Privacy Policy

This Privacy and Cookies Policy applies to the websites of ARAVEN GROUP and other companies in the group and, specifically, to:

ARAVEN GROUP, S.L., with address in C/ Montalbán No. 7, 28014, Madrid, Spain and holder of Tax ID Number (C.I.F) B-87705323.
GRUPO OM COMUNICACIÓN VISUAL, S.L., with registered address in calle Mariano Benlliure, 2 (28521) – Rivas Vaciamadrid (MADRID) and holder of Tax ID Number B-85330421.
ARAVEN, S.L., with registered address in Pol. lnd. San Miguel, C/ Río Martín no. 6, 50830, Villanueva de Gállego, Zaragoza and holder of Tax ID Number B-99138950.
SHOP AND ROLL ESPAÑA, S.L., with registered address in Pol. lnd. San Miguel, C/ Río Martín no. 6, 50830, Villanueva de Gállego, Zaragoza and holder of Tax ID Number B70717160.

ARAVEN GROUP S.L. is also the owner of the websites aravengroup.com, araven.es, grupo-om.com, shopandroll.com and tiendashopandroll.com/

This Legal Notice is also applicable to the other assets of ARAVEN GROUP, S.L. or of any of the other entities of the Group: that is, mobile applications, websites, domains, sub-domains and pages and profiles of any of them on social networks.

Please note that, on some of the aforementioned websites, particular or specific conditions derived from the speciality thereof may apply. Therefore, we recommend that you access and read them before browsing.

Data protection and cookies notice of ARAVEN GROUP

1.1. Identity of the data controller

This data protection policy regulates the processing of data carried out by the companies of the ARAVEN Group, identified above.

1.2. Purpose of the data processing

The data supplied by the user through different means (forms, contracts, etc.) are collected by the responsible company in accordance with current legislation on data protection.

In each of these means, we inform you of the purpose of the data processing, which is carried out solely and exclusively if you have authorised such processing.

Detailed below is the information relating to the different purposes for which we may collect your data. The details of the processing of your data, according to the purpose of collection are as follows:

Processing	What we will use your data for	How long we will keep your data for
Registration and management of users	The data will be processed for contractual management, to offer you the service or product you purchase, accounting management, and to improve our services and products. We will draw up a commercial and credit profile based on the information provided.	We will keep your data for as long as the commercial relationship with you is maintained. Once ended, we will retain the minimum necessary information required by commercial tax legislation.
Commercial communications	We will send you information about our products, services and activities.	Your personal data will be kept until the moment you request to unsubscribe. You may request deletion at any time using the information provided in each communication.
Contact mailboxes	We will process your data to answer your request, questions or queries.	Your personal data will be retained until we have responded to your request and taken appropriate action. After this, it will be deleted unless this involves liability and action by the company.

No automated decisions are made on the basis of the data provided.

Only the data you have provided will be processed for the purpose for which you were informed and authorised. Your data will not be passed on to third parties unless you have expressly authorised this.

The legal basis for the processing of your data is the management and provision of the services and products you have requested and expressly authorised.

1.3. Processing of your data to third parties

The data may be communicated to the other companies in the Group if there is an effective legitimate interest on our part or if you request it and, where appropriate, to third parties (invoicing, satisfaction surveys, training, etc.) for the purposes of customer management, order tracking, invoicing, system security, etc.

This management of your data is performed solely and exclusively to guarantee the effectiveness of the services we offer you.

ARAVEN GROUP has rules and protocols that regulate the security of the processing of your data and guarantee that they will not be used for any other purpose or by third parties other than those you have authorised and been informed of.

1.4. International transfer of personal data

Your personal data will not be transferred outside the European Economic Area or to countries that do not have a level of compliance equivalent to that required by law or without your prior express authorisation.

1.5. Voluntary nature of the information provided and truthfulness of the data

You always provide us with your data voluntarily and therefore guarantee that the personal data provided are truthful; being responsible, in any case, for the veracity of the data provided, and we reserve the right to exclude any user who has provided false data from the services, without prejudice to any other actions that may be applicable by law.

1.6. Your rights when providing us your data

You may exercise the rights recognised by the applicable legislation at any time, including:

Access to your data: request what data we hold about you and what use we make of it, and even request that we give it to you so that it can be transferred to another company.
Rectification of your data: request the modification or rectification of inaccurate data.
Deletion of your data: request that your data be deleted and not be processed, except for what we are required by law to keep.
Opposition to processing: that we do not make a specific use of your data.

To do so, you can send a letter indicating which right you wish to exercise (Access, Rectification, Deletion, Opposition or Portability of the data), attaching a copy of an identification document to the postal address or registered office of the Data Protection Officer.

You can also request more information at privacy@araven.com or contact our Data Protection Officer at dpd@aravengroup.com

Remember that, if you are not satisfied with the way we process your data, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es).

If you wish to stop receiving communications by e-mail, you can unsubscribe through the link that will be offered in each of the e-mails you receive from ARAVEN GROUP or any of its subsidiaries.

Information on cookies and other trackers used by ARAVEN GROUP

ARAVEN GROUP, through its applications and websites, uses cookies and other trackers for different purposes. Cookies are files that are generated on your terminal when you browse through one of ARAVEN GROUP’s applications or websites. These files can store information about the way you browse or simply remember that you are a registered user. ARAVEN GROUP or third parties may have access to the information contained in these files, so it is important that you decide whether or not you wish to accept this processing.

You can access the Cookies Policy at this link.

Register of Processing Activities.

We have prepared a document in which you can find out about the categories of processing carried out at the company.

Quality and information security policy of ARAVEN GROUP

ARAVEN GROUP has implemented a quality and information security management system to try to meet or exceed the expectations of its users, contacts, customers, employees and suppliers. The established processes are audited frequently and are reviewed every time the processes are improved, or a relevant event occurs for ARAVEN GROUP. The main objectives of these processes are:

To mitigate risks by maintaining technical and organisational security measures.
To guarantee the confidentiality, availability and integrity of both personal data and trade secrets.
To be proactive in complying with the set of regulations applicable to the development of the activity.
To only choose suppliers that meet better or similar standards in terms of quality and safety.
To keep a secure record of assets and their changes.
To achieve a high level of credibility and trust in third parties and suppliers.
To raise awareness of physical and logical security among employees and collaborators through a continuous training process.

The processing of personal data is always carried out by ARAVEN GROUP after having implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk. Each of these measures aims to guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services. It also regularly performs processes of verification, evaluation and assessment of the effectiveness of technical and organisational measures to guarantee the security of the processing. The minimum measures that ARAVEN GROUP has deployed are as follows:

a) Physical:

‘Clean desk’ policy.
Minimal use of paper or similar media.
Password-protected printer and output trays with no access by third parties.
Document destruction service.
Fireproof material for the conservation of data and information on paper.
Classified and labelled documents.
Workplaces protected by in-house and outsourced security measures, with systems that limit or mitigate access by unauthorised persons.

b) Logical:

At ARAVEN GROUP we only and always use original, updated and officially licensed software.
Dual-use terminals have an exclusive profile for professional purposes.
Disc encryption and, additionally, individual file encryption.
The ability to restore the availability and access to personal data quickly in the event of a physical or technical incident thanks to a dedicated service.
Up-to-date firewall and endpoint protection systems on all terminals.
For remote access, mobile tethering is used, except on trusted networks.
Different passwords for each application, changed frequently.
2FA systems in applications and Internet sites.
The ARAVEN GROUP websites are encrypted and have specific security systems. The status of security measures is regularly reviewed manually and using forensic solutions designed for these actions.
Other common protection tools: session blocking when the device is no longer in use, privacy filters for screens when they are to be used on the move, screensavers with password locking, etc.

Security measures are reviewed frequently, both manually and using specific software.c) Organisational, training

ARAVEN GROUP has protocols for secure data management, such as systems that separate access to data by department, an active privilege table, and continuous training for all employees on the protection of personal data and information security.

d) Mandatory resource management standards

E-mail and other data storage or communication devices, as well as fixed or mobile terminals, are exclusively work tools provided by ARAVEN GROUP for the performance of work or business duties, in accordance with the contract, and may not be used for personal or domestic purposes or for professional purposes other than those agreed. ARAVEN GROUP may make backup copies and access the content derived from the use of these media for the sole purpose of controlling the fulfilment of employment obligations, statutory obligations or obligations established through a commercial contract and to guarantee the integrity of these devices. In any case, accesses will be made in accordance with data protection regulations and ensuring the protection of the privacy and intimacy of those affected.

Applicable regulations and channels for conflict resolution

The original version of this legal, privacy and cookies notice is written in Spanish, will remain accessible via the Internet on this website and must be interpreted in accordance with the applicable regulations in Spain.

For further information, to report a fault or to ask any questions, you can contact ARAVEN GROUP at the addresses indicated at the beginning of this notice.

This Policy was revised on 02/07/2024.