Privacy Policy

Latest update: 16/06/2020

PAACK SPV INVESTMENTS, S.L. (hereinafter, “PAACK”) with Tax ID (C.I.F.) B-66889452 and registered address at Vía Augusta, No. 17, Principal, 08006 Barcelona, duly filed with the Barcelona Companies Registry in Volume 46205, Folio 173, Sheet B-512934, Entry 1, states that it is the owner of the domain https://paack.co (hereinafter, the “Website”), in accordance with the obligations set out in Law 34/2002, of 11 July, on information society services and electronic commerce (hereinafter, “LSSI-CE”).

1. Identity and contact details

1.1. Responsible for the treatment

According to the terms of the applicable data protection regulations and, in particular, Regulation (EU) 2016/679, of the European Parliament and Council, of 27 April 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter, “GDPR”) and Organic Law 3/2018, of 5 December, on Personal Data Protection and the guarantee of digital rights (hereinafter, “OLPDPGDR”), the Data Controller is:

Data Controller	PAACK SPV INVESTMENTS, S.L.
Tax Identification Number (C.I.F.)	B-66889452
Address	Vía Augusta, No. 17, Principal, 08006 Barcelona
Telephone:	+34 931 223 851
Email	gdpr@paack.co

1.2. Data protection officer

The interested party is informed that PAACK has an external Data Protection Delegate (“DPD”) appointed in accordance with the provisions of article 37.1 of the RGPD and articles 34 and 36 of the LOPDGDD.

The interested party can contact the DPD to reveal any question regarding the treatment of their personal data; in particular, to resolve doubts about our privacy policy; to make inquiries about the treatment of your personal data and to exercise the rights of the interested party with respect to their personal data.

The interested party can contact the PAACK DPD through the following contact information:

Email: gdpr@paack.co

Mailing address: Plaza Gala Placídia, n.º 1-3, Escalera B, 16º, 2ª

08006 Barcelona.

2. Personal data protection in accordance with applicable legislation

PAACK has adapted the Website to the GDPR and OLPDPGDR. In doing so, it has implemented those policies, means and technical and organisational procedures that ensure and protect the confidentiality, integrity and availability of your personal data.

3. Principles we will apply to your personal information

When processing your personal data, we will apply the following principles, which comply with the requirements of the GDPR:

• Principle of legality, loyalty and transparency: We will always ask for your consent to process your personal data for one or more specific purposes, which we will inform you of beforehand, with absolute transparency.

• Principle of data minimisation: We will only request the data that are strictly necessary in terms of the purposes for which we require them.

• Principle of limiting the retention period: The data will be retained for no longer than is necessary for the purposes of their processing, depending on the purpose. We will inform you of the corresponding retention period.

• Principle of integrity and confidentiality: Your data will be processed in a manner that ensures the adequate security of the personal data and guarantees their confidentiality. Please be informed that we take all the necessary precautions to prevent unauthorised access and improper use of our Users’ data by third parties.

4. Data collection and confidentiality

The data provided to PAACK through different means, contact forms, surveys or procedures used during their collection shall be collected according to the current data protection regulations and for the sole purpose of providing the service that has been stated to you.

Transfer of data by the user (hereinafter, the “User”) to PAACK via the Website is voluntary and users are informed about their use and the purposes for which they were obtained prior to their processing.

PAACK hereby informs the User that it only collects the information that is necessary to achieve the purpose of the processing in each case and it will only process those data that have been provided for the purpose(s) that have been reported to the User and authorised by them.

PAACK, in its capacity as Data Controller, guarantees confidentiality in the processing of all the User’s personal data to which it has access. The Data Controller, like any other person who takes part in any phase of the processing, is subject to the strictest professional secrecy, with a special obligation to implement the levels of protection and the necessary technical and organisational measures to ensure the security of the personal data and to prevent their alteration, misuse, loss, theft and unauthorised processing or access.

All information provided by the User to PAACK must be truthful, and the User shall be the only party responsible for any false or inaccurate statements that he/she makes and for the damages this causes to PAACK or any third parties.

PAACK reserves the right to exclude from services any User who has provided false information, notwithstanding other legal actions that may apply.

5. Data processing and purposes of the processing

PAACK will process the following User data manually and/or via automated means, for the following specific purposes:

Data processing	Purpose of the processing	Legal basis for the processing
Response to queries	To respond to requests and queries submitted by means of the forms provided on the Website for this purpose.	Consent of the data subject.
Order tracking	To manage the tracking request for the order placed by the User, as well as to carry out and control the contractual relationship established between PAACK and the User in order to process and provide the authorised service.	Execution of a contract.
Sending of commercial and/or promotional communications in electronic format.	Sending of commercial communications regarding the activities, promotions, advertising, news, newsletter and other information about PAACK’s products and services by electronic means.	Consent of the data subject.
Job offers	To manage applications for job offers posted on the Website and to evaluate User applications.	Consent of the data subject.

For the indicated purposes, it is possible that we will rely on automated decisions, including the creation of profiles. In any case, we will limit this to using the necessary data, which will be previously encrypted as a security measure. 

6. Data processing by third parties and data transfer

Depending on the purposes for which the personal data have been collected, they may be accessed, indistinctly, by the following people:

• PAACK-authorised staff or representatives acting on its behalf, subject to the applicable current data protection regulations.

• Companies belonging to the PAACK group.

• Regulatory authorities or other third parties in accordance with current legislation.

PAACK will not disclose to third parties any personal information or data that has been provided on the Website and that can be directly or indirectly identified, except as required by law.

If a sale, merger, consolidation, change in company control, substantial transfer of assets, reorganisation or liquidation of PAACK occurs, at our discretion, we may transfer, sell or assign the information collected on the Website to one or more relevant parties.

7. Data retention

The personal data will be retained for the time that is strictly necessary, until the end of the purpose for which they were collected, and as long as the cause that legitimised the processing of said personal data continues to exist. Once the cause that legitimised the processing ceases to exist, the personal data will be retained, properly blocked, for the necessary period of time to comply with the legal statute of limitations in order to prevent any possible violations.

8. Security measures

PAACK implements the levels of security required by the GDPR as appropriate in terms of the nature of the data subject to processing at all times as the result of its activity. In this regard, it uses encryption techniques that do not allow third parties to trace the identity of the User who interacts with our services. Likewise, it may also apply secure anonymization techniques to the personal data it processes in the course of its activity.

However, technical security in a medium such as the Internet is not inviolable and malicious actions by third parties may occur, in spite of the fact that PAACK applies the means available to it to prevent them.

9. Data subject rights and their exercise

In accordance with the GDPR and OLPDPGDR, the User may exercise the following rights:

• Right to access: Users may ask PAACK whether it is processing their data, and if so, they may access them.

• Right to rectification: Users may request the rectification of the data if they are incorrect or complete any incomplete data we may have.

• Right to request the erasure of your data: When a User exercises their erasure rights, all personal data associated with their account and all information and contents of their profile will be erased.

• Right to request the limitation of the data processing: In this case, we will only conserve the data for the exercise of or defence against claims.

• Right to oppose the data processing: PAACK will cease the processing of personal data, except when it must continue to process them for legitimate reasons or to defend any possible claims.

• Right to data portability: If the User wishes their data to be processed by another data controller, PAACK will facilitate the transfer of his/her data to the new controller.

• Right not to be subject to a decision based solely on the automated processing of one’s personal data.

In order to exercise your rights, or to file a claim in the event that you believe that PAACK is processing your data improperly, please write to the email address gdpr@paack.co, attaching, in both cases, a photocopy of your National Identification or Foreigner’s Identification Document or other equivalent proof of identity.

You may use the forms pertaining to the aforementioned rights that are found on the official website of the Spanish Data Protection Agency (https://www.aepd.es/).

10. Changes to the privacy policy

We will only use personal data in accordance with the terms of the Privacy Policy in effect at the time the data are collected.

PAACK reserves the right to change this Privacy Policy at any time, posting these changes on the Website. You are therefore recommended to visit it every time you access the Website. If, at any time, we decide to use personal data in a way other than what was stated at the time they were collected, Users will be notified by email, as long as we have their email address. At this time, they will be given the option to authorise those other uses or disclosures of personal data provided prior to the modification of our Privacy Policy.

In the event that any clause of this Privacy Policy is found to be null and void, the rest of the conditions shall remain unaffected, conserving their full validity and force, in accordance with the current regulations in force at all times.

11. Links to other websites

Hyperlinks are used or may be used on this Website that permit it to link to other web pages or websites. PAACK accepts no liability for the content of said websites, nor is it responsible for their privacy policies. It is recommended to bear in mind and read the privacy policies of all the websites you visit. Bear in mind the terms of this Privacy Policy only govern the data collected and/or processed by PAACK.

12. Applicable law

The privacy of all information provided, including data furnished by the User by means of the different forms requesting personal data or data accessible via the Website, is regulated by current data protection regulations, and in particular, by the GDPR and the OLPDPGDR.