PRIVACY POLICY – EXPANDED INFORMATION
LAST MODIFICATION: 01-12-20245
The Privacy Policy is part of the General Conditions that govern the Website https://www.newfeeling.site together with the Cookies Policy and the Legal Notice.
NEW FEELING SPA (JIHAN MAZIRH KHALIQI) reserves the right to modify or adapt this Privacy Policy at any time. Therefore, we recommend that you review it each time you access the Website. In the event that the user has registered on the website and accesses their account or profile, upon accessing it, they will be informed if there have been substantial changes in relation to the processing of their personal data.
Who is responsible for the processing of your data?
The data that is collected or provided to us voluntarily through the Website, either by browsing it, as well as all that you can provide us in the contact forms, via email or by telephone, will be collected and processed by the Data Controller, whose details are indicated below:
NEW FEELING SPA (JIHAN MAZIRH KHALIQI). VAT: 09888178H
Address: Avenida España s/n, 38660, Costa Adeje, Tenerife
Contact at NEW FEELING SPA (JIHAN MAZIRH KHALIQI) for the protection of your personal data
Phone: __
Email Data Protection Officer (DPD): spanewfeeling@gmail.com
If, for any reason, you want to contact us in any matter related to the processing of your personal data or privacy (with our Data Protection Officer), you can do so through any of the means indicated above.
What data do we collect through the website?
By simply browsing the Website, NEW FEELING SPA (JIHAN MAZIRH KHALIQI) will collect information regarding:
- IP adress.
- Browser version.
- OS.
- Duration of the visit or navigation through the Website.
Such information is stored through Google Analytics, so we refer to Google’s Privacy Policy, since it collects and processes such information. http://www.google.com/intl/en/policies/privacy/
Likewise, if the Website provides the Google Maps utility , it may have access to your location, assuming you allow it, in order to provide you with greater specificity about the distance and/or or roads our headquarters. In this regard, we refer to the Privacy Policy used by Google Maps, in order to know the use and processing of such data http://www.google.com/intl/en/policies/privacy/
The information that we handle will not be related to a specific user and will be stored in our databases, with the purpose of carrying out statistical analysis, improvements on the Website, on our products and/or services and will help us improve our strategy. commercial. The data will not be communicated to third parties.
User registration on the website / Submission of forms
In the event that, to access certain products and/or services, it is necessary for the user to complete a form, a series of personal data will be requested, which will be necessary and mandatory to carry out such registration. If such fields are not provided, registration will not take place.
In this case, the browsing data may be associated with the user’s registration data, identifying the same specific user who browses the Website. In this way, the offer of products and/or services can be personalized.
If applicable, the registration data of each user will be incorporated into the entity’s databases, along with the history of operations carried out by the same, and will be stored therein as long as the registered user’s account is not deleted. . Once such account is deleted, said information will be removed from our databases, keeping aside for 10 years the data related to the transactions carried out, without accessing or altering them, in order to comply with the legally valid deadlines. Data that is not linked to the transactions carried out will be maintained unless you withdraw consent, in which case it will be deleted immediately (always taking into account the legal deadlines).
The legal basis for the processing of your personal data is the execution of a contract between the parties.
In relation to the sending of communications and promotions electronically and the response to requests for information, the legitimation of the processing is the user’s consent.
The purposes of the treatment will be the following:
a) Manage your access to the Website.
b) Manage the utilities made available to you through the Website.
c) Keep you informed of the processing and status of your requests.
d) Respond to your request for information.
Thus, we inform you that you will be able to receive communications via email and/or on your telephone, in order to inform you of possible incidents, errors, problems and/or status of your requests.
To send commercial communications, the user’s express consent will be requested when registering. In this regard, the user may revoke the consent given by contacting NEW FEELING SPA (JIHAN MAZIRH KHALIQI), using the means indicated above. In any case, in each commercial communication, you will be given the possibility of unsubscribing upon receiving them, either through a link and/or email address.
If you are one of the following groups, consult the drop-down information:
+ CONTACTS FROM THE WEBSITE OR EMAILFor what purposes are we going to process your personal data?
Respond to your queries, requests or requests.
Manage the requested service, answer your request, or process your request.
Information by electronic means, which relates to your request.
Commercial or event information by electronic means, provided there is express authorization.
What is the legitimacy for the processing of your data?
Acceptance and consent of the interested party: In those cases where to make a request it is necessary to complete a form and “click ” on the send button, completing the request will necessarily imply that you have been informed and have expressly given your consent to the content. of the clause attached to said form or acceptance of the privacy policy.
All our forms have a checkbox with the following formula, to be able to send the information: “□ I have read and accept the Privacy Policy.”
+ CUSTOMERSFor what purposes are we going to process your personal data?
Preparation of the budget and monitoring it through communications between both parties.
Information by electronic means, which relates to your request.
Commercial or event information by electronic means, provided there is express authorization.
Manage the administrative, communications and logistics services performed by the Controller.
Carry out the corresponding transactions.
Invoicing and declaration of appropriate taxes.
Control and recovery procedures.
What is the legitimacy for the processing of your data?
The legal basis is your consent and the execution of a contract.
+ SUPPLIERS.For what purposes are we going to process your personal data?
Information by electronic means, which relates to your request.
Commercial or event information by electronic means, provided there is express authorization.
Manage the administrative, communications and logistics services performed by the Controller.
Billing.
Carry out the corresponding transactions.
Invoicing and declaration of appropriate taxes.
Control and recovery efforts.
What is the legitimacy for the processing of your data?
The legal basis is the acceptance of a contractual relationship, or failing that your consent when contacting us or offering us your products in any way.
+ SOCIAL NETWORKS CONTACTSFor what purposes are we going to process your personal data?
Respond to your queries, requests or requests.
Manage the requested service, answer your request, or process your request.
Relate to you and create a community of followers.
What is the legitimacy for the processing of your data?
The acceptance of a contractual relationship in the corresponding social network environment, and in accordance with its Privacy policies:
Instagram https://help.instagram.com/155833707900388
Whatsapp https://www.whatsapp.com/legal/#privacyHow long will we keep personal data?
We can only consult or delete your data in a restricted way by having a specific profile. We will treat them for as long as you let us follow us, be friends or click “like”, “follow” or similar buttons.
Any rectification of your data or restriction of information or publications must be made through the configuration of your profile or user on the social network itself.
+ VIDEO SURVEILLANCEFor what purposes are we going to process your personal data?
Video surveillance of our facilities.
Control of our employees.
Sometimes they can be transferred to the courts and tribunals for the exercise of legitimate actions.
What is the legitimacy for the processing of your data?
The unequivocal consent of the interested party when accessing our facilities after viewing the information sign of the video-surveillance area.
+ JOB SEEKERSFor what purposes are we going to process your personal data?
Organization of selection processes for hiring employees.
Appoint you for job interviews and evaluate your candidacy.
If you have given us your consent, we may transfer it to collaborating or related entities, with the sole objective of helping you find employment.
What is the legitimacy for the processing of your data?
The legal basis is your unequivocal consent, when you provide us with your CV and receive and sign information regarding the treatments that we are going to carry out.
How long will we keep personal data?
The resume will be stored for a period of one year, after which, if we have not contacted you, it will be deleted.
- HUMAN RESOURCES
For what purposes are we going to process your personal data?
Management of the employment relationship and the worker’s file.
Carry out all administrative, tax and accounting procedures necessary to comply with our contractual commitments, obligations regarding labor regulations, Social Security, occupational risk prevention, tax and accounting.
Payroll payment management through a financial institution.
Time control through the fingerprint/card access control system (if applicable).
Management of the entity’s collective insurance / pension plan.
Carry out training actions, both subsidized and non-subsidized training.
What is the legitimacy for the processing of your data?
The legal basis for the processing of your data is the execution of your employment contract. Compliance with relevant legal obligations. The consent of the interested party.
Do we include personal data of third parties?
No, as a general rule we only process data that is not provided by the owners. If you provide us with data from third parties, you must first inform and request their consent from said people, or otherwise you exempt us from any responsibility for non-compliance with this requirement.
And minor data?
In compliance with current legislation, we do not process data from children under 14 years of age on the website, therefore, please refrain from providing it if you are not of that age.
Will we communicate by electronic means?
They will only be carried out to manage your request, if it is one of the contact methods that you have provided us.
If we make commercial communications, they will have been previously and expressly authorized by you.
What security measures do we apply?
You can rest assured: we have adopted an optimal level of protection for the personal data we handle, and we have installed all the means and technical measures at our disposal, according to the state of technology, to prevent loss, misuse, alteration, access, unauthorized and theft of personal data.
To what extent will decision making be automated?
NEW FEELING SPA (JIHAN MAZIRH KHALIQI) does not use fully automated decision-making processes to establish, develop or terminate a contractual relationship with the user. If we use such processes in a particular case, we will keep you informed and communicate your rights in this regard if required by law.
Will profiling take place?
In order to be able to offer you products and/or services according to your interests and improve your user experience, we may create a “commercial profile” based on the information provided. However, automated decisions will not be made based on said profile.
To which recipients will your data be communicated?
Your data will not be transferred to third parties, except under legal obligation. Specifically, they will be communicated to the State Tax Administration Agency and to banks and financial entities for collection of the service provided or product purchased, as well as to those responsible for the processing necessary for the execution of the agreement.
In the case of purchase or payment, if you choose an application, website, platform, bank card, or some other online service, your data will be transferred to that platform or processed in its environment, always with maximum security.
In the event that you have given us your consent to process your name and images and other information related to the activity of NEW FEELING SPA (JIHAN MAZIRH KHALIQI), they will be disclosed on the entity’s different social networks and website.
International transfers.
Should NEW FEELING SPA (JIHAN MAZIRH KHALIQI) need to transfer data internationally, it will ensure that such transfers are permissible in accordance with the General Data Protection Regulation (GDPR) or any other applicable legal requirements. To this end, the company will adopt the necessary agreements to guarantee a level of data protection equivalent to that provided for in European regulations.
If working with a shared folder system in applications such as Dropbox, Google Drive, Microsoft OneDrive, Amazon, Apple, HubSpot, etc., an international transfer will be carried out, adopting appropriate safeguards under the GDPR, through:
- The use of the EU-US Data Privacy Framework (DPF) for services that adhere to this mechanism (e.g., US providers with DPF certification).
- Failing that, through Standard Contractual Clauses (SCCs) approved by the European Commission, along with data transfer impact assessments (TIAs) and supplementary measures where necessary.
In any case, users can request information about the countries involved, the guarantees applied, and access redress mechanisms in case of an incident.
What Rights do you have?
To know if we are processing your data or not.
To access your personal data.
To request rectification of your data if it is inaccurate.
To request the deletion of your data if it is no longer necessary for the purposes for which it was collected or if you withdraw the consent granted.
To request the limitation of the processing of your data, in some cases, in which case we will only keep them in accordance with current regulations.
To carry your data, which will be provided to you in a structured, commonly used or machine-readable format. If you prefer, we can send them to the new person in charge that you designate for us. It is only valid in certain cases.
To file a claim with the Spanish Data Protection Agency, if you believe that we have not served you correctly.
To revoke consent for any treatment to which you have consented, at any time.
If you modify any information, please let us know so we can keep it updated.
Do you want a form to exercise Rights?
We have forms for the exercise of your rights, ask us by email or if you prefer, you can use those prepared by the Spanish Data Protection Agency or third parties.
These forms must be signed electronically or be accompanied by a photocopy of your DNI.
If someone represents you, you must attach a copy of their ID, or have them sign it with their electronic signature.
The forms can be submitted in person, sent by letter or by email to the address of the Controller at the beginning of this text.
You have the right to file a claim with the Spanish Data Protection Agency, in the event that you consider that your request for your rights has not been adequately attended to.
The maximum period to resolve by NEW FEELING SPA (JIHAN MAZIRH KHALIQI) is one month, counting from the effective receipt of your request by us.
You have the right to revoke consent at any time for any of the processing for which you have granted it.
Do we process cookies?
If we use other types of cookies that are not necessary, you can consult the cookie policy in the corresponding link from the beginning of our website.
How long will we keep your personal data?
Personal data will be maintained as long as you remain linked to us.
Once you unlink, the personal data processed for each purpose will be kept for the legally established periods, including the period in which a judge or court may require them in accordance with the statute of limitations for judicial actions.
The processed data will be maintained as long as the legal periods mentioned above do not expire, if there is a legal obligation to maintain it, or if no such legal period exists, until the interested party requests its deletion or revokes the consent granted.
We will maintain all information and communications related to your purchase or the provision of our service, for as long as the guarantees of the products or services last, to address possible claims.
For each treatment or type of data, we provide you with a specific period, which you can consult in the following table:
Data relating to Document Conservation
Clients and suppliers
By way of example and without limitation, some of the most significant documents are cited below. Invoices (issued by the company and drawn against the company). Contracts between merchants (sale, commission, transportation, provision of services, etc.) Contracts with individuals. Real estate contracts (leases of business premises, purchase and sale, exchange, etc.) Commercial correspondence Contracts and banking documentation (checking accounts, deposits, leasing, renting, etc.). Expense notes. Obligation to keep the documentation for a minimum of 6 years. It is advisable to keep it depending on the case of prescription of actions. Article 30 of the Commercial Code establishes that business owners will keep the books, correspondence, documentation and supporting documents relating to their business for six years from the last entry made in the books. However, this rule is limited to establishing a minimum period of time during which, in response to general interests, the merchant must keep the documents that have been generated during the development of his activity.
Documents and records of tax significance General Tax Law arts. 66 to 70
4 previous years (years)
Obligated subjects of the Prevention of Money Laundering Law, documentation accrediting compliance with PBC obligations Law 10/2010 art. 25
10 years
Human Resources Payrolls, TC1, TC2, etc. 10 years (Royal Legislative Decree 5/2000, of August 4, which approves the consolidated text of the Law on Infractions and Sanctions in the Social Order).
Resumes Until the end of the selection process, and up to 2 more years unless the interested party revokes consent or requests deletion
Worker training Art 5.2, Order TAS/2307/2007
4 years
Workday Records Art. 34.9 Royal Legislative Decree 2/2015, which approves the consolidated text of the Workers’ Statute Law.
4 years
Dismissal compensation documents.
Contracts.
Temporary worker data. RD 425/2005 section . 3 Additional Provision 1
4 years
The art. 30 of the Commercial Code establishes a minimum period of 6 years. Organic Law 7/2012 recommends keeping it for 10 years.
Worker’s file. Up to 5 years after discharge (Royal Legislative Decree 5/2000, of August 4, which approves the consolidated text of the Law on Infractions and Sanctions in the Social Order).
Documentation or computer records proving compliance with OHS regulations RDL 5/2000 art. 4
5 years
Marketing Databases or web visitors. While the treatment lasts.
Access control and video surveillance Visitor registration Instruction 1/1996 AEPD
30 days
Video surveillance
video surveillance systems will be canceled within a maximum period of one month from their capture.
The recordings will be destroyed within a maximum period of one month from their capture, unless they are related to serious or very serious criminal or administrative infractions in matters of public security, with a police investigation in progress or with an open judicial or administrative procedure. Instruction 1/2006 AEPD
30 days
Accounting Books and accounting documents. Annual accounts
Partner and board of directors agreements, company statutes, minutes, board of directors regulations and delegated commissions.
Financial statements, audit reports
Records and documents related to grants Commercial Code art. 30:
6 years
Corporate Documentation
Deeds of incorporation of the company together with the bylaws, deeds of elevation of social agreements, granting/renewal of powers, deed of sale of shares, deed of sale of assets, shares, dissolution/liquidation, etc.)
Books of minutes of meetings of the general meeting and the board of directors (commercial companies), record book of regulatory actions, record book of partners, record book of contracts with the sole partner, other books.
Other types of corporate documentation (private contracts for the sale of shares, participatory loans, pledges of shares, etc.)
It is recommended to keep them throughout the life of the company, from its incorporation until at least 6 years after its dissolution and liquidation. In the event that the deeds will incorporate rights or obligations for the company, it is recommended to adhere to the prescription periods indicated above.
Obligation to keep the documentation for a minimum of 6 years. From the last entry made in the Books. They must be kept throughout the life of the company from its constitution until at least 6 years after its dissolution and liquidation.
It is recommended to keep them throughout the life of the company, from its incorporation until at least 6 years after its dissolution and liquidation.
Fiscal/Tax Carrying out the administration of the entity, rights and obligations related to the payment of taxes.
Administration of dividend payments and tax withholdings.
All documents that justify the tax performance of the taxpayer (proof of income and expenses), which includes both accounting and supporting documentation (contracts, invoices, receipts, delivery notes…) All types of tax declarations. Obligation to retain documentation: Minimum 4 years. Articles 66, 67 and 68, of the General Tax Law. The general prescription period for tax obligations is 4 years. Regarding tax returns, the 4-year limitation period begins from the day on which the voluntary tax filing period ends. In the event that there has been a subsequent action by the Administration (inspection, partial verification) or by the
taxable person (corrective declaration, appeal) who has interrupted the prescription, a new period of 4 years begins from that action. However, it is advisable to save the physical documentation Organic Law 7/2012 recommends keeping it for 10 years. Order EHA/962/2007 contemplates the possibility of destroying invoices received on paper if a certified digitization process has previously been carried out that obtains electronically signed digital copies.
Security and health Medical Records of Workers/Health data of Spa clients (treatments).
Article 17.1 of Law 41/2002 of November 14, on patient autonomy and rights and obligations regarding clinical information and documentation
5 years
Insurance Insurance policies 6 years (general rule)
2 years (damages)
5 years (personal)
10 years (life)
Legal
Intellectual and Industrial Property Documents.
Contracts and agreements. 5 years
Permits, licenses, certificates 6 years from the expiration date of the permit, license or certificate.
10 years (criminal prescription)
Confidentiality and non-compete agreements Always the duration of the obligation or confidentiality
Data protection regulations Records and documents proving compliance with the requirements of data protection regulations (audits, reports, manager contracts, etc. ) For the duration of the data processing and then during
3 years
Documentation proving that the requests for the exercise of rights of interested parties are attended to During
3 years after application
Logs / Records of access to information systems 2 years
If the treatment is based on the consent of the interested party, proof of consent For the duration of the data processing and then during
3 years
Traffic data relating to internet connections, emails and landline calls sent or received User identifier, IP address (origin/destination), telephone number, IMSI and IMEI (origin/destination), date and time of communication (start/end), identification of the type of service or communication used (voice, data, SMS or MMS) Article 5, of Law 25/2007, on the conservation of data related to electronic communications and public communications networks.
1 year
Biometric data (fingerprint, facial recognition), if applicable, in accordance with the guidelines published by the AEPD. The biometric data is recorded in the tool/software enabled for this purpose by the entity, if a positive Impact Assessment has been carried out, within the current legal framework. In compliance with the principle of limitation of the conservation period, personal data may be processed no longer than necessary for the purposes of the processing, therefore, taking into account the provisions of article 34.9 of the ET, the company will keep the records for four years and will remain available to workers, their legal representatives and the Labor and Social Security Inspection. It will be the user who notifies and initiates the definitive cancellation procedure.
Building access control: 30 days, files to control access (Inst. 1/1996 AEPD)
INACTIVE PRINTS: 6 MONTHS OF INACTIVITY. RECORDS: EMPLOYEES, 4 YEARS, NON-EMPLOYEES: 30 DAYS
Guests Registration of travelers/guests (check -in). 3 years (Organic Law 4/2015 on the protection of citizen security, Order INT/1922/2003 and in RD 933/2021, of October 26 (obligations of documentary registration and information of natural or legal persons who carry out lodging activities).