Privacy policy
This policy describes how Berea Amorim Servicios Profesionales, S.L. processes the personal data of those who use supra-dvdx.com, in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
1. Data controller
- Controller: Berea Amorim Servicios Profesionales, S.L. (brand "SUPRA" / supra-dvdx.com).
- Tax ID: B15996044 · Registered office: Portela de Villestro 53 D, 15896 Santiago de Compostela (A Coruña), Spain.
- Data protection contact: info@bereaamorim.com
2. Data, purposes and legal bases
| Processing | Data | Purpose | Legal basis |
|---|---|---|---|
| Contact form | Name, email, message | Handle the enquiry | Consent (art. 6.1.a) |
| Service contracting | Identification and billing data | Manage order, payment and invoice | Performance of a contract (6.1.b) and legal obligation (6.1.c) |
| Payments | Payment data (processed by Stripe) | Secure payment | Performance of a contract (6.1.b) |
| Web analytics | Identifiers and site usage (cookies) | Measure and improve the site | Consent (6.1.a) |
3. Recipients and processors
We do not share data with third parties except where legally required. We use providers acting as processors, under a contract pursuant to art. 28 GDPR:
- Stripe Payments Europe, Ltd. — payment processing (Stripe policy).
- Google Ireland Ltd. / Google LLC — Google Analytics 4 (GA4), only with consent, with anonymised IP (Google policy).
- IONOS — web hosting (hosting in the EU).
4. International transfers
Some providers (e.g. Stripe and Google) may process data outside the EEA. In such cases, transfers rely on adequacy decisions or on Standard Contractual Clauses (SCC) approved by the European Commission, with appropriate safeguards.
5. Retention
We keep data for as long as necessary for each purpose and, thereafter, for the legally required periods (in particular tax and commercial periods). Contact data is kept for the duration of the relationship or until you request its deletion.
6. Security measures
We apply technical and organisational measures aligned with ISO/IEC 27001 and with the Spanish National Security Framework (ENS), medium level: access control and logging, encryption in transit (HTTPS/HSTS), file integrity control, backups, audit logging, incident management and periodic review of providers.
7. Your rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability, and withdraw your consent at any time, by writing to info@bereaamorim.com. If you consider it necessary, you may lodge a complaint with the Spanish Data Protection Agency (aepd.es).
8. Minors
The site is not directed at children under 14. If we detect a minor's data without the corresponding authorisation, we will delete it.
9. Changes
We may update this policy for legal or technical reasons; we will always publish the current version on this page. See also the legal notice and the cookie policy.