Elsa Smart Logo

Elsa Smart

PRIVACY POLICY OF OUR WEBSITE

The ELSA SMART, S.L. team recommends that you read this Privacy Policy in full to clearly and in detail understand what personal data of yours we process, how we store it, with whom we share it, and ultimately how we manage it in accordance with current regulations, Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, which develops Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.

We are aware that this is a long and complex text, but the processing, management and protection of personal data is also a delicate task and requires protection, security and confidentiality. Therefore, we take clarity and transparency very seriously when detailing the management of their processing.

That is why below, we will briefly translate the most important points of this cumbersome document called Privacy Policy.

  • By simply browsing our website, you are accepting the processing of your data by us, so we advise you to review the different processing of your personal data in advance.
  • In order to respond to your inquiries, questions or provide you with the requested service, we may need to make some of your personal data available to third parties, but don't worry, we have a policy that ensures the protection of your personal data and we will only provide them when absolutely necessary and in most cases in an anonymized manner.
  • We will keep them for different periods of time depending on the purpose for which you provided them to us, for example, if you want us to stop contacting you by email, you simply have to inform us.

Before getting into the matter, it is important that you understand the following terms and concepts, as they will facilitate your understanding of the Privacy Policy:

  • Processing of personal data: refers to operations, technical procedures carried out in an automated or non-automated manner that enable the collection, storage, modification, transfer and other actions on personal data are considered processing of personal data.

Within the processing of personal data, access and navigation through web pages and any other platforms and applications made available to users are included.

  • Data subject or data owner: natural person whose personal data is subject to management and processing.
  • Data controller: that natural or legal person who manages the collection and processing of the data subjects' personal data.

WHAT DOES BROWSING THE ELSA SMART, S.L. WEBSITE MEAN? WHAT DOES USING THE APP, WEBSITE AND PLATFORM OF www.elsasmart.com MEAN?

Prior to browsing by any user or interested party within www.elsasmart.com owned by ELSA SMART, S.L., the interested user has the obligation to read and accept this Privacy Policy, by reading it they provide their unequivocal, free, specific and informed consent to the processing of their personal data according to the purposes described in the Privacy Policy.

The website, application and platform of www.elsasmart.com through internal mechanisms prevent personal data from being sent without having accepted express consent.

The aforementioned express consent implies authorization for the processing of their personal data by our website, application and platform of privacy@elsasmart.com, under the terms established in this Privacy Policy, as well as by the co-controllers and data processors with which ELSA SMART, S.L. maintains mandatory contractual and compliance control relationships.

WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?

ELSA SMART, S.L. acts as data controller for the collection, use and exchange of personal data information that you provide us through the different forms that you can find on the website, application and platform.

  • Data controller: ELSA SMART, S.L.
  • Tax ID: B55415954
  • Address: Avenida Vila de Tossa, 66, Local 1. Postal Code: 17310, Lloret de Mar (Girona).
  • Email: privacy@elsasmart.com
  • Phone: 934551159

This Privacy Policy, together with our Terms and Conditions and any other document referenced and the Cookie Policy, constitute the legal texts that determine how we process the personal data we collect and that you provide us.

ELSA SMART, S.L. guarantees the confidentiality and privacy of the collected personal data and has adopted the relevant security measures to prevent alteration, loss, unauthorized processing or access and guarantee the integrity and security of personal data in accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, which develops Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. It also guarantees having implemented the necessary technical means to prevent any alteration, loss, unauthorized access or misuse of the processed data, according to the nature of the data, the state of technology and the risks to which they are exposed.

WHAT INFORMATION OR DATA OF YOURS DO WE COLLECT?

As a consequence of your browsing our website, application and platform, ELSA SMART, S.L. may access certain information and personal data belonging to you.

Among the various personal data we may have access to, we provide you with a list of them so that you can easily and clearly identify them:

  • Basic personal information
  • Contact information
  • Banking information
  • Data generated from use and navigation of the website and/or application
  • Information about consumption preferences
  • Name and surname
  • National ID
  • Email address
  • Postal address
  • Phone number
  • Economic and financial data
  • IP address
  • Browsing data

In the following section we will determine and specify in more detail what the purpose of using your personal data mentioned above is.

FOR WHAT WILL MY PERSONAL DATA BE USED? FOR WHAT PURPOSE AND LEGITIMACY WILL MY PERSONAL DATA BE USED?

Below, we will specify the purposes for which your personal data is used, in addition to specifying and identifying what the legitimacy basis is for each of these uses, that is, we will identify within the applicable regulations Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, which develops Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, what the legal basis enabling said processing is.

On one hand, you will find the processing identified, followed by the legitimacy for that processing, thus providing you with a clear and simple understanding of the processing of your personal data.

Your personal data will basically be used for:

  • Processing 1: Response to email or telephone inquiries and/or information requests through the website, application and platform.
  • Legitimacy processing 1: the processing is based on the consent of the interested party. As an interested party, by accepting the Privacy Policy and providing your contact details, you are consenting to us contacting you.
  • Processing 2: Use of personal data for the sale and provision of services offered on the website.
  • Legitimacy 2: the processing is based on the execution of the sale or provision of services described in the general terms and conditions of use of the website, application and platform, understanding them as a contract.
  • Processing 3: Use of personal data for sending commercial information
  • Legitimacy 3: the processing is based on the consent of the interested party. You, as the interested party, have authorized us to send you commercial information through the contact details provided.
  • Processing 4: Analysis of the interested party's data regarding their behavior within the website, application and platform.
  • Legitimacy 4: the processing is based on the interested party's own consent.
  • Processing 5: Use of personal data for the purpose of complying with legal obligations
  • Legitimacy 5: the processing is based on the legal basis itself enabled for this purpose in the GDPR and LOPDGDD regulations.

ELSA SMART, S.L. informs you that your personal data will not be used for any purpose other than those specified in this Privacy Policy, nor will we send additional unsolicited information through your express consent.

WHO ARE THE RECIPIENTS OF THE PERSONAL DATA WE COLLECT?

ELSA SMART, S.L. informs users of its website, application and platform of its commitment not to transfer data to third parties without having obtained the express consent of the interested users. Except when necessary to comply with a legal requirement or when necessary by express request of the Courts, Tribunals or Public Administrations.

In the following section we will specify in detail what our Policy is in relation to data processors, with the aim of being as transparent as possible in the management and processing of your personal data.

WHAT IS THE POLICY REGARDING DATA PROCESSORS?

Notwithstanding the foregoing, ELSA SMART, S.L. informs its users that those third parties who act as data processors of ELSA SMART, S.L. may have access to part of your personal information. However, it is important that you know that they will only access it according to the instructions indicated by ELSA SMART, S.L. and only based on the service they provide. However, it is important that you know that, in most cases, what is shared with these third-party data processors is non-personal, anonymous or statistical data.

ELSA SMART, S.L. when sharing personal information, does so in accordance with the data privacy and security requirements previously informed, in each case, and under the signing of the corresponding data processing agreement, thus ensuring that our suppliers comply with adequate security measures for complete data protection and legal compliance.

As a consequence of the above, ELSA SMART, S.L. only uses and is linked with suppliers that:

a) Are located within the territory of the European Union, in order to guarantee respect and application of applicable data protection regulations, that is, the GDPR.

b) Are located in a country or territory that has been declared to have an adequate level of protection by the European Commission, or

c) Offer standard contractual clauses, which are sufficient to guarantee that said third country can provide a level of protection and rights equivalent to that offered within the EEA.

HOW LONG CAN WE STORE YOUR DATA?

The personal data provided to ELSA SMART, S.L. will be deleted once the relevant period for exercising claims has elapsed.

Just as each of the different personal data processing carried out within our website and/or application has a specific legitimacy, the retention period of personal data will depend on them, below we provide you with a list in which you can consult the retention periods depending on the type of data:

  • Data provided with the consent of the interested party, until you as an interested party revoke that consent.
  • Data provided for the provision and/or execution of the service, while the provision of the service lasts.

8. LINKS TO OTHER WEBSITES AND SOCIAL NETWORKS

Our website, application and platform may contain links to other web pages of partners or third parties, outside our ownership. Therefore, we inform you that each of the links to these third-party websites, access to them and navigation will be governed by the Privacy Policy of each of them. ELSA SMART, S.L. is in no case responsible for the use and/or navigation you make within them.

Therefore, we recommend that before accessing and browsing these pages, applications and/or platforms, make sure to review their Privacy Policies, in order to determine what the processing of your personal data will be.

ELSA SMART, S.L. has profiles on the social networks Facebook, Instagram and X in order to publish and disseminate information about the services and/or products offered through the website, application and platform, interact with different users and serve as a channel for attention and social interaction.

If you access our website, application and platform through interaction through any of the different social network profiles of ELSA SMART, S.L., you must know and accept authorization for said social network to provide us with some of your data.

9. WHAT ARE THE RIGHTS YOU CAN EXERCISE REGARDING THE PROCESSING OF YOUR PERSONAL DATA?

  • Right to information: the interested party must be informed in advance in an express, precise and unequivocal manner, among others, of the existence of a file, the possibility of exercising their rights and the Data Controller.
  • Right of access: allows the citizen to know and obtain free information about their personal data subject to processing.
  • Right of rectification: is characterized by allowing to correct errors, modify data that turns out to be inaccurate or incomplete and guarantee the certainty of the information being processed.
  • Right of cancellation: allows to delete data that turns out to be inadequate or excessive without prejudice to the blocking duty contained in the LOPD.
  • Right of opposition: is the right of the affected party that the processing of their personal data is not carried out or ceases.
  • Right of limitation: the user has the right to decide which personal data they do not want to be processed in the future when they have previously challenged the accuracy of these or when the processing is unlawful and, instead of exercising their deletion, decide to limit them for future processing.

In case of limitation of processing, the restriction may be lifted if there is consent from the interested party, when there is the possibility that the processing affects the protection of the rights of another natural or legal person, when a judicial procedure justifies it and when there is some reason of public interest based on current legislation.

  • Right of portability: the user has the right to receive the personal data provided or for ELSA SMART, S.L. to transmit them to another controller in a structured format of common use and mechanical reading, provided that the processing is carried out by automated means and is based on the consent that the user once gave for one or more specific purposes or for the execution of a contract in which they were a party.

The right to portability will not apply when the transmission is technically impossible, when it may negatively affect the rights and freedoms of third parties or when the processing has a public interest mission based on current legislation.

  • Right to file a complaint with the Control Authority: allows filing a complaint with the Spanish Data Protection Agency (supervisory authority in Spain) through the following link www.aepd.es/derechos-y-deberes/ejerce-tus-derechos.
  • Right to be forgotten: refers to the right of users to request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected or when the processing of said data is unlawful, among other circumstances. Also to request the removal of personal information in search engines, if it is obsolete, inaccurate or damages the reputation of the affected person.
  • Right not to be subject to individual automated decisions: refers to the right that seeks to guarantee that as a user you are not subject to a decision based solely on the processing of your data, including profiling, that produces legal effects on you or significantly affects you in a similar way,

HOW ARE THESE RIGHTS EXERCISED?

At any time the user can withdraw their consent and exercise their rights of access, rectification, deletion, limitation, opposition and portability provided in Data Protection Regulation 679/2016 and O.L. 3/2018 on Data Protection and Guarantee of Digital Rights, by sending an email to: privacy@elsasmart.com or to the postal address: Avenida Vila de Tossa 66, Local 1. Postal Code: 17310, Lloret de Mar (Girona).

WHAT IS NEEDED TO VERIFY YOUR IDENTITY?

Regardless of the route you select to exercise your rights, as an interested party in exercising your right, you must accompany a copy of your national identity document, passport or other valid document that identifies you.

IS THERE A MODEL FOR EXERCISING RIGHTS?

You can request our model via email.

You can also use the models and forms that, for the exercise of these rights, the Spanish Data Protection Agency portal makes available to you at the following address: Exercise your rights | AEPD

10. PRIVACY OF MINORS

Following the instructions of the Spanish Data Protection Agency, minors under 14 years old must not provide their personal data to ELSA SMART, S.L. without prior consent from their parents or guardians.

In the event that ELSA SMART, S.L. detects users who could be minors under 16 years old, it reserves the right to request a copy of the National ID, or equivalent document, or, where appropriate, authorization from parents or guardians, causing their withdrawal if they do not prove compliance with this requirement or in the absence of a response.

11. PROHIBITION FOR USERS TO TRANSFER DATA OF THIRD PARTIES AND TO PROVIDE NECESSARY AND UPDATED INFORMATION

ELSA SMART, S.L. expressly prohibits the user from sharing, providing or transferring data of third parties that they could obtain as a consequence of contact, interaction or communication through the website, application and platform except if they could prove the express authorization of the user whose data they intend to transfer.

We remind you that images are considered protected data and therefore cannot be used without the express consent of the people who may appear in them.

As a user you acknowledge assuming your responsibility, committing to hold ELSA SMART, S.L. harmless before any possible claim, penalty, fine or sanction that may be forced to bear as a consequence of the breach by the user described.

In the event that the user provides personal data of a third party other than themselves, they must do so under consent and express authorization, having previously informed them of this applicable Privacy and Data Protection Policy.

In any of the forms or fields enabled within the website, application and platform, the user commits to providing accurate and truthful data.

Similarly, they commit to notify ELSA SMART, S.L. of any error, update and/or modification that occurs regarding their personal data provided to ELSA SMART, S.L.

For this purpose, ELSA SMART, S.L., makes available the following email privacy@elsasmart.com and you can also go to the following postal address Avenida Vila de Tossa 66, Local 1. Postal Code: 17310, Lloret de Mar (Girona).

12. CONFIDENTIALITY AND SECURITY

At ELSA SMART, S.L. we care about and employ all possible efforts to ensure and maintain confidentiality in the processing of your data within our website, application and platform.

We determine for this purpose a series of security levels to protect your personal data against accidental losses, unauthorized access according to the threats to which they are exposed.

However, we cannot assume any responsibility for the use that you yourself make of that data outside our website, application and platform.

13. COOKIES AND SIMILAR TECHNOLOGIES

To learn more about this section, you can visit our Cookie Policy.

14. APPLICABLE LEGISLATION AND JURISDICTION

This Privacy Policy is governed by Spanish legislation. In case of conflict over the interpretation or application of this, the parties will submit to the Courts and Tribunals of competent jurisdiction based on the competence rules recognized in our legal system.

15. MODIFICATIONS TO OUR POLICY

Any modification or update we make to this Privacy Policy will be published and updated on this page, so that you stay updated on the latest existing version.

Therefore, we recommend that you frequently visit it to know the latest update in force.

DATE OF LAST MODIFICATION: 05/11/2025