This Privacy Policy explains how BIOLUMINIS INTERNATIONAL CORPORATION, S.L. processes users’ personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Law 3/2018 (LOPDGDD).
1. Data controller
- Owner: BIOLUMINIS INTERNATIONAL CORPORATION, S.L.
- VAT: B96586870
- Address: Avenida Aragón 30, 8th Floor, 46021 Valencia (Spain)
- Email: info@bioluminis.com
- Phone: +34 621 203 207
2. Purposes of processing
- Manage contractual relationship: orders, payments, deliveries, customer service.
- Comply with legal obligations (tax and accounting).
- Send marketing communications if expressly authorised by the user.
- Improve our services and website security through cookies and analytics (subject to consent).
3. Legal basis
- Performance of a contract (Art. 6.1.b GDPR).
- Compliance with legal obligations (Art. 6.1.c GDPR).
- Consent (Art. 6.1.a GDPR) for marketing and non-essential cookies.
- Legitimate interest (Art. 6.1.f GDPR) to improve services and prevent fraud.
4. Recipients and processors
Data may be processed by technology providers, hosting services, payment gateways (e.g. Redsys, PayPal), courier and logistics services, under data processing agreements. Data will not be disclosed to third parties except under legal obligation.
5. International transfers
When using services located outside the EEA (e.g., Google, Mailchimp), adequate protection is ensured through EU Standard Contractual Clauses or other recognised safeguards.
6. Data retention
- Customer data: for the duration of the contractual relationship and thereafter as long as required by law (e.g. tax: 6 years).
- Marketing data: until the user withdraws consent.
7. Users’ rights
Users may exercise their rights of access, rectification, erasure, restriction, portability and objection by contacting info@bioluminis.com. They also have the right to lodge a complaint with the Spanish Data Protection Authority (www.aepd.es).
8. Security
Bioluminis applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss or alteration.
9. Minors
Our services are not directed at children under 14 years of age. If we become aware of processing of minors’ data without valid consent, such data will be deleted immediately.