Privacy policy

Basic information on Data Protection


Purpose: Provision of online services, web user management, commercial communications related to our services.

Legitimation: Express consent and legitimate interest

Recipients: No data is passed on to third parties, unless legally obliged to do so.

Rights: Access, rectify and delete data, as well as other rights, as explained in the additional information.

Additional information: Additional and detailed information on Data Protection can be found in the attached clauses atítica-privacidad/.

In JORDI BORDAS SLU we work to offer you through our products and services the best possible experience. In some cases, it is necessary to collect information to achieve this. We care about your privacy and we believe that we must be transparent about it.

Therefore, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 (hereinafter, "GDPR") on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the LAW 34/2002, of 11 July, of Services of the Information Society and Electronic Commerce (hereinafter, "LSSI"), JORDI BORDAS SLU informs the user that, as responsible for the treatment, will incorporate the personal data provided by users in an automated file.

Our commitment starts by explaining the following to you:

  • Your data is collected to improve the user experience, based on your interests and needs.
  • We are transparent about what data we collect about you and why we collect it.
  • We aim to provide you with the best possible experience. Therefore, when we use your personal information, we will always do so in a compliant manner, and where necessary, we will ask for your consent.
  • We understand that your data belongs to you. Therefore, if you decide not to authorise us to process it, you can ask us to stop processing it.
  • Our priority is to ensure your security and to treat your data in accordance with European regulations.

If you would like more information about how we process your data, please see the different sections of the privacy policy below:

Who is the controller of your personal data?


Registered office: CTRA. BARCELONA, 12, VILADECANS

C.I.F. nº: B66761180


JORDI BORDAS SLU has designated a Data Protection Delegate or an internal contact person within its organisation. If you want to make a consultation in relation to the treatment of your personal data, you can contact him through the e-mail

What personal data do we collect?

The personal data that the user may provide:

  • Name, address and date of birth.
  • Telephone number and e-mail address.
  • Location.
  • Information on payments and refunds.
  • IP address, date and time you accessed our services, internet browser you are using and details of your device's operating system.
  • Any other information or data you choose to share with us.

In some cases, it is compulsory to fill in the registration form in order to access and enjoy certain services offered on the website; likewise, failure to provide the personal data requested or not accepting this data protection policy means the impossibility of subscribing, registering or participating in any of the promotions in which personal data is requested.

Why and for what purpose do we process your data?

In JORDI BORDAS SLU we treat the information that the interested people provide us with the following purposes:

  • Manage orders or contract any of our services, either online or in our physical shops.
  • Manage the sending of the information you request from us.
  • To develop commercial actions and carry out the maintenance and management of the relationship with the user, as well as the management of the services offered through the website and information tasks, being able to carry out automatic assessments, profiling and customer segmentation tasks in order to personalise treatment according to their characteristics and needs and improve the customer's online experience.
  • Develop and manage any competitions, prize draws or other promotional activities that may be organised.
  • In some cases it will be necessary to provide information to authorities or third party companies for auditing purposes, as well as to handle personal data from invoices, contracts and documents in order to respond to customer or government complaints.
  • We inform you that the personal data obtained as a result of your registration as a user will form part of the Register of Processing Activities and Operations (RAT), which will be updated periodically in accordance with the provisions of the GDPR.

What is the legitimacy for the processing of your data?

The processing of your data may be based on the following legal bases:

  • Consent of the interested party for the contracting of services and products, for contact forms, requests for information or registration in e-newsletters.
  • Legitimate interest for the processing of our customers' data for direct marketing purposes and the express consent of the data subject for all matters relating to automatic assessments and profiling.
  • Compliance with legal obligations for fraud prevention, communication with public authorities and third party claims.

How long do we keep your data?

The processing of data for the purposes described will be maintained for the time necessary to fulfil the purpose for which it was collected (for example, for the duration of the commercial relationship), as well as for the fulfilment of the legal obligations arising from the processing of the data.

To which recipients is your data communicated?

In some cases, only when necessary, JORDI BORDAS SLU will provide user data to third parties. However, the data will never be sold to third parties. External service providers (e.g. payment providers or delivery companies) with whom JORDI BORDAS SLU works may use the data to provide the corresponding services, however, they will not use such information for their own purposes or for transfer to third parties.

JORDI BORDAS SLU tries to guarantee the security of the personal data when they are sent outside the company and ensures that the third party service providers respect the confidentiality and have the appropriate measures to protect the personal data. These third parties have the obligation to guarantee that the information is treated in accordance with the data privacy regulations.

In some cases, personal data may be required by law to be disclosed to public bodies or other parties, only what is strictly necessary for the fulfilment of such legal obligations will be disclosed.

The personal data obtained may also be shared with other group companies.

Where is your data stored?

In general, data is stored within the EU. For data that is sent to third parties outside the EU, we will ensure that they offer a sufficient level of protection, either because they have Binding Corporate Rules (BCR) or because they have adhered to the "Privacy Shield".

What rights do you have and how can you exercise them?

You can address your communications and exercise your rights by sending a request to the following e-mail address:

Under the provisions of the GDPR you can request:

  • Right of access: you may request information about the personal data we hold about you.
  • Right of rectification: you can communicate any change in your personal data.
  • Right to erasure and the right to be forgotten: you can request the deletion of personal data after it has been blocked.
  • Right of restriction of processing: this entails the restriction of the processing of personal data.
  • Right to object: you can withdraw your consent to the processing of your data by objecting to further processing.
  • Right to portability: in some cases, you may request a copy of personal data in a structured, commonly used and machine-readable format for transmission to another data controller.
  • Right not to be subject to individualised decisions: you can ask not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or significantly affect the data subject.

In some cases, your request may be refused if you request the deletion of data necessary for compliance with legal obligations.

In addition, if you have a complaint about the processing of your data, you can lodge a complaint with the data protection authority.

Who is responsible for the accuracy and veracity of the data provided?

The user is the only responsible for the veracity and correctness of the data included, exonerating JORDI BORDAS SLU of any responsibility in this respect. The users guarantee and respond, in any case, of the accuracy, validity and authenticity of the personal data provided, and undertake to keep them properly updated. The user accepts to provide complete and correct information in the registration or subscription form. JORDI BORDAS SLU reserves the right to terminate the contracted services that had been celebrated with the users, in case the data provided are false, incomplete, inaccurate or not updated.

JORDI BORDAS SLU is not responsible for the veracity of the information that is not of own elaboration and of which another source is indicated, for what neither assumes any responsibility as for hypothetical damages that could originate for the use of this information.

JORDI BORDAS SLU reserves the right to update, modify or delete the information contained in its web pages being able even to limit or not allow the access to this information. JORDI BORDAS SLU is exonerated from any responsibility for any damage that the user could suffer as a consequence of mistakes, defects or omissions in the information provided by JORDI BORDAS SLU as long as it comes from external sources.

Likewise, the user certifies that he/she is over 14 years of age and that he/she has the necessary legal capacity to consent to the processing of his/her personal data.

How do we handle personal data of minors?

In principle, our services are not specifically addressed to minors. However, in the event that any of them are directed to minors under fourteen years of age, in accordance with Article 8 of the RGPD and Article 7 of the LO3/2018 of 5 December (LOPDGDD), JORDI BORDAS SLU will require the valid, free, unequivocal, specific and informed consent of their legal guardians to process the personal data of minors. In this case, the ID card or other form of identification of the person giving consent will be required.

In the case of persons over fourteen years of age, the data may be processed with the consent of the user, except in those cases in which the law requires the assistance of the holders of parental authority or guardianship.

What security measures do we implement to protect your personal data?

JORDI BORDAS SLU has adopted the security levels of protection of the Personal Data legally required, and tries to install those other means and additional technical measures to avoid the loss, misuse, alteration, unauthorised access and theft of the Personal Data given to JORDI BORDAS SLU.

JORDI BORDAS SLU is not responsible for hypothetical damages or prejudices that could be derived from interferences, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operative functioning of this electronic system, caused by reasons beyond the control of JORDI BORDAS SLU; delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other electronic systems, as well as damages that could be caused by third parties by means of illegitimate intromissions out of the control of JORDI BORDAS SLU. Nevertheless, the user must be aware that the security measures in Internet are not impregnable.

Links to other websites

On the website there may be links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of that website, being JORDI BORDAS SLU disassociated from any responsibility about their privacy policy.

How do we use cookies?

The website and the RRSS of JORDI BORDAS SLU use cookies, in order to optimise and personalise your browsing experience. Cookies are physical information files that are hosted on the user's own terminal, the information collected through cookies is used to facilitate user navigation through the portal and optimize the browsing experience. The data collected through cookies may be shared with the creators of the same, but in no case will the information obtained by the same be associated with personal data or data that can identify the user.

However, if you do not want cookies to be installed on your hard drive, you can configure your browser to prevent the installation of these files. For more information see our Cookies Policy

Can the privacy policy be changed?

This privacy policy is subject to change. We recommend that you review this privacy policy from time to time.