Privacy policy

PRIVACY POLICY OF TETSUO.COM

Last policy review: 10-06-2025

 

ERIC Y JOEL, S.L. is the owner of the domain http://www.tetsuo.com/, as well as of this website, the web app and/or any other type of software developed, operated, and/or maintained by ERIC Y JOEL, S.L. (hereinafter the “Platform”, the “Controller”, “we” or “TETSUO”).

Through this document, the Privacy Policy of TETSUO is made available to the User (hereinafter also referred to as “User”, “Data Subject” or “you”) in order to describe the personal information we collect, the purpose for which we use it, and, in general, the processes and ways in which we handle it during the use and/or navigation of the Platform by Users (both registered and unregistered, depending on the processing).

TETSUO may make this Privacy Policy available to the User in different languages. In such case, the present Spanish version shall prevail in the event of any interpretative conflict.

 

1. WHO IS THE DATA CONTROLLER?

  • ERIC Y JOEL S.L.
  • Tax ID: B10623452
  • Registered office: Calle Gijón 6, 46183 La Eliana (Valencia)
  • Email: info@tetsuo.com
  • Phone: +34 625 624 155

If you wish to contact us regarding your personal data, you may do so at the address indicated above.

 

2. WHAT ARE THE DETAILS OF THE DATA PROCESSING?

We collect and process the information that the User provides to us or that we have access to during navigation on our Website and when making purchases through it, under the terms set forth in this Privacy Policy.

In the following section, you will find more details about the data processing carried out, according to its purpose:

 

3. DATA PROCESSING ACTIVITIES AND PURPOSES FOR WHICH WE PROCESS YOUR DATA

The processing of your personal data is carried out for the following purposes: 

a. Website and App Functionality

  • Purpose: to allow Users to use the Platform and browse it, ensuring the correct functioning of the Platform, enabling updates and technical maintenance, and improving navigation, security, and performance.

  • Categories of data processed: Usage and browsing data of the Platform by the User and application and device data; including the following: browsing and usage data, IP address, usage preferences, visits made, language, device information, browser type, device type and operating system, approximate location (region and country of access); as well as cookies; and anonymized statistical data.

If the User arrives at the Platform through an external source (such as, for example, via a link from a third-party website or social network), the Controller will collect statistical and anonymous information about the source from which the visitor came in order to better understand how users discover and reach the Platform and/or to improve the company’s marketing and positioning strategies.

  • Categories of Data Subjects: Registered and unregistered Users who use the Platform.
  • Method of collection: provided by the User through browsing the Platform environment.
  • Legal basis: our legitimate interest in ensuring proper, up‑to‑date functioning and the improvement and security of the Platform and its Users, and in knowing the origin and source of the user; or the User’s consent where applicable (e.g., for cookies not strictly necessary for the functioning of the Platform).
  • Retention period: Usage Data will be kept for a maximum of 12 months from collection, in accordance with Law 25/2007 on data retention in electronic communications. After that period, the data will be deleted unless required by a public authority. Anonymized statistical data may be stored as it does not contain personal data.
  • Disclosure: the collected data may be shared with our providers of technological, IT, and/or data hosting services essential to fulfill the purposes for which they were collected. Your data will not be sold to third parties.

 

b. Handling User Inquiries

  • Purpose: To ensure communication between Users and TETSUO for customer service inquiries, filing complaints, or similar, through any of TETSUO’s contact points, including forms, email or postal addresses, or others made available by TETSUO to the User.

  • Categories of data processed: Identifying data, specifically first and last name, and contact details, which may include email address and/or phone number.

  • Categories of Data Subjects: Registered and unregistered Users who submit inquiries.

  • Method of collection: directly from the Users when they contact TETSUO directly or via external contracted providers.

  • Legal basis: User consent or legitimate interest after receiving the request.

  • Retention period: once the purpose for collection has been achieved, the data will be kept for a maximum of 18 months, unless legal legitimate interest or prescription periods require longer retention.

  • Disclosure: data may be shared with our technology, IT, and/or data hosting service providers essential to fulfill the purposes for collection. Your data will not be sold to third parties.

 

c. Provision of Contracted Services: Sale of Products

  • Purpose: To ensure the sale of products offered through the Website to registered or, where applicable, unregistered Users.
  • Categories of data processed: identifying data (first and last name); contact data (including email address, phone number, and postal address); bank and payment data (including some digits of your card, expiration date and CSV code, as well as PayPal account data), if necessary to process the payment; access data for registered Users (password and username).
  • Categories of Data Subjects: Registered and unregistered Users making product purchases via the Platform.
  • Method of collection: directly from the customer when entering data into the platform to make a purchase.
  • Legal basis: processing is necessary for the execution of a contract to which the Data Subject is a party or to apply pre-contractual measures at the request of the Data Subject.
  • Retention period: data will be retained while the service is provided and, after its completion, may be blocked during legal retention periods to comply with regulatory, tax, commercial, and anti‑money laundering obligations, as well as for prescription periods.
  • Disclosure: data will not be shared generally. However, it may be shared with our external providers of technological, IT, and/or data hosting services essential to fulfill the purposes for collection, including payment and/or communications providers.

Additionally, your data may be shared with external logistics and/or shipping providers to ensure management and delivery of products purchased by the Data Subject; as well as with authorities when legally required or by judicial order. Your data will not be sold to third parties.

d. Sending of commercial communications:  

  • Purpose: Sending of commercial communications, offers, promotions, newsletters, or similar, related to the products offered by the Controller, through the following options:
  1. Email communications: Sending of promotions and/or offers to the User's email address. The User may object to receiving commercial communications at any time by contacting the Controller’s email address or, where applicable, via the unsubscribe option included in the email itself.
  2. Personalized communications: The sending of personalized communications based on the Users’ interests and preferences requires their prior consent, which can be withdrawn at any time.

 

If the User wishes to stop receiving commercial communications, they may object at any time by contacting the Controller via postal address, email, or through the channels enabled for each type of communication.

  • Data processed:
  • identification data: first and last name.
  • contact data: email address.
  • data related to User preferences, where applicable.
  • Method of collection: directly from the User during registration on the platform, purchase, or subscription to the newsletter.
  • Legal basis:
  1. For registered Users or customers who have not given explicit consent: based on the Controller’s legitimate interest in informing Users about purchased or similar products and relevant information, unless and until the User objects to such processing.
  2. For Users with whom there is no contractual relationship: consent will be required.
  3. Consent will also be required for both registered and non-registered Users, for the sending of personalized notifications and communications from third parties, until the User withdraws consent, objects, or deletes their account.
  • Retention period: data will be processed until the User withdraws their consent. In case of 24 months of inactivity, the Controller will stop sending commercial communications and will delete the data related to this processing. After that period or after withdrawal of consent, data may be blocked for the legally established periods to comply with applicable regulatory obligations and statutory limitation periods.
  • Disclosure: your data will not be disclosed to third parties, except to those providing IT, technological, and/or technical services, and only to ensure the aforementioned purposes. Your data will not be sold or shared with third parties without prior notice to the Data Subject and prior consent.

 

4. WHERE DO WE OBTAIN YOUR DATA?

We collect data about you through various methods:

  • Direct interactions: You may provide data by completing forms on our website or by communicating with us via postal mail, telephone, email, or other means. This includes requesting products or services, creating an account, submitting inquiries, subscribing to our services, commenting on a blog, reviewing a product, requesting resources or marketing materials, participating in contests or surveys, or sending us feedback.
  • Automated technologies or interactions: When using our site, we may automatically collect technical data about your hardware, browsing habits, and usage patterns through cookies, server logs, and similar technologies. Please see our Cookie Policy for more information.

WHO DO WE SHARE YOUR DATA WITH?

Generally, TETSUO does not share your personal data with third parties, except when the provision of a service requires a contractual relationship and is strictly necessary for managing and maintaining the relationship between the User and TETSUO and/or to fulfill the purposes.

In such cases, the data will only be shared for the strictly necessary time to achieve the purposes and in compliance with data protection principles, applying necessary and appropriate measures to protect personal data (including signing a data processing agreement). Data processing will be carried out under the same or similar privacy and data protection conditions to which TETSUO is subject. At the end of the processing, the recipients or processors will return the personal data to TETSUO and delete any copies in their possession.

Accordingly, strictly to fulfill the purposes described in this Policy, TETSUO may share your personal data with the following categories of recipients:

  • Essential service providers, including IT and technology services, payment gateways, cloud storage, communications, and logistics/shipping providers, among others.
  • Public authorities, by judicial order or legal requirement.
  • Companies and/or consultants that assist us in managing our services and fulfilling purposes.

 You may request additional information about data disclosures to the Controller through any of the contact points listed in this Policy.

Your personal data will never be disseminated or sold and will not be disclosed to unidentified parties in any way.

 

5. DO WE MAKE TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS?

As a rule, personal data is not transferred to third countries or international organizations (“International Data Transfers”).

However, to achieve purposes, such transfers may occur to our service providers in IT, data hosting, payment gateways, or others essential to the purpose. Also, regardless of whether MINDMAKE.RS conducts such transfers directly, they may be carried out by the contracted service providers mentioned later.

In such cases, the Controller will contract with providers compliant with the GDPR and apply guarantees under Articles 44 et seq. GDPR to ensure an adequate level of data protection, including adequacy decisions (list of countries based on an adequacy decision) or Standard Contractual Clauses of the European Commission (“SCCs”).

The companies to which international data transfers (IDT) may be made, due to being located outside the EEA, are as follows:

Provider

Destination Country

Service Provided

Legal Basis for the Transfer

Dropbox

USA

Data and database storage

EU Standard Contractual Clauses and adherence to the Data Privacy Framework

 

 

 

 

6. DO WE PROCESS SPECIAL CATEGORIES OF PERSONAL DATA?

Purpose limitation and retention, data minimization, accuracy, integrity and confidentiality will always be respected, and processing will in any case be subject to Regulation (EU) 2016/679 and Organic Law 3/2018 of December 5 on the Protection of Personal Data and the Guarantee of Digital Rights.

In particular, processing may be carried out on paper or using IT and telematic tools, also in accordance with Article 29 of Regulation (EU) 2016/679, and in all cases with appropriate means to ensure the security and confidentiality of data, as required by Article 32 of the same Regulation.

 

7. DATA PROCESSING METHODS

The processing of the provided data is based on the principles of lawfulness, transparency, purpose limitation and storage, data minimization, accuracy, integrity, and confidentiality, and will always be carried out in accordance with the provisions of Regulation (EU) 2016/679 and Organic Law 3/2018 of December 5, on the Protection of Personal Data and the guarantee of digital rights.

In particular, processing may be carried out using paper, IT, and telematic tools, also in accordance with Article 29 of Regulation (EU) 2016/679 and, in all cases, using appropriate means to ensure its security and confidentiality in accordance with Article 32 of the same Regulation (EU) No. 2016/679.

 

8. AUTOMATED DECISIONS

There is no automated decision-making process, not even for profiling purposes, in accordance with Article 13.2(f) of Regulation (EU) No. 679/2016.

 

9. COOKIES

In addition to the processing activities described in this Policy, TETSUO may also collect Personal Data through the use of cookies and other similar or analogous tracking technologies, as described in the Cookies Policy available at the following link.

 

10. INFORMATION SECURITY

We have implemented appropriate security measures to prevent the loss, misuse, or unauthorized access to your personal data, as well as their alteration or disclosure. We limit access to your personal data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We have procedures in place to address any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

11. RETENTION OF YOUR PERSONAL DATA

As a general rule, TETSUO will retain your personal data only for as long as necessary for the purpose for which it was initially collected, and for the maximum periods indicated for each type of processing referred to in this Policy.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data and whether we can achieve those purposes through other means, and applicable legal requirements.

Once these periods have elapsed, the data will be automatically deleted, without prejudice to their further retention when necessary for compliance with certain obligations, due to legal provisions, liabilities, or requests and/or orders issued by Public Administrations and/or Supervisory Authorities, for some of the reasons indicated in the previous sections.

In accordance with tax and commercial regulations, we must retain basic customer information (including contact, identity, financial, and transaction data) for six years after they cease to be customers, for tax purposes.

In some circumstances, you may ask us to delete your data. Likewise, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice.

Regarding data related to marketing communications, we will stop processing them when you withdraw your consent. However, the withdrawal of such consent will not affect the legality of any processing previously carried out nor prevent the blocking of the data for legal compliance or the reasons set out in the previous paragraph.

 

12. THIRD-PARTY LINKS

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit.

 

13. WHAT ARE YOUR DATA RIGHTS?

In accordance with the GDPR, the Data Subject has the following rights regarding their personal data: 

  • access to your data, which you can also check in the "my data" section,

  • rectification of your data, because we also want to ensure that your information is accurate and up to date,

  • erasure of your data,

  • restriction of processing of your data,

  • objection to the processing of your data, when the legal basis for processing your data is our legitimate interest,

  • withdrawal of your consent for the processing of your data, when the legal basis is your consent, and

  • data portability, when the legal basis for processing is your consent or the execution of a contract.

To exercise your rights, the Data Subject may contact TETSUO through the contact addresses provided in this Policy.

Additionally, the Data Subject has the right to file a complaint with the Spanish Data Protection Agency (AEPD) if they have concerns or are not satisfied with the exercise of their rights or with how we process their data. The contact details are:

Agencia Española de Protección de Datos -Spain- (AEPD).

Calle Jorge Juan, 6 // ZIP Code: 28004 - Madrid

Phone support: +34 901 100 099 // +34 91 266 35 17

https://www.aepd.es/


14.  PRIVACY POLICY UPDATES

TETSUO reserves the right to modify this Privacy Policy at any time. We recommend reviewing it occasionally. If TETSUO makes changes to the Privacy Policy, the new version will be published on www.tetsuo.com and we will also notify you in advance. If you object to any changes in this Privacy Policy, you must stop using the Services and delete your account.

 

THE USER HAS BEEN INFORMED ABOUT THE TERMS REGARDING PERSONAL DATA PROTECTION, ACCEPTING AND CONSENTING TO THE PROCESSING OF SUCH DATA BY TETSUO IN THE MANNER AND FOR THE PURPOSES INDICATED IN THIS PRIVACY POLICY.