Privacy policy

In compliance with EU Regulation 2016/679 (GDPR) and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we provide you with the following information regarding the processing of your personal data:

The Controller is the party who determines the purposes and means of the processing of your personal data.

Personal data is any information that identifies or can identify a natural person (e.g. name, email address, IP address, billing details, etc.).

It is important that, in order to keep your personal data up to date, you inform us whenever any modification has occurred. Otherwise, we cannot be held responsible for the accuracy of such data.

Principles applied to processing

• Data minimisation: we only collect the data strictly necessary for contractual relationships, management of user requests and enquiries.
• Exactly: personal data will be kept accurate and, where necessary, up to date. The user must notify us of any changes so that the appropriate update can be made.

3.1 Contact and inquiries

• Purpose: To manage enquiries made through contact forms or email. To provide a communication channel and respond to information requests, as well as send communications about products and services if the acceptance box is checked.
• Legitimacy: Consent of the data subject and execution of a pre-contractual relationship or requested service.

3.2  Service contracting and management of storage‑unit rentals

• Purpose: Processing of the booking, rental management, invoicing, payments and related communications. Order management and registration as a registered user.
• Legitimacy: Performance of a contract and compliance with legal obligations. Legitimate interest in keeping customers informed about products and services.

3.3  Sending commercial communications (newsletter / offers)

• Purpose: Sending newsletters, offers and marketing communications. Sending commercial quotes and advertising communications by email, SMS, MMS, social networks or any other electronic or physical means.
• Legitimacy: Explicit consent of the user and, where applicable, legitimate interest of the Data Controller when permitted by regulations.

3.4  Sending e‑mail messages

• Purpose: Responding to information requests, handling enquiries and answering questions or doubts.
• Legitimacy: User consent when requesting information via email address.
• Retention: Once the request has been answered, provided it has not generated a new processing activity.

3.5  Sending curriculum vitae

• Purpose: To keep the CV on file for participation in personnel selection processes.
• Legitimacy: User consent when submitting their personal information and curriculum vitae.
• Retention: During the development of open selection processes and for 1 year for future processes.

Depending on the purpose, data such as the following may be processed:

• Identification data: first name, surname.
• Contact: phone, email address.
• Billing and payment data.
• Formulari de contacte: nom, adreça de correu electrònic, telèfon i missatge enviat per l'usuari.
• Quote form: first and last name, email address, postcode, phone number, type of storage unit and duration.
• Browsing data: IP address, cookies and technical device data.

The data you provide may be disclosed to:

• Technological service providers (e.g., web hosting, mail platform, payment processors).
• Tax administration and financial entities, for compliance with legal obligations.
• Other entities contracted for the operation of the service.

Data transfers outside the European Economic Area (EEA) will only take place where adequate safeguards exist in accordance with the GDPR. For the management and storage of information and email, services provided by Microsoft Corporation are used, acting as data processor and guaranteeing the international transfer of data through standard contractual clauses approved by the European Commission.

Likewise, because analytical cookies from Google Analytics are used, international data transfers also take place. You can find more information in our Cookie Policy.

Data will be retained for:

• The time necessary for the purpose for which it was collected.
• The legal retention periods required by accounting, tax, or contractual regulations.
• Until deletion is requested by the user.

Specific Retention Periods

• Data clients: for the duration of the contractual relationship and, thereafter, for the periods necessary to comply with legal obligations. For commercial communications, until the data subject expresses their objection.
• Supplier and staff data: for the duration of the contractual relationship and subsequent legal periods.
• CVs (Work with us): maximum 12 months from submission.
• Contact form: during the handling of the enquiry and the applicable legal periods.
• Quote form: during the handling of the request and the applicable legal periods. For communications, until consent is withdrawn.
• Social networks: until followers stop following us.

For the management of cookies and similar technologies, please refer to our Cookie Policy, which provides information on the types of cookies, their purposes, retention period, how to manage them and how to withdraw consent.

This website uses technical, personalization, analytics, and advertising cookies, both own and third-party (Google Analytics). In compliance with Article 22 of the Information Society Services Act, upon accessing the website your consent is requested for the use of analytics and advertising cookies. Under no circumstances will non-essential cookies be installed without the user's prior consent.

We may transmit certain information to external data processors such as Google to reduce customers' exposure to unnecessary marketing actions and to track the results of marketing activities. The information is encrypted before being shared.

The Data Controller has implemented appropriate technical and organizational measures to ensure the security and confidentiality of personal data and prevent unauthorized access, loss, or manipulation, in accordance with the GDPR and LOPDGDD regulations.

HAMPUAL SLU guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established in the GDPR and LOPDGDD, with the aim of protecting the rights and freedoms of USERS.

You may exercise, free of charge, the following rights:

HAMPUAL SLU has profiles on the main current social networks, meaning that personal data processing may occur regarding its followers, people who appear in publications, and people who send private messages.

Data Processing and Purpose

The data processing carried out by HAMPUAL SLU is limited and subject to the policies and functionalities of each social network. When a user becomes a follower, they authorize the use of their data solely within the scope of the corresponding social network for profile management and two-way communication with followers. Users' personal data will not be used for different purposes or to send information outside the social network environment.

Any follower may unfollow the profile at any time. The user is responsible for their use of the Social Network, and therefore HAMPUAL SLU assumes no liability in this regard.

Privacy Policies of Social Networks

The processing of personal data is carried out using automated tools (electronic procedures and storage media) and/or manually (on paper) for the time strictly necessary for the purposes of collection, and in accordance with applicable regulations. HAMPUAL SLU has adopted the security measures required by law to guarantee the integrity and confidentiality of the data.

Browsing Data

In principle, it is possible to browse the website without providing any personal data. The computer systems and software procedures used acquire, as part of their normal operation, certain personal information that is implicitly transmitted through the use of Internet communication protocols (e.g. IP address, domain name).

This information is used primarily to compile statistical information and verify the correct functioning of the website. No data derived from the web service will be communicated or disclosed to unauthorized third parties.

This privacy statement may be updated to adapt to legislative, jurisprudential, or website service changes. The updated version will be published on this same page.

The use of the Website and/or the provision of personal data implies that you accept the collection and processing of your information in accordance with this Privacy Statement and applicable regulations (GDPR / LOPDGDD).

USERS, by checking the corresponding boxes and entering data in the form fields, expressly, freely, and unambiguously accept that their data is necessary to process their request. The USER guarantees that the personal data provided is accurate and takes responsibility for communicating any changes to such data.