CONCEPTO DE SALUD SL, with NIF B06782767 and registered office at C/Cantarerias, 1, P.I. Tres Hermanas Ampliacion - 03680 Aspe (Alacant). You may contact the Controller by telephone at 966 394 154 or by email at spain.coralclub@gmail.com.

Through this Privacy Policy, we wish to inform you of the importance that CONCEPTO DE SALUD SL places on the processing of your personal data. To this end, we will clearly and transparently explain the various ways and means by which we collect, process, and use the data provided by users of the website: es.coral.club, for which CONCEPTO DE SALUD SL is the controller, through forms and/or cookies, so that you may freely and voluntarily decide whether you wish us to process your data.

In addition, we provide various communication channels so that, if you wish, you may send us any inquiries regarding the processing of your personal data, thereby ensuring full control over it.

In order to provide you with the best possible service and facilitate its use, we analyze the number of pages visited, the number of visits, as well as visitor activity and frequency of use. For these purposes, CONCEPTO DE SALUD SL uses statistical information provided by the Internet Service Provider. For more information, please review our Cookie Policy.

Use of this website implies acceptance of all the terms set out in this Privacy Policy, so we kindly ask you to read it carefully before accepting.

CONCEPTO DE SALUD SL reserves the right to modify this Policy in order to adapt it to new sanctions, legislative or case-law developments, and/or industry practices.

As a user, you guarantee that the data you provide is accurate, authentic, and truthful, and you undertake to keep it duly updated. CONCEPTO DE SALUD SL shall not be liable for any inaccuracy thereof.

The language used on this website is Spanish. CONCEPTO DE SALUD SL shall not be responsible for any consequences arising from misunderstanding of the language by the user or from incorrect translations of the text set out herein.

CONCEPTO DE SALUD SL has adapted its website es.coral.club to comply with applicable legal requirements.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR).

Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI).

In light of current regulatory changes, please be informed that if you are under fourteen years of age, the consent of your parents or legal guardians is required for the processing of your personal data.

Under no circumstances will data relating to the professional or economic situation or the private life of other family members be collected from a minor without their consent.

If you are under fourteen years of age and have accessed this website without informing your parents, you must not register as a user.

Cookies are small data files that are sent to your browser or related software from a web server and stored on your computer or device. Cookies usually include an anonymous unique identifier and track and store your user preferences while browsing the website, as well as technical information about its use. In addition, individuals may be associated with online identifiers provided by their devices, applications, tools, and protocols, such as internet protocol addresses, session identifiers in the form of cookies, or other identifiers such as radio-frequency identification tags. This may leave traces which, when combined with unique identifiers and other data received by servers, may be used to create profiles of natural persons and identify them. For this reason, CONCEPTO DE SALUD SL has a cookie policy in accordance with applicable regulations.

In general, when the installation and/or use of cookies involves the processing of personal data — whether first-party or third-party cookies, session or persistent — CONCEPTO DE SALUD SL, as data controller, will provide the necessary information and obtain the user's prior informed consent for their installation and/or use. The only exceptions are those cookies that exclusively enable communication between the user's device and the network, and those strictly necessary to provide a service requested by the user. For example, so-called “technical cookies” (e.g., those necessary for navigation through the platform or application), “personalization or configuration cookies” (e.g., those that allow the page to recognize the user's language, etc.), and “security cookies” (e.g., to detect repeated or erroneous attempts to connect to a site) are exempt.

The user may configure their browser to receive an alert about the receipt of cookies and to prevent their installation on their device. Please refer to our Cookie Policy for further information on how to configure cookies.

The Website may contain links to other web pages or social networks in order to inform followers about activities, news, or related services. CONCEPTO DE SALUD SL is not responsible for the privacy policies or the processing of personal data applied by such external sites. This Personal Data Protection Policy applies exclusively to information collected on this website. We recommend reviewing the privacy policies of any third-party sites accessed through our links.

Below are links to the privacy policies of some of the social networks used:

Facebook: facebook.com/privacy/explanation
Twitter: twitter.com/tos?lang=es
Google: google.com/policies/privacy
YouTube: youtube.com
Instagram: help.instagram.com

Under no circumstances will “CONCEPTO DE SALUD SL” extract data from social networks without having first obtained the User’s specific and informed consent, for example within the framework of a specific promotional activity such as a raffle or competition. The legal basis legitimizing such processing shall be the explicit consent of the data subject in accordance with Article 6.1.a) of the General Data Protection Regulation (GDPR).

Furthermore, the Controller reserves the right to remove from its social networks any content posted by third parties that infringes applicable legislation, incites unlawful acts, or contains messages that violate the dignity of individuals, groups, or institutions. Likewise, it may block or report the author of such messages where necessary to preserve an appropriate environment.

Some registered users may voluntarily choose to access features that allow them to share their personal reviews of purchased products. This option is designed exclusively for informational purposes and for the exchange of experiences between users. The opinions shared are subjective and should not be considered a guarantee of results or professional advice.

In the event of voluntary activation of the “extended information” option, the user may allow other users to view basic information associated with their purchasing experience. Access to such data shall be managed exclusively by the user through their personal account settings. The accessible information may include:

• Basic contact details: email address or mobile phone number (if expressly authorized by the user).
• Preferences regarding purchased products, excluding financial details or sensitive data.
• Participation in system events related to the user's activity within the platform.
• General information about preferred communication channels (e.g., Skype, Telegram, WhatsApp, Viber), always subject to explicit consent.
• Limited purchase history, visible solely for informational purposes among users and not linked to economic benefits.

Please note that all reviews published by users reflect only their personal perceptions. It is recommended to follow exclusively the official product instructions and not to base product use on third-party opinions. No user comment should be interpreted as medical advice or as a guarantee of results.

After using a product, the User may share their personal experience with others, provided that they do so responsibly and without attributing properties or effects that are not scientifically proven.

The platform serves as a space for exchange between independent users. CONCEPTO DE SALUD SL does not review, moderate, or validate such opinions and assumes no responsibility for how other users may use this information. Under no circumstances do users who share their experiences act as representatives, employees, or agents of the company.

If the User does not wish other participants to access the information shared under the extended information option, they may deactivate this feature at any time in their personal profile settings.

When processing your personal data, we will apply the following principles:

• Principle of lawfulness, fairness and transparency: We will always request your consent to process your personal data for specific purposes, using clear and simple language, and we will inform you in advance with full transparency.
• Principle of data minimization: We will request only the data that is strictly necessary in relation to the purposes for which it is required, i.e., the minimum possible.
• Principle of storage limitation: Data will be kept only for as long as necessary for the purposes of processing. Depending on the purpose, we will inform you of the corresponding retention period. In the case of subscriptions, we will periodically review our lists and remove those records that remain inactive for a considerable period.
• Principle of integrity and confidentiality: Your data will be processed in such a way that adequate security is ensured and its confidentiality is guaranteed. You should know that we take all necessary precautions to prevent unauthorized access to or improper use of our users’ data by third parties.

Data collection: purpose/legal basis/time limits

We collect various types of information through the use of our website. The legal bases for processing personal data are mainly that the processing is necessary for the sale or provision of products and services, and that such processing is carried out on the basis of our legitimate interests, explicit consent, or a legal obligation, which is described in more detail in this section:

Below we set out the forms in which identifying data is requested:

Contact form

Purpose - To manage requests, respond to questions, complaints, and observations regarding the services provided through our website.

Legal basis - The legal basis for this processing of your data is the explicit consent that you provide in advance for the processing of your data by ticking the box accepting the terms of this Privacy Policy.

Mandatory data - Name, E-mail, telephone.

Category - Identifying data.

Exercise of your rights - spain.coralclub@gmail.com or file a complaint with the supervisory authority, in this case www.aepd.es. The exercise of these rights is free of charge.

Coral Club member registration form

Purpose - To process your data in order to register you as a user of our web platform and allow your access to services, products, and functionalities subject to the specific contracting conditions applicable in each case. Please read the terms of use to obtain member status.
We will store and analyze information about your recent visits to our website and how you navigate through its different sections in order to analyze and understand how people use our website and to make it more intuitive.
You may unsubscribe at any time through the channels provided for this purpose.

Legal basis - The legal basis for this processing of your data is your explicit consent, which you provide before the registration becomes effective by ticking the box accepting the terms of this Privacy Policy when registering on the website.

Retention period - The retention period is indefinite, until you decide to exercise your right to object/cancel through the channels provided for this purpose.

Mandatory data - Name, E-mail, date of birth.

Category - Identifying data.

Use of passwords - The USER must “Log in” and enter the email address and password generated in accordance with the complexity rules established on the website at any given time. The use of strong passwords is recommended, with at least eight characters combining uppercase and lowercase letters, numbers, and special characters.
Users are responsible for the proper safekeeping and confidentiality of any identifiers and/or passwords selected during registration, and they undertake not to transfer their use to third parties or allow access to unauthorized persons. In addition, it shall be the user's obligation to immediately notify the Controller of any event that may allow improper use of identifiers and/or passwords, such as theft, loss, or unauthorized access to them, in order to proceed with their immediate cancellation.

Sales form

Purpose - Management of purchase requests for the various products offered on the website. We will keep your purchase history and use details about products you previously purchased in order to suggest other products that we believe may also interest you, provided that you previously agree to subscribe to the newsletter.
This includes payment collection services, charging, as well as the management of returns and warranties.

Legal basis - The legal basis is the performance of the sales contract.

Retention period - The retention period is 6 years in order to comply with legal, tax, and commercial obligations.

Mandatory data - First name, last name, DNI, email address, telephone number, address.

Category - Identifying data.

Exercise of your rights - spain.coralclub@gmail.com or file a complaint with the supervisory authority, in this case www.aepd.es. The exercise of these rights is free of charge.

Your rights and how to exercise them

Right of access - To obtain information about the data we process about you.

Right to rectification - You may correct, amend, update, or complete any data you consider inaccurate about yourself.

Right to erasure - You may request that your personal data be deleted from our system.

Right to object - You may object to the processing of your personal data, except where the legal basis is legitimate interest or the establishment, exercise, or defense of potential claims.

You may request the restriction of the processing of your personal data. The right to restriction of processing means that, in such case, the data will be kept solely for the establishment, exercise, or defense of potential claims.

If technically possible, you may request the right to data portability, i.e., the transfer of your personal data to another data controller.

You may exercise your rights by sending an email to spain.coralclub@gmail.com, indicating in the subject line: “Data Protection Rights”, and proving your identity by providing your DNI or an equivalent document.

Data subjects also have the right to effective judicial protection and to lodge a complaint with the supervisory authority, in this case www.aepd.es, if they consider that the processing of their personal data infringes the Regulation. The exercise of these rights is free of charge.

All personal information that we receive from you and that provides limited access is transmitted in encrypted form using special protocols such as SSL.

On our part, we take measures to ensure a high level of security of the information received against unauthorized or accidental access, destruction, modification, blocking, copying, transfer, dissemination of personal data, as well as other unlawful actions in relation to personal data.

We shall not be liable for any damage that may arise as a result of the User’s failure to comply with the rules for using this website or the publication of personal information on third-party resources.

All information received is stored without changes and is used strictly for the intended purpose.

We have implemented a set of appropriate technical and organizational preventive measures aimed at protecting the personal data you provide from accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, and use.

In order to ensure the security of personal data, the Company has implemented the following measures:

• Identified threats to the security of personal data during their processing in personal data information systems;
• Implemented a personal data protection policy;
• Uses certified information security tools;
• Appointed authorized employees responsible for ensuring the security of the Company’s personal data;
• Adopted measures for the technical protection of personal data;
• Monitors compliance with requirements for ensuring the security of personal data;
• Established rules for access to personal data;
• Determined specific storage locations for physical media containing personal data;
• Restricted access to premises where physical media containing personal data are stored;
• Maintains a list of employees who have access to physical media containing personal data;
• Ensures the restoration of personal data modified or destroyed due to unauthorized access;
• Detects unauthorized access to personal data and takes appropriate measures;
• Hosting is located within the EU.

Despite the above, CONCEPTO DE SALUD SLU cannot guarantee the absolute invulnerability of the Internet network and, therefore, cannot guarantee that data will not be compromised through fraudulent access by third parties. In the event of a security breach, CONCEPTO DE SALUD SLU will follow the incident notification protocol developed for this purpose. We follow generally accepted industry standards to protect information sent to us, both during transmission and once we receive it. We maintain appropriate administrative, technical, and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of Personal Data in our possession. This includes, for example, firewalls, password protection, and other access control and authentication measures. However, we cannot guarantee the security of any information you transmit to us or store in the Service, and by accessing the website you do so at your own risk. Nor can we guarantee that such information cannot be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. If you believe that your personal data has been compromised, please contact us by email: spain.coralclub@gmail.com.

If we become aware of a breach of security systems, we will notify you and the competent authorities in accordance with the provisions of the General Data Protection Regulation (GDPR).

According to Article 4 of the GDPR, the following definitions apply:

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;

“Recipient” means a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

All of them comply with the applicable legal requirements to ensure an adequate level of security when processing your personal data and confirm this by entering into agreements or holding certifications:

• Standard contractual clauses (data processing agreements).

These include:

Delivery services	Various	Logistics, transportation, and delivery of goods
Technology services within the EU		Website hosting and maintenance. Hardware maintenance and systems administration
Financial institutions	Bank transfer, bank cards, Coral Wallet	Processing of payments, refunds, and credits
Marketing/advertising		Subscription management and newsletter distribution. Re-marketing management
Consulting services	ZENIT CONSULTORES DEL LEVANTE 2017 SL	Consulting and auditing

Please visit this page periodically to stay informed of any changes to this Policy, as it may be updated when necessary. If we make changes to the Policy, we will make the updated version available on the Site, indicate the date of the last revision, and comply with applicable law. Continued use of the Site after the updated Policy becomes effective means that you have read, understood, and accepted the current version.

Information about each User and the products purchased by them over the last six months is available on the website in order to facilitate the use of personalized viewing functions within the personal account area. Access to this information may be enabled by using the functions of the personal account area and setting a specific value in the settings. By consenting to display information about their purchases, the User grants users in the higher-level structure access to the following data:

• order number
• order date
• order reporting month
• order type
• country where the order was placed
• number of points
• order cost in the country currency
• order contents: product code and name, quantity, points, and product amount

The User independently chooses whether to grant other Users of the website access to their data. When access to information about purchases made at Coral Club is activated, the order data become available to other Users. It is important to understand that from the moment such consent is activated in the personal account, the User assumes full responsibility for providing data to third parties. The website administration is not responsible for the actions of other Users.