1. Data controller
- Controller: [maec_legal field=”owner_name”] — [maec_legal field=”brand_name”] (trading name)
- Tax ID (NIF): [maec_legal field=”nif”]
- Address: [maec_legal field=”address” escape=”none”]
- Contact email (privacy): [maec_legal field=”email”]
- Phone: [maec_legal field=”phone”]
2. Personal data we process
We process the data you provide to us directly and the data generated through your use of the website:
- Contact form / email: first name and last name (if provided), email address, telephone number (if provided), subject and content of the message, and any attachments you send.
- Assignment management and invoicing: identification and contact details, billing details and assignment details.
- Paper deliveries (where applicable): shipping address, first name and last name, and contact telephone number for delivery.
- Technical data: the minimum data required for the security and operation of the site; and, when you give your consent, data derived from the use of cookies or similar technologies (see the Cookie Policy).
3. Purposes and legal bases
| Purposed | Legal basis | Is it mandatory to provide data? |
|---|---|---|
| To respond to enquiries and requests made via the form, email or telephone. | Pre-contractual steps or performance of a contract (Art. 6(1)(b) GDPR) and/or legitimate interest in responding to communications (Art. 6(1)(f) GDPR). | Required to respond. If you do not provide the minimum details (e.g. email), we will not be able to reply. |
| To manage quotes, assignments, service provision and delivery (digital/paper). | Performance of a contract (Art. 6(1)(b) GDPR). | Yes, for the provision of the service. |
| Invoicing, accounting, tax compliance and collection management. | Legal obligation (Art. 6(1)(c) GDPR) and performance of a contract (Art. 6(1)(b) GDPR). | Yes, under the applicable tax/accounting regulations. |
| To organise the logistics of paper deliveries through a courier company (when the order includes paper format). | Performance of a contract (Art. 6(1)(b) GDPR). | Yes, only if you request/accept paper delivery. |
| Website security, fraud prevention and management of technical incidents. | Legitimate interest (Art. 6(1)(f) GDPR). | No (minimum technical data). |
4. Recipients and processors
We may share data with third parties only when necessary for the purposes described:
- Hosting/infrastructure provider: Dinahosting (data processor).
- Courier company (if there is a paper delivery): Correos / Tipsa / Nacex / DHL Express, to whom first name and last name, shipping address and, where applicable, telephone number are disclosed solely to deliver paper orders.
- Financial institutions/payment gateway (where applicable): Stripe to process payments.
- Public bodies and authorities: where there is a legal obligation.
5. International transfers
If we use providers located outside the European Economic Area or with access from outside the EEA, we will apply the safeguards required by the GDPR (for example, standard contractual clauses or other measures, as applicable).
6. Retention periods
- Enquiries: for the time necessary to handle and close the request and, thereafter, for the applicable periods for dealing with potential complaints/claims.
- Assignments and invoicing: for the duration of the contractual relationship and, thereafter, for the applicable statutory periods (e.g. tax/accounting).
- Paper deliveries: for as long as necessary to manage the shipment and any potential issues and, thereafter, for the applicable periods.
- Cookies: according to their duration or until you withdraw consent (see the Cookie Policy).
7. Users’ rights
You can exercise the rights recognised under the GDPR: access, rectification, erasure, objection, restriction of processing, data portability and not to be subject to automated decision-making, as well as withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).
- How to exercise them: send a request to [maec_legal field=”privacy_email”] with the subject line “Data protection” and proof of identity.
- Response time: 1 month, extendable under the terms provided by the GDPR.
- Complaint: you may lodge a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing does not comply with the legislation.
8. Security measures
We apply reasonable technical and organisational measures to protect personal data (access control, confidentiality, backups, encryption where appropriate, etc.).
9. Minors
This website is not directed at minors. If you are under 14 years of age, do not send us personal data without the consent of your parents or legal guardians.
10. Changes to this policy
We may update this Privacy Policy. We will publish the current version on the website and update the “Last updated” date.