Privacy Policy

This privacy policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), and, where not contrary to the aforementioned regulations, Organic Law 15/1999 on the Protection of Personal Data (LOPD) and its implementing regulations, and/or any that may replace or update them in the future.

Our organization is committed to protecting your personal data. The personal data provided is necessary to deliver our services and is processed lawfully, fairly, and transparently, ensuring adequate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, through the application of technical and organizational measures.
This document aims to provide you with clear and transparent information regarding the processing of your personal data by our organization.

I. DATA CONTROLLER

IDENTITY: POOL AESTHETICS, S.L.
C.I.F. / N.I.F.: B53546669
ADDRESS: POL. IND. MARJALS, C/SAGRA, 2-B, 03760 ONDARA (ALICANTE)
PHONE: (+34) 965 787 439
EMAIL:

DATA PROTECTION OFFICER:

II. RECIPIENTS OF PERSONAL DATA

– The personal data provided will not be disclosed to third parties unless specified in the relevant processing activities.
– Optionally, for the contracting of cloud computing services and/or email, communication, or other related IT services, personal data may be:
– Transferred to IT service providers located within the European Economic Area (EEA), or
– Transferred to IT service providers located outside the EEA under the Privacy Shield framework, which ensures adequate safeguards for the protection of personal data. More information: https://www.privacyshield.gov/welcome
– Optionally, to public administrations and other authorities when required to comply with legal obligations.

III. LEGAL BASIS FOR DATA PROCESSING

For each specific data processing activity, we will inform you of the legal basis that legitimizes it.

IV. RIGHTS

RIGHT OF ACCESS

The right to obtain confirmation from the data controller as to whether or not personal data concerning you is being processed, and, if so, access to such data and the following information: purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, retention period or criteria used to determine it, the existence of the right to request rectification or erasure of personal data or restriction of processing, or to object to such processing, the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), the existence of automated decision-making, including profiling, and, where data is transferred to third countries, the right to be informed of the appropriate safeguards applied.

RIGHT TO RECTIFICATION

The right to request the correction of inaccurate personal data, including the right to complete incomplete data. By providing personal data, you guarantee its accuracy and agree to notify us of any changes. Any damage resulting from the provision of incorrect, inaccurate, or incomplete information in website forms is the sole responsibility of the data subject.

RIGHT TO ERASURE

The right to request the deletion of your personal data when, among other reasons, it is no longer necessary for the purpose for which it was collected, is being processed unlawfully, or you withdraw your consent. Erasure will not apply when data processing is necessary, among other cases, to comply with legal obligations or for the establishment, exercise, or defense of legal claims.

RIGHT TO RESTRICTION OF PROCESSING

The right to request the restriction of processing of your personal data, meaning that in certain cases you may ask us to temporarily suspend processing or to retain data beyond the necessary period when needed.

RIGHT TO WITHDRAW CONSENT

The right to withdraw your consent given by checking “I have read and accept the privacy policy” at any time, as specified in the section “Exercise of rights” or in the specific processing of commercial communications or newsletters. This right will not apply if, among other cases, data processing is necessary to comply with a legal obligation, execute or maintain a contractual relationship, or for the establishment, exercise, or defense of legal claims. Withdrawal of consent will not have retroactive effect and will not affect the lawfulness of processing based on prior consent.

RIGHT TO DATA PORTABILITY

The right to receive the personal data concerning you that you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit it to another controller, provided that the processing is based on your consent and is carried out by automated means.

RIGHT TO OBJECT

The right to object to the processing of your personal data based on our legitimate interest. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

If you believe we are processing your personal data incorrectly, you may contact us or lodge a complaint with the Spanish Data Protection Agency (AEPD):
https://www.agpd.es/portalwebAGPD/index-ides-idphp.php

EXERCISING YOUR RIGHTS

You may exercise your rights by sending a letter to the postal address indicated above or by email to , attaching a copy of your ID card, NIE, passport, or equivalent document.

V. SECURITY MEASURES

The data controller applies appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.

VI. PERSONAL DATA PROCESSING

GENERAL PROVISIONS

The personal data requested in each specific processing activity is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed, in compliance with the principle of data minimization.
The personal data requested in each specific processing activity is strictly necessary; refusal to provide it will result in the inability to deliver the requested service.
The disclosure of personal data specified in each processing activity is, in some cases, necessary for the execution and maintenance of a contract, and in other cases, for compliance with a legal obligation applicable to the data controller. 

BASIC DATA PROCESSING – PURPOSES

QUOTATION

Personal data will be processed for the preparation of quotations, sending the requested quotation, and managing any related communication. The legal basis for processing personal data is the data subject’s consent when providing their information and/or our legitimate interest in managing the quotation request.
No data transfers to third parties are foreseen, except where legally required or necessary for service provision. In such cases, data may be processed by third-party service providers (such as accounting firms, IT providers, or financial institutions) with whom the data controller has signed appropriate data processing agreements, ensuring confidentiality and data security.
Personal data is obtained directly from the data subject or their representative via request forms, email, phone calls, or meetings. No data is collected from external sources, nor are special categories of personal data processed.
Personal data will be retained as long as necessary to manage the quotation request and, in any case, no longer than the period required to comply with legal obligations.

INVOICING

Personal data included in invoices will be processed for accounting, tax, and administrative management, compliance with legal and contractual obligations, and to contact the client or supplier in case of issues or clarifications regarding the invoice.
The legal basis for processing personal data is the execution of the contract or service reflected in the invoice, compliance with legal obligations in tax, accounting, and commercial matters, and the data controller’s legitimate interest in properly managing the business and administrative relationship.
No data transfers to third parties are foreseen, except where legally required or necessary for service provision. In such cases, data may be processed by third-party service providers (such as accounting firms, IT providers, or financial institutions) with whom appropriate data processing agreements have been signed. Data will also be shared with public authorities with tax jurisdiction and banking entities for payment processing.
No international data transfers are foreseen.
Data is obtained directly from the data subject or supplier involved in the transaction. No data is collected from external sources, and no special categories of personal data are processed unless expressly consented or legally required.
Personal data will be retained while the relationship between the parties exists or for the period necessary to comply with legal obligations.

EMAIL

Personal data included in emails will be processed to maintain communications related to inquiries, information requests, quotations, orders, deliveries, invoicing, or support, and to manage contractual, pre-contractual, or commercial relationships.
The legal basis for processing personal data is the execution of pre-contractual measures or a contract when linked to a quotation, order, invoice, or incident (Art. 6.1.b GDPR); the data subject’s consent to receive certain types of communications (Art. 6.1.a GDPR); and legitimate interest in responding to inquiries (Art. 6.1.f GDPR).
Data will not be shared with third parties, except with the email and cloud storage service, third-party companies when necessary to fulfill the request (e.g., carriers, accounting firms, banks), or when legally required.
International data transfers are made to GOOGLE LLC when using the Gmail application. Data processors: IT service providers.
Data is collected directly from the data subject or authorized sources related to the provision of services or products. No data is collected from third parties without consent, and no special categories of personal data are processed unless expressly authorized.
Personal data will be retained for the time necessary to fulfill the purpose for which it was collected and while legal liabilities may arise from such processing. Once concluded, data will be retained for two years, without prejudice to the data subject’s rights. 

MAINTENANCE CONTRACT / REPAIR ORDER

Personal data will be processed to register the client in the company, for administrative procedures, for the execution and maintenance of service provision, and for any other legitimate and necessary purpose based on the relationship between the parties.
The legal basis for processing personal data is the express consent given by signing the corresponding authorization for data processing.
As a contractual requirement, personal data may be shared with external collaborators and, in compliance with legal obligations, with authorities, public officials, public registries, and any third party necessary for the proper execution of the assignment.
Personal data will be retained unless consent is withdrawn, except where necessary to maintain the relationship between the parties or for the period required to comply with legal obligations.