Privacy Policy

Last updated: 22/11/2025

GDPR Compliant

Index

Introduction
Data Controller
Personal Data We Collect
Purpose of Processing
Legal Basis
Data Retention
Data Recipients
Data Subject Rights
International Transfers
Security Measures
Minors
Policy Updates

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons (GDPR) and the applicable national data protection legislation, we inform you about the processing of your personal data.

1. Data Controller

The data controller of your personal data is:

BrainPrices S.L.

NIF/CIF: B-12345678

Address: Calle Ejemplo 123, 28001 Madrid, España

Registration: Registro Mercantil de Madrid, Tomo 1234, Folio 56, Hoja M-78901

Email: info@marketplace.com

Phone: +34 900 123 456

2. Personal Data We Collect

We collect and process the following categories of personal data:

Identity data: Name, surname, ID/Tax number
Contact data: Postal address, email, telephone
Financial data: Payment information (processed by secure payment gateways)
Transaction data: Purchase and order history
Technical data: IP address, cookies, browsing data

3. Purpose of Processing

Your personal data will be processed for the following purposes:

Contract execution: Order management, delivery and invoicing
Marketing: Sending commercial communications (with your consent)
Legal obligation: Compliance with tax and accounting obligations
Legitimate interest: Improvement of our services and user experience

4. Legal Basis

The legal basis for processing your data is:

Performance of a contract (Art. 6.1.b GDPR)
Consent of the data subject (Art. 6.1.a GDPR)
Compliance with a legal obligation (Art. 6.1.c GDPR)
Legitimate interest of the controller (Art. 6.1.f GDPR)

5. Data Retention

Your personal data will be retained for as long as necessary for the stated purposes and, in any case, for the legally established periods (minimum 6 years according to tax and accounting regulations).

6. Data Recipients

Your data may be communicated to:

Payment gateways (Stripe, PayPal)
Transport and logistics companies
Public bodies when there is a legal obligation

We do not sell or transfer your data to third parties for commercial purposes.

7. Data Subject Rights

You have the right to:

Access: Obtain information about whether we are processing your data

Rectification: Correct inaccurate or incomplete data

Erasure: Request deletion of your data

Restriction: Request restriction of processing

Portability: Receive your data in a structured format

Objection: Object to the processing of your data

To exercise your rights, please contact:

Email: info@marketplace.com

Address: Calle Ejemplo 123, 28001 Madrid

You may also file a complaint with your national Data Protection Authority.

8. International Transfers

Some of our service providers may be located outside the European Economic Area. In these cases, we ensure that appropriate safeguards are in place in accordance with applicable regulations (standard contractual clauses approved by the European Commission or adequacy decisions).

9. Security Measures

We have implemented appropriate technical and organizational measures to ensure the security of your personal data and protect it against unauthorized access, loss or destruction. We use SSL/TLS encryption for all communications and comply with PCI DSS standards for payment processing.

SSL/TLS PCI DSS GDPR

11. Minors

Our services are not directed at children under 14 years of age. If we discover that we have collected data from a minor without the required parental consent, we will immediately delete such information.

12. Policy Updates

We reserve the right to modify this Privacy Policy. Any changes will be published on this page with the corresponding update date.

Questions?

You can contact us at:

info@marketplace.com +34 900 123 456