Privacy Policy

Latest update: 26/10/2021


PAACK LOGISTICS IBERIA, S.L.U. (hereinafter PAACK”) with C.I.F. B-66546755 and registered office in Vía Augusta 17, Principal, 08006 Barcelona, duly registered at the Companies Registry of Barcelona in Volume 44930, Folio 191, Page 471681, declares ownership of the domain https://paack.co/ (hereinafter “Website”) in line with the obligations under Law 34/2002, from the 11th July, in regards to Information Society Services and E-commerce (hereinafter “LSSI-CE”)


1. Identity and contact details

1.1. Data Controller


Under the applicable data protection terms and, in particular the EU Regulation 2016/679, of the European Parliament and Council, from the 27th April 2016, on protecting individuals in regards to processing and circulating their personal data (hereinafter “GDPR”) and the Organic Law 3/2018, from the 5th December, on Data Protection and the guarantee of digital rights (hereinafter “LOPDGDD”), the Data Controller is:


Data Controller


PAACK LOGISTICS IBERIA, S.L.U.

C.I.F.

B-66546755


Registered Address


Via Augusta 17, Principal, 08006 Barcelona

Phone number:


+34 931 223 851

1.2. Data protection officer

PAACK has nominated an external Data Protection Officer (hereinafter “DPO”), in accordance with the content of article 37.1 of GDPR and articles 34 and 36 of LOPDGDD.

At any time, you may contact the DPO to clarify any doubts you may have about our data protection policy, make special requests on how your personal data is processed, exercise your rights in regards to your personal data and any other issue concerning the handling of your personal data. 

Please find below the contact information for PAACK’s DPO:

AddressPlaza Gala Placídia 1-3, Stairs B, 16 2, 08006 Barcelona.
Email address[email protected] 

2. Personal data protection in accordance with applicable law


PAACK has adapted the Website to comply with GDPR and LOPDGDD. Therefore, it has implemented organisational and technical policies, means and procedures to guarantee and protect the confidentiality, integrity and availability of your personal data.


3. Principles we will apply to your personal information

In handling your personal data, we will implement the following principles that comply with the requirements of GDPR:


  • Principal of legitimacy, loyalty, and transparency: We will always ask for your permission to handle your personal data for one or more specific purposes, which we will openly inform you about in advance.

  • Principle of data minimization: We will only ask for strictly necessary data related to the purpose for which we request it. 

  • Principle of retention period limitation: your data will be retained only for the time necessary to complete the purpose for which it was requested, depending on the purpose, you will be informed of the corresponding retention period. 

  • Principle of integrity and confidentiality: your data will be processed in a way that adequately ensures the safety and confidentiality of your personal data. We take every precaution necessary to avoid unauthorized access or misuse of the personal data of our clients on behalf of third parties. 

4. Data collection and confidentiality


The data supplied to PAACK through different means, contact forms or any other process implemented to collect your data, will be processed in compliance with the current data protection regulations and with the only objective of providing the service intended. 

The transmission of data on behalf of the PAACK services user (hereinafter “User”) through the Website, will be voluntary and the user will be informed in advance on the way in which the data will be used and to what purpose.

PAACK informs the User that they will only request the information that is strictly necessary, and they will only process the data you have provided to complete the service, of which you were informed and subsequently consented to.

PAACK, in its capacity as Data Controller, guarantees confidentiality in the processing of all the User’s personal data that they have access to. The Data Controller, or any other person who participates in any phase of the process, is subject to the strictest professional confidentiality, with an agreement to implement the necessary standards of protection and processes, both technical and organizational, to guarantee the safety of personal data and avoid any alteration, misuse, loss, theft, unauthorized access or handling.

Every information the User passes on to PAACK must be true, and the User will be solely responsible for any incorrect or false information provided and the damage that this may cause PAACK or any third party. 

PAACK reserves the right to exclude any User who provided false information from using its services, without prejudice to any legal action that applies.

5. Processing of data, its purposes and legitimate bases


PAACK only processes the personal data that is strictly necessary to manage or resolve a request from the User through the Website. 

Accordingly, PAACK will process the following User data, manually or automatically, specifically for the following purposes:


Data ProcessingPurpose Type of personal data Legal basis
To handle a customer registration to PAACK.Provide information to contact persons in companies and individual entrepreneurs who are interested in the services that PAACK offers its clients and process their requests.Identification and contact information; location; business sector and content of the request.Consent of the person concerned.
To track your order with PAACK.Manage the tracking request of an order, as well as develop and control the contractual relationship established between PAACK and the User to process and fulfil the authorized service. Order number and postcode.Performance of a contract.
To send marketing and/or promotional material electronically.Send marketing communications about activities, services, promotions, publicity, news, newsletter and further information on products and services offered by PAACK via electronic means. Identification and contact information.Consent of the person concerned.
To apply to a PAACK job offer.Managing registration to job offers on the Website and assessing the applications of the interested parties.Identification and contact information; all the information contained in the CV of the individual concerned.Consent of the person concerned.
To make enquiries through the instant messaging system. To manage enquiry requests. Identifying information and contact details.Consent of the individual concerned.
For enquiry requests through the “help” form. To manage enquiry requests. Identifying information and contact details. Consent of the individual concerned.

In order to complete the tasks mentioned, we may rely on automated systems, including the creation of profiles. In any case, we will limit ourselves to using only the data necessary to create the profile, which will already be encrypted for security. 

6. Data retention


The retention period of your data will depend on the purpose for which it is being processed as explained below.Depending on the purposes for which the personal data have been collected, they may be accessed, indistinctly, by the following people:


PurposeRetention period
Provide information to the contact person in companies and individual entrepreneurs who are interested in the services that PAACK offers its clients and process their requests.We will retain your data for the time necessary to process your enquiry or client registration request. In the event you enter a contractual relationship with PAACK, the data will be retained for the duration of the contractual relationship.
Manage the tracking request of an order, as well as develop and control the contractual relationship established between PAACK and the User to process and fulfil the authorized service.We will retain your data for the time it takes to process each order until they are delivered. 
Send marketing communications about activities, services, promotions, publicity, news, newsletter and further information on products and services offered by PAACK via electronic means.The personal data will be retained until the User unsubscribes from the communications. Nonetheless, we may still need to contact you with important information unrelated to marketing, as well as any communication necessary in order for us to fulfil our legal obligations. 
Managing registration to job offers on the Website and assessing the applications of the interested parties.The data will be retained while there are open job offers that match the candidate’s profile and, in any case, up to a maximum of ONE (1) year from when it was last updated. Thereinafter, the User will need to provide a new updated CV if they wish to continue to be part of PAACK’s selection process. In any case, before the candidate’s CV is blocked or eliminated, they will be informed by email and given the option to keep their personal data in our database, with their consent.
To manage enquiry requests and incidents. We will process your data for the period of time required in order to handle each enquiry and resolve it.

Without prejudice to handling your data for the time strictly necessary to complete each service, we will retain it duly blocked and protected for a subsequent period in which responsibilities arising from the processing could arise, in compliance with the regulations in force at all times. Once the possible actions have been prescribed, we will proceed with the elimination of the personal data. 


7.  Transfer and processing of data by third parties.


Depending on the purpose for which you provided your personal information, your data could be handled by: 


  • Authorized PAACK employees or representatives acting on PAACK’s behalf, subject to current and applicable data protection regulations.

  • Companies that are part of the PAACK Group 

  • Administrations, Authorities, and Public Institutions, including Courts and Tribunals, when required by applicable regulation. 

  • Third-party suppliers of external services that PAACK contracts, required to process the services offered by PAACK and entrusted with handling the data that PAACK is responsible for [IT service providers who process information, hosting servers, database, software, and application support maintenance, CV management, among others]. In any case, only after having completed the required processes to ensure that by sharing the aforementioned information we are compliant with the data protection regulations. Furthermore, some of those responsible for processing the data could be located outside the European Economic Area.

8. Safety measures


PAACK embraces the safety standards required by GDPR appropriate to the nature of the data that is being processed for its activity at all times. Moreover, they use encryption techniques, which don’t allow for a third party to trace the identity of a User interacting with our services. Furthermore, they may also carry out secure anonymization techniques for the personal data that they process to carry out their activity.

Nonetheless, technical security online is not impregnable and harmful actions by third parties can occur, even though PAACK uses every means at their disposal to avoid said actions. 


9. Rights of the interested parties


Compliant with GDPR and LOPDGDG, the User may exercise the following rights: 


  • Right of access: The User can ask PAACK if they are processing their data and, if they are, they can access the data.

  • Right of rectification: The User can request to rectify the data if it’s inaccurate or to complete it if is incomplete.

  • Right to request the deletion of your data: At the moment the User exercises their right of deletion, all the personal data linked to their account, as well as all the information and content found in their profile will be deleted. Moreover, if the User exercises their right of deletion of the data necessary for PAACK to provide the services offered on the Website, PAACK will be obliged to terminate their relationship with the User, unsubscribing them without any right to make a claim. 

  • Right to request processing limitations: In this case, we will retain the data only to process or deny claims. 

  • Right to oppose processing: PAACK will stop handling your personal data, with the expectation of lawful reasons or to execute or deny possible claims. 

  • Right to transfer data: In the event, the User would like their data to be handled by another controller responsible for processing data, PAACK will facilitate the transfer of your personal data. 

  • Right to not be subject to a decision based exclusively on the automated processing of your personal data.

At any time you may exercise your right of access, rectification, deletion, limitation, transfer or to oppose the handling of your data, including making a claim if you believe that PAACK is inappropriately handling your personal data, by sending a written communication to PAACK’s registered office in Via Augusta 17, Principal, 08006 Barcelona, or via email to [email protected]. If we deem it necessary in order to identify you, we may ask you for a copy of your ID or equivalent. 

You can use the forms and templates related to the rights mentioned above, by visiting the official website of the Spanish Data Protection Agency (https://www.aepd.es/es/derechos-y-deberes/conoce-tus-derechos). Moreover, if you believe PAACK is handling your personal data inappropriately, you can make a claim with this supervising authority (https://www.aepd.es/es).


10. Changes to the privacy policy


We will only use personal data in accordance with the Privacy Policy applicable at the time said data is collected. 

PAACK reserves the right to modify the terms of this Privacy Policy at any time, publishing the changes on the Website, therefore, we advise you to review the policies each time you access the website. If for any reason, we decide to use your personal data in a different way from what was outlined in the policy at the time the data was collected, the User will be informed by email, provided that we have an email address. In this case, the User will be given the option to authorized other uses and sharing of their personal data that they had not authorized prior to the change made to the Privacy Policy.

In the event a clause of the Privacy Policy is erased or considered invalid, the remainder of the conditions will not be affected, preserving their validity and effect, in accordance with the applicable regulations in force at all times.

11. Cookie Information


We use cookies and similar devices to facilitate your browsing on the website. Please read our Cookie Policy to learn more about the cookies and similar devices we use, their purpose, and other relevant information.


12. Applicable law


The privacy of all the information provided, both by the User via the personal data request forms and accessible through the Website, is regulated by the current data protection laws, in particular GDPR and LOPDGDD.