful reading of our Privacy Policy will provide you with the necessary information to know what destination we will give to the data you provide us.
1. Who is the data controller for your data?
If you, or an authorised person, have provided us with your data, we inform you that JOYERIA JOSE LUIS, S.L., with VAT number: ESB15052277 is the controller for the processing of these.
These data will be processed in accordance with the provisions of current regulations on personal data protection. It is possible that there are other controllers in the processing operations we carry out; in that case, we will always inform you of who the controller is, as well as their identification data.
In the case of selecting the "Aplázame" payment method, the user accepts that all their personal data be fully transferred to Aplázame from the moment the user has initiated the contracting of the deferred payment service offered by the latter at the time of choosing the payment method.
This acceptance extends to third-party entities that may need to access the files for the successful conclusion of the contract. At JOYERIA JOSE LUIS, S.L., we commit to complying with the obligation of secrecy regarding personal data and the duty to safeguard them. To this end, we adopt the necessary measures to prevent their alteration, loss, unauthorised processing, or access in accordance with the provisions of the Regulation.
2. Do we have a Data Protection Officer?
Yes, due to the nature of the data we process, we have a Data Protection Officer to guarantee compliance with current data protection regulations. You can contact them via joyeriajoseluis.dpo@convenceabogados.es.
3. Where do we inform?
At JOYERIA JOSE LUIS, S.L., we inform via the website www.joseluisjoyerias.com in the section corresponding to the Privacy Policy. More information in Legal Notice.
4. What personal data do we process?
The personal data we process are:
• Those that you decide to provide us voluntarily, or have provided to us through third parties that manage payment platforms or intervene during purchase processes (e.g. marketplaces).
• Data derived from registration on the web platform or in the loyalty club.
• Data derived from the communications you maintain with us.
• Information corresponding to your own browsing in the case of Online Services (IP address or information derived from cookies or similar devices; you can see our Cookies Policy on the web).
• Information that is available in publicly accessible sources, to which we may legitimately access.
• Data derived from the contractual or pre-contractual relationship you maintain with us, including your image, always informing you in this case of the possibility of capturing your image.
• Usage and behaviour data such as interaction with the website, the application, order history, or browsing.
• Those that third parties provide us about you, there being a legitimate basis for it or having obtained your consent for it.
• Data of third parties that you provide to us, with the prior consent of the third party in question.
The personal data we may collect from you include, but are not limited to, the following categories:
• Identification data: information that allows the identification and distinction of a natural person, such as name, handwritten and/or electronic signature, tax identification number, place and date of birth, nationality, photograph, and age.
• Account data: information provided by the user during the registration process or associated with their account within the platform.
• Contact data: information that allows us to communicate with you, such as address, email, landline and/or mobile telephone number.
• Data relating to physical characteristics: information linked to the physiognomy, anatomy, or particular traits of a natural person, including the measurements necessary for the manufacture of the products.
• Usage and behaviour data: information relating to the use of the web or the application, including interaction with the platform, order history, and browsing data.
• Financial or assets data: information related to assets, rights, charges, or obligations susceptible to economic valuation, such as bank account data, credit card numbers, or other financial information necessary to process payments.
The processing of your personal data may be necessary for compliance with applicable legal obligations, as well as for the execution and maintenance of any contractual relationship that JOYERIA JOSE LUIS, S.L. has or may have with you. In those cases where the processing does not derive from a legal or contractual obligation, and when appropriate, JOYERIA JOSE LUIS, S.L. will obtain your prior consent for the processing of your personal data, in terms of the applicable regulations. You can consult more information in the processing activities register section of this privacy policy.
5. How do we process the data?
At JOYERIA JOSE LUIS, S.L., we process your personal data always in strict compliance with current legislation. Furthermore, we inform you that we have appropriate technical and organisational measures to guarantee an optimal level of security, thereby ensuring that only authorised persons will have access, that we will keep them intact, avoiding any intentional or accidental loss, and that we have reinforced the data processing systems and services.
The operations, management, and technical procedures we perform in an automated or non-automated manner and that enable the collection, storage, modification, transfer, and other actions on personal data, are considered personal data processing.
6. What is the lawfulness of the processing?
The basis for the lawfulness of the processing of Personal Data will be that resulting from the contractual or pre-contractual relationship, the employment relationship, or any other required for data processing, such as express consent.
7. How do we manage electronic communications?
In accordance with the provisions of Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce, and Directive 2002/58/EC, we inform you that you may receive communications and information of a commercial nature through this electronic communication system (emails, automated form response messages, and other communication systems) when you have granted us your consent or if these are commercial communications regarding products or services similar to those previously provided by the controller of your data.
In the event that you do not wish to receive communications and information of this nature, you can notify us by this same means indicating in the subject "UNSUBSCRIBE COMMERCIAL COMMUNICATIONS" so that your personal data are removed from our database. Your request will be actioned within a period of 1 month from its sending. In the event that we do not receive an express response from you, we will understand that you accept and authorise our entity to continue carrying out the aforementioned communications.
On email marketing platforms, you may unsubscribe through the link included in the communications themselves; on other platforms, you may reject tracking through the cookies banner.
In the case of receiving such communications by these means, we inform you that the messages are addressed exclusively to their recipient and may contain privileged or confidential information. If you are not the indicated recipient, we notify you that the use, disclosure, and/or copying without authorisation is prohibited under current legislation.
8. How long do we keep your data?
The personal data relating to natural persons that we at JOYERIA JOSE LUIS, S.L. collect by any means, will be kept as long as the data subject does not request their erasure.
Likewise, they will be kept while the relationship that originated the data processing is maintained, respecting in any case the legal conservation periods. Once this period has concluded, personal data will be deleted from all JOYERIA JOSE LUIS, S.L. systems.
9. Will your data be communicated to third parties?
There will be no assignment, transmission, or transfer of personal data, except for those already informed, that are not as a consequence of a legal obligation. If, by requirement of the Public Administration or Regional Institutions within the scope of the functions that the law expressly attributes to them, your data are requested from us, these will be transmitted.
If there is an assignment, transmission, or transfer of personal data outside the cases previously provided for, you will be previously informed so that, if applicable, you provide us with your consent.
But in order to organise ourselves correctly, have good operations and procedures that guarantee good management, JOYERIA JOSE LUIS, S.L. may find it necessary to contract the services of advisors, professionals, or other service companies to process data under our instructions.
This processing on behalf of third parties is regulated in a contract in writing or in some other legally admitted form that allows for proof of its conclusion and content, expressly specifying that the processor will process the data according to our instructions and will not apply or use them for a purpose other than that appearing in said contract, nor communicate them, even for their conservation, to other persons.
We share your personal data with service providers, including technology service providers, in accordance with our instructions and solely for the performance of services necessary to fulfil the purposes described in this document, who will be obliged to process personal data according to the applicable legal provisions and to implement the corresponding security measures, without acquiring the character of data controllers at any time.
We do not authorise these service providers to use or disclose your personal data, unless it is necessary to provide services on our behalf or comply with legal requirements.
Examples of these service providers include data processors, software service providers, technology service providers, point-of-sale platforms, cloud hosting services, technical support and system maintenance, entities that process credit card payments, manage and reduce our credit risk, verify information, deliver orders, and offer marketing, analysis, and web hosting services.
In particular, the following providers may act as data processors:
• Klaviyo and Connectif (management of communications and marketing).
• Google Ads, Criteo, Meta, and Pinterest (management of advertising and digital marketing campaigns).
• Google Analytics and Microsoft Clarity (analysis of web use and user behaviour).
These providers will process personal data solely for the provision of the contracted services and in accordance with the corresponding processing assignment contracts, adopting the security measures required by data protection regulations.
If the holder does not express their opposition to their personal data being transferred, it will be understood that they have granted their consent for it.
10. What are your rights?
Data protection regulations confer the following rights upon you:
• Right of access: is the right of the User to obtain confirmation as to whether or not JOYERIA JOSE LUIS, S.L. is processing their personal data and, if so, to obtain information about their specific personal data and the processing that JOYERIA JOSE LUIS, S.L. has carried out or is carrying out, as well as, among other things, the information available on the origin of said data and the recipients of the communications made or planned for them.
• Right to rectification: is the right of the User to have their personal data modified that turn out to be inaccurate or, taking into account the purposes of the processing, incomplete.
• Right to erasure ("the right to be forgotten"): is the right of the User, provided that current legislation does not establish otherwise, to obtain the erasure of their personal data when these are no longer necessary for the purposes for which they were collected or processed; the User has withdrawn their consent to the processing and it does not have another legal basis; the User objects to the processing and there is no other legitimate reason to continue with it; the personal data have been processed unlawfully; the personal data must be erased in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a minor under 14 years of age. In addition to erasing the data, the Data Controller, taking into account the available technology and the cost of its application, must adopt reasonable measures to inform the controllers who are processing the personal data of the data subject's request for erasure of any link to those personal data.
• Right to restriction of processing: is the right of the User to restrict the processing of their personal data. The User has the right to obtain restriction of processing when they contest the accuracy of their personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the User needs them to make claims; and when the User has objected to the processing.
• Right to data portability: in the event that the processing is carried out by automated means, the User shall have the right to receive from the Data Controller their personal data in a structured, commonly used, and machine-readable format, and to transmit them to another data controller. Whenever technically possible, the Data Controller will transmit the data directly to that other controller.
• Right to object: is the right of the User that the processing of their personal data is not carried out or the processing of the same by JOYERIA JOSE LUIS, S.L. is ceased.
• Right not to be subject to a decision based solely on automated processing, including profiling: is the right of the User not to be subject to an individualised decision based solely on the automated processing of their personal data, including profiling, existing unless current legislation establishes otherwise.
If you wish for more information regarding the processing of your data, to rectify those that are inaccurate, to object to and/or restrict any processing that you consider is not necessary, or to request the cancellation of the processing when the data are no longer necessary, you can write to JOYERIA JOSE LUIS, S.L. at APD. CORREOS Nº94, 15172 - Oleiros (A Coruña) or via email to joyeriajoseluis.dpo@convenceabogados.es.
• Said communication must reflect the following information: name and surname of the user, the request made, the address, and the accrediting data.
• The exercise of rights must be performed by the user themselves. However, they may be executed by a person authorised as the legal representative of the authorised person. In such case, documentation proving this representation of the data subject must be provided.
Likewise, we want to inform you that you can withdraw the consent provided without affecting the lawfulness of the processing already carried out, by sending your request to the same address indicated in the previous paragraph.
In this case, you must accompany your request with a copy of your ID card or document proving your identity. In the event that you consider there is a problem or infringement of the current regulations in the way your personal data are being processed, you will have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular, in the State in which you have your habitual residence, place of work, or place of the alleged infringement. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/).
11. What is the purpose for data processing?
We detail below the purposes of the data processing operations carried out by some, or all, of the Data Controllers listed previously:
| PROCESSING ACTIVITY | PURPOSE OF THE PROCESSING | LAWFUL BASIS | CONSERVATION PERIOD |
|---|---|---|---|
| Tax and accounting management | Processing necessary for compliance with tax and accounting obligations | Contractual or commercial relationship; Legal obligation for the controller | 5 years from the end of the contract or for the time necessary to respond to legal obligations |
| Contact management | Processing of data to maintain communications with data subjects | Contractual or commercial relationship; Consent of the data subject | Until cancellation and/or objection or when no longer necessary for the purpose |
| Informative communication and notifications | Dissemination of activities and relevant information related to the entity | Legitimate interest of the controller or third parties; Consent of the data subject | Until cancellation and/or objection or when no longer necessary |
| Analysis of platform use | Analysis of user behaviour on the website or app for statistical purposes and service improvement | Consent of the data subject | Until cancellation and/or objection or when no longer necessary |
| Customer management | Processing necessary for maintaining the commercial/contractual relationship, billing, after-sales service, promotions and loyalty | Contractual or commercial relationship; Consent for marketing purposes | Until no longer necessary; for marketing, until consent is withdrawn |
| Sending of advertising | Sending commercial communications, offers and product information | Consent of the data subject | Until cancellation and/or objection; until data are no longer relevant |
| Electronic commerce | Management of orders and purchases through web platforms | Contractual relationship; Commercial relationship | 5 years from the end of the contract or as required by law |
| Supplier management | Supplier selection, contracting, order and payment management | Contractual relationship | Until no longer necessary for the purpose |
| Management of internal report files | Management of internal compliance and reporting systems | Legal obligation; Legal exceptions to consent | Time necessary to comply with legal obligations |
| Order management | Management and traceability of orders across sales channels | Contractual relationship; Commercial relationship | Until the end of the contractual relationship and necessary legal periods |
| Loyalty club management | Managing discounts, promotions and personalised communications | Consent of the data subject | Until consent is withdrawn |
| Management of repairs and guarantee | Management of repairs and product warranties | Legal obligation | Time necessary to comply with legal obligations |
| Handling queries, questions or requests | Responding and following up on user enquiries | Consent provided by submitting forms | Until resolved and for follow-up if necessary |
| User registration management | Registration and maintenance of user accounts | Consent of the data subject | While account is active and thereafter for legal claims |
| Allow purchases | Processing purchases and managing the commercial relationship | Contractual relationship | During the relationship and up to 5 years after |
| Transactional communications | Sending purchase-related communications | Contractual relationship | During the relationship and up to 5 years after |
| Billing and accounting | Managing invoicing and accounting obligations | Legal obligation | Duration required by law + 5 years |
| Product warranty processing | Managing product warranties | Legal obligation | Duration of warranty + up to 5 years |
| Stakeholder communications | Sending relevant company information | Legitimate interest | Until no longer necessary for the purpose |
Likewise, as secondary purposes, JOYERIA JOSE LUIS, S.L. may use your data for the following:
| Obtain information about your tastes and preferences from internal sources (...) | Obtain information about your tastes and preferences from internal sources (...) | Legitimate interest of JOYERIA JOSE LUIS, S.L., consisting of personalising commercial offers and marketing activities | While necessary for the purpose and consent is not revoked |
In addition to the above, JOYERIA JOSE LUIS, S.L., within the framework of its promotional activity, may provide you with resources for registration or subscription to news or commercial information related to JOYERIA JOSE LUIS, S.L. Such resources will always be subject to your prior and express consent to send them.
The contact channels available for sending commercial communications are the following: email, telephone, SMS, push notifications (App), and WhatsApp, as well as other similar communication means.
In the event that you have authorised it, JOYERIA JOSE LUIS, S.L. will send you information about its products, activities, and personalised services, in accordance with your tastes and preferences. Likewise, it is possible that you receive information related to JOYERIA JOSE LUIS, S.L. competitions and/or prize draws, as well as its corporate events and acts. In case you do not wish for your Personal Data to be processed for the aforementioned secondary purposes, you can communicate this to us from this moment, or otherwise you have a period of 5 (five) business days to manifest your refusal for the processing or exploitation of your Personal Data for the aforementioned secondary purposes through the mechanism indicated in point 10 of this Privacy Notice.
JOYERIA JOSE LUIS, S.L. will obtain your express consent for the processing of your personal data due to the possible adoption of automated decisions and/or profiling.
For the provision of some services, JOYERIA JOSE LUIS, S.L. may process your personal data using automated means. This means that certain decisions are made automatically, without human intervention. For example, you will receive specific communications in the event that you have products selected in the “Shopping bag” or “wishlist”, as well as when your order has left the JOYERIA JOSE LUIS, S.L. facilities.
Another processing that JOYERIA JOSE LUIS, S.L. may carry out with your data is profiling, with the purpose of predicting your behaviour. As a result, you will receive personalised commercial communications and/or products that may be of interest to you will be shown on the home page, based on the preferences you have shown in your previous purchases, through your browsing, or information obtained through cookies, as well as in the event that you are part of the Loyalty Programme.
You can review the applicable Cookies Policy at the following link https://www.joseluisjoyerias.com/pagina/12/politica-cookies/. Likewise, you can contact JOYERIA JOSE LUIS, S.L. for any doubt or query related to the processing of your personal data through the following address joyeriajoseluis.dpo@convenceabogados.es.
JOYERIA JOSE LUIS, S.L. commits to processing your personal data while they are truly useful and necessary to be able to offer you a quality service through their processing. Therefore, it will make all appropriate and reasonable efforts to minimise the period of processing and conservation of your personal data.
12. What is the purpose and lawful basis for data processing?
It is necessary that the User has read and agrees with the conditions on personal data protection contained in this Privacy Policy, as well as accepts the processing of their personal data so that the Data Controller can proceed with it in the manner, during the periods, and for the purposes indicated.
Use of the Website will imply acceptance of its Privacy Policy.
JOYERIA JOSE LUIS, S.L. reserves the right to modify its Privacy Policy, according to its own criteria, or motivated by a change in legislation, case law, or doctrine of the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. The User is recommended to consult this page periodically to be aware of the latest changes or updates.
This Privacy Policy was updated to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and to Organic Law 3/2018, of 5 December, on Personal Data Protection and guarantee of digital rights.
This Privacy Policy document has been revised as of: 26/03/2026