In compliance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and its implementing regulations, you are informed that the personal data provided by you will be processed for the following purposes:

- To inform you about our products, promotions and news.
- Answer and manage your queries, comments, etc..
- Manage your participation in present and future selection processes, when you send us your data for this purpose. Through the completion of contact forms on the Web or by sending emails or any other type of request for information sent to Morgana Sanderson, the person concerned expressly consents to the processing of personal data.

In no case Morgana Sanderson, will use the personal data of the interested parties for purposes other than those mentioned above, or communicate them to third parties without the prior express consent of the affected, and undertakes to keep the due professional secrecy and to establish the necessary technical and organizational measures to safeguard the information in accordance with the requirements established by the aforementioned Regulation.

What category of data do we process? The data collected, including but not limited to, refers to the category of identifying data, such as: Name and Surname, Telephone, Postal Address, Company, Email, as well as the IP address from which you access the data collection form.

How long do we keep your data? In cases where purchases are made through the online store the personal data you provide will be retained for as long as the contractual relationship is maintained. Once the contractual relationship has ended, the data will be kept for as long as necessary to comply with legal obligations, in order to be able to respond to possible incidents of the services provided. Once the responsibilities deriving from these legal obligations have expired, your data will be deleted.

In the case of personal data necessary for sending commercial communications, as well as data obtained in other forms, we will keep your personal data from the time you give us your consent until you revoke it or request the limitation of treatment. In such cases, we will keep your data blocked for the legally required periods.

Do we make profiles with your data? The data entered by the user will not be used to make automated decisions or profiles.

What is the legal basis for the processing of your data? The legal basis for the processing of your data in the purposes I), II); III) is the execution of a contract and the fulfillment of legal obligations of the company to comply with its fiscal and tax obligations. As for the advertising mailings described in the purpose VIII) will require the consent of potential customers to send commercial information about products and services marketed by our company. However, in the case of sending advertising by electronic means to customers to whom we have provided a service or sold a good, Article 21.2 of the Law of Services of the Information Society and Electronic Commerce, legitimizes us to send you advertising without the need to obtain your consent.

The legitimacy for the processing of your data is the express consent given by a positive and affirmative act (fill out the appropriate form and check the box of acceptance of this policy) at the time of providing your personal data. The user must fill in the requested fields in order to send the completed forms, if the indicated fields are not filled in, the user will not be able to send them.

The processing of data sent through the mail published on the website is legitimized by the legitimate interest of our company to respond to communications received.

To whom do we give your data? Your personal data may be transferred to the transport companies we work with (DHL and Correos). This transfer of data is necessary to manage the shipment of the product purchased through this website.

No further data transfers or international transfers of your data are foreseen, except for those authorized by tax, commercial and telecommunications legislation, as well as in those cases in which a judicial authority requires us to do so.

What rights do you have and how to exercise them? The user has the right to access their personal data, to request the rectification of those that are inaccurate, as well as their deletion when, among other reasons, they are no longer necessary for the purposes for which they were collected. In certain circumstances, you may also request the limitation of their processing, in which case they will only be kept for the exercise or defense of claims, as well as to request the portability of your data. For reasons related to your particular situation, you may object to the processing of such data and MORGANA SANDERSON will stop processing them, except for compelling legitimate reasons, or the exercise or defense of possible claims.

The applicant may revoke the consents given at any time. The applicant may exercise his/her rights by sending an e-mail to hola@morganasanderson.com

What security measures do we have in place? As part of our commitment to ensure the security and confidentiality of your personal data, we inform you that we have adopted the necessary technical and organizational measures to ensure the security of personal data and avoid its alteration, loss, unauthorized processing or access, given the state of technology, the nature of the data stored and the risks to which they are exposed, according to Art. 32 of the RGPD EU 679/2016.

Our store is hosted by Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services.

Your data is stored through Shopify's data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

What about payment details? If you choose a direct payment gateway to complete your purchase, Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as necessary to complete your purchase transaction. Once completed, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set forth by PCI-DSS administered by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.