www.3linestrategy.com

I. PRIVACY AND DATA PROTECTION POLICY
In accordance with current legislation, 3 LINE RETAIL STRATEGY (hereinafter also referred to as the Website) commits to adopting the necessary technical and organizational measures, based on the appropriate level of security according to the risk of the data collected.

Laws Included in this Privacy Policy
This privacy policy complies with current Spanish and European regulations on the protection of personal data online. Specifically, it adheres to the following laws:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and the free movement of such data.

• Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).

• Royal Decree 1720/2007, of December 21, which approves the Regulation implementing Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).

• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller
The data controller for the personal data collected on 3 LINE RETAIL STRATEGY is: 3 LINE RETAIL STRATEGY SL, with Tax ID: ESB56397607 (hereinafter, the Data Controller). Contact details are as follows:

Address: C/ALEMANIA 11, 29001, MALAGA, SPAIN
Phone: +34 661 74 18 26
Fax: —
Email: hola@3linestrategy.com

Registration of Personal Data
In compliance with the GDPR and the LOPD-GDD, users are informed that the personal data collected by 3 LINE RETAIL STRATEGY via forms on its website will be incorporated into a data file and processed to facilitate, expedite, and fulfill the commitments established between 3 LINE RETAIL STRATEGY and the user, or to maintain the relationship outlined in the forms or respond to a request or inquiry. Unless the exception in Article 30.5 of the GDPR applies, a record of processing activities will be maintained, detailing processing activities and related aspects as stipulated by the GDPR.

Principles Applicable to the Processing of Personal Data
The processing of personal data shall be subject to the following principles established in Article 5 of the GDPR and Article 4 et seq. of Organic Law 3/2018:

• Lawfulness, fairness, and transparency: Consent will be required, with clear and transparent information on purposes.

• Purpose limitation: Data will be collected for specified, explicit, and legitimate purposes.

• Data minimization: Only necessary data will be collected.

• Accuracy: Data must be accurate and up to date.

• Storage limitation: Data will be kept only for as long as necessary for processing purposes.

• Integrity and confidentiality: Data will be processed securely and confidentially.

• Accountability: The Data Controller shall be responsible for compliance.

Categories of Personal Data
The categories of data processed by 3 LINE RETAIL STRATEGY are identifying data only. No special categories of personal data are processed as defined by Article 9 of the GDPR.

If special categories of personal data are processed (e.g., racial or ethnic origin, political opinions, religious beliefs, etc.), the user’s explicit consent for one or more specific purposes will be required.

Legal Basis for Data Processing
The legal basis for data processing is consent. 3 LINE RETAIL STRATEGY commits to obtaining explicit and verifiable consent for the processing of personal data for specific purposes.
The user may withdraw consent at any time, and withdrawal will be as simple as granting it. Withdrawal will not affect the use of the website.

Where users provide data via forms (e.g., to make inquiries or request information), they will be informed of any mandatory fields necessary for proper processing.

Purposes of Data Processing
Data is collected and processed by 3 LINE RETAIL STRATEGY to facilitate, expedite, and fulfill commitments between the Website and the user, or to maintain the relationship arising from the forms completed by the user, or to address requests or inquiries.

Data may also be used for personalization, statistical purposes, internal business operations, data storage, and marketing analysis to tailor content and improve website quality and performance.

Users will be informed of the specific purposes at the time data is collected.

Retention Periods for Personal Data
Personal data will be kept only as long as necessary for its processing, and in any case, for a maximum of 18 months or until the user requests its deletion.

At the time of data collection, the user will be informed of the retention period or the criteria used to determine it.

Recipients of Personal Data
Personal data will not be shared with third parties.

At the time of data collection, users will be informed of the recipients or categories of recipients, if any.

If the Data Controller intends to transfer data to a third country or international organization, users will be informed of this and whether a Commission adequacy decision exists.

Personal Data of Minors
In accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, only individuals over 14 years of age may consent to personal data processing. For those under 14, parental or guardian consent is required, and processing will only be lawful if authorized.

Confidentiality and Security of Personal Data
3 LINE RETAIL STRATEGY commits to taking appropriate technical and organizational measures to ensure data security and prevent unauthorized access, destruction, or unlawful alteration of personal data.

The Website uses SSL (Secure Socket Layer) encryption to ensure that data is transmitted securely and confidentially between the server and the user.

However, 3 LINE RETAIL STRATEGY cannot guarantee complete internet security and is committed to promptly notifying users of any personal data breach likely to pose a high risk to their rights and freedoms.

All data will be treated as confidential, and confidentiality will be contractually or legally enforced for employees and partners with access.

User Rights Regarding Personal Data
Users have the following rights under the GDPR and Organic Law 3/2018:

• Right of access: Confirm whether personal data is processed and obtain details.

• Right to rectification: Correct inaccurate or incomplete data.

• Right to erasure (“right to be forgotten”): Delete personal data under certain circumstances.

• Right to restriction of processing: Limit processing under certain conditions.

• Right to data portability: Receive data in a structured, commonly used format and transmit it to another controller.

• Right to object: Object to processing under certain conditions.

• Right not to be subject to automated decision-making, including profiling.

To exercise these rights, users must send a written request to the Data Controller with the subject “RGPD-www.3linestrategy.com,” including:

• Name, surname, and ID copy (and, if applicable, representation documents).

• Specific reason for the request.

• Notification address.

• Date and signature.

• Supporting documents.

Requests may be sent to:

Postal Address: C/ALEMANIA 11, 29001, MALAGA, SPAIN
Email: info@3linestrategy.com

Links to Third-Party Websites
The Website may include links to external websites not operated by 3 LINE RETAIL STRATEGY. These sites have their own privacy policies and are solely responsible for their data handling practices.

Complaints to Supervisory Authority
If users believe their data is being misused or rights violated, they have the right to file a complaint with a supervisory authority, particularly where they reside, work, or where the alleged violation occurred. In Spain, this is the Spanish Data Protection Agency (https://www.aepd.es/).

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
Users must read and agree to the terms of this Privacy Policy and consent to data processing for the Data Controller to proceed. Use of the Website implies acceptance of this Policy.

3 LINE RETAIL STRATEGY reserves the right to modify this Policy based on its discretion or changes in legislation or decisions by the Spanish Data Protection Agency. Users will not be explicitly notified of changes, so they are encouraged to review this page periodically.

This Policy was updated to comply with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018.