Privacy Policy

  1. Purpose

This Privacy Policy is intended to inform individuals (hereinafter, users or interested parties) who visit our website (hereinafter, website, website, or the web) how we collect, process, and protect the personal data they choose to provide to us by any means (forms, emails, telephone, contracts, etc.). After reading it, they may freely decide whether they wish us to process it.

Additionally, it will serve to expand on the information we have previously provided to interested parties in the information clauses provided in the processes for collecting their personal data.

Likewise, this policy aims to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter LOPDGDD).

  1. Who is responsible for the processing of your personal data?

Identity – Entity: TARS Design from I to C, S.L.

CIF/NIF: B86531001

Postal Address: Calle H, Pol. Ind. El Oliveral, 46190 Ribarroja del Turia (Valencia), Spain

Telephone: +34 961666821

Email: hola@tars.design

Company Purpose: Decoration

Website: https://tarsdesign.com/

Registration Details: Registered in the Mercantile Registry of Valencia, Volume 9771, Book 7053, Folio 199, Section 8, Page 158757

  1. What personal data will we process and how do we obtain it?

For the development of our business activities, it is essential to process personal data, which may be collected digitally, through paper documents, or as a result of in-person or telephone conversations. In any of these cases, the data will be processed fairly, lawfully, and transparently. The categories of data that our entity will process regarding interested parties are:

  • Identification data: first and last name, ID or equivalent document, image, voice, and signature. • Contact information: telephone number, email, postal address.
  • Commercial data: quotes, purchase terms, management and history of services and/or purchases, contact results (telephone, email, messaging, and other communication channels).
  • Accounting data: income and expense records, billing data.
  • Banking data: bank accounts and cards.
  • Transactions for goods and services: bank transfers and direct debits, amounts, and items.
  • Curriculum data: academic data, professional experience, personal characteristics, etc.
  • Browsing data: analysis of the time spent on our website, pages visited, demographic data (e.g., age, gender, language).

Our entity will not collect special category data (e.g., health data, ethnic origin, political opinions, or religious beliefs), but if it becomes necessary to process them, we will inform you and request your prior and express consent.

Consequently, the data requested will be adequate, relevant, limited to what is strictly essential and necessary, and processed only by authorized personnel and/or collaborators of our entity, who will have signed a confidentiality agreement and agree to comply with the necessary security standards that guarantee the confidentiality, integrity, and availability of the data processed, as well as other legal requirements established in the GDPR. Therefore, they will be processed within the law.

The data to be processed is provided by the data subject or their legal representative, although we may delegate some functions to certain collaborators and they will be responsible for collecting your data, but they will always be processed with your prior and express consent. If a data subject does not provide the information we request, or if incomplete or incorrect information is provided, it will not be possible to fulfill and maintain the relationship with them.

The categories of data we may process about an individual will depend on the relationship they have with our entity, as shown below:

3.1. Clients:

Identifying, contact, commercial, accounting, banking, and transaction data for goods and services will be processed. Data may only be collected if the client provides it to us at the time of contracting services, requesting pre-contractual measures, or during the maintenance of the business relationship, whether in person, by phone, email, or through the forms available on our website, online chat, instant messaging, etc.

3.2. Event Participants:

Identifying data (image) will be processed and will be collected when recording or capturing images of the spaces we design and/or produce, at the actual time of their use.

3.3. Information Requesters:

Whether the information requested is in person, by phone, or in writing (e.g., email or web forms), we will request and/or process identification, contact, and commercial data.

3.4. Suppliers:

Identification, contact, commercial, accounting, banking, goods and services transaction, and financial data will be processed. This data may be processed during all stages of the business relationship and only if the supplier provides it to begin the business relationship.

3.5. Job Applicants: For this category of interested parties, curriculum vitae, identification, contact, and other data related to their professional or personal characteristics will be processed. These data will be provided by the applicant when submitting their application to us by any means (e.g., in person, email, web forms). They may also be collected during personnel selection interviews (in person or online).

We may even receive the job application through a collaborator to whom we have delegated certain functions.

3.6. Social Media Users:

We are present on various social media platforms and may process identifying, contact, commercial, and other data that the user enables to be viewed or shared with other users of the social media platform, including resumes (e.g., LinkedIn). For more information, please see our Social Media Policy.

3.7. Complainants:

Identifying, contact, and personal information about themselves or third parties that the complaining party submits to us will be processed.

3.8. Visitors:

Identifying, contact, and company data will be processed if the visit is for commercial purposes. These data are collected when provided by the visitor when requesting access to our facilities or when their contact at our entity provides them to grant them access.

3.9. Web users:

When visiting our website, and only with the express consent of the user, analytical data (e.g., visit time or pages viewed) may be collected, including demographic data (e.g., gender, age, country, or language). For more information, please visit our Cookie Policy.

3.10. More information for data subjects:

The legally established information will be made available to data subjects in the corresponding information clauses, included in the various data collection methods, so that the data subject can freely and expressly decide whether they wish their personal data to be processed by our entity.

All categories and types of personal data processed will be duly identified in the corresponding processing activities owned by our entity.

  1. For what purpose will your data be processed?

In general, the purpose of the processing of personal data by our entity is to fulfill and maintain the relationship with the different groups of people with whom we have contact.

Depending on the relationship, your data will be processed for different purposes, which are detailed below, but not limited to:

4.1. Clients:

Your personal data will be processed to identify you, fulfill and maintain the pre-contractual and contractual relationship, including sending commercial communications by various means, answering inquiries, performing quality controls and commercial statistics, for accounting and billing management, the transaction of goods and services, collection management, incident management, claims management, and the exercise of rights, as well as for other purposes to which we are required to comply with this relationship, comply with the laws to which we are subject, or to pursue our legitimate interests.

4.2. Event Participants: Our entity intends to publicize, through curriculum vitae, the projects we design and produce at the time of their actual use, so that other clients or potential clients may be aware of them. This involves recording people who are in our spaces at that time. 4.3. Information Requesters:

We will process your personal data to respond to any information requests you may have, to identify you, and to send or deliver quotes and information about goods and/or services of interest to you. We will include commercial information related to your request in our response (verbal or written). We will also conduct follow-up contacts through various means to learn about decisions made regarding commercial proposals we have submitted to you.

4.4. Job Seekers:

Your data will be processed to include you in our selection and job board processes, to identify you, and to contact and inform you about vacancies, schedule interviews, and other relevant information. 

4.5. Suppliers:

Your personal data will be processed for the purpose of maintaining the pre-contractual and contractual relationship, fulfilling the commercial relationship, whether for requesting quotes, purchasing goods or contracting services, making inquiries and identifying you, for accounting management and the transaction of goods and services, as well as for other purposes necessary to fulfill said relationship, our legal obligations, and legitimate interests.

4.6. Social media users:

We will process your personal data to maintain the relationship as users of the same social media network, to identify you, contact you, share news or advertising, and process other personal data that the social media user allows to be shared with the other members of the network. For more information, see our Social Media Policy.

4.7. Complainants:

Personal data will be processed to identify you, manage your complaint, and contact you regarding its status, in addition to complying with our legal obligations and legitimate interests.

4.8. Visitors:

Data from visits to our facilities will be processed to identify you, to comply with our obligations regarding occupational risk prevention, and for security and access control purposes.

4.9. Website users:

By accepting the installation of cookies when visiting our website, data may be processed for various purposes (e.g., visitor analysis). For more information, please visit our Cookie Policy.

4.10. More information for interested parties:

The legally established information will be made available to interested parties in the corresponding information clauses included in the different data collection methods (e.g., forms, voicemails, contracts, etc.) so that you can freely and expressly decide whether you want the requested personal data to be processed by our entity. Likewise, this information will be included in the various documents or communications we share with interested parties (e.g., badges, invoices, legal notices, etc.).

If the interested party does not provide the data we request, or if incomplete or erroneous data is provided, we may not be able to respond to your request for information or interact with you. The data will not be processed further or for purposes other than those accepted by the interested parties.

The purposes that motivate the processing of personal data will be duly identified in the corresponding processing activities owned by our entity.

  1. Why do we process your data (legal basis)?

The processing of your personal data by our entity is carried out on one or more of the following legal bases:

  1. When you give us your express, free, informed, and unequivocal consent, after being informed at the time your data is collected and, more broadly, with this privacy policy, that after reading it and agreeing to it, you can voluntarily authorize us to process your data for one or more purposes by checking the boxes provided for this purpose on our web forms, by providing verbal consent (a voice recording will be required), or by signing the information clauses we provide to you at any time when requesting your personal data.
  2. For the execution of a contract to which you are a party or you have requested pre-contractual measures from us.
  3. When the processing is necessary for compliance with a legal obligation applicable to our entity.
  4. When processing is necessary for the fulfillment of legitimate interests pursued by our entity or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. In this regard, we inform you that our entity has conducted an analysis weighing our legitimate interests against the rights and freedoms of the data subject, always respecting their fundamental rights.

If the user is under 14 years of age, the consent of their parents, guardians, or legal representative will be required to process their data. The user is solely responsible for the accuracy of the data they submit to us.

  1. Data Retention

The personal data provided will be retained as long as we maintain a relationship with the data subject and for as long as necessary to fulfill the purpose for which their data was collected. Once this relationship has ended, we will keep them blocked in those cases where it is necessary to retain them until the statute of limitations expires, for the exclusive purposes of claims or legal actions, as well as to comply with our legal obligations, for example:

  • 6 years from the last

Interested parties Sectoral scope Basis

gal Retention Period

  • Clients

Accounting Art. 30.1 R.D. Code of

  • Suppliers

Commerce

entry

  • Clients

Tax Art. 66 General Law

  • General term: 4 years
  • Suppliers

Tax 58/2003

  • In case of losses during the fiscal year: 10 years
  • Invoices: 5 years
  • People

Labor Art. 21 of Royal Decree

  • 4 years:

workers

Legislative 5/2000 –

Social Order

  • Applicants

Labor Guide to labor relations

  • 1 year

of employment

AEPD • People

Prevention of occupational risks

Art. 4.3 of Royal Decree

  • 5 years

workers

5/2000 – Social Order

  • Visitors Access control

Instruction 1/1996 of the

  • 1 month

to the facilities

AEPD

  • Web users Use of cookies Guide on the use of
  • 24 months maximum

cookies of the AEPD

  • Applicants

Commercial

Art. 20.1 a and d)

  • The shortest possible time or

Legal

Spanish Constitution

as indicated in the

information

laws.

  • Clients

Video surveillance Art. 22.3 LOPDGDD –

  • 1 month
  • Suppliers

data protection

  • Personal visitors
  • Job applicants
  • Employees
  1. Profiling

We do not create profiles nor will we make automated decisions using your personal data, but if we do, you will be informed and will be asked for prior authorization to do so. Likewise, you have the right to object to this type of processing at any time by contacting our entity in writing at: hola@tars.design

  1. Data Transfer

As a general rule, our entity does not transfer personal data to third parties without prior consent. However, it will be necessary to transfer data in the following cases:

In the case of our clients or suppliers, their personal data may be transferred to third-party entities by legal obligation (e.g., the Tax Agency), or in those cases and entities necessary to provide our services or pay invoices (e.g., banks).

Likewise, the personal data of clients or suppliers may be processed by third parties to whom we delegate some of our obligations (e.g., accounting advisors), all of whom have agreed, through a data processor contract, to comply with the same security measures implemented by our entity, as well as to submit to the duty of secrecy and confidentiality regarding the personal data processed, among other obligations regarding personal data protection.

In the case of job applicants, your data will not be transferred to third-party entities, unless we are legally required to do so.

Regarding information applicants or users of our website, your data will not be transferred to third-party entities, except in the cases previously explained and informed at each stage of collection and only with your express consent, unless our legitimate interest prevails or we are legally required to do so, in which case your consent will not be required.

Generally speaking, we may transfer your personal data to the competent judges, courts, public prosecutors, and/or public authorities in the event of potential claims when we are required to do so.

  1. International data transfer

In the event of transfers to third-party entities located in countries outside the European Economic Area, we will inform and request the prior and express consent of the data subjects. Security Measures

Our entity has implemented all necessary technical and organizational measures to protect the personal data processed, preventing its loss, theft, or unauthorized use.

These measures have been created based on the type of data processed and the purposes for which it is processed. These measures are periodically verified through our internal controls for compliance with personal data protection regulations and through external audits.

  1. Your Rights

You, as the owner of your personal data and acting on your own behalf or through your legal representative (e.g., persons under 14 years of age), may contact our entity at any time and request that we exercise your rights regarding personal data protection.

These rights are explained below:

11.1. Right of Access:

You have the right to know and request that we know the following information at any time:

  • Whether or not we are processing your personal data.
  • The purposes of the processing, as well as the categories of personal data being processed.
  • The origin of your data, if you did not provide it to us.
  • The recipients or categories of recipients to whom my personal data has been or will be disclosed, including, where applicable, recipients in third parties or international organizations.
  • Information on the appropriate safeguards regarding the transfer of my data to a third country or to an international organization, where applicable.
  • The expected retention period, or if not possible, the criteria for determining this period.
  • Whether automated decision-making exists, including profiling, significant information about the logic applied, as well as the significance and expected consequences of such processing.
  • A copy of your personal data that is being processed.

11.2. Right to Rectification:

Request us to rectify your personal data when it is inaccurate, as well as to complete it when it is incomplete.

11.3. Right to Object:

You may object to our processing of your data when it is incorrect or when its processing is no longer necessary.

If you are acting as the person reported or affected by a complaint under Law 2/2023, you will not be able to exercise your right to object, as it is presumed (subject to proof to the contrary) that there are legitimate grounds for processing your personal data, in accordance with the provisions of Article 31.4 of the Law.

11.4. Right to Erasure:

Request that your data be deleted for any of the following reasons:

  • Your data is no longer necessary for the purposes for which it was collected or processed.
  • You have not given consent for the processing of your data.
  • When you have exercised your right to object.
  • When the data has been processed unlawfully.
  • When the data must be deleted to comply with a legal obligation.

11.5. Right to Restriction of Processing: You may request that we exercise this right when one or more of the following situations apply:

  • When you contest the accuracy of your data, for a period that allows the controller to verify its accuracy.
  • When the processing is unlawful and you oppose the deletion of your data and instead request a restriction on its use.
  • When the data is no longer needed for the purposes of the processing, but the data subject needs it to formulate, exercise, or defend legal claims.
  • When you have objected to processing pursuant to Article 21(1), pending verification of whether the legitimate grounds of the controller override those of the data subject.

11.6. Right to Data Portability:

This refers to the right to obtain data relating to you in a structured, commonly used, and machine-readable format, and to transmit it to another controller for further processing.

11.7. Right not to be subject to automated decisions:

The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of your rights, you must contact TARS Design from I to C, S.L. in writing, either by post to Calle H, Pol. Ind. El Oliveral, 46190 Ribarroja del Turia (Valencia), Spain, or by email to hola@tars.design, stating the rights you wish to exercise, accompanied by a copy of your ID or equivalent document so that we know about whom we should provide the requested information, and your contact information so that we can send you our response. If you are acting on behalf of another person, you must provide proof of representation.

If you have any suggestions or questions regarding the processing of your personal data, you can contact our data protection consultants:

BUSINESS ADAPTER, S.L.

Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia).

Data Subject Assistance Form

We inform you that you have the right to file a complaint with the Spanish Data Protection Agency at: C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.

  1. Commitment to Personal Data Protection

Scope

Our commitment to personal data protection is binding on all departments and employees of our organization, as well as third parties acting on our behalf.

Purpose

We have established protocols for the processing of your personal data, in accordance with European and Spanish data protection regulations.

Principles

We will process your data legally, fairly, transparently, with data minimization, accuracy, retention periods, integrity, confidentiality, and active responsibility.

Special Category of Data

Our entity prohibits the processing of personal data that reveals ethnic or racial origin, political opinions, religious or philosophical beliefs, union membership, the processing of genetic or biometric data, data relating to health, or data relating to sexual orientation, except in legally authorized exceptions and with the prior consent of the data subject.

Rights of Data Subjects

Our entity will address and respond as quickly and diligently as possible to your requests to exercise your rights.

Activity Log, Impact Assessment, and Security Measures

Our entity will keep a log of the activities of this processing will be carried out and the purposes of the processing will be analyzed, as well as the categories of data subjects and data, recipients, international transfers, retention periods, etc., to assess the risks of processing and implement the necessary security measures to ensure the confidentiality, integrity, and availability of personal data.

Likewise, for each processing activity, the need to prepare an Impact Assessment has been analyzed and the obligation to appoint a Data Protection Officer has been determined.

If necessary, the person designated for this position must have sufficient knowledge and experience in accordance with current regulations.

Control

We rely on external assistance to advise us on this matter, monitoring all publications made by the competent supervisory bodies and other European and Spanish entities related to data protection regulations, in order to comply with these regulations at all times.

  1. Updates to this Policy

Our entity reserves the right to modify this Policy without prior notice. For this reason,

we recommend consulting it every time you visit our website.

Text updated on February 5, 2025.