- IzzonLab

PRIVACY POLICY

1. Purpose

This Privacy Policy is intended to inform individuals (hereinafter “users” or “data subjects”) who visit our website (hereinafter “website” or “site”) how we collect, process, and protect the personal data they may provide through any means (forms, emails, phone calls, contracts, etc.), so that they can freely decide whether they want us to process them.

Additionally, this policy expands on the information previously provided in the legal clauses included in our data collection processes.

It is also intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR) and Spanish Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD).

2. Who is responsible for processing your personal data?

Entity: IZZON LAB, S.L.

CIF/NIF: B75446872

Postal Address: C/ Sierra de Gata, 2, CP 28830 San Fernando de Henares (Madrid)

Phone: 916 75 11 39

Email: lopd@izzonlab.com

Business Purpose: Manufacturing and sale of perfumes and cosmetics

Website: https://izzonlab.com/

Registration Data: Registered in the Madrid Commercial Registry, Volume: 1, Page: 1, Section: 8, Sheet: 837232

3. How can you contact the Data Protection Officer?

We have appointed a Data Protection Officer before the Spanish Data Protection Agency, who can be contacted for complaints or questions regarding how your data is processed:

BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26 (Parque Tecnológico)
46980 Paterna (Valencia)
Email: info@businessadapter.es. (ref. izzonlab) or via this Data Subject Request Form.

4. What personal data do we process and how do we collect it?

We collect data through digital means, physical documents, or conversations (in-person or by phone). All data is processed fairly, lawfully, and transparently.

Categories of data may include:

Identifying data (name, ID, image, voice, signature)
Contact information (email, phone, address)
Commercial data (quotes, service records, communications)
Accounting data (billing, income/expenses)
Bank data (account and card info)
Curriculum data (education, professional experience)
Transaction data (transfers, direct debits)
Web browsing data (time spent, pages visited, demographics)
We do not collect special categories of personal data, unless necessary and with prior, express consent.

Our entity will not collect special categories of personal data (e.g. health data, ethnic origin, political opinions or religious beliefs). However, if it becomes necessary to process such data, you will be duly informed and your prior and explicit consent will be requested.

Accordingly, the data requested will be adequate, relevant and limited to what is strictly necessary, and will be processed exclusively by personnel and/or collaborators authorized by our entity, who will have signed a confidentiality undertaking and commit to complying with the security measures required to ensure the confidentiality, integrity and availability of the data processed, as well as with all other requirements established under the GDPR. Therefore, such data will be processed lawfully.

The data to be processed are provided by the data subject themselves or by their legal representative. In some cases, certain functions may be delegated to collaborators who may be responsible for collecting such data; however, the data will always be processed with the data subject’s prior and explicit consent.

If a data subject does not provide the data requested, or provides incomplete or inaccurate data, it will not be possible to comply with or maintain the corresponding relationship.

The categories of data that may be processed in relation to an individual will depend on the nature of the relationship they maintain with our entity, as outlined below:

4.1. Customers
Personal data of an identifying, contact, commercial, accounting, banking, and goods and services transaction nature will be processed. Such data may be collected only if the customer provides them at the time of purchasing goods or services, requesting pre-contractual measures, or during the maintenance of the commercial relationship.

Data may be collected in person, by telephone, by email, or through the forms available on our website, online chat, instant messaging services, etc.

Legal basis: Articulo 6.1 a); 6.1 b); 6.1 c); 6.1 f); GDPR

4.2. Information Requesters
Whether the information request is made in person, by telephone or in writing (e.g. by email or web forms), we will request and process identifying, contact and commercial data.

Legal basis: Articulo 6.1 a); 6.1 f); GDPR

4.3. Suppliers
Identifying, contact, commercial, accounting, banking, goods and services transaction and financial data will be processed.

Such data may be processed throughout all stages of the commercial relationship and only if the supplier provides them in order to initiate such relationship.

Legal basis: Articulo 6.1 a); 6.1 b); 6.1 c); 6.1 f); GDPR

4.4. Job Applicants
For this category of data subjects, curriculum data, identifying and contact data, as well as other data relating to their professional or personal characteristics, will be processed. Such data will be provided by the applicant when submitting their application.

Data may be collected in person, by email, through web forms, during recruitment interviews (in person or remotely), or through collaborators to whom certain functions have been delegated. For further information, please consult our Job Applicants Policy.

Legal basis: Articulo 6.1 a); 6.1 b); 6.1 f); GDPR

4.5. Social Media Users
We are present on various social media platforms and may process identifying, contact and commercial data, as well as any other data that the user enables to be viewed or shared with other users of the social network, including curriculum data (e.g. LinkedIn). For further information, please consult our Social Media Policy.

Legal basis: Articulo 6.1 f); GDPR

4.6. Complainants
Identifying and contact data, as well as personal information relating to the complainant or to third parties that the complainant provides, will be processed.

Legal basis: Articulo 6.1 a); 6.1 c); 6.1 f); GDPR

4.7. Whistleblowers
Reports may be submitted anonymously through our internal whistleblowing channel. However, whistleblowers may also voluntarily provide identifying and contact data, as well as other personal data relating to themselves or to third parties connected with the report, in accordance with Law 2/2023 of 20 February on the protection of persons who report regulatory infringements and on the fight against corruption. Further information is available in the Internal Whistleblowing Channel terms and conditions.

Legal basis: Articulo 6.1 a); 6.1 c); 6.1 f); GDPR

4.8. Visitors

Identifying and contact data, the company the visitor works for, and the purpose of the visit will be processed. Such data will be collected when provided by the visitor themselves when requesting access to our facilities, or when their contact person within our entity provides them in order to grant such access.

Legal basis: Articulo 6.1 c); 6.1 f) GDPR

4.9. Website Users

Our entity does not use cookies to collect personal information from users. Only our own session cookies are used, strictly for technical purposes (those that allow users to browse the website and use the different options and services available). For further information, please visit our Cookies Policy.

4.10. Further information for data subjects

The legally required information will be made available to data subjects in the corresponding information notices included in the different data collection channels, so that the data subject may freely and expressly decide whether they wish their personal data to be processed by our entity. For more detailed information, such notices will indicate how to access this policy.

All categories and types of personal data processed will be duly identified in the corresponding records of processing activities maintained by our entity.

5. For what purposes will your data be processed?

In general terms, the processing of personal data carried out by our entity is intended to comply with and maintain the relationship with the different groups of individuals with whom we interact.

Depending on the nature of such relationship, the processing of your data may serve different purposes, which are detailed below by way of example and not limitation.:

5.1. Customers

Your personal data will be processed in order to identify you, to comply with and maintain the pre-contractual and contractual relationship, including the sending of commercial communications through different means, handling enquiries, carrying out quality controls and commercial statistics, for the sale and delivery of goods, for accounting management, goods and services transactions, collection management, incident management, handling complaints and the exercise of rights, as well as for any other purposes required to comply with such relationship, with the laws to which we are subject, or to pursue our legitimate interests.

5.2. Information Requesters

We will process your personal data in order to handle any type of information request you may submit, to identify you, to send or deliver quotations and information regarding goods and/or services of interest to you, including in our response (whether verbal or written) any commercial information related to your request. We may also carry out follow-up contacts through different means in order to ascertain the decisions taken with respect to the commercial proposals we have submitted.

5.3 Job Applicants

Your data will be processed in order to include you in our recruitment processes and job applicant pool, to identify you, as well as to contact you and inform you about vacancies, coordinate interviews and deal with other matters related to your application. For further information, please consult our Job Applicants Policy.

5.4. Suppliers

Your personal data will be processed for the purpose of maintaining the pre-contractual and contractual relationship, fulfilling the commercial relationship, whether for requesting quotations, purchasing goods or contracting services, making enquiries and identifying you, for accounting management and goods and services transactions, as well as for other purposes necessary to comply with such relationship, with our legal obligations and our legitimate interests.

5.5. Social Media Users

We will process your personal data in order to maintain the relationship as users of the same social media platform, to identify you, to contact you, share news or advertising and process any other personal data that the social media user enables to be shared with other users of such platform. For further information, please consult our Social Media Policy.

5.6. Complainants

Personal data will be processed in order to identify you, manage your complaint and contact you regarding its status, as well as to comply with our legal obligations and legitimate interests.

5.7. Whistleblowers

The personal data you decide to provide in your report will be processed in order to register and manage your report, as well as to identify you and contact you (except where the report is submitted anonymously) for the acknowledgement of receipt of your report and to keep you informed about the status of our investigations within the time limits and under the terms established in Law 2/2023 of 20 February. Likewise, we may process your data on the basis of our legitimate interests and/or where necessary to comply with other legal obligations to which we are subject. Further information is available in the Internal Whistleblowing Channel terms..

5.8. Visitors

Data relating to visits to our facilities will be processed in order to identify you, comply with our obligations regarding occupational risk prevention, and for security and access control purposes.

5.9. Website Users

5.10. Further information for data subjects

The legally required information will be made available to data subjects in the corresponding information notices included in the different data collection channels (e.g. forms, recordings, contracts, etc.), so that you may freely and expressly decide whether the requested personal data should be processed by our entity. In this same regard, such information will be reiterated in the different documents or communications we share with data subjects (e.g. signage, invoices, legal notices, etc.).

If the data subject does not provide the data requested or provides incomplete or inaccurate data, we may not be able to handle their information request or maintain a relationship with them.

Personal data will not be further processed for purposes other than those accepted by the data subjects.

The purposes that justify the processing of personal data will be duly identified in the corresponding records of processing activities maintained by our entity.

6. What is the legal basis for processing your data?

We process your data based on:

Your express, informed, and voluntary consent
The performance of a contract or pre-contractual measures
Legal obligations
Our legitimate interests, provided they do not override your fundamental rights

If the user is under 14, parental or legal guardian consent is required.

7. How long do we keep your data?

We retain data as long as necessary to fulfill the intended purposes. Afterward, it will be blocked and stored only as needed for legal claims or obligations.

8. Do we create profiles or use automated decisions?

No. If we ever do, you’ll be informed and your consent will be requested. You may oppose automated decisions at any time by writing to: lopd@izzonlab.com.

9. Data Disclosure

As a general rule, our entity does not disclose personal data to third parties without prior consent. However, it will be necessary to disclose personal data in the following cases:

In the case of our customers or suppliers, their personal data may be disclosed to third parties where required by law (e.g. the Tax Authorities), or to those entities that are necessary to provide our services or process payments (e.g. banking institutions). In the case of the delivery of goods, personal data may also be disclosed to transport companies collaborating with our entity.

Likewise, the personal data of customers or suppliers may be processed by third parties to whom we have delegated certain obligations (e.g. accounting advisors). All such third parties have undertaken, through a data processing agreement, to comply with the same security measures implemented by our entity and to observe the duty of secrecy and confidentiality with respect to the personal data processed, among other obligations in the field of personal data protection.

In the case of job applicants, their data will not be disclosed to third parties unless we are legally obliged to do so. However, such data may be disclosed to other companies within our corporate group, provided that prior authorization has been granted.

With regard to information requesters or users of our website, their data will not be disclosed to third parties, except in the cases described above and duly informed at the time of collection, and only with their express consent, unless our legitimate interest prevails or we are legally obliged to do so, in which case consent will not be required.

In the case of whistleblowers, their data may be lawfully processed by persons other than those responsible for the internal reporting system and may also be disclosed to third parties where necessary for the adoption of corrective measures within our entity or for the processing of disciplinary or criminal proceedings that may apply (Art. 32.2 Law 2/2023).

In general terms, we may disclose your personal data to Judges, Courts, the Public Prosecutor’s Office and/or the competent Public Administrations in the event of potential claims, where we are legally required to do so.

10. International Data Transfers

If we transfer your data outside the European Economic Area, we will inform you and request your express, prior consent.

11. Security Measures

We have implemented technical and organizational measures to prevent unauthorized access, loss, or misuse of data. These are regularly reviewed through audits and internal controls.

12. Your Rights

You may exercise the following rights at any time:

12.1. Right of Access

To know what data we process, for what purpose, and how.

12.2. Right of Rectification

To correct inaccurate or incomplete data.

12.3. Right to Object

To object to data processing under certain conditions.

12.4. Right to Erasure

To request deletion of your data under specific circumstances.

12.5. Right to Restriction of Processing

To limit how your data is used, e.g., during a dispute.

12.6. Right to Data Portability

To receive your data in a readable format and transfer it elsewhere.

12.7. Right Not to Be Subject to Automated Decisions

To oppose profiling or automated decisions with legal or significant effects.

To exercise these rights, contact IZZON LAB, S.L. at the address or email provided, attaching ID or legal representation proof if necessary.

You may also contact the Data Protection Officer or file a complaint with the Spanish Data Protection Agency:

C/ Jorge Juan, 6, 28001 Madrid or www.aepd.es.

13. Commitment to Data Protection

Scope: Applies to all departments and personnel, including third parties acting on our behalf.

Principles: Lawfulness, fairness, transparency, data minimization, accuracy, confidentiality, and accountability.

Special Categories: Processing of sensitive data is prohibited unless legally required and consented.

Rights: We respond promptly and diligently to all data protection requests.

Records & Impact Assessments: All processing activities are documented and assessed for risks, with appropriate security measures in place.

Control: We receive external advice and stay updated on regulatory developments.

14. Updates to this Policy

We reserve the right to modify this Privacy Policy without prior notice. We recommend reviewing it regularly.

Last updated: March 27, 2025