• 8. RIGHTS
  • 9. COOKIES

1. Responsibility

Who is responsible for the processing of Personal Data?

BIMBA & LOLA, S.L. processes Personal Data collected by BIMBA & LOLA SINGAPORE, PTE. LTD. (Company Registration Number. 201133710E), headquartered at 16 Raffles Quay, #10-00, Hong Leong Building, Singapore 048581 (BIMBA & LOLA, S.L. and BIMBA & LOLA SINGAPORE, PTE. LTD., collectively, “BIMBA Y LOLA”, "us", "we" and "our").

2. Collection

What Personal Data do we collect and how do we collect it?

BIMBA & LOLA SINGAPORE, PTE. LTD. collects Personal Data as data processor in the name and on behalf of BIMBA & LOLA, S.L., the latter acting as data controller.

In connection with your access or use of the Website and/or the Services (as defined in the Conditions which can be found here), we may collect personal data from you, including but not limited to:

a) name;
b) the number of your national registration identity card, driving license or passport (or copies of the same);
c) contact details (including telephone number, mailing and delivery addresses and email);
d) birth date;
e) network and device data (including your IP address and device or advertising identifiers);
f) shopping or browsing behaviors;
g) financial information (e.g. credit or debit card numbers or bank account information); and
h) any other personally identifiable information which you have provided to us in any form that you may have submitted to us, or in the course of any other form of interaction between you and us, including data, whether true or not, about you or any other individual who can be identified from: (i) that data; or (ii) that data and other information to which we have or are likely to have access,

(hereinafter referred to as “Personal Data”).

a) when you become a registered user, and you access and use the Website or the Services;
b) when you accept our cookies (see Section 9 below) on the device used by you to access the Website;
c) when you interact with any of our employees, agents or representatives, for example, our customer service representatives;
d) when you interact with us on any form of social media; and
e) where you voluntarily submit Personal Data to us for any reason.

If you provide us with Personal Data of a third party, you guarantee that you have the authority to handle and provide us with said Personal Data to be used for the purposes set out in this Privacy Policy and Cookies. Likewise, you are obliged to inform said third party of the processing of their Personal Data according to this Privacy Policy and Cookies.

We generally rely on Personal Data provided by you. In order to ensure that Personal Data collected by us is current, complete and accurate, please update us if there are changes to such Personal Data by informing our Data Protection Officer (as defined below) in writing or via email at the contact details provided below.

3. Purposes

Why do we collect, use, disclose and process Personal Data?

In compliance with the applicable laws, including the Personal Data Protection Act 2012 of Singapore (“PDPA”), and, if applicable, the provisions of the European General Data Protection Regulation 2016/679, we inform you that we collect, use, disclose and process any Personal Data you provide us with for the following purposes:

a) to administer or process your registration as a user and enable you to access and use the Website and the Services, and for the correct and proper management of the same and in respect of the number of your national registration identity card, driving license or passport (or copies of the same), to accurately establish or verify your identity to a high degree of fidelity (“Purpose 1”);
b) to send commercial communications about the Products (as defined in the Conditions) (including emails, phone calls, SMS, PUSH notifications, post, etc.) (“Purpose 2”);
c) for the preparation of commercial profiles based on information from internal and external sources, with the aim of analyzing your purchasing behavior and sending you personalized advertising (“Purpose 3”);
d) for abuse and fraud prevention (including fraudulent activities, denial-of-service attacks, among others) (“Purpose 4”); and
e) for disclosure of data to public bodies and authorities (administrative or judicial), provided that this is required under the legal and statutory provisions, and for such other compliance with the PDPA or other applicable laws (“Purpose 5”), (hereinafter referred to as “Purposes”).

The Purposes may continue to apply even in situations where your relationship with us has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

We will seek your consent before collecting any additional Personal Data and before using Personal Data for a purpose which has not been notified to you (except where permitted or authorized by the PDPA or other applicable laws).

4. Legitimation

What is the legitimation of the processing of Personal Data?

The legal bases for the processing of Personal Data corresponding to each of the Purposes are as follows:
- Purpose 1: The execution of a contract with us in relation to the purchase of Products.
- Purpose 2: Consent expressly given to us at the time Personal Data is collected.
- Purpose 3: Consent expressly given to us at the time Personal Data is collected in relation to the preparation of profiles based on external sources and the satisfaction of a legitimate interest pursued by us in relation to the preparation of profiles based on internal sources.
- Purposes 4 and 5: The legal discharge of responsibilities applicable to us.

5. Recipients

To which recipients will Personal Data be communicated?

Personal Data will not be disclosed to any third party, except to those third parties whose intervention is necessary to enable your access and use of the Website and the Services, and for the correct and proper management of the same, which may include:

a) our employees, consultants, agents, contractors, or other service providers;
b) payment processors and other financial institutions who process payments on the Website;
c) transport and other logistic companies who deliver the Products;
d) our professional advisors and consultants;
e) any other person whom you authorize us to disclose Personal Data to;
f) social network providers; and
g) other companies of the same group of companies as us.

In addition, Personal Data may be disclosed in circumstances where such disclosure does not require consent under the applicable laws, for example, to public bodies and authorities (administrative or judicial) pursuant to a legal regulation.

6. Administration and management

How will we protect and store Personal Data?

We will put in place reasonable security arrangements to ensure that Personal Data is adequately protected and secured. This includes putting in place reasonable measures to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, damage or alteration of Personal Data. However, we will not be liable for any unauthorized use of Personal Data by third parties which is attributable to factors beyond our reasonable control.

When Personal Data in our possession is no longer required for any reason connected to the Purpose that it was originally collected, or retention by us is no longer necessary for any other legal or business purposes, we will exercise measures to ensure such Personal Data is either destroyed or anonymized. If Personal Data is transferred out of Singapore, we will protect Personal Data to a standard acceptable to the protection accorded to Personal Data under the PDPA by ensuring that that the recipient is either in a jurisdiction which has comparable data protection laws to Singapore, or is contractually bound to protect Personal Data to a comparable standard.

Please be aware that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be entirely guaranteed, we strive to protect the security of Personal Data and are constantly reviewing and enhancing our data security measures.

7. Personal data retention period

How long will we keep Personal Data?

Personal Data will be kept by us for as long as it is necessary for the longer of the following periods:

a) the duration of the Contract (as defined in the Conditions) (i.e. up until its termination or cancellation);
b) the time necessary to comply with our legal obligations; and
c) as required or permitted by applicable laws.

8. Rights

What are your rights when you provide us with Personal Data and how can you exercise them?

You have the right to the following:

a) to access any Personal Data, as well as to request the update or rectification of inaccurate Personal Data;
b) to request their suppression when, among other reasons, the Personal Data are no longer necessary for the purposes for which they were collected;
c) to withdraw any consent given by you for the collection, use and/or disclosure of any Personal Data, that is in our possession or under our control;
d) to request the limitation of the processing of Personal Data, in which case we only will keep them for the exercise or defense of claims;
e) to oppose the processing of Personal Data. We will cease to process Personal Data, except for imperative legal reasons, or for the exercise or defense of possible claims; and/or
f) in the same way, you can exercise your right to data portability, as well as to withdraw the consents given at any time, without this affecting the legality of the processing based on the consent given prior to its withdrawal.

If you wish to exercise any of your rights, you can contact the person designated by us from time to time for ensuring that we comply with the PDPA and other applicable laws (“Data Protection Officer”) in writing at our email address [] or our postal address [BIMBA Y LOLA, Parque Tecnológico y Logístico de Vigo, nave D13 (36315 – Vigo – Spain)]. In this regard, we may require you to provide a copy of an official document that identifies you (i.e. your national registration identity card, driving license or passport) to verify your identity before processing your request.

Finally, we inform that you can also contact the Personal Data Protection Commission and other competent public authorities in Singapore regarding any claim deriving from the processing of Personal Data.

Upon receipt of any written request from you to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities. While we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing the Services and Products to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described above. Please note that withdrawing your consent does not affect our right to continue to collect, use, disclose and/or process Personal Data where such collection, use and/or disclosure without consent is required or permitted under the PDPA or other applicable laws.

9. Cookies

This Privacy Policy and Cookies only refers to the treatment of Personal Data by us through your interaction with the Website or application. Other websites that may redirect to the Website have their own privacy policies, for this reason we encourage you to review the privacy policies offered by third parties’ websites before providing them with your information.

The use of ‘cookies’ in connection with the Website and the Services is as follows:

Web browsing (cookies)

The Website uses our own and third party cookies to collect information on the use of the Website in order to customize the browsing experience and to improve the Services.

Strictly necessary cookies

We use essential internal-use cookies for the operation of the Website, including those that enable authentication or maintenance of the registered user's session when browsing the Website. Disabling these cookies prevents the correct functioning of some features on the Website. These cookies include:

- Cookies_Consent (Cookies acceptance popup)
- Dyndata (Shopping cart)
- Store (To ascertain the visitor's purchase market)
- Frontend, Frontend_cid (User login)
- Customer_Group (Group to which the user belongs)

Analytical cookies

We use analytical cookies to collect statistics on the user's activity on the Website and the general activity of the Website. The collected information allows for optimal browsing on the Website and guarantees the best service for the user. These cookies include:


Advertising cookies

These are cookies normally stored by third parties that manage the advertising spaces that users view when they access the Website. These cookies allow us to measure the effectiveness of our online campaigns (hosted by the Website), provide the user with relevant information, offer advertising content of the user's preference and limit the number of advertisements provided to each user. These cookies include:


Social network cookies

Some social networks, for example, Facebook or other third-party websites and services, offer advertisers the opportunity to develop personalized audiences in their own environments of the users of said networks, websites or services who visit the Website. This allows advertisers to directly impact users in the environment of these third parties, offering information, promotions and advertising content that match the interests of the users. These cookies include:


Deactivation and elimination of cookies.

The user can configure its browser to block cookies and delete them, if necessary. However, by opting for this configuration, the user may not be able to access certain parts of the Website or may not be able to enjoy one or more of the Services. Unless the user’s browser settings have been configured to reject cookies, the system will produce cookies automatically whenever the user accesses the Website.

The user may restrict, block or delete the cookies from the Website at any time. To do so, the user must modify the browser settings regarding the use of cookies via the “Preferences”, “Options” or “Tools” menu (the menu names or the method of accessing the cookie options may vary depending on the browser used). For more information on how to configure cookies in the most common browsers, we recommend consulting the following links:

- Internet Explorer: Link
- Mozilla Firefox: erase cookies and block cookies.
- Google Chrome: Link
- Opera: Link
- Safari: Link

We reserve the right to modify this Privacy Policy and Cookies as a result of a regulatory change or due to a change in their configuration. For this reason, we recommend that you periodically review this policy in order to be properly informed on how we use cookies and what we use them for.