Privacy Policy

Javier Ariza Privacy Policy

Last updated: July 9, 2025

At Javier Ariza (hereinafter, "we," "our," or "the Site"), we are committed to protecting and respecting the privacy of our users' (hereinafter, "User") personal data. This Privacy Policy explains in detail how we collect, use, share, and protect personal information, in accordance with international best practices (Regulation (EU) 2016/679 – GDPR, California Consumer Privacy Act – CCPA, and Colombian regulations (Law 1581 of 2012)).

1. THIRD PARTIES AND SCOPE

1.1. Data Controller: Javier Ariza, ID/NIT [XXXXXXXXX], with registered address at Carrera X No. Y-Z, Bogotá D.C., Colombia, email address: contacto@javierariza.com.

1.2. Scope of Application: This Policy applies to all services, products, features, and content offered on https://www.javierariza.com and to any interaction the User has with us.

2. PERSONAL DATA COLLECTED

We may collect and process the following types of personal data:

Identification Data: Full name, identification number (ID/NIT), date of birth.

Contact Information: Email address, telephone number, physical address.

Browsing and Usage Data: IP address, browser type, pages visited, time spent on the site, cookies, and similar technologies.

Commercial Data: Purchase history, payment information (credit/debit card, payment platform), preferences, and consumer habits.

Marketing Data: Preferences for receiving communications, interaction history with newsletters and advertising campaigns.

Sensitive Data (if applicable): Health information, biometric data, or any other category if voluntarily provided by the User. This data will receive special treatment (see section 6).

3. PURPOSES OF PROCESSING

We use personal data for the following purposes:

Provision of Services: User account management, order processing, customer service, and support.

Experience Improvement: Personalization of content and recommendations based on interests and browsing behavior.

Communication: Sending newsletters, product updates, special offers, and relevant notifications.

Marketing and Advertising: Audience segmentation, campaign measurement, remarketing, and effectiveness analysis.

Legal Compliance and Security: Fraud prevention, compliance with legal obligations, and audits.

4. LEGAL BASES

Depending on the applicable regulations, data processing is based on the following legal bases:

User Consent: For marketing purposes, sending newsletters, and using analytical cookies.

Performance of Contract: For the purchase of products and provision of services.

Legitimate Interests: For site security, fraud prevention, and improved user experience.

Legal Obligation: Retention of accounting and tax information in accordance with Colombian and EU regulations.

5. DATA ASSIGNMENT AND TRANSFER

We will not sell or rent your personal data to third parties. We may share information with:

Service Providers: Payment gateways, email marketing platforms, hosting services, web analytics (e.g., Google Analytics).

Authorities: When there is a legal or judicial requirement.

Group Companies: In the event of a merger, acquisition, or asset transfer, we will always guarantee the same levels of protection.

In the event of international transfers, we will ensure appropriate protection mechanisms (EU Standard Contractual Clauses, BCR, etc.).

6. SENSITIVE DATA

Sensitive data (health, biometrics) will be processed only with explicit consent and for specific purposes, ensuring enhanced security measures.

7. SECURITY AND RETENTION

7.1. Technical and Organizational Measures: We implement SSL protocols, data encryption in transit and at rest, access controls, and periodic audits.

7.2. Data Retention: We will retain your data for the duration of a contractual relationship and for the applicable legal periods (minimum 5 years for tax purposes). It will then be deleted or anonymized.

8. USER RIGHTS

Users may exercise the following rights with us:

Access: To know what data we process.

Rectification: To correct inaccurate data.

Deletion: To request the deletion of data when it is no longer necessary.

Restriction: To restrict processing in certain circumstances.

Portability: To receive data in a structured format and transmit it to another controller.

Objection: To object to processing for specific reasons.

Withdraw Consent: At any time, without affecting the lawfulness of previous processing.