English (English)
EspañolPrivacy and Cookies Policy
HD PARTS AND ACCESSORIES, S.L.
NIF/VAT: ESB19925114
Registro Mercantil de Huelva — Hoja HU-29107, Inscripción 1.ª — IRUS: 1000425737776
Address: Pol. Ind. Fortiz, Sector A, 15, 21007 Huelva, Spain
Email: [email protected]
Phone: +34 959 05 75 47 / +34 636 847 491
Data Protection Officer (DPO): Not appointed. The company is not required to designate a DPO under Article 37 GDPR given its size and the nature of its processing activities.
1. Scope of this Policy
This Policy explains how we process personal data when you visit our website, create an account, place an order, contact us, or agree to receive commercial communications. It also describes the use of cookies and similar technologies.
2. Purposes of Processing and Legal Bases
The table below maps each processing purpose to its specific legal basis under the GDPR:
| Purpose | Legal Basis |
|---|---|
| Order and after-sales management — processing orders, payments, invoicing, logistics, customer support and warranties | Performance of a contract (Art. 6.1.b GDPR) |
| Account management — registration, authentication, account maintenance and security | Performance of a contract (Art. 6.1.b GDPR) |
| Customer service — responding to enquiries, incidents, or rights requests | Performance of a contract / pre-contractual measures (Art. 6.1.b GDPR) |
| Marketing communications — newsletters and promotional offers | Consent (Art. 6.1.a GDPR); or legitimate interest for existing customers where permitted (Art. 21 LSSI-CE) |
| Fraud prevention and security — monitoring to prevent abuse and unauthorized access | Legitimate interest (Art. 6.1.f GDPR) |
| Legal obligations — accounting, tax, and consumer law compliance | Legal obligation (Art. 6.1.c GDPR) |
| Service improvement — aggregated and anonymized statistical analysis of website usage | Legitimate interest (Art. 6.1.f GDPR) |
3. Obligation to Provide Data
Providing your personal data is a contractual requirement for placing orders (name, address, email, payment details) and creating an account. If you do not provide these data, we will be unable to process your order or manage your account. Providing data for marketing communications is voluntary and not a condition of purchase.
4. Categories of Data
- Identification and contact: name, surname, address, email, phone.
- Transactional: purchased products, amounts, incidents, warranties.
- Billing: data required to issue invoices.
- Access and account: login credentials (hashed), activity logs, and security records.
- Communications: queries, tickets, marketing preferences.
- Technical data: IP address, cookies, device identifiers, browsing data.
5. Data Sources
Data is collected directly from you (forms, checkout, communications) and, where applicable, from payment or shipping providers when processing your order.
6. Recipients
- Logistics providers: carriers and collection points to deliver your order.
- Payment processors: to manage secure transactions.
- IT services: hosting, maintenance, Cloudflare (security and CDN), Google (analytics/ads cookies), PrestaShop modules.
- Public authorities where a legal obligation applies.
7. International Transfers
Some providers (such as Google or Cloudflare) may transfer data outside the EEA. In such cases, European Commission Standard Contractual Clauses and additional safeguards are applied.
8. Data Retention
| Category | Retention Period |
|---|---|
| Accounts and orders | While the account is active and for as long as needed for order management and after-sales service |
| Billing and tax records | 6 years from the last transaction (Art. 30 Spanish Commercial Code; Art. 70 General Tax Act) |
| Fraud prevention records | 5 years (Limitation period for criminal liability, Art. 131 Spanish Criminal Code) |
| Customer service records | 3 years from resolution of the enquiry (general statute of limitations, Art. 1964 Civil Code) |
| Marketing | Until you withdraw consent or object |
| Cookies | As detailed in the Cookies section below |
9. Automated Decision-Making
We do not use automated decision-making, including profiling, that produces legal effects or significantly affects you (Art. 22 GDPR). Basic fraud-detection checks are carried out with human review of any flagged transactions.
10. Data Subject Rights
You may exercise your rights of access, rectification, erasure, objection, restriction of processing, and data portability, as well as the right not to be subject to automated individual decisions, by contacting us at [email protected] or by postal mail to our registered address, indicating "Data Protection" and including proof of identity.
We will respond within one month (extendable by two further months for complex requests).
If you are not satisfied with our response, you may lodge a complaint with the Spanish Data Protection Agency (AEPD):
C/ Jorge Juan, 6, 28001 Madrid, Spain
Phone: +34 901 100 099 / +34 912 663 517
Website: www.aepd.es
11. Marketing Communications
We will only send commercial communications if you have subscribed or if you are a customer and applicable law allows it (Art. 21 LSSI-CE). You may unsubscribe at any time using the link in each email or by contacting us.
12. Security
We apply appropriate technical and organizational measures to protect data (access controls, encryption in transit, minimization policies, and backups), reviewed regularly.
13. Minors
Our services are not directed to children. In Spain, parental or guardian consent is required if you are under 14 years old.
14. Cookies Policy
This website uses first-party and third-party cookies to ensure technical operation, improve services, and analyze usage.
- Technical cookies (PrestaShop): required for the store to work (cart, login, sessions).
- Security and performance cookies (Cloudflare): protect the site against attacks and optimize performance.
- Analytics/advertising cookies (Google): Google Analytics and, where applicable, Google Ads for statistics and ad personalization.
On entering the site, you are informed via a banner and can accept or reject non-essential cookies. You may manage or revoke consent at any time from the banner or your browser settings.
Retention depends on each cookie: technical cookies usually expire at the end of the session, while Google cookies may last between 1 day and 24 months depending on their purpose.
More information about Google cookies: policies.google.com/technologies/cookies
More information about Cloudflare cookies: cloudflare.com/en-gb/privacypolicy
15. Governing Law and Jurisdiction
This Policy is governed by Spanish law, the General Data Protection Regulation (EU) 2016/679, and Spanish Organic Law 3/2018 (LOPDGDD).
For the resolution of any dispute, consumers may bring proceedings before the courts of their habitual place of residence in accordance with applicable consumer protection legislation. For non-consumer disputes, the parties submit to the Courts of Huelva (Spain).