Privacy Policy

Our privacy policy outlines the principles and guidelines that govern our company’s actions regarding data protection, with the aim of ensuring compliance with applicable legislation at all times. Therefore, we inform you that our brand adheres to the provisions of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter GDPR), as well as the Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (hereinafter LOPDGDD).

In particular, our personal data protection policy is designed to safeguard the fundamental constitutional right to data protection for all individuals interacting with our company, as regulated specifically in Article 18 of the Spanish Constitution. In this way, we aim to protect not only individuals’ most private data, whether or not it pertains to honor, ideology, personal and family privacy, but also any type of personal data (name, surname, address, date of birth, email, bank details, etc.), whether intimate or not, as this data provides information about an identifiable natural person whose knowledge or use by third parties may impact their rights, fundamental or otherwise. Therefore, we protect all handling or processing of personal data by this legal entity in the real and effective exercise of its economic activities. Consequently, as data controllers, we have carefully reviewed the data policy cycle we manage, thereby clearly determining the data we possess and how we will handle it—specifically, how we will organize our internal activities to respect personal data in compliance with current regulations.

In short, our goal is to provide information on the processing and protection of personal data we may collect through this website, so that you can make informed decisions regarding the use of your data.

CUATRO CUATRO is the controller of the personal data you provide, and we have established a framework of minimum security and privacy standards to ensure that your fundamental right to data protection is effective in our environment. For this, we:

  1. Process personal data in accordance with the six principles enshrined in Article 5 of the GDPR:
  • Principle of Lawfulness, Fairness, and Transparency
    This principle of fair and lawful processing is linked to the principle of transparency. For the processing to be lawful and fair, we always meet one of the conditions referenced in Article 6 GDPR. Therefore, we will only process your personal data for matters related to the sales or post-sales procedure previously requested by you. For this reason, we advise that in these cases, if you do not provide the required personal data, it will not be possible to formalize the requested contract or its execution. Additionally, we may process your personal data, with your prior consent, for specific purposes, which we will indicate in advance.

  • Principle of Purpose Limitation
    The personal data we request will always be adequate, relevant, and limited to the necessary purposes for which they are to be processed. Therefore, once collected, data will not be processed in ways incompatible with the purposes determined at the time of collection.

  • Principle of Data Minimization
    We will only request and process personal data relevant to the purposes of the processing. Therefore, we will only handle the following categories of personal data:

    • Identification data (name, surname, contact phone number, postal and email address)
    • Banking data (economic transactions)

    All data mentioned above will be obtained directly from you, through the submission of a commercial offer, contractual proposal, etc., or from your company when providing identification data and other information necessary to execute the contractual relationship between the parties.

  • Principle of Accuracy
    It is your responsibility or that of your company (if it provided your data) to ensure that data is up-to-date and accurate. We will take all reasonable measures to delete or correct any erroneous or incomplete personal data. This way, we guarantee the accuracy of personal data and that you may update your data upon request.

  • Principle of Storage Limitation
    Data provided will be retained while the commercial relationship is maintained or for as long as necessary to meet legal obligations and address any liabilities that may arise from fulfilling the purpose for which the data was collected. Therefore, we will delete personal data when no longer necessary.

  • Principle of Integrity and Confidentiality
    We have implemented appropriate technical and organizational measures to ensure the security of the personal data you provide, thus ensuring its “integrity” (preventing accidental harm, loss, or destruction) and its “confidentiality” (only authorized persons can access the information). Specifically, we have established access control mechanisms and permission mechanisms based on different profiles. Not everyone has access to everything.

  1. We have prepared an Activity Record, which we review at least annually, to demonstrate compliance with data protection regulations.

  2. We have conducted a prior risk analysis to determine the risk level to which the processing may be exposed, identifying and assessing risks to implement measures for their reduction or mitigation.

  3. We have established necessary safeguards for protection by design and by default; thus:

    • From the design stage, we define “appropriate” control and security measures to ensure processing respects privacy requirements associated with the level of risk. This ensures that these measures apply when determining processing means and at the time of processing itself. These include confidentiality, integrity, availability, and ensuring that any person acting under our instructions and having access to personal data can only process it following our directions.
    • By default, we guarantee that only the “necessary” personal data for each specific processing purpose will be processed. This applies to the amount of personal data collected, the extent of processing, the retention period, and accessibility. In terms of accessibility, our goal is to ensure that personal data is not accessible to an indefinite number of individuals without someone’s intervention.
  4. We have implemented appropriate and effective technical and organizational measures, taking into account the current state of technology, cost, nature, scope, context, and processing purposes, as well as risks to individuals’ rights and freedoms. These measures will be reviewed and updated when necessary, ensuring an appropriate level of security for the risk.

  5. Out of conviction, our company will cooperate with the Control Authority when necessary.

  6. We will report security breaches involving personal data to the Data Protection Authority and, where appropriate, to the individuals concerned.

We provide the following information to comply with current regulations on personal data protection:

Data Controller:

  • Identity: CUATRO CUATRO
  • CIF number:
  • Address: General Oraa 23 3D, 28006 Madrid
  • Contact Phone: 689 36 90 05
  • Email: info@cuatrocuatroart.com

Content and Acceptance
Please read the conditions of our privacy policy carefully, as accessing and using this website implies full acceptance of these conditions by the user.

 

We inform you that the personal data you provide through this website will be processed and protected in accordance with current regulations on this matter. This allows you to decide freely and voluntarily whether to provide your data.

The personal data you provide through the forms guarantee and ensure, in any case, their accuracy, precision, validity, and authenticity. You also commit to keeping them duly updated. Additionally, by visiting our website, you confirm that you are over 18 years of age and fully capable of entering into agreements.

In the event that personal data is provided by individuals who do not own it, the user must, prior to its inclusion, inform said individuals of the details contained in this document. In such cases, you guarantee that the data provided pertains to individuals over 18 years old and that the information is accurate and truthful. CUATRO CUATRO is exempt from any responsibility for the user’s failure to comply with these requirements.

The references included regarding the processing of your personal data are only valid for personal data obtained through this website. This is due to the fact that CUATRO CUATRO’s website may contain links to third-party websites, whose privacy policies are beyond this company’s control. By accessing such websites, you may choose to accept their privacy and cookie policies. Generally, while browsing the internet, you can accept or reject third-party cookies through your browser’s configuration options.

Purpose of Processing Your Personal Data

The data you provide may be used to manage the business relationship and fulfill contractual terms, should you purchase any of our products through our website. It may also be necessary to process your personal data in order to comply with legal requirements. Additionally, your data may be used to inform you about promotions related to our services, products, or events that we organize or participate in, for which we will request your prior authorization. This is without prejudice to other purposes that may exist, in which case we will inform you and, if necessary, request your authorization or consent.

Legal Basis for Processing

As a general rule, the legal basis for processing your personal data is as stated in Article 6.1(b) of the GDPR, as the processing is necessary for the performance of a contract to which you are a party. If you choose not to provide the data, we inform you that it will be impossible to formalize the contract, as the protocol for data reception has been established with essential data only.

In other cases, the legal basis for processing your data is as stated in Article 6.1(a) of the GDPR, as we will need “your consent” to process your data. This applies in cases where we may inform you about our services, products, or events that we organize or participate in. In these cases, we will request “consent” beforehand, which will be informed, allowing you to give it freely or withdraw it at any time. Therefore, CUATRO CUATRO commits to not sending advertising via email without first obtaining the recipient’s express consent. The user may object to receiving advertising by checking the appropriate box.

Data Retention Period

As previously mentioned, the data you provide will be retained as long as the business relationship is maintained or for the time necessary to fulfill legal obligations and address any responsibilities that may arise from the fulfillment of the purpose for which the data was collected. Therefore, for permanent deletion, the legally established retention period for processing must have expired. After this period, we will delete the data. If applicable, we will consider the necessary years to comply with legal obligations (accounting, tax, and electronic communications).

Data Subjects’ Rights

This section refers to the rights you can exercise as the data subject of the personal data concerning you before CUATRO CUATRO as the data controller.

The rights you may exercise as the data subject of the personal data you have provided are as follows:

  • Right of Access: You may request confirmation of whether or not your personal data is being processed and, if so, you may receive a copy of the data along with information on the purpose for which it was collected, the identity of the data recipients, the anticipated retention periods, or the criteria used to determine it, and the right to request rectification or deletion of the data, restriction of processing, or to object to processing. You also have the right to file a complaint with the Spanish Data Protection Agency. The right to obtain a copy of the data must not adversely affect the rights and freedoms of others.

  • Right of Rectification: You may request the modification of inaccurate or incomplete data concerning you for processing purposes. You must indicate which data needs correction and provide, when necessary, supporting documentation.

  • Right to Erasure: You may request the deletion of your personal data when there is no legal basis to prevent it. This includes cases where you withdraw consent and there is no other legal basis or when the data is no longer necessary for the purposes it was collected.

  • Right to Restriction of Processing: You may request the suspension of data processing to challenge its accuracy while the data controller conducts necessary verifications.

  • Right to Object: You may object to the processing of your data unless there is a legal obligation to prevent it. The data controller will cease processing unless there are compelling legitimate grounds for the processing.

  • Right to Data Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format and to transmit them to another controller without hindrance from the current controller if the processing is carried out by automated means and based on consent or contract.

If the data controller does not comply with your request, they will inform you without delay and within one month of the reasons for not acting and the possibility of filing a complaint with the Spanish Data Protection Agency and taking legal action.

You may exercise these rights by writing to CUATRO CUATRO, General Oraa 23 3D, 28006 Madrid, attaching a copy of your ID, or by emailing us at info@cuatrocuatroart.com with a copy of your ID.

If you believe that your data has not been processed in accordance with the law, you can contact info@cuatrocuatroart.com. You may also file a complaint with the Spanish Data Protection Agency, especially if you have not obtained satisfaction in exercising your rights, through the electronic headquarters at www.aepd.es.

International Data Transfers
No international data transfers are expected.

Data Disclosure or Communication
We inform you that, unless legally required or with your explicit consent, CUATRO CUATRO will not share your data with third parties. However, CUATRO CUATRO may communicate or disclose your personal data to Local, Regional, or State Public Entities where legally required to provide the appropriate level of service or upon request from these entities. Data may also be disclosed in the cases provided by law. Additionally, the personal data collected may be shared with our collaborators or data processors, whose legitimacy arises from the execution of a “contract of engagement” that, if applicable, we will sign with them (e.g., internet service providers assisting with website administration, contracted service execution, IT support and maintenance companies, logistics companies, tax and accounting advisors, etc.). In any case, these third parties must maintain the same level of security as CUATRO CUATRO concerning your personal data and, when necessary, are legally bound to keep your personal information private, secure, and only use it according to specific instructions from CUATRO CUATRO.

Personal user data will not be disclosed to third-party companies without prior information and consent. Such information, if necessary, will appear in the various data collection forms, offering users the choice to accept or decline the disclosure based on its purpose.

CUATRO CUATRO will never share your personal data with any third-party company for direct marketing actions, except in case…

Source of the Data
As mentioned previously, the personal data we process is obtained directly from you (the data subject) and is provided through the forms on the website, by presenting a commercial offer, a contractual proposal, etc., or by your company providing us with identification details and other information necessary to carry out the purpose of the contractual relationship between the parties.

Cookies
This website uses “cookies,” which are essential tools for providing numerous information society services as they facilitate user navigation and internet advertising. In our “Cookies Policy” section, detailed information about which cookies CUATRO CUATRO uses and how can be found. We invite you to review the “Cookies Policy” from here.

Updates
The privacy policy described in this section of the website is intended to be stable, but CUATRO CUATRO reserves the right to update it to adapt to new legislation on personal data privacy at both national and European levels. We encourage you to regularly review this section to check for any changes and see how they might affect you.

Applicable Law
This Data Protection Policy will be governed at all times by the provisions of Spanish and European legislation regarding the protection of personal data and privacy.