Compra por teléfono - Contactar

Cosmética Natural

Privay policy

Personal data protection policy

1.- Object and scope of application.

Rivas Internet S.L. (hereinafter, in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (RGPD), highlights this Policy in relation to the processing of personal data.

This Policy shall apply:

  • To users who visit the website of (
  • To those who, voluntarily, contact through email, chat or who complete one of the forms for data collection published on the website of
  • To those who request information about the services of, or request to be part of any of the commercial actions of the same.
  • To those who contract any of the services of, formalizing the corresponding contractual relationship.
  • To those who use any other service present on the website if it involves the communication of personal data to or access to data by to provide its services.
  • To any others who give their express consent, directly or indirectly, for their data to be processed by in relation to any of the purposes indicated in this Policy.
  • The user and / or client assumes responsibility for the veracity of the data provided by him, pledging that they are true and are updated, not being able to use the identity of another person or communicate their personal data unless it proves to have an authorization with legal validity. To this end, the user and / or client will be solely responsible for any damage, direct and / or indirect caused to third parties or by the use of personal data of another holder without their prior authorization, or their own personal data when they are false, erroneous, not updated or inadequate. The user and / or client who communicates the personal data of a third party will be responsible for having obtained the consent of the person concerned, as well as the consequences if not.

The user and / or client who communicates personal data to claims to be of legal age in accordance with the provisions of Spanish law, not providing otherwise data to Any data provided by a minor will require the consent or prior authorization of their parents, guardians or legal representatives, who will be responsible for the personal data provided by minors in their charge.

The present Policy will be of subsidiary application in relation to other conditions on the collection or treatment of personal data that could be established with special character and to be communicated through forms of registry or of the contracts of the particular services, being this Policy complementary of the mentioned ones in that which was not foreseen expressly in the same ones.

The use of services requires the express acceptance of this Data Protection Policy.

2- Purposes of the collection and treatment of the data by has several files where it collects and stores the personal data that are communicated to him in his condition of person in charge of the treatment. Below are the purposes of the collection and processing of personal data by

Regarding the "cookies" used by in the navigation of its website and that are stored in the user's equipment (computer or mobile device) compiling information about these visits, the purpose is to improve the usability of this website, facilitate navigation through it, know the habits and browsing needs of users to be able to adapt to them and obtain information for statistical purposes. In the case of users who are customers of, the information collected through cookies is also used for identification when accessing the tools that makes available to manage contracted services.

Users can configure their browser to either notify them of the receipt of cookies, or avoid it. If the user decides to withdraw consent for the reception of cookies after having given it, must remove all those stored on your computer and configure the options of different browsers. Navigation through the website of once disabled the collection of cookies is possible, although the use of some services may suffer limitations.

In the event that interested parties complete any of the forms of to participate in any of its commercial actions, its purpose will be to participate in them, as well as sending advertising information about the services of unless the interested party expressly expressed its opposition when their data are collected. In any case, the interested one will be able to modify the option about the reception of commercial information in any moment, through the available means for it in

The purpose of the collection and processing of data in cases of sending an email to or a communication of personal data through any other means (such as a contact form published on https://www.biomanantial.coms) will be to answer questions, doubts and requests for information about and its services.

With respect to hiring the services of, the data collected will be limited to personal data necessary to establish the contractual relationship with the customer and enable the provision of services. The purposes for which such data will be collected and processed are as follows:

  • The maintenance of the contractual relationship according to the nature of the services contracted, this being the main purpose, so that can contact the customer through email, telephone or any other means indicated by it.
  • To enable the sending of documentation and information in relation to contracted services and to send commercial communications whose object are such services or other similar, via e-mail, postal mail, telephone, SMS or any other means indicated by the customer, unless it expressly states its opposition when making the contract. Independently of the option chosen by the customer in the contracting process, the customer may modify its decision at any time and as many times as you want, through the specific section available in your Customer Area, choosing whether or not you want to receive commercial information from
  • The maintenance of the historical records of the commercial relations of, during the legally established periods.
  • In the cases in which the access or treatment on the part of is made with respect to personal data in which the client had the condition of person in charge of the treatment, will act as person in charge of the treatment according to the foreseen in the art. 28 of the RGPD. The section " as in charge of the treatment" included in this Policy gathers more information on the matter.
  • will proceed to retain and conserve certain traffic data generated during the development of communications, as well as communicate such data to the competent bodies provided that the legal circumstances concur, all in compliance with Law 25/2007 of 18 October on the conservation of data relating to electronic communications and public communications networks.
  • For all the purposes that appear to be expressly included in the corresponding contracts, the following conditions shall apply

3- Recipients of the data.

Will be recipients of personal data collected by

  • Those suppliers of who participate in the provision of services, if necessary to enable them.
  • The companies that are part of the business group to which belongs, understood in accordance with the provisions of art. 42 of the Commercial Code, whose activity is the marketing of services of the same or similar nature offered by (for example, domain name services, web hosting or electronic commerce).
  • The Forces and Bodies of Security of the State, as well as judicial or administrative organs, if the collaboration of was required to provide information related to its clients or services, according to the Law.
  • Any other that is necessary to enable the provision of each service in particular, providing the necessary information in the service contracts of, which are expressly accepted by customers.

4.- Term of conservation of the data.

The conservation of personal data by will be done for the period of time that was strictly necessary to meet the purposes set out in this Policy, keeping properly blocked such data also during the period in which they could derive responsibilities of their relationship with customers.

With regard to the data subject to conservation in accordance with Law 25/2007 of 18 October on the conservation of data relating to electronic communications and public communications networks, the period of conservation of the same will be detailed in that regulation.

5.- Rights of the users.

The rights of users in relation to the collection and processing of data by are as follows, recognized by the RGPD:

  • Right of access: Users have the right to request and obtain information from about their personal data, to access them and to obtain information about their treatment.
  • Right to obtain a copy of your personal data.
  • Right of deletion: Users may request the deletion of data when it is no longer necessary for the purpose for which it was provided or if the other circumstances provided for by the RGPD apply.
  • Right of rectification: In the event that their data are incorrect or incomplete, users have the right to request their rectification.
  • Right to limit processing: In the cases provided for in art. 18 of the RGPD, users have the right to request that the processing of their personal data be limited, so that the corresponding processing operations are not applied to them.
  • Right to portability: Users have the right to receive the personal data that concern them in a structured format and common use, being necessary requirements that such data concern exclusively the user and had been provided by him to

For the exercise of their rights, the users will be able to use the following ways:

  • In the case of users who are customers of customers have at their disposal the tool "Customer Area", which is accessed authenticated from and has a specific section where you can check the data at any time.
  • In the case of both non-customer users and customers of They have at their disposal the email address, to which they can send an email to exercise their rights. If they wish, they can also do so by sending a request accompanied by their D.N.I. or valid document accrediting their identity, addressed to the Commercial Department of Rivas Internet, S.L., C/ Travesía Fortuny, 2. 28300. Aranjuez (Madrid). Spain, specifying the right they wish to exercise.
  • reserves the right to charge a fee for administrative costs arising in cases of applications manifestly unfounded or excessive for its repetitive nature, and the right to refuse to act on them, under art. 12.5 RGPD.

6.- International transfers.

In the case of services of that require the accomplishment of international transfers to make possible the benefit of the same ones, this circumstance will be indicated in the contract corresponding to the concrete service contracted by the client and accepted of express form by this one of previous form to the same one.

7.- Control authority.

In the case of considering that the treatment of their personal data has not been carried out in accordance with the legislation in force, the users will be able to communicate it to the control authority that in each case corresponds. In Spain, the supervisory authority is the Spanish Data Protection Agency.

8.- as in charge of the treatment.

In relation to personal data in respect of which the customer holds the condition of responsible or in charge of treatment, will treat such data in accordance with art. 28 RGPD and concordant, when necessary for the provision of contracted services. will act in this case as the person in charge of the treatment, according to the conditions indicated below: will treat these data according to the instructions of the customer responsible or in charge of processing, not using them for a purpose other than that contained in this Policy and / or in the contractual conditions that apply.
Once completed the provision of services subject to the processing of personal data will proceed to the destruction of them, as well as that of any support or documents that contain any personal data or any information that has been generated during, for and / or by the provision of services. Nevertheless, will be able to maintain properly blocked these data during the period in which responsibilities could be derived from its relation with the client.

According to art. 28 of the RGPD, will maintain the due professional secret with respect to the personal data to which it must access and/or treat in order to fulfill in each case with the object of the contract of the service that is applicable to it, as much during as after the termination of the same ones, compromising to use this information only for the foreseen purpose in each case and to demand equal level of commitment to any person that within its organization participates in any phase of the treatment of the personal data responsibility of the client.

In the event that uses the data for another purpose or communicates or uses them in breach of this Policy or its corresponding contractual conditions, will be considered responsible for the processing.

In relation to the form and modalities of access to data in the provision of services, according to the RGPD the following rules will apply:

  1. In the event that should have access to the treatment resources located in the client's facilities, the client will be responsible for establishing and implementing the policy and security measures, as well as communicating the same to, who undertakes to respect them and require compliance to those who participate in the provision of services.
  2. When remotely accesses the data processing resources responsibility of the customer, he must establish and implement the policy and security measures in their remote processing systems, being responsible for establishing and implementing the policy and security measures in their own local systems.
  3. In cases where the service was provided by in its own premises, collect in its Register of Activities the circumstances on the processing of data in the terms required by the RGPD, including security measures for such processing.

Without prejudice to the specific legal or regulatory provisions in force that may be applicable in each case or the measures adopted by on its own initiative, access and processing of personal data by will be subject to the security measures necessary for:

  • To guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services of treatment.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Verify, evaluate and evaluate, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of processing.
  • Pseudonymize and encrypt personal data, where appropriate.

The client authorizes, as the person in charge of the treatment, to subcontract with third parties in the name and on behalf of the client, the services of storage, custody of backup copies of data and security, as well as those that were necessary to enable the provision of contracted services, respecting in any case the obligations imposed by the RGPD. The customer may contact at any time to know the identity of the subcontracted entities for the provision of such services, which will act in accordance with the terms set out in this document and after formalization with of a data processing contract in accordance with art. 28.4 of the RGPD.

The customer authorizes to perform the actions listed below, provided that they are necessary for the implementation of the provision of services, being such authorization limited to the action / s necessary to provide the service and with a maximum duration linked to the applicable contractual conditions:

  • To process personal data on portable devices only by users or user profiles assigned to the provision of services.
  • To process the data outside the premises of the client or, only by users or user profiles assigned to the provision of services.
  • To the entry and exit of supports and documents containing personal data, including those that are part of or attached to an email, outside the premises under the control of the customer responsible for processing.
  • The execution of data recovery procedures that is obliged to perform. is not responsible for the breach of obligations under the RGPD or the corresponding regulations on data protection by the user and / or customer as its business and is related to the execution of the contract or commercial relations that bind Each one of the parts will have to face the responsibilities derived from its own breach of the contractual obligations and of the effective norm.

9.- Data of the data controller.

Company name: Rivas Internet, S.L.

NIF: B86492501

Registered office: C/ Travesía Fortuny, 2. 28300 Aranjuez. Madrid. Spain

Contact e-mail:

10.- Contact details of the Data Protection Delegate:

11. Sending Commercial Communications

If you subscribe to the service of "Newsletters" or "Notifications of Products" you agree to receive in your mailbox commercial communications sent by These communications will be clearly identified in the subject of the messages.

If you want to stop receiving this type of messages you can easily do so by registering as a user and accessing the data of "your account" or by means of an e-mail to

Back to top