|Basic Information on Data Protection|
|Objective||Provision of online services Management of web users
Commercial communications related to our services
|Legitimation||Express consent and legitimate interest|
|Target group||No data is passed on to third parties, unless legally required|
|Rights||Access, rectify and delete data, as well as other rights, as explained in the additional information|
|Additional information||Additional and detailed information on Data Protection can be found in the attached clauses at www.acathi.org/politica-privacitat|
At ACATHI we work to offer you the best possible experience through our products and services. In some cases, it is necessary to collect information to achieve this. We care about your privacy and believe that we should be transparent about it.
For this reason, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter, “RGPD”) on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the Law 34/2002, of July 11, of Services of the Society of the Information and of electronic commerce (in ahead, “LSSI”), ACATHI informs to the user that, like person in charge of the treatment, it will incorporate the personal character data facilitated by the users in an automated file.
Our commitment begins by explaining the following:
Your data is collected so that the user experience is improved, according to your interests and needs.
We are transparent about the data we obtain about you and the reason why we do it.
Our intention is to provide you with the best possible experience. Therefore, when we use your personal information we will always do so in compliance with the law, and when necessary, we will ask for your consent.
We understand that your information belongs to you. Therefore, if you decide not to authorise us to process them, you can ask us to stop processing them.
Our priority is to ensure your security and to treat your data in accordance with European regulations.
Who is responsible for processing your personal data?
Registered office: Plaça Robert Gerhard 3-4
C.I.F. nº: G63476097
ACATHI has appointed a Data Protection Officer or an internal contact person within your organization. If you wish to make an enquiry regarding the processing of your personal data, you can contact him by email
What personal data do we collect?
The personal data that the user may provide:
Name, address and date of birth.
Telephone number and e-mail address.
Information regarding payments and returns.
IP address, date and time you accessed our services, internet browser you use and data about the device’s operating system.
Any other information or data you choose to share with us.
In some cases, it is obligatory to fill in the registration form to access and enjoy certain services offered on the website; likewise, not providing the personal data requested or not accepting this data protection policy means that it is impossible to subscribe, register or participate in any of the promotions in which personal data is requested.
Why and for what purpose do we process your data?
At ACATHI we treat the information provided by interested parties for the following purposes:
To manage orders or hire any of our services, either online or in the physical stores.
Manage the sending of information requested.
To develop commercial actions and to carry out the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and the information tasks, being able to carry out automatic evaluations, obtaining profiles and customer segmentation tasks in order to personalize the treatment according to their characteristics and needs and to improve the customer’s online experience.
Develop and manage contests, raffles or other promotional activities that may be organized.
In some cases it will be necessary to provide information to Authorities or third companies for auditing purposes, as well as to handle personal data of invoices, contracts and documents to respond to customer or Public Administration complaints
We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of Processing Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the RGPD.
What is the legitimacy for the processing of your data?
The processing of your data can be based on the following legal bases:
Consent of the interested party for the contracting of services and products, for the contact forms, the
information requests or registration in e-newsletters.
Legitimate interest in the processing of our clients’ data in direct marketing actions and express consent of the interested party for all matters relating to automatic assessments and the creation of profiles.
Compliance with legal obligations for fraud prevention, communication with public authorities and third party claims.
How long do we keep your data?
The processing of the data for the purposes described above will be maintained for the time necessary to fulfil the purpose of the collection (e.g. for the duration of the commercial relationship), as well as for the fulfilment of the legal obligations arising from the processing of the data.
To which recipients are your data communicated?
In some cases, only when necessary, ACATHI will provide user data to third parties. However, the data will never be sold to third parties. External service providers (e.g., payment providers or delivery companies) with whom ACATHI works may use the data to provide the relevant services, but will not use such information for their own purposes or for transfer to third parties.
ACATHI strives to ensure the security of personal data when it is sent outside the company and ensures that third party service providers respect confidentiality and have appropriate measures in place to protect personal data. These third parties are required to ensure that the information is treated in accordance with data privacy regulations.
In some cases, the law may require that personal data be disclosed to public bodies or other parties, but only what is strictly necessary to meet such legal obligations will be disclosed.
Personal data obtained may also be shared with other group companies.
Where is your data stored?
Generally speaking, the data are stored within the EU. For data sent to third parties outside the EU, we will ensure that they offer a sufficient level of protection, either because they have Binding Corporate Rules (BCR) or because they have adhered to the “Privacy Shield”.
What rights do you have and how can you exercise them?
You may direct your communications and exercise your rights by sending a request to the following e-mail address: firstname.lastname@example.org.
By virtue of what is established in the RGPD you can request:
Right of access: you can ask for information about the personal data we have about you.
Right of rectification: you can communicate any change in your personal data.
Right to delete and forget: You may request the deletion of your personal data after they have been blocked.
Right to limit processing: this involves restricting the processing of personal data.
Right to oppose: you can withdraw your consent to the processing of the data, opposing their further processing.
Right of portability: in some cases, you may request a copy of the personal data in a structured, commonly used, machine-readable format for transmission to another data controller.
The right not to be subject to individual decisions: you can request that decisions not be taken on the basis of automated processing alone, including profiling, which produces legal effects or significantly affects the data subject.
In some cases, the request may be rejected if you ask for the deletion of data necessary to comply with legal obligations.
Also, if you have a complaint about the processing of your data, you can file a claim with the data protection authority.
¿Quién es responsable de la exactitud y la veracidad de los datos proporcionados?
The user is solely responsible for the truthfulness and correctness of the data included, exonerating ACATHI from any responsibility in this regard. The users guarantee and are responsible, in any case, for the accuracy, validity and authenticity of the personal data provided, and undertake to keep them duly updated. The user agrees to provide complete and correct information in the registration or subscription form. ACATHI reserves the right to terminate the services contracted with the users, in the event that the data provided are false, incomplete, inaccurate or out of date.
ACATHI shall not be liable for the accuracy of any information that it has not produced itself and for which another source is indicated, nor shall it be liable for any hypothetical damage that may result from the use of such information.
ACATHI reserves the right to update, modify or delete the information contained on its web pages and may even limit or deny access to such information. ACATHI shall not be liable for any loss or damage that the user may suffer as a result of errors, defects or omissions in the information provided by ACATHI, provided that this information comes from sources other than the user.
Likewise, the user certifies that he/she is over 14 years of age and that he/she has the legal capacity to consent to the processing of his/her personal data.
How do we treat the personal data of minors?
In principle our services are not specifically aimed at underage people. However, in the event that any of them is addressed to minors under fourteen years of age, in accordance with article 8 of the RGPD and article 7 of the LO3/2018, of December 5 (LOPDGDD), ACATHI will require the valid, free, unequivocal, specific and informed consent of their legal guardians in order to process the personal data of the minors. In this case, the DNI or other form of identification of the person giving consent will be required.
In the case of persons over fourteen years of age, the data may be processed with the user’s consent, except in those cases where the Law requires the assistance of the holders of parental authority or guardianship.
What security measures do we apply to protect your personal data?
ACATHI has adopted the legally required levels of security for the protection of Personal Data, and seeks to install those other means and additional technical measures within its reach to prevent the loss, misuse, alteration, unauthorized access and theft of Personal Data provided to ACATHI.
ACATHI shall not be liable for any hypothetical damage or harm that may result from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operation of this electronic system, due to causes beyond the control of ACATHI; of delays or blockages in the use of this electronic system caused by deficiencies or overloading of telephone lines or overloading of the Data Processing Centre, the Internet system or other electronic systems, as well as damage that may be caused by third parties through illegitimate interference beyond the control of ACATHI. Nevertheless, the user must be aware that security measures on the Internet are not impregnable.
Links to other websites