Privacy Policy

Last updated: [date]

Important Notice

This document is a template provided for informational and drafting purposes only. It must be reviewed, adapted, and completed with your own legal, business, and data processing information before being published on your website or used in your business. By using this template, you acknowledge that you are responsible for ensuring that its contents accurately reflect your activities and comply with all applicable laws and regulations.

1. Website Owner Information

In accordance with applicable regulations, users are informed that the owner of this website is:

[project name / company name]
Tax ID / VAT Number: [tax id]
Registered address: [registered address]
Contact email: [contact email]
Main business activity: [main purpose / business activity]

If applicable:

Returns address: [returns address]
Important: Returns sent to this address may not be accepted. If you wish to return a product, please check the following link: [returns link]

2. Data Protection

In accordance with current applicable personal data protection regulations, we inform you that your personal data will be included in the processing systems owned by [project name / company name], with Tax ID [tax id] and registered office at [registered address].

Below, we inform you about the purposes of processing, storage periods, legal bases, categories of data, possible disclosures, international transfers, and whether profiling or automated decision-making is carried out.

3. Processing Activities

3.1 Website Functionality

Purpose: Process and manage the data required for the proper functioning of the website.
Storage period: Until the consent given is withdrawn, or for as long as necessary to provide the service.
Legal basis: Consent of the data subject.
Type of data: Identifying data only, unless otherwise specified.
Disclosures: [Not expected / specify if applicable].
International transfers: [Not expected / specify if applicable].
Profiling: [Not expected / specify if applicable].

3.2 Contact Forms, Queries and Requests

Purpose: To attend to your queries, requests, or communications submitted through the website or other contact channels.
Storage period: For as long as necessary to deal with the request, or until the consent is withdrawn when applicable.
Legal basis: Consent of the data subject and/or pre-contractual measures.
Type of data: Identifying data and any additional data you provide in your message.
Disclosures: [None / specify if applicable].
International transfers: [Not expected / specify if applicable].
Profiling: [Not expected / specify if applicable].

3.3 Legal and Regulatory Compliance

Purpose: Manage and process obligations arising from compliance with applicable legal and regulatory requirements.
Storage period: Data will be kept for the legally required periods and, where applicable, until the limitation period for possible liabilities has expired.
Legal basis: Compliance with a legal obligation.
Type of data: Identifying data and any data required by law.
Disclosures: Data may be disclosed, where necessary, to public authorities, courts, regulators, or administrations with competence in the relevant matter, in order to comply with legal obligations.
International transfers: [Not expected / specify if applicable].
Profiling: [Not expected / specify if applicable].

3.4 Newsletter and Marketing Communications

Purpose: Collect, store, and process your data in order to send newsletters, promotional communications, updates, or other marketing content if you have subscribed or given consent.
Storage period: Until you withdraw your consent or unsubscribe.
Legal basis: Consent of the data subject.
Type of data: Identifying and contact data.
Disclosures: [None / specify if applicable].
International transfers: [Not expected / specify if applicable].
Profiling: [Not expected / specify if applicable].

3.5 Purchases and Contract Performance

Purpose: Collect, register, and process your data in order to manage your purchase, provide the contracted products or services, and ensure the correct performance, fulfilment, and conclusion of the contract between the parties.
Storage period: For as long as necessary to manage the purchase, delivery, returns, complaints, claims, warranties, or any other matters related to the purchased product or service.
Legal basis: Performance of a contract.
Type of data: Identifying, contact, transaction, and payment-related data, as applicable.
Disclosures: Data may be disclosed, where necessary, to payment providers, banks, tax authorities, logistics providers, public administrations, and other entities involved in the fulfilment of the contract or legal obligations.
International transfers: [Not expected / specify if applicable].
Profiling: [Not expected / specify if applicable].

3.6 Administrative, Accounting and Tax Management

Purpose: Administrative management, invoicing, accounting, tax management, and compliance with legal obligations.
Storage period: Data will be kept for the periods required by applicable tax, accounting, and commercial legislation.
Legal basis: Compliance with a legal obligation.
Type of data: Identifying, billing, and transaction data.
Disclosures: Data may be disclosed when required by law.
International transfers: [Not expected / specify if applicable].
Profiling: [Not expected / specify if applicable].

4. Data Subject Rights

[project name / company name] informs you that you may exercise the following rights regarding your personal data:

• Right of Access: The right to obtain information about whether your personal data is being processed, as well as access to such data and related information.

• Right of Rectification: The right to request the correction of inaccurate or incomplete personal data.

• Right to Restriction of Processing: The right to request the restriction of processing in certain circumstances established by law.

• Right of Erasure: The right to request the deletion of your personal data when applicable under the GDPR or other relevant legislation.

• Right of Portability: The right to receive the personal data you have provided in a structured, commonly used, and machine-readable format, and to transmit it to another data controller where applicable.

• Right of Objection: The right to object to the processing of your personal data in certain circumstances.

• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. How to Exercise Your Rights

To exercise any of the above rights, you may send a request to:

[project name / company name]
Postal address: [rights request postal address]
Email: [rights request email]

Your request should include, where applicable:

• Your full name

• A copy of a valid identity document or equivalent identification

• A clear indication of the right you wish to exercise

• Details of your request

• An address or email for notifications

• The date and your signature, where required

• Any supporting documents necessary to process the request

You should use a method that allows proof of sending and receipt of the request.

You also have the right to lodge a complaint with the competent data protection authority, such as [name of applicable authority], if you believe that the processing of your personal data does not comply with applicable regulations.

6. Security Measures

[project name / company name] undertakes to adopt the necessary technical and organisational measures appropriate to the level of risk associated with the processing carried out, in order to guarantee the integrity, confidentiality, availability, and resilience of personal data.

7. Privacy Policy for Social Networks

In accordance with applicable data protection regulations and, where applicable, the rules governing information society services and electronic commerce, [project name / company name] informs users that it maintains profiles on the following social networks:

• [social network 1]

• [social network 2]

• [social network 3]

The purpose of these profiles is generally to promote products, services, content, news, or activities related to [project name / company name].

If a user follows or interacts with our profile on a social network, they acknowledge that the information they make publicly available on that network may be accessible to us in accordance with the settings and policies of that platform.

Users may consult the privacy policies of the respective social networks at any time and configure their accounts to protect their privacy.

7.1 Data We May Access on Social Networks

[project name / company name] may access public information from the user’s profile, especially their username, display name, and publicly shared content, depending on the privacy settings established by the user on the relevant social network.

This information will only be used within the social network environment, unless otherwise stated and lawfully justified.

7.2 Rights on Social Networks

With respect to rights of access, rectification, restriction, erasure, portability, and objection relating to personal data processed through social networks, users should note that some of these rights can only be effectively exercised in relation to data under the control of [project name / company name].

For example, we may be able to delete comments posted on our page or remove content under our control, but we cannot modify platform-level data controlled by the social network provider.

7.3 Actions We May Carry Out Through Social Networks

[project name / company name] may perform the following actions through its social network profiles:

• Access public profile information

• Publish updates, promotions, or information already available on our website or channels

• Respond to messages or comments

• Send messages where the platform allows it and where legally permitted

• Update page status or activity that may appear in users’ feeds according to platform rules

Users may always control their connections, remove content that no longer interests them, and adjust privacy and communication settings directly through the social network.

8. User Publications on Social Networks

When interacting with our social network pages, users may post comments, links, images, videos, or other content permitted by the platform.

The user warrants that they own the content posted or have the necessary permissions, rights, and authorisations to publish it.

It is expressly prohibited to publish content that:

• Violates the law, morality, or public order

• Infringes intellectual or industrial property rights

• Violates image rights or privacy rights

• Is offensive, discriminatory, defamatory, or otherwise inappropriate

[project name / company name] reserves the right to remove any such content immediately and, where appropriate, block the user permanently.

[project name / company name] shall not be responsible for content freely published by users on social networks.

Users should be aware that any content they post may be visible to other users, and they are therefore primarily responsible for protecting their own privacy.

9. Contests and Promotions

[project name / company name] may organise contests, giveaways, or promotions through its social network profiles or website.

Where these are carried out through a social platform, the specific terms and conditions of each promotion will be published and made available accordingly.

Such promotions will be conducted in compliance with applicable law. Unless explicitly stated otherwise, the relevant social network does not sponsor, endorse, administer, or have any association with such promotions.

10. Advertising and Commercial Communications

[project name / company name] may use its website, email communications, and social networks to advertise its products, services, and activities.

If personal data is used for direct marketing purposes, such processing will be carried out in accordance with applicable data protection and electronic communications laws.

Recommending or sharing our page, content, or promotions with other users will not be considered unsolicited commercial communication where it is carried out voluntarily by users.