Privacy Policy

1. Introduction

1. We never forget to think about your safety. That is why we protect your privacy with the most advanced practices and technologies. We aim to ensure that your personal data are always processed only to the extent necessary and only for the necessary purposes in accordance with applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the “GDPR”).

2. The personal data controller is EIDOPIA S.L. Id. No.: ESB87167920, with its registered office at C/Ambrosio Pérez 10, 19171 Cabanillas del Campo, SPAIN, incorporated on February 5, 2015 and registered in the Mercantile Registry of Madrid, section 8, page 595604, and, established under the laws of the Spain (hereinafter “we” or the “Controller” or the “Operator”).

3. The purpose of this Privacy Policy (hereinafter the “Policy”) is to inform you about your rights in connection with the processing of personal data and the manner and extent of their processing when using the phi-pot.com and phipot.com websites (hereinafter the “PHI-POT websites”), including the use of the websites by non-registered users, when purchasing goods or services in the e-shop at www.phi-pot.com (hereinafter the “PHI-POT-SHOP”), when exercising the rights and obligations arising from the contractual relationship between you and the Controller, when using your PHI-POT ACCOUNT (hereinafter the “PHI-POT ACCOUNT”), or when using other services and websites operated by the Controller or by any of the companies associated through property or personnel with the Controller (hereinafter the “PHI-POT SERVICES”).

If you are unclear about how personal data are processed under this Policy, please contact us at any time.

Contact details of the Controller are as follows:

EIDOPIA S-L.
C/ Ambrosio Pérez 10
19171 Cabanillas del Campo
Spain

E-mail address: privacy@phi-pot.com

2. Sources and categories of the personal data processed

1. The Controller processes personal data provided by you or collected by the Controller in the course of performance of your order.

2. The Controller processes, in particular, your identification and contact details, voluntarily provided descriptive data, details on orders and their performance, data on the use of PHI-POT SERVICES and login details.

3. Purpose, legal basis and duration of personal data processing

1. We process your personal data for the following purposes:

A) Use of the PHI-POT websites

The legal basis for personal data processing is the exercise of the contractual rights and obligations of the Operator following from the Terms and Conditions of Service of the PHI-POT websites (hereinafter the “Terms and Conditions”). In particular, we are committed to making the browsing experience on the PHI-POT websites as superior and user-friendly as possible. In this respect, we process data that may have the nature of personal data, including, but not limited to, data related to your visit to the PHI-POT websites and the history of visits to the PHI-POT websites, information concerning your browser settings, screen resolution, internet connection, etc.

We process personal data for this purpose for a period of one year from the last visit to the PHI-POT websites.

B) Management of the customer account – PHI-POT ACCOUNT

The legal basis for personal data processing is the exercise of the Operator’s contractual rights and obligations following from the Terms and Conditions. In order to maintain the customer account – PHI-POT ACCOUNT, registration is required, during which we process identification, contact and other data that you provide or subsequently add or modify in your customer account.

We process the provided data for the duration of your customer account – PHI-POT ACCOUNT and for 3 years after its termination.

C) Purchase at the PHI-POT E-SHOP

The legal basis for personal data processing is the processing of an order for goods or services and the exercise of the rights and obligations following from the contractual relationship between you and the Controller under the Terms and Conditions (hereinafter the “Terms and Conditions”), as well as performance of the related legal obligations. Orders require personal data necessary for successful processing of the order (name, address, place of residence and mailing address, contact details, etc.). Provision of personal data is a necessary requirement for the conclusion and performance of a contract; without provision of personal data the contract cannot be concluded or performed by the Controller.

We process the personal data provided for a period of 5 years from the date when the last order is made at the PHI-POT E-SHOP.

D) Provision of other PHI-POT SERVICES

The legal basis for the processing of personal data is the performance of the contractual rights and obligations of the Operator arising from the terms and conditions applicable to the relevant PHI-POT SERVICE. The applicable terms and conditions governing the relevant PHI-POT SERVICE are always available on the website of the relevant PHI-POT SERVICE. For this purpose, we process in particular identification data such as your name, contact data such as your address, e-mail, and descriptive data such as your order number, etc.

We process personal data for this purpose for a period of 5 years from the last login to the relevant PHI-POT SERVICE.

E) Provision of customer support services

The legal basis for the processing of personal data for customer support services is, if you are our customer and you have provided us with your order number when enquiring about customer support, a legitimate interest in solving technical and commercial queries related to the ownership of your printer or the use of another PHI-POT SERVICE. If you are not our customer, the legal basis for the processing of personal data for the provision of customer support services is your consent, which you give by contacting customer support by filling in the required data via the online communicating tool available on the PHI-POT websites. For customer support purposes, we process identification data such as your name, contact data such as your e-mail address and, as the case may be, descriptive personal data such as your order number or purchase or print history.

We process the personal data provided for a period of 5 years from your last activity in resolving a customer support request.

F) Sending newsletters and other commercial communications

In the case of registered users, the legal basis for sending the newsletter is the legitimate interest of the Operator. In the case of unregistered users, the legal basis for sending newsletters is the consent granted by filling in the e-mail address and sending the request to receive commercial communications from the PHI-POT website. For the purposes of sending commercial communications, we use the e-mail address you provided, which we keep for a period of 5 years from its provision.

2. The Controller shall delete the personal data upon expiry of the retention period.

3. The Controller does not perform automated individual decision-making or profiling of users within the meaning of Article 22 of the GDPR.

4. Your rights in relation to personal data processing

1. Under the terms of the GDPR, you have the following rights as a data subject:

  • the right of access to your personal data under Article 15 of the GDPR;
  • the right to rectification of personal data under Article 16 of the GDPR, or restriction of processing under Article 18 of the GDPR;
  • the right to erasure of personal data under Article 17 of the GDPR. However, the Controller declares that, following the exercise of your right to erasure of your personal data, the processing of those personal data necessary for the fulfilment of financial, tax and other legal obligations to which the Controller is subject, as well as for the establishment, exercise or defence of legal claims, continues after the Controller has exercised your request;
  • the right to object, under Article 21 of the GDPR, to the processing on the legal basis of legitimate interests or for the purpose of direct marketing;
  • the right to data portability under Article 20 of the GDPR;
  • the right to withdraw consent to the processing of personal data at any time;
  • the right to unsubscribe from receiving commercial communications, i.e. to withdraw consent with the related personal data processing through the link included in the communications;
  • the right to receive a copy of the standard contractual clauses concluded by the Controller under Article 46 of the GDPR.

2. To exercise the above rights, you can use the e-mail address privacy@phi-pot.com or you can contact us by sending a written request to C/ Ambrosio Pérez 10, Cabanillas del Campo, Spain.

3. You can also file a complaint at any time directly with any of the supervisory authorities of the relevant Member State of the European Union (EU) or the European Economic Area (EEA). Contact details of the individual supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

5. Transfer of personal data to third parties

1. You acknowledge that personal data may be transferred to third parties, including, but not limited to persons:

  • participating in the delivery of goods/services/performance of payments under a contract;
  • providing services for the operation of the PHI-POT E-SHOP and other services in connection with the operation of the PHI-POT E-SHOP;
  • providing customer support services;
  • providing marketing services.

2. Except for the recipients and categories of recipients set out below in this Policy, the Controller does not transfer personal data to countries outside the European Economic Area (“EEA”) or to international organisations. In cases where personal data are transferred to countries outside the EEA, the Controller shall take all steps foreseen by generally applicable European data protection law to ensure adequate protection of personal data, in particular by means of standard contractual clauses on data protection adopted by the European Commission (or the supervisory authority and then the European Commission), which it shall provide for contractual arrangements with each relevant recipient of personal data.

3. The processing services used, may include marketing and support tools:

  • Google Analytics – tracks cookies and web use
  • Google Adwords – tracks cookies and web use
  • Facebook – tracks cookies and web use
  • Pinterest – tracks cookies and web use

4. The PHI-POT websites may also contain other links and functionalities to third-party services and social networks, such as Facebook, Pinterest, Twitter, Instagram, etc., which may, if you choose to use them, process your personal data such as your IP address, the history of the pages you have visited or may store cookies or other technical means on your device, such as the Facebook pixel, etc. The processing of your personal data in this case is governed by the policies adopted by the operators of these services and social networks, which are available on their websites

6. The conditions of personal data security

1. The Controller represents that it has implemented all the appropriate technical and organisational measures for personal data protection.

2. The Controller has adopted technical measures to secure the data storages and storages of personal data in hard copy form, including, in particular, a secured/encrypted access to the internet, encryption of customers’ passwords in the database, regular updates of the system and regular backup of the system.

3. The Controller represents that only authorised persons of the Controller shall have access to the personal data.

7. Cookies

1. In order to improve the quality of the PHI-POT SERVICES and to facilitate their use, in particular to analyse the traffic and user behaviour on the PHI-POT websites, to personalise advertising and to make social media functions more accessible, the PHI-POT SERVICES, cookies or other technical means stored on your end device (hereinafter the “cookies”) could be used. The cookies may be saved directly by the Controller, or they may be third party cookies. These files may not directly contain personal data, however, in conjunction with other data, may gain the nature of personal data.

8. Final provisions

1. This Privacy Policy forms an integral part of the Terms and Conditions.

2. This Privacy Policy enters into effect on August 1, 2024.

Scroll to Top