Privacy Policy

 

I. PRIVACY POLICY AND DATA PROTECTION

In compliance with the applicable regulations, Black Flame (hereinafter also referred to as the Website) is committed to adopting the necessary technical and organizational measures according to the appropriate level of security for the risk involved in the data collected.

Laws Incorporated in This Privacy Policy

This privacy policy is adapted to the current Spanish and European regulations on the protection of personal data on the internet. Specifically, it complies with the following regulations:

  • Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of individuals concerning the processing of personal data and the free movement of such data (GDPR).
  • Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD-GDD).
  • Royal Decree 1720/2007 of December 21, approving the regulations for the implementation of Organic Law 15/1999 of December 13, on the Protection of Personal Data (RDLOPD).
  • Law 34/2002 of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Controller of Personal Data

The controller of personal data collected on Black Flame is:
Monroes Restaurants S.L., with Tax Identification Number (NIF/CIF): B54212949, and registered at: (details to be filled in), whose representative is: (hereinafter referred to as the Controller). Contact details are as follows:

  • Address: Avenida Garrofer, 0 (Pedreguer)
  • Phone Number: 965 76 17 31
  • Fax:
  • Email:

Registration of Personal Data

In compliance with the GDPR and LOPD-GDD, we inform you that personal data collected by Black Flame through forms on its pages will be incorporated and processed in our file to facilitate, expedite, and fulfill the commitments established between Black Flame and the User or the maintenance of the relationship established in the forms the User fills out or to address a request or query from the User. Additionally, in accordance with the GDPR and LOPD-GDD, unless exempted by Article 30.5 of the GDPR, a record of processing activities is maintained, detailing the processing activities carried out and other circumstances established in the GDPR.

Principles Applicable to the Processing of Personal Data

The processing of the User’s personal data will be subject to the following principles outlined in Article 5 of the GDPR and Articles 4 and subsequent of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights:

  1. Principle of lawfulness, fairness, and transparency: User consent will always be required after fully transparent information on the purposes for which personal data is collected.
  2. Principle of purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes.
  3. Principle of data minimization: Only the data strictly necessary for the purposes of processing will be collected.
  4. Principle of accuracy: Personal data must be accurate and kept up to date.
  5. Principle of storage limitation: Personal data will be retained only as long as necessary for processing purposes.
  6. Principle of integrity and confidentiality: Data will be processed in a way that ensures security and confidentiality.
  7. Principle of proactive accountability: The Controller will ensure compliance with these principles.

Categories of Personal Data

The categories of data processed on Black Flame are solely identification data. No special categories of personal data, as defined in Article 9 of the GDPR, are processed.

Special categories of personal data include those revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identifying a person, health-related data, or data concerning a person’s sex life or sexual orientation.

For processing special categories of personal data, the explicit consent of the User will always be required for specific purposes.

Legal Basis for Data Processing

The legal basis for processing personal data is consent. Black Flame undertakes to obtain the User’s explicit and verifiable consent for processing their personal data for one or more specific purposes.

The User has the right to withdraw consent at any time. Withdrawing consent will be as easy as granting it. As a general rule, withdrawing consent will not affect the use of the Website.

When the User provides data through forms to make inquiries, request information, or for purposes related to the Website’s content, it will be indicated whether completion of such forms is mandatory because it is essential for the proper development of the operation performed.

Purposes of Processing Personal Data

Personal data is collected and managed by Black Flame to facilitate, expedite, and fulfill the commitments established between the Website and the User or to maintain the relationship established in the forms the User fills out or to address a request or inquiry.

Data may also be used for commercial, operational, and statistical purposes or activities related to Black Flame’s corporate purpose, including data extraction, storage, and marketing studies to tailor the Content offered to the User and improve the Website’s quality, functionality, and navigation.

At the time of data collection, the User will be informed of the specific purpose(s) for processing their personal data.

Retention Periods for Personal Data

Personal data will be retained only as long as necessary for the purposes of processing or until the User requests its deletion.

Recipients of Personal Data

User data will not be shared with third parties.

If there is any intention to transfer data to a third country or international organization, the User will be informed at the time of data collection about the recipient and whether an adequacy decision by the Commission exists.

Personal Data of Minors

In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, only individuals aged 14 and older may lawfully consent to the processing of their personal data by Black Flame. For minors under 14, parental or guardian consent is required, and such processing will only be considered lawful to the extent that such consent has been granted.

Confidentiality and Security of Personal Data

Black Flame is committed to implementing the necessary technical and organizational measures, proportionate to the level of risk associated with the collected data, to ensure the security of personal data and to prevent its accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.

The Website uses an SSL (Secure Socket Layer) certificate, ensuring that personal data is transmitted securely and confidentially through encrypted communication between the server and the User.

However, as Black Flame cannot guarantee absolute invulnerability of the internet or the total absence of fraudulent access by hackers or other third parties, the Controller agrees to promptly inform the User of any breach of personal data security that may pose a high risk to individual rights and freedoms. In accordance with Article 4 of the GDPR, a breach of personal data security involves any event that results in the accidental or unlawful destruction, loss, alteration, or unauthorized access to personal data.

Personal data will be treated as confidential by the Controller, who agrees to ensure that this confidentiality is upheld by employees, partners, and any individual granted access to such information under a legal or contractual obligation.

Rights Derived from the Processing of Personal Data

The User has the following rights regarding the processing of their personal data as recognized by the GDPR and Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights:

  1. Right of access: The User has the right to confirm whether Black Flame is processing their personal data, and if so, obtain information about the specific data and processing activities.
  2. Right to rectification: The User has the right to have inaccurate or incomplete personal data corrected.
  3. Right to erasure (“right to be forgotten”): The User has the right to request the deletion of personal data when it is no longer necessary for its original purposes, the User withdraws consent, the data has been processed unlawfully, or other valid reasons apply, as outlined in current legislation.
  4. Right to restriction of processing: The User has the right to request the limitation of data processing under specific circumstances, such as contesting the accuracy of the data or the legality of its processing.
  5. Right to data portability: If data processing is automated, the User has the right to receive their personal data in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller where technically feasible.
  6. Right to object: The User may object to the processing of their personal data or request that processing cease entirely.
  7. Right not to be subject to automated decision-making: The User has the right not to be subject to a decision based solely on automated processing, including profiling, unless otherwise authorized by law.

To exercise these rights, the User must send a written request to the Controller, referencing “GDPR-https://blackflame.es/“, and include:

  • Full name, surname(s), and a copy of the User’s ID. Where representation is applicable, valid proof of the representative’s identity and authorization is required.
  • A description of the specific request.
  • A contact address for notifications.
  • The date and signature of the applicant.
  • Any supporting documentation related to the request.

This request and any accompanying documents should be sent to the following address or email:

  • Postal Address: Avenida Garrofer, 0 (Pedreguer)
  • Email Address:

Links to Third-Party Websites

The Website may include hyperlinks or links that provide access to third-party websites outside Black Flame’s control. These third parties will have their own privacy policies and will be responsible for their own files and privacy practices.

Complaints to the Supervisory Authority

If the User believes there is a violation of applicable regulations regarding the processing of personal data, they have the right to seek effective judicial protection and file a complaint with a supervisory authority, particularly in the country of their habitual residence, workplace, or location of the alleged violation. In Spain, the supervisory authority is the Spanish Data Protection Agency (AEPD) (https://www.aepd.es/).

II. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
It is necessary for the User to have read and agreed to the terms outlined in this Privacy Policy and consent to the processing of their personal data for the Controller to carry out such processing as described. By using the Website, the User accepts this Privacy Policy.

Black Flame reserves the right to modify its Privacy Policy at its discretion or due to changes in legislation, jurisprudence, or guidelines issued by the Spanish Data Protection Agency. Updates or changes to this Privacy Policy will not be explicitly notified to the User. Users are encouraged to review this page periodically to stay informed of any changes or updates.

This Privacy Policy was last updated to comply with Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 (GDPR) and Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.