Privacy Policy
Welcome to Monbali Collection!
Monbali Collection is owned and operated by Blacksand Grupo Inmobiliario SL.
We know that in this digital age, your privacy is important. This Privacy Policy reflects our commitment to protecting personal data and the choices we offer you regarding how your data is used. We welcome you to read more about how we keep your information safe, as well as how you can exercise your rights. In addition, our Privacy policy covers our treatment of data that may be personal to you.
• We will review, update, and amend these policies from time to time, consistent with our business needs and technology. We encourage you to check back periodically for new updates or changes.
Your continued use of the service makes up for your acceptance of any change to this Privacy Policy. We are the data controller of your information. We handle and process all data on behalf of our customers.
• You may likewise decide not to give us "discretionary" Personal Data; however, please remember that without it, we will most likely be unable to provide you with the full scope of our administrations or with the best client experience when utilizing our Services.
• The legal entity of the company is " Blacksand Grupo Inmobiliario SL" which operates under the trade name " Monbali Collection”.
• This Privacy Policy (“Privacy Policy”) describes how Monbali Collection will gather, use, and maintain your Personal Information on monbalicollection.com. It will also explain your legal rights concerning that information.
• Our store is hosted on the Shopify Platform, please review their Privacy Policy or Click here.
• By using the website or services, you confirm that you have read and understood this Privacy Policy and our Terms (together referred to herein as the “Agreement”). The Agreement governs the use of monbalicollection.com. We will collect, use, and maintain information consistent with the Agreement.
What personal information do we collect from the people who visit our website?
The personal information that we collect depends on the context of your interactions with us and the services, the choices you make, and the products you buy.
When you create an account and use the Services, including through a third-party platform, we collect any data you provide directly, including:
- Account Data: To use certain features (like keeping your address safe for your next purchase), you need to create a user account. When you create or update your account, we collect and store the data you provide, like your email address, password, and name, and assign you a unique identifying number ("Account Data").
- Personal Data: Personal Data is information that can be used to identify you specifically, including your names, phone numbers, email addresses, usernames, passwords, billing addresses, and mailing addresses. You consent to give us this information by providing it to us voluntarily on our website. Your decision to disclose this data is entirely voluntary. You are under no obligation to provide this information, but your refusal may prevent you from accessing certain benefits from our website.
- Financial Data: Financial data is related to your payment methods, such as credit card or bank transfer details. We collect financial data to allow you to purchase, order, return or exchange products or services from our website. We store limited financial data. Most financial data is Transferred to our payment processor, Shopify Pay, and you should review these processors' Privacy Policies to determine how they use, disclose, and protect your financial data.
o As a courtesy, Shopify Privacy Policy can be found here
• Contact information. An Authorized User is required to provide some contact information (e.g., an email address) when making an account on the Services.
• Minors’ Data: We do not knowingly collect data from or market to children under 13 years of age. We do not knowingly solicit data from or market to children under 13 years of age. By using the Website, you represent that you are at least 13 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Website. If we learn that personal information from users less than 13 years of age has been collected, we will take reasonable measures to promptly delete such data from our records. If you become aware of any data, we
may have collected from children under the age of 13, please contact us.
Automatically collected information about your use of our Services or tools,
This information is registered automatically with the visit by the configuration or manual of each tool on the website.
• When you visit, connect with, or utilize our service, we may gather, record, or create specific specialized data about you. We do so either autonomously or with the assistance of third-gathering Service Providers, including using "cookies" and other following innovations.
• We automatically collect certain information when you visit, use, or navigate the Website. This Information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser, and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our website and other technical information. This information is primarily needed to maintain the security and operation of our website and for our internal analytics and reporting purposes.
The information we collect includes:
- Log and Usage Data. Log and usage data are service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our website, which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, settings, and information about your activity on the Website (such as the date/time stamps associated with your usage, pages, and files viewed, searches and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps') and hardware settings).
- Location Data. We collect location data, such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Website. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. Note, however, that if you choose to opt-out, you may not be able to use certain aspects of the Services.
How do we use your details?
We process personal data to operate, improve, understand, and personalize our services. We use personal data for the following purposes:
• To fulfill or meet the reason you provided the information (e.g., to help provide our Site services to you).
• To validate, confirm, verify, deliver, and track your order (including processing payment card transactions, arranging for shipping, handling returns and refunds, maintaining a record of the purchases you make, and contact you about your orders, including by telephone) or to service products you purchased from us.
• To enhance your online shopping experience, including recognizing you and welcoming you to the Site.
• To send you catalogs, information, newsletters, promotional materials, and other offerings from the Company or on behalf of our partners and affiliates.
• To communicate with you about the Services, including Service announcements, updates, or offers.
• For marketing and promotions.
• To create, maintain, customize, and secure your account with us.
• To personalize your experience and deliver content products, and services relevant to your interests.
• Respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
• To prevent illegal activity, fraud, and abuse.
• To help our site, we will be ready to serve you better.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated, or incompatible purposes without providing you notice.
As noted in the list above, we may communicate with you if you've provided us with the means to do so.
For example, if you've given us your email address, we may send you promotional email offers or email you about your use of the Services. Also, we may receive confirmation when you open an email from us, which helps us improve our services. If you do not want to receive communications from us, please indicate your
preference by emailing us at hello@monbalicollection.com.
How to opt-out
When you engage us for the Services or make inquiries about our Services, you will be requested to provide your consent to us to send promotional material to you. You may stop the delivery or “opt-out” of future promotional emails by following the specific instructions in the email you receive.
Do Not Track
Currently, various browsers — such as Chrome, Firefox, and Safari — offer a “do not track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to Web sites visited by the user about the user's browser DNT preference setting. Monbali Collection does not currently commit to responding to browsers' DNT signals concerning the Company's Web sites, in part because industry groups have adopted no common industry standard for DNT, technology companies, or regulators, including no consistent standard of interpreting user intent. Monbali Collection takes privacy and meaningful choice seriously and will make efforts to continue to monitor developments around DNT browser technology and The implementation of a standard.
GDPR-Customer data processing appendix:
Customer Data" means any personal data that Monbali Collection processes on Customer's behalf via the Services, as more particularly described in this DPA.
"Data Protection Laws" means all data protection laws and regulations applicable to a party’s processing of Customer Data under the Agreement, including, where applicable, EU Data Protection Law and Non-EU Data Protection Laws.
GDPR-EU data protection law
“EU Data Protection Law” means all data protection laws and regulations applicable to Europe, including (i) Regulation 2016/679 of the European Parliament and the Council on the protection of natural persons concerning the processing of personal data and on the free movement of such data (General Data Protection Regulation) (“GDPR“); (ii) Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector; (iii) applicable national implementations of (i) and (ii); and (iv) in respect of the United Kingdom (“UK“) any applicable national legislation that replaces or converts in domestic law the GDPR or any other law relating to data and privacy as a consequence of the UK leaving the European Union.
“Europe” means, for this DPA, the European Union, the European Economic Area and/or their member states, Switzerland, and the United Kingdom.
“SCCs” means the standard contractual clauses for processors as approved by the European Commission Or Swiss Federal Data Protection Authority (as applicable), which shall be applied only to transfers of Customer Data from the European Union.
“Sensitive Data” means (a) social security number, passport number, driver’s license number, or similar Identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card); (c) employment, financial, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (e) account passwords; or (f) other information that falls within the definition of “special categories of data” under applicable Data Protection Laws.
“Services Data” means any data relating to the Customer’s use, support, and/or operation of the Services, including information relating to volumes, activity logs, frequencies, bounce rates, or other information regarding emails and other communications the Customer generates and sends using the Services.
- Parties' roles: If EU Data Protection Law or the LGPD applies to either party's processing of Customer Data, the parties acknowledge and agree that concerning the processing of Customer Data, the Customer is the controller and is a processor acting on behalf of Customer, as further described in Annex A (Details of Data Processing) of this DPA.
- Purpose limitation: Monbali Collection shall process Customer Data only following Customer's documented lawful instructions as outlined in this DPA, as necessary to comply with applicable law, or as otherwise agreed in writing ("Permitted Purposes"). The parties agree that the agreement sets out the Customer's complete and final instructions to Monbali Collection concerning the processing of Customer Data. Processing outside the scope of these instructions (if any) shall require a prior written agreement between the parties.
- Prohibited data. The customer will not provide (or cause to be provided) any Sensitive Data to Monbali Collection for processing under the Agreement, and Monbali Collection will have no liability whatsoever for Sensitive Data, whether in connection with a Security Incident or otherwise. To avoid doubt, this DPA will not apply to Sensitive Data.
- Customer compliance: Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its processing of Customer Data and any processing instructions it issues to Monbali Collection; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Monbali Collection to process Customer Data for the purposes described in the agreement. Customer shall have sole Responsibility for the accuracy, quality, and legality of Customer Data and how Customer acquired Customer data. Without prejudice to the generality of the preceding, Customer agrees that it shall be responsible for complying with all laws (including Data Protection Laws) applicable to any emails or other content created, sent, or managed through the service, including those relating to obtaining consents (where required) to send emails, the content of the emails and its email deployment practices.
- The lawfulness of Customer's instructions: The customer will ensure that United Kingdom processing of the Customer Data by Customer's instructions will not cause Monbali Collection to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws.
Monbali Collection shall promptly notify Customer in writing unless prohibited from doing so under EU Data Protection Laws if it becomes aware or believes that any data processing instruction from Customer violates the GDPR or any UK implementation of the GDPR.
Does Monbali Collection Share My Personal Information?
Information about our users is vital to our business, and we do not sell the personal information of our users to third parties. Monbali Collection only shares personal information with its subsidiaries and affiliates that are either subject to this Privacy Notice or follow practices that are at least as protective as those
described in this Privacy Notice.
Independent service providers: We employ other businesses and individuals to carry out our Responsibilities. Examples include data analysis, marketing assistance, payment processing, product and delivery. These third-party service providers have access to only the personal information required to perform their functions and are prohibited from using it for any other purpose. In addition, they must process the personal information in accordance with our contractual agreements and the applicable data protection laws.
As we continue to expand our business, we may sell or acquire additional companies or services. User information is typically one of the transferred business assets in such a transaction but remains subject to The commitments made in any prior Privacy Notice (unless, of course, the user consents otherwise). In the
unlikely event that Monbali Collection or substantially all of its assets are acquired, user information will also be transferred along with the rest of the assets.
Contact Details
You can exercise any of the rights described above in the “What are your choices and how can you exercise them?” section directly by sending an email to hello@monbalicollection.com.
Phone: +62 81337201104
Address: Calle Principe de Vergara 109, 2º Planta, 28002, Madrid, Spain
If you are submitting a request on behalf of another person, you must provide proof that you have been authorized by the individual to act on his or her behalf. In certain circumstances, we may ask the individual to verify his or her own identity directly with us. Please note that we may deny a request from an authorized
agent that does not submit proof that they have been authorized by you to act on your behalf.
How long do we keep your information?
We keep your information for as long as necessary to fulfill the purpose outlined in this privacy policy unless otherwise required by law. We will only keep your personal information for as long as it is necessary for the purposes set out in this
privacy policy unless a longer retention period is required or permitted by law ( such as tax, accounting, or other legal requirements). No purpose in this notice will require us to keep your personal information for longer than the period of time in which users have an account with us.
When we have an ongoing legitimate business need to process your personal information, we will either delete or anonymize such information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and
isolate it from any further processing until deletion is possible.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws to your data.
You may have the following rights:
A. Request access to your data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
B. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide.
C. Request deletion of your data. This enables you to ask us to delete or remove personal data where there is no good reason to continue processing it. You also have the right to ask us to delete or remove your data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.
D. Object to processing your data where we are relying on a legitimate interest (or those of a third party). Something about your situation makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object to processing your data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information, overriding your rights and freedoms.
E. Request restriction of processing of your data. This enables you to ask us to suspend the processing of your data in the following scenarios:
a. If you want us to establish the data's accuracy.
b. Our use of the data is unlawful, but you do not want us to erase it.
c. You need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims.
d. You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
F. Request the transfer of your data to you or a third party. We will provide your data in a structured, commonly used, machine-readable format to you or a chosen third party. Note that this right only applies to automated information; you initially provided consent for us to use or use the information to perform a contract with you.
G. Withdraw consent at any time where we are relying on consent to process your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not provide certain services to you.
How do we protect your details?
• We have implemented industry-accepted administrative, physical, and technology-based security measures to protect against the loss, misuse, unauthorized access, and alteration of personal information in our systems. We ensure that any employee, contractor, corporation, organization, or vendor who has access to personal information in our systems are subject to legal and professional obligations to safeguard that personal information.
• We do not use vulnerability scanning and/or scanning to PCI specifications.
• We use regular Malware Scanning.
• Your personal information is only accessible by a limited number of individuals who have special access privileges to such systems and are required to treat the information with strict confidentiality. In addition, the extremely sensitive/credit information of your resource is encrypted using Secure Socket Layer (SSL) technology.
• We implement several security measures whenever a user gets into, submits, or accesses their information to protect your individual information.
• While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or form of electronic storage is 100 percent secure. Therefore, we cannot guarantee its absolute security.
• Monbali Collection prohibits unauthorized access or use of personal information stored on our servers. Such access is a violation of law, and we will fully investigate and press charges against any party that has illegally accessed the information within our systems.
Limitation of liability
Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages, so some of the above limitations may not apply to you.
We make no legal representation that the website or products are appropriate or available in locations outside Spain. You may access the website from outside Spain.at your own risk and initiative and must bear all responsibility for compliance with applicable foreign laws.
Governing Law and Jurisdiction
This website originates from Spain. The laws of Spain. Without regard to its conflict of law, principles will govern these terms to the contrary. You hereby agree that all disputes arising out of or in connection with these terms shall be submitted to the exclusive jurisdiction of the Spain. Using this website, you consent to the jurisdiction and venue of such courts in connection with any action, suit, proceeding, or claim to arise under or because of these terms. You hereby waive any right to trial by jury arising out of these terms.
Changes to this privacy notice
We're constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time, but we will alert you to changes by placing a notice on the Monbali Collection website by sending you an email and/or by some other means. Please note that if you've opted not to receive legal notice emails
from us (or you haven't provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all the changes. The use
of the information we collect is subject to the Privacy Policy in effect at the time such information is collected.
Contacting us
If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may do so via the contact us or email us at hello@monbalicollection.com.