Legal information
Privacy policy
Information about how personal data may be collected and processed through this website and its contact channels.
This Privacy policy explains how Mercedes Pizarro Bernal, owner of La Mecha de Merche, may process and protect personal data collected through the website www.lamechademerche.es and its contact channels.
Use of this website implies acceptance of this Privacy policy, together with the conditions included in the Legal notice.
1. Data controller
- Controller / responsible party: Mercedes Pizarro Bernal
- Commercial name: La Mecha de Merche
- NIF: 80073208L
- Address: Avenida Fernando Calzadilla, 16, 06004 Badajoz, Spain
- Phone: +34 614 946 390
- Email: mepibe@gmail.com
- Website: www.lamechademerche.es
2. Personal data that may be collected
Browsing this website does not normally require users to provide personal data.
Personal data may be collected when users voluntarily contact the shop through the contact channels shown on the website, including forms, email, telephone or WhatsApp links.
The categories of data that may be processed include:
- Name and surname, where provided.
- Email address.
- Telephone number.
- Message content, enquiries, requests or order-related information.
- Any data voluntarily provided through forms, email communications or WhatsApp links.
- Basic technical data needed for website operation and security, where applicable.
Special categories of personal data are not requested.
3. Purposes of processing
Personal data may be processed for the following purposes:
- Respond to enquiries sent by users.
- Manage requests and communications related to the shop's activity.
- Handle orders, pickup requests or related customer communications.
- Provide customer service.
- Maintain the security and proper operation of the website.
- Comply with legal obligations where applicable.
Personal data will not be used for purposes incompatible with those described without informing the user and, where necessary, requesting consent.
4. Legal basis
The legal basis for processing personal data may be, depending on the case:
- The user's consent, when data is voluntarily provided through a form, email, telephone call or WhatsApp communication.
- The application of pre-contractual measures or the management of a customer request, when processing is necessary to respond to an enquiry, order or pickup request.
- The legitimate interest in maintaining website security, preventing misuse and managing ordinary customer communications, where applicable.
- Compliance with legal obligations that may apply to the controller.
5. Data retention
Personal data will be kept only for as long as necessary to fulfil the purpose for which it was collected, respond to the request, manage the relationship with the user or comply with applicable legal obligations.
When the data is no longer necessary, it will be deleted or blocked in accordance with applicable data protection rules.
6. Data sharing
Personal data is not sold to third parties.
As a general rule, personal data will not be disclosed to third parties except where legally required, when necessary to respond to a user request, or when service providers are needed for website operation, hosting, email, contact management or similar support services.
When users choose to communicate through external services such as WhatsApp, email providers or other third-party platforms, those services may process data under their own terms and privacy policies.
7. User rights
Users may exercise the rights of access, rectification, erasure, objection, restriction of processing and portability where applicable. Users may also withdraw consent at any time where processing is based on consent.
To exercise these rights, users may send a request to:
mepibe@gmail.com
The request should clearly identify the right being exercised and may need to include proof of identity when necessary.
Users also have the right to lodge a complaint with the Spanish Data Protection Agency where they consider that the processing of their personal data does not comply with applicable regulations.
8. Security measures
The controller applies reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.
However, users should be aware that security measures on the Internet are not absolute.
9. Accuracy of data
Users are responsible for ensuring that any personal data they provide is accurate, complete and up to date, and for notifying any relevant changes.
10. Third-party websites and services
This website may include links or access to third-party services such as WhatsApp or other external resources.
The controller is not responsible for personal data processing carried out by those third parties. Users should review the privacy policies of any external services they use.
11. Cookies
This website may use technical cookies or similar technologies necessary for operation. Further information is available in the Cookies policy linked in the footer.
12. Changes to this Privacy policy
The controller reserves the right to update this Privacy policy to reflect legal changes, guidance from supervisory authorities or changes in the operation of the website.
The current version will be the one published on this website at any time.