Privacy Policy

This privacy policy has been prepared in accordance with the provisions of the General Data Protection Regulation, EU 2016/679 (hereinafter, GDPR) and the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, LOPDGDD).

In this privacy policy, we explain everything you need to know about the processing of personal data in our company. This includes which personal data we process and store when users browse our website, purchase any of our products, or register for any of our services, the reasons for which we collect and process such data, whether we share them with third parties, how long we store them, and what your rights are and how you can exercise them.

Index

Data Controller
Data Processing on this Website
Social Networks
Data Transfers to Third Parties and International Data Transfers
Where Do We Store the Data? For How Long?
Data Subject Rights and Mechanisms to Exercise Them
User Responsibility
Minors
Security Measures
Can This Privacy Policy Be Modified?

1. Data Controller

Pursuant to Article 4.7 of the GDPR, the data controller for personal data on this website is Nordest Commerce SL. The following details the identification and contact information of the data controller on this website:

Nordest Commerce S.L.
NIF: BXXXXXX
Address: Parc de Negocis Mas Blau, Carrer d’Osona, 2, 08820, Barcelona
Email: [email protected]

If you have any questions about the processing of your personal data or wish to exercise your rights, you can contact the data controller by postal mail or by email at the addresses provided above.

2. Data Processing on this Website

2.1 SSL Encryption

For security reasons and to prevent the leakage or theft of personal or confidential data, our website uses SSL encryption technology. This technology allows data traffic between your browser and our website to be encrypted, thus preventing third parties from viewing or intercepting the personal or confidential data you send us when you browse or make purchases on our website.

Websites whose URL starts with “https://” (such as ours) offer a secure connection as they are protected by an SSL or TLS certificate that encrypts information flows.

2.2 Server Log Files
When you access our website, we automatically collect and process certain data provided by your browser, known as “server log files.” These include:

Browser type and version
Operating system used
Referring links
Duration of the visit
IP address
Date and time of access to the website

The above data are technically necessary for optimal browsing of our website, ensuring no errors or failures in content playback or website functionality. These data will not be combined with other data sources.

The legal basis for processing these personal data is our legitimate interest as operators of this website (Art. 6.1.f) of the GDPR). Our legitimate interest is to offer an error-free website compatible with major browsers and operating systems, providing user-friendly navigation for our users or customers.

2.3 Cookies
This website uses cookies. Cookies are small text files stored in your browser for the following purposes:

Enabling content and functionalities of the website.
Improving the user’s browsing experience.
Analyzing the use of our website to improve our services and products.
Personalizing content and advertising.
Improving the security of our website.

If you want to learn more about the use of cookies on our website, please refer to our cookie policy: https://www.nordestcommerce.com/cookies

2.4 Contact Forms, Calls, and Emails
If you choose to fill out any of the contact forms available on our website, or if you contact us by phone or email, you may provide us with certain personal data that we will collect and store to respond to your inquiry, complaint, or request. Such personal data may include:

First and last name
Contact phone number
Email address
Postal address
Any other personal data you choose to provide through the contact form

The legal basis for processing these personal data is the consent of the data subject (Art. 6.1.a of the GDPR).

You have the right to withdraw your consent to this processing at any time. To do so, you can inform us via email at [email protected].

We will store these data until you request their deletion, withdraw your consent to their processing, or the purpose for which they were collected expires.

2.5 User Account / Registered Customer
To activate your account and benefit from associated promotions and advantages, you will need to provide certain personal data when registering, specifically:

First and last name
Contact phone number
Email address
Delivery address

In addition to the data necessary to activate your account, we may also process the following personal data related to your activity on our website: order history, saved or marked products, information about payment methods you have used.

The legal basis for processing these personal data is the consent of the data subject (Art. 6.1.a) of the GDPR) or the necessity of processing for the performance of a contract or to take pre-contractual measures requested by the data subject (Art. 6.1.b) of the GDPR).

You have the right to withdraw your consent to this processing at any time. To do so, simply notify us via email at [email protected] (it will be necessary to prove your identity by providing a copy of your ID, NIE, or Passport).

We will store these data until you request their deletion, withdraw your consent, decide to close your account permanently, or the purpose for which the data were collected expires.

2.6 Google Services/Tools
Our website uses the following services offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter Google):

Google Analytics with remarketing: This service/tool allows us to analyze your activity on our website (the duration of your visit and the pages you navigated). To do this, Google uses cookies that collect and store the following information:
- Your IP address
- The operating system, browser, and type of device you used to access our website
- The language in which you browse
- The date and time of your visit
- Your activity on our website
These cookies usually expire after 30 days and are not intended to personally identify you, but they allow Google to evaluate the usage of website visitors, compile reports on website activity for operators, and provide other services related to website activity and internet usage.
Google AdWords with conversion tracking: This service/tool allows us to create and publish ads on Google and other websites, as well as measure the conversion rate of our ads (the number of sales per click).
When you click on one of our ads, Google temporarily stores a cookie in your browser, which usually expires after 30 days and is not intended to personally identify you but allows Google to evaluate whether you ultimately purchase one of our products or services after previously clicking on one of our ads.
Google ReCAPTCHA: This service/tool allows us to protect the comment sections and form entries on our websites against spam and abuse. ReCAPTCHA allows us to differentiate between human and fraudulent entries (those made through automated software or bots). To do this, Google uses cookies that collect and store the following information:
- Your IP address
- Referring URL
- The operating system, browser, and type of device you used to access our website
- The language in which you browse
- The date and time of your visit to our website
- Your activity on our website

Google reserves the right to store and process users’ personal data in any country where Google or any of its data processors have facilities. Therefore, we must inform you that an international transfer of your personal data may occur.
The data provided to us by Google through these tools or services are purely statistical and do not allow us to draw any conclusions about the identity of users. Therefore, the information we obtain as operators of this website through these tools is completely anonymous.

The legal basis for processing personal data using Google Analytics and Google AdWords is the consent of the data subject (Art. 6.1.a) of the GDPR). Meanwhile, the legal basis for processing personal data using Google ReCAPTCHA is our legitimate interest as service providers in offering a secure website and preventing fraudulent activities (Art. 6.1.f) of the GDPR).

For more information about the purpose and scope of data collection and processing by Google, you can consult:

“How Google uses information from sites or apps that use our services”
Google’s privacy policy

Google has developed a browser add-on that disables Google Analytics’ JavaScript, preventing the collection and use of your data. If you want to prevent Google from using your data, you should download and install the add-on from this link.

You can also prevent Google from collecting your data by configuring your browser to not store third-party cookies or to block conversion-tracking cookies.

If you have a Google account, you can consult and modify certain categories of data associated with your Google account from your account’s control panel (e.g., ad personalization, the choice of activities you want to store in a cookie or similar technology when using a Google service without being logged into your account, controlling who you share your account information with, etc.).

3. Social Networks

The purpose of tools like Facebook, Twitter, Instagram, etc., or other social networks is to give visibility and spread awareness of the activities we carry out and the products or services we offer. These tools store personal data on their respective servers and are governed by their own privacy policies. We recommend reviewing the terms of use and privacy policies of the social networks used. We also recommend reviewing the user privacy settings offered by each of these social networks.

Nordest Commerce SL reserves the right to delete from its social networks any information posted by third parties that violates the law, incites illegal activities, or contains messages that attack the dignity of people or institutions. We also reserve the right to block or report the profile of the author of these messages.

4. Data Transfers to Third Parties and International Data Transfers

As a general rule, Nordest Commerce SL will not communicate or transfer your personal data to third parties, except in cases where there is a legal obligation. In such cases, we will only disclose what is strictly necessary to comply with the legal obligation.

Nordest Commerce SL has service providers who require access to certain personal data to provide their services (e.g., payment providers, delivery companies, hosting services, marketing services, IT support services, or accounting services).

These service providers act as data processors, meaning they can only use the personal data they have access to for providing their services or fulfilling the instructions of the controller, and never for their own purposes or to transfer them to third parties. Nordest Commerce SL has signed data protection agreements with these data processors, detailing the object, duration, nature, purpose of processing, type of personal data, categories of data subjects, legal obligations of both parties regarding data protection, and the rights of the controller.

No international data transfers to third countries are foreseen. If at any time such transfers occur, you will be informed in advance to obtain your express consent.

5. Where Do We Store the Data? For How Long?

The personal data obtained will be stored within the EU. If data is sent to third parties outside the EU, we will ensure that they offer an adequate level of protection and have appropriate safeguards, such as legally binding instruments between public authorities or bodies, binding corporate rules within a corporate group, standard data protection clauses, codes of conduct, or certification mechanisms.

The data provided and collected through the website nordestcommerce.com are stored on the servers of Elementor Ltd. is headquartered in Israel, a jurisdiction which is recognized by the European Commission and the UK Information Commissioner’s Office (ICO) as offering an adequate level of protection for the personal data of UK and EEA residents. We transfer personal data from the EEA and the UK to Israel on this basis. For data transfers from the EEA or UK to countries which are not considered to be offering an adequate level of data protection, we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the European Commission and UK ICO. .

The information collected from the data subject will be retained for as long as necessary to fulfill the purpose for which the personal data were collected. Once the purpose has been fulfilled, the data will be canceled. This cancellation will result in the blocking of the data, which will be kept solely for access by public administrations, judges, and courts to address any liabilities arising from the processing, during the statute of limitations for these liabilities. After this period, the data will be destroyed.

As an informational reference, below are the legal retention periods for information in relation to different matters:

DOCUMENT	RETENTION PERIOD	LEGAL REFERENCE
Accounting and tax documents	6 years	Art. 30 Commercial Code for commercial purposes
Tax documents for tax liabilities	4 years	Articles 66 to 70 of Law 58/2003, of December 17, General Tax Law
Crimes against Public Treasury and Social Security	10 years	Art. 131 Criminal Code (LO 10/1995)

In section 2. Data Processing on this Website of this Privacy Policy, you can find the retention period for each of the processing activities we carry out through our websites.

6. Data Subject Rights

You can address your communications and exercise your rights by submitting a request to the following email address: [email protected].

In accordance with the GDPR, you can request:

Right of access: You can request information about the personal data we hold about you.
Right of rectification: You can notify us of any changes to your personal data.
Right to erasure and the right to be forgotten: You can request the deletion of your personal data after blocking them.
Right to restriction of processing: This entails the restriction of the processing of personal data.
Right to object: You can withdraw your consent to the processing of your data or object to further processing.
Right to data portability: In some cases, you can request a copy of your personal data in a structured, commonly used, and machine-readable format for transmission to another controller.
Right not to be subject to individualized decisions: You can request not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect the data subject.

In some cases, due to legal obligations, we may not be able to delete all of your personal data.

If you have any complaints about the processing of your data, you can file a complaint with the data protection authority. For more information, you can consult this link.

7. User Responsability

The user is solely responsible for the accuracy and correctness of the data provided, exonerating Nordest Commerce SL from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity, and authenticity of the personal data provided, and they undertake to keep them properly updated. The user agrees to provide complete and accurate information in the registration or subscription form.

Nordest Commerce SL reserves the right to terminate the services contracted by users if the data they have provided is false, incomplete, inaccurate, or outdated.

Nordest Commerce SL does not assume responsibility for the accuracy of information that was not created by Nordest Commerce SL or for information from other sources, and therefore assumes no responsibility for any damage or harm that may arise from the use of such information.

Nordest Commerce SL reserves the right to update, modify, or delete the information contained on its website and may limit or deny access to such information. Nordest Commerce SL is exonerated from any liability for any damages the user may suffer as a result of errors, defects, or omissions in the information provided by Nordest Commerce SL, provided it comes from sources external to the company.

Furthermore, the user certifies that they are over 14 years old and possess the necessary legal capacity to give consent regarding the processing of their personal data.

8. Minors

In principle, our services are not specifically directed at minors. However, if any of them are directed at minors under fourteen years old, in accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, of December 5 (LOPDGDD), Nordest Commerce SL will require the valid, free, unequivocal, specific, and informed consent of their legal guardians to process the personal data of minors. In this case, the ID or another form of identification of the person providing the consent will be required.

In the case of minors over the age of fourteen, their data may be processed with their consent, except in cases where the law requires the assistance of the holders of parental authority or guardianship.

9. Security Measures

Nordest Commerce SL has adopted the legally required levels of security for the protection of personal data and endeavors to install additional technical measures to prevent the loss, misuse, alteration, unauthorized access, and theft of the personal data provided to Nordest Commerce SL.

Nordest Commerce SL is not responsible for any damages or harm that may arise from interferences, omissions, interruptions, computer viruses, telephone malfunctions, or disconnections in the operational functioning of this electronic system, caused by reasons beyond Nordest Commerce SL control; from delays or blockages in the use of this electronic system caused by deficiencies or overloading of telephone lines or overloads in the Data Processing Center, on the internet, or in other electronic systems, as well as damages that may be caused by third parties through illegal intrusions beyond Nordest Commerce SL control.

Links to Other Websites: On the website nordestcommerce.com, there may be links to other websites. By clicking on one of these links and accessing an external website, your visit will be subject to the privacy policy of that website, with Nordest Commerce SL being dissociated from any responsibility for their privacy policy.

10. Can this Privacy Policy be modified

Nordest Commerce SL reserves the right to modify and/or update this Privacy Policy and data protection to adapt to legislative changes, so we recommend reading it before each access and browsing of the website. The current legal texts of this website have been drafted by Qualgest, a company specializing in data protection. However, the relationships established with users, before the modification of the Privacy Policy, will be governed by the rules provided at the time the user accessed the website for its establishment, without prejudice to the provisions of the GDPR.