Astroeras by Luis Sánchez Privacy and Data Protection Policy
In compliance with Regulation (EU) 2016/679 of the General Data Protection Regulation, Astroeras by Luis Sánchez (hereinafter “The Company”) hereby presents this policy for the processing and protection of personal data.


Scope of Application
This policy shall apply to: Anyone who visits the COMPANY’s website www.astroeras.com.
To all persons who voluntarily communicate with THE COMPANY via email, chat, social media, or who complete any data collection form on THE COMPANY’s website, whether to request information about THE COMPANY’s products and services or to request their participation in any commercial action of THE COMPANY.


To all users and/or clients who contract any of THE COMPANY’s products or services and to all persons who use any service that involves communicating data to THE COMPANY or accessing data by THE COMPANY for the provision of its services. In any case, to any person who has directly or indirectly given their express consent for their data to be processed by THE COMPANY for any of the purposes set forth in this policy.

The use of THE COMPANY’s products and services requires express acceptance of this privacy and data protection policy.


THE COMPANY informs you that, unless legally represented, no user and/or client may use another person’s identity and disclose their personal data. Therefore, the data provided to THE COMPANY must be personal data that corresponds to their own identity and is adequate, relevant, current, accurate, and true. In this regard, the user and/or client will be solely responsible for any direct or indirect damage caused to third parties or to THE COMPANY by the use of another person’s data or their own data when it is false, erroneous, outdated, inadequate, or irrelevant. Likewise, the user and/or client who discloses the personal data of a third party will be responsible for obtaining the corresponding authorization from the data subject, as well as for any consequences in the event of such data being used otherwise.

Likewise, the user or client who provides personal data to THE COMPANY declares that they are of legal age, in accordance with Spanish law, and otherwise refrain from providing data to THE COMPANY. Any data provided about a minor will require the prior consent or authorization of their parents, guardians, or legal representatives, who will be considered responsible for the data provided by minors in their care.


Purposes of data collection
THE COMPANY informs users of the existence of various processing operations and files in which the data communicated to THE COMPANY is collected, the purposes of which are as follows:

1.- Cookies are information files stored on the hard drive or temporary memory of the user’s computer. These cookies are used to communicate between the computer visiting the website and the website’s server and to track website navigation, facilitating navigation and access to content. Cookies associate a computer with the website and do not provide identifying data unless they are used to access content by registering with a username and password. Users can configure their browser to allow cookies to be stored on their computer. These cookies may be session cookies, which are consulted while browsing the website, or permanent cookies, which are recorded and consulted each time they access a website until the cookie expires. THE COMPANY does not use permanent cookies on its website, but rather session cookies, in order to ensure navigation and facilitate access to the website’s content. Users can configure their browser to not store these cookies. Access to any website content is not limited if cookies are not accepted. THE COMPANY’s website may use analytics engines such as Google Analytics to analyze where users go when they visit the website.

2.- In the case of sending an email to THE COMPANY or communicating personal data through other means, such as contact forms, the purpose of collecting and processing such data by THE COMPANY is to respond to inquiries and requests for information regarding the products or services provided by THE COMPANY.

3.- In the case of THE COMPANY forms that interested parties complete to participate in a commercial action of THE COMPANY, the purpose will be to enable such participation, as well as the sending of commercial and advertising communications about THE COMPANY’s services, provided that the interested party expressly states this at the time of data collection.


4.- When contracting services from THE COMPANY, only the personal data necessary to establish the contractual relationship and enable the provision of services and compensation for them by clients will be collected. Specifically, this type of data will be collected for the following specific purposes:
a. Maintaining the contractual relationship established with the client, in accordance with the nature and characteristics of the contracted services, by contacting THE COMPANY with the client via the email address, telephone, or other means indicated by the client.
b. For the purpose of sending documentation and information related to the contracted services, as well as commercial and advertising communications about these or similar services by THE COMPANY, via postal mail, email, telephone, SMS, or other means indicated by the client.
c. For the storage of historical records of business relationships for the legally established periods.

d. In compliance with the provisions of Law 25/2007 of October 18, on the retention of data related to electronic communications and public communications networks, THE COMPANY informs the user that certain traffic data generated during the course of communications will be retained and stored, and, where appropriate, said data will be communicated to the competent bodies if the legal circumstances provided for by law apply.
e. For all other purposes expressly set forth in the specific conditions applicable to the corresponding product or service contracted by the client and accepted by the client.


Personal data retention period
THE COMPANY will retain personal data for the time strictly necessary to fulfill the purposes detailed above.


Recipients of Personal Data
The recipients of the personal data collected by THE COMPANY will be: THE COMPANY’s own employees in the performance of their duties; THE COMPANY’s suppliers involved in the provision of services, if necessary for the provision of such services.
Judicial or administrative bodies, as well as State Security Forces and Corps, if THE COMPANY is required by current legislation to provide information related to its clients and services.
Any other parties who, due to the nature of the service, must access the data provided, as detailed in the specific conditions applicable to the corresponding product or service contracted by the client and expressly accepted by the client.

User Rights and Exercise of These Rights
Right of access: Users have the right to obtain information from THE COMPANY about whether their personal data is being processed, to access it, and to obtain information about the processing carried out.
Right to obtain a copy of their personal data. Right to rectification: Users have the right to have their personal data rectified by THE COMPANY if it is inaccurate or incomplete.
Right to erasure: Users have the right to have their data erased when it is no longer necessary for the purpose for which it was provided or when other legally established circumstances apply.
Right to restriction of processing. Users have the right to request a restriction on the processing of their personal data, so that the processing operations that apply in each case are not applied to them, in those cases provided for in the GDPR.
Right to data portability. Users have the right to receive their personal data in a structured format, provided that such data is exclusively for the user and has been provided by the user.
Clients and/or users of THE COMPANY may exercise their rights by sending a communication accompanied by a specific request to exercise this right, a photocopy of the interested party’s ID or a valid document proving their identity, and should be addressed to the following address:

Data Protection
Astroeras by Luis Sánchez
Luis Sánchez – info@astroeras.com

Supervisory Authority
Users and/or clients of THE COMPANY may contact the Spanish Data Protection Agency if they believe that the processing of their personal data has not been carried out in compliance with current legislation. The contact details for these communications are available on the agency’s website: www.agpd.es.

International Data Transfers
If THE COMPANY requires the international transfer of data to provide the services contracted by clients, this circumstance will be specified in the specific conditions applicable to the corresponding product or service and must be expressly accepted by the client prior to the data transfer itself.

THE COMPANY as data processor
THE COMPANY will process personal data for which the client holds the position of data controller or data processor when necessary for the proper provision of the contracted services. In such case, THE COMPANY will act as data processor, in accordance with the terms indicated below:


THE COMPANY will only process the data in accordance with the instructions of the client, data controller or data processor, and will not use it for any purpose other than that stated in this data protection policy and/or in the applicable contractual conditions.


Once the services that warrant the processing of personal data have been provided, the data will be destroyed, along with any media or documents containing personal data or any type of information generated during, for, and/or by the provision of the services subject to the corresponding conditions. However, THE COMPANY may keep the aforementioned data duly blocked during the period in which liabilities may arise from its relationship with the client. THE COMPANY undertakes to maintain due professional secrecy regarding the personal data it must access and/or process in order to comply with the applicable service conditions in each case, both during and after the termination of said conditions. The COMPANY undertakes to use said information solely for the intended purpose in each case and to require the same level of commitment from any person within its organization involved in any phase of the processing of the client’s personal data for which it is responsible.


Access and/or processing of data by THE COMPANY, without prejudice to any specific legal or regulatory provisions in force that may apply in each case or those adopted by THE COMPANY on its own initiative, will be subject to the necessary security measures to:

  1. Guarantee the confidentiality, integrity, availability, and permanent resilience of the processing systems and services. 2. Restore the availability of and access to personal data quickly in the event of a physical or technical incident. 3. Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to ensure the security of the processing. 4. Pseudonymize and encrypt personal data, where applicable.
    The client authorizes THE COMPANY, in its capacity as data processor, to subcontract to third parties, on behalf of and for the client, the storage, safekeeping of data backup copies, and security services, as well as any other services necessary to enable the provision of the contracted services, always respecting the obligations imposed by the GDPR and its implementing regulations. At any time, the client may contact THE COMPANY to learn the identity of the entities subcontracted to provide the indicated services. These entities will act in accordance with the terms set forth in this document and after formalizing a data processing contract with THE COMPANY in accordance with the applicable regulations.
    The Client authorizes THE COMPANY to perform the actions indicated below, provided they are necessary for the provision of the services. This authorization is limited to the actions necessary for the provision of each service and with a maximum duration linked to the validity of the applicable contractual conditions:
  2. To carry out the processing of personal data on portable devices solely by the users or user profiles assigned to the provision of the services.
  3. To carry out processing outside the Client’s or THE COMPANY’s premises, solely by the users or user profiles assigned to the provision of the services.
  4. The entry and exit of media and documents containing personal data, including those contained in and/or attached to an email, outside the premises under the control of the Client responsible for the processing.
  5. The execution of data recovery procedures that THE COMPANY is required to perform. THE COMPANY is not responsible for any breach of legal obligations regarding personal data protection by the user and/or client in relation to their activity and related to the execution of the contract or business relationship with THE COMPANY. Each party shall be liable for any liability arising from its own breach of contractual obligations and the regulations.
  6. DATA OF THE DATA CONTROLLER: Luis Sánchez, CIF (Tax ID Number): EMAIL info@astroeras.com