Introduction

At yumearth.eu, we hereby undertake to ensure your personal information is protected and not used improperly.

This privacy policy explains who the data controller is, the purpose of processing your personal information, the legal basis for the processing, how the data is collected, why it is collected, how it is used, the rights you have as well as the processes we have implemented to protect your privacy.

By providing us with your personal information and using our website, it is our understanding that you have read and understood the terms related to the personal data protection information explained. 

yumearth.eu hereby undertakes to comply with national and European laws in effect on personal data protection and aims to process your data legally, faithfully and transparently.

Scope of application

This document applies to yumearth.eu as concerns the development of its product sale promotion activities through its website www.yumearth.eu .

Who is the data controller?

Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data defines the data controller as follows:

“Data controller” or “controller”: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The data controller liable for your personal data is:

  • Business name: GURUX ENTERTAINMENT S.L. (hereinafter “GURUX”).
  • Registered address: c/ Ganduxer 127. 08022 Barcelona (Spain)
  • Email: legaldpt@gurux.net
  • Tax identification no.: B-62824198
  • Registered with the Trade Register of Barcelona: Volume 34430, Folio 80, Page B 246406 
  • Website: www.yumearth.eu ( (hereinafter the “Website” or the “Webpage”)

What is the purpose of collecting your personal information?

The main reason we collect your personal information is to respond to queries or questions you may ask through the contact form found in the Contact section of our website. 

We also do so to facilitate and enhance the service you expect from us as a customer.

We collect your personal information to manage your purchases, orders or requests through our website.

What follows are the main purposes we have identified:

  • To manage contracts for products and services offered by GURUX.
  • To create and manage a personal account with a unique identifier so that it may be used to purchase the products offered at our website.
  • To channel requests for information, suggestions and claims from customers for the management and resolution thereof.
  • Surveys to improve our services.
  • Market studies and commercial prospection, consumer habit reports, statistical data and market trends in order to offer you products and services that may of interest to you.
  • To keep you informed of our latest products, offers, opportunities, etc. through any means (correspondence, telephone, email, SMS or any other electronic means including WhatsApp).

How do we collect information on you?

Information provided by you

We collect personal information you provide us with through the forms on our website, email or by phone.

In any case, upon any such collection, you will be informed of the data controller, purpose thereof, the recipients of the information as well as the manner in which you may exercise the rights you are granted by the laws in effect on data protection.

In general, the personal information you provide us with include: full name, address, email address and a contact phone number. 

If at any time during the commercial relationship, you provide third-party personal data, you undertake at all times to guarantee you are legitimately allowed to provide such data and have informed the data subject of the data processing, providing them for such purpose any information required by the laws in effect. Otherwise, you will be held liable for any breach or sanction that may be imposed deriving from your non-compliance.

What is the legal basis for processing personal information?

The basis for processing your personal information is user consent to the processing of their data for the purposes indicated in the paragraph above.

And we do so for various reasons:

  • Compliance with a contract and/or commercial relationship to manage the products and services contracted. 
  • User consent to send information on GURUX products and services.
  • To comply with various legal obligations, as applicable.

Who can we disclose your personal information to?

In some cases, it may be necessary to disclose the information you provide to third parties to be able to provide the service requested; for example, to the logistics, transport and delivery services.

Likewise, some companies which provide us with other types of services such as: information technology (data storage and processing), consulting services, etc.

These third parties only have access to the personal information they need to complete such services. They are required to keep your personal information confidential and may not use it in any other way other than as we have requested.

In any case, GURUX is liable for the personal information you provide to us and we request any companies with which we share personal information to apply the same level of information protection as we do.

Moreover, your personal information will be available to the public administrations, judges and courts to respond to any liability deriving from the processing.

International Data Transfers.

The personal information we collect remains in Spain. 

How long will we save your personal data?

We only save your personal information to the extent we need it to be able to use it for the purposes for which it was collected and in accordance with the legal basis of the processing thereof pursuant to applicable laws. 

We shall keep your personal information as long as there is a contractual and/or commercial relationship with you or until you exercise your right of deletion and/or restriction of processing of your data.

In these cases, we will keep the information duly blocked without using it in any way as long as it may be necessary to file or defend ourselves from claims or it may lead to any type of judicial, legal or contractual liability due to the processing thereof which must be handled and for which the recovery thereof may be necessary.

What are your rights and how can you exercise them?

Data protection laws set forth that you may contact the data controller to exercise your rights of access, rectification, objection, deletion, restriction of processing, portability and not to be subject of profiling.

These rights are characterized as follows:

  • You may exercise them free of cost.
  • If any requests are manifestly ungrounded or excessive (repetitive, for example), the controller may:
  • Charge a fee in proportion to the administrative costs incurred.
    • Refuse to act.
    • Requests must be answered within a period of one month; however, when considering the complex nature and number of requests, this period may be extended for another two months.
    • The controller is required to inform you of the means for exercising these rights. These means must be accessible and this right may not be denied solely because you choose another means.
    • If the request is submitted electronically, the information will be provided through such means whenever possible unless the data subject requests otherwise.
    • If the data controller denies the request, it must inform the data subject within one month of the reasons for such non-action and inform the data subject of their right to file a complaint with the Supervisory Authority.
    • You may exercise your rights directly or through your legal representative.
    • It is possible for the processor to process your request on behalf of the data controller if both have established such provision in the contract or legal document binding them to each other.

Right of access: The right of access means you may address the data controller to determine whether or not they are processing your personal data.

Right of rectification: The right of rectification means you may have your personal data corrected when they are inaccurate without undue delay by the data controller.

Considering the purposes of processing, you have the right to have any of your incomplete data completed including through an additional declaration.

You must indicate on your request which data you refer to and the correction requested. Moreover, when necessary, you must attach the documentation proving the inaccuracy or incomplete nature of your data to the request form.

Right of objection: The right of objection means you may object to the controller processing your personal data in the following situations:

  • When they are processed based on a mission of public interest or legitimate interest, including for profiling.
  • When the purpose of processing is direct marketing, including profiling as stated above.

Right of deletion: The right of deletion may be exercised with the controller by requesting your personal data be deleted in any of the following circumstances:

  • When your personal data are no longer necessary for the purposes for which they were collected or processed in another manner.
  • When the processing of your personal data was based on the consent granted to the controller and you withdraw such consent as long as said processing is not based on another legitimate cause.
  • The controller’s processing was based on a legitimate interest or compliance with a mission of public interest and no other reasons prevail to legitimize the processing of your data.
  • Your personal data are object of direct marketing including profiling related to such marketing.
  • When your personal data have been illegally obtained.

Nonetheless, this right is not unlimited meaning it may be feasible not to delete them when the processing is necessary to exercise freedom of expression and information, to comply with a legal obligation, to comply with a mission of public interest or to exercise public powers granted to the controller for reasons of public interest in the scope of public health, for the purposes of records of public interest, the purposes of scientific or historical research or for statistical purposes or to formulate, exercise or defend oneself from complaints.

The data controller will be required to block the data when rectification or deletion are required.

Data blocking consists of identifying and reserving it, adopting technical and organizational measures to prevent the processing thereof including visualization except to make the data available to judges and courts, the Public Prosecutor or competent Public Administrations, in particular data protection authorities, to enforce any liability deriving from the processing and only for the period of prescription thereof.

Following such period, the data must be destroyed.

Right to restriction of processing: This right consists of being able to restrict the processing of your data by the controller; however, there are two possibilities for any such restriction:

You may request that any processing of your data be suspended:

  • When you challenge the accuracy of your personal data for a period allowing the controller to verify the accuracy thereof.
  • When you have objected to the processing of your personal data by the controller based on a legitimate interest or mission of public interest for a period allowing the controller to verify whether such reasons prevail over yours.

You may request the controller save your data:

  • When the is illegal and you object to the erasure of your personal data and request a restriction of the use thereof instead.
  • When the data controller no longer needs the personal data for the purposes of processing yet the data subject needs them to formulate, exercise or defend themselves from complaints.

Where can you exercise your rights?

In order to exercise your rights, GURUX makes the following means available to you:

  • Through a signed written request to GURUX, proving your identity.
  • Through an email to: legaldpt@gurux.net attaching a scanned copy of your national identity document or other document proving the requesting party’s identity.

You may file a complaint with the Spanish Data Protection Agency, especially when you are not satisfied with the response to the exercise of your rights. For more details, please go to the website www.agpd.es

Copyright © GURUX ENTERTAINMENT S.L. All rights reserved, 2020.