1. Data Controller
Pursuant to Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD), the following information is provided regarding the party responsible for data processing:
2. Personal Data Collected
We may collect and process the following categories of personal data:
2.1. Identification & Contact Data
- Full Name
- Company/Organisation
- Email Address
- Telephone Number
- Postal Address
- Tax ID/VAT Number (when required for invoicing)
2.2. Navigation Data
- IP Address
- Browser Type
- Operating System
- Pages Visited
- Session Duration
- Cookies (see Cookies Policy)
2.3. Commercial Data
- Information on products or services of interest
- History of enquiries and quotations
- Commercial communications
3. Purposes of Processing
We process your personal data for the following purposes:
3.1. Enquiry & Contact Management
To address and respond to enquiries, requests for information, or quotations.
Execution of pre-contractual measures and consent of the data subject.
For the duration necessary to address the request and subsequently during legal limitation periods.
3.2. Commercial & Contractual Management
Management of orders, invoicing, delivery, and commercial relationships with clients.
Performance of a contract and compliance with legal obligations (fiscal, accounting).
For the duration of the commercial relationship and subsequently during statutorily established periods (6 years for fiscal and accounting obligations).
3.3. Commercial Communications
Sending of commercial information, newsletters, and updates regarding our products and services.
Express consent of the data subject or legitimate interest (for existing clients).
Until consent is withdrawn or unsubscribed.
3.4. Website Optimisation
Statistical analysis of website usage to improve functionality and user experience.
Legitimate interest in service improvement.
Anonymised data retained indefinitely; identifiable data retained for 25 months.
4. Legal Basis for Processing
The legal bases legitimising the processing of your data are:
- Consent: You have given consent to the processing of your data for specific purposes.
- Contract: Processing is necessary for the performance of a contract or pre-contractual measures.
- Legal Obligation: Processing is necessary for compliance with a legal obligation.
- Legitimate Interest: Processing is necessary for the purposes of legitimate interests pursued by the Controller, such as service improvement and business management.
5. Recipients & Data Transfers
5.1. Data Communication
Your personal data will not be ceded to third parties, except under legal obligation or in the following specific instances:
- Technology Service Providers: Web hosting, cloud storage, email platforms (all subject to adequate data protection guarantees and GDPR compliance).
- Public Administration: When legally mandatory (Tax Agency, Social Security, etc.).
- Data Processors: Professionals or companies providing services requiring data access (accounting, fiscal advice), all under strict confidentiality agreements.
5.2. International Transfers
Should we utilise providers established outside the European Economic Area (EEA), we ensure adequate guarantees exist (Standard Contractual Clauses approved by the European Commission, Privacy Shield certification, or adequacy decisions).
6. Your Rights
You may exercise the following rights regarding your personal data:
- Right of Access: Obtain confirmation as to whether we are processing your personal data.
- Right to Rectification: Request the correction of inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): Request the deletion of your data when no longer necessary.
- Right to Restriction of Processing: Request the limitation of data processing under specific circumstances.
- Right to Portability: Request to receive your data in a structured format.
- Right to Object: Object to the processing of your data for direct marketing purposes.
Exercising Rights
To exercise any of these rights, please contact us via:
- Email: info@portocarreroweb.com (Subject: "GDPR Rights Request")
- Post: Adrián Morín Pérez, Carrer de Mèrida, 2, 08811 Canyelles, Barcelona, Spain
You must verify your identity by providing a copy of your ID card or equivalent document. We shall respond to your request within a maximum period of one month from receipt.
Right to Complain to the AEPD
If you consider that the processing of your personal data does not comply with regulations, you may lodge a complaint with the Spanish Data Protection Agency (AEPD):
- Website: www.aepd.es
- Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
- Telephone: +34 901 100 099 / +34 91 266 35 17
7. Data Security
The Proprietor has implemented appropriate technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized communication, or access, including the use of secure transmission protocols (HTTPS/SSL), robust passwords, and periodic backups.
However, you should be aware that Internet security measures are not impregnable. Despite our best efforts, absolute security cannot be guaranteed. In the event of a security breach posing a risk to your rights and freedoms, we will inform you in accordance with applicable regulations.
8. Policy Updates
The Proprietor reserves the right to modify this Privacy Policy to adapt to legislative or jurisprudential changes, or modifications in business practice.
In the event of substantial changes, users will be informed via this website.