Legal notice

WEBSITE PRIVACY POLICY

RIVE store

I. PRIVACY POLICY AND DATA PROTECTION

In compliance with current legislation, RIVE store (hereinafter also referred to as the “Website”) undertakes to adopt the necessary technical and organizational measures according to the level of security appropriate to the risk of the data collected.

Laws Incorporated into This Privacy Policy

This privacy policy is adapted to current Spanish and European regulations regarding the protection of personal data on the internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

  • Organic Law 3/2018 of December 5 on Personal Data Protection and Guarantee of Digital Rights (LOPD-GDD).

  • Royal Decree 1720/2007 of December 21 approving the implementing regulations of Organic Law 15/1999 on Personal Data Protection (RDLOPD).

  • Law 34/2002 of July 11 on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The data controller responsible for the personal data collected by RIVE store is:

Federico Toso
Tax ID (NIF): 48464153

Address: Baigorria 5425
Phone: +54 11 28342439
Email: fedetoso2008@gmail.com

Personal Data Records

In compliance with the GDPR and LOPD-GDD, we inform you that the personal data collected by RIVE store through the forms on its pages will be incorporated into and processed in our records for the purpose of facilitating, streamlining, and fulfilling the commitments established between the Website and the User, maintaining the relationship established through forms completed by the User, or responding to requests or inquiries.

Additionally, unless the exception provided in Article 30.5 of the GDPR applies, a record of processing activities is maintained specifying the processing activities carried out and other circumstances established by the GDPR.

Principles Applicable to the Processing of Personal Data

The processing of the User’s personal data shall be subject to the following principles:

  • Lawfulness, fairness, and transparency: User consent will always be required after full transparency regarding the purposes of data collection.

  • Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.

  • Data minimization: Only strictly necessary personal data will be collected.

  • Accuracy: Personal data must be accurate and kept up to date.

  • Storage limitation: Personal data will only be kept for as long as necessary.

  • Integrity and confidentiality: Personal data will be processed securely and confidentially.

  • Accountability: The data controller is responsible for ensuring compliance with these principles.

Categories of Personal Data

The categories of data processed by RIVE store are solely identifying data. No special categories of personal data, as defined in Article 9 of the GDPR, are processed.

Legal Basis for Processing Personal Data

The legal basis for processing personal data is consent. RIVE store undertakes to obtain the User’s explicit and verifiable consent for processing personal data for one or more specific purposes.

The User may withdraw consent at any time, and doing so will be as easy as giving it. As a general rule, withdrawing consent will not affect use of the Website.

Whenever the User provides data through forms for inquiries, requests, or matters related to Website content, they will be informed if completion of any field is mandatory because it is essential for the operation requested.

Purposes of Data Processing

Personal data are collected and managed by RIVE store in order to facilitate, streamline, and fulfill commitments between the Website and the User, maintain relationships established through forms, or respond to inquiries and requests.

Data may also be used for commercial personalization, operational and statistical purposes, marketing studies, improving content quality, Website operation, and user navigation.

At the time personal data are collected, the User will be informed of the specific purpose or purposes for which the data will be used.

Retention Periods for Personal Data

Personal data will only be retained for the minimum time necessary for processing purposes and, in any case, only for the following period:

2 months, or until the User requests deletion.

Users will be informed of the retention period or the criteria used to determine it at the time their data are collected.

Recipients of Personal Data

The User’s personal data may be shared with the following recipients or categories of recipients:

If the Data Controller intends to transfer personal data to a third country or international organization, the User will be informed at the time the data are collected, including whether an adequacy decision by the European Commission exists.

Personal Data of Minors

In compliance with Article 8 GDPR and Article 7 of Organic Law 3/2018, only persons over 14 years old may lawfully consent to the processing of their personal data by RIVE store. If the User is under 14 years old, parental or guardian consent will be required.

Security and Confidentiality of Personal Data

RIVE store undertakes to adopt the necessary technical and organizational measures to guarantee the security of personal data and prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

However, because internet security cannot be fully guaranteed, the Data Controller undertakes to notify Users without undue delay in the event of a personal data breach likely to pose a high risk to individuals’ rights and freedoms.

Personal data will be treated confidentially, and the Data Controller undertakes to ensure such confidentiality is respected by employees, collaborators, and any person with access to the information.

Rights Derived from the Processing of Personal Data

Users may exercise the following rights recognized by the GDPR and Organic Law 3/2018:

  • Right of access

  • Right to rectification

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object

  • Right not to be subject to automated decision-making, including profiling

To exercise these rights, Users must send a written request to the Data Controller with the reference:

“GDPR-https://riveshopstore.com/”

The request must include:

  • Full name and copy of ID document

  • Specific request details

  • Address for notifications

  • Date and signature

  • Supporting documents

Requests may be sent to:

Postal Address: Baigorria 5425
Email: fedetoso2008@gmail.com

Links to Third-Party Websites

The Website may contain links to third-party websites not operated by RIVE store. Such websites have their own privacy policies and are responsible for their own data practices.

Complaints to the Supervisory Authority

If the User believes there is a violation of data protection regulations, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority.

In Spain, the supervisory authority is the:

Spanish Data Protection Agency (AEPD)

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and accepted the conditions regarding personal data protection contained in this Privacy Policy in order for the Data Controller to process their data as described herein.

Use of the Website implies acceptance of this Privacy Policy.

RIVE store reserves the right to modify this Privacy Policy according to its own criteria or due to legislative, judicial, or doctrinal changes issued by the Spanish Data Protection Agency. Users are advised to review this page periodically.

This Privacy Policy was updated to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights.

This Privacy Policy document was generated using a free online website privacy policy template generator on 11/05/2026.