Skip to main content

Basic information on Data Protection

Controller: Hartington Business, S.L. Purpose:

  • Provision of online services
  • Web user management
  • Commercial communications related to our services

Lawfulness: Express consent and legitimate interest
Recipients: No data is transferred to third parties, except when there is a legal obligation to do so
Rights: To access, rectify and erase data, as well as other rights, as explained in the additional information
Additional information: You can consult the additional and detailed information on Data Protection in the attached clauses found at At Hartington Business, S.L., we work hard to offer you the best possible experience through our products and services. In some cases, we need to gather information to do so. We care about your privacy and we believe that we should be transparent about it. Therefore, and for the purposes of the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, of 27 April 2016 (hereinafter, “GDPR”), on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and LAW 34/2002, of 11 July, on Information Society Services and Electronic Commerce (hereinafter, “LSSI”), Harington Business S.L. informs the user that, as the data controller, it will incorporate the personal data provided by users into an automated file. Our commitment begins by explaining the following: Your data is collected in order to improve the user experience, according to your interests and needs. We are transparent in relation to the data we obtain about you and the reason for doing so. Our intention is to offer you the best possible experience. Therefore, when we use your personal information we will always comply with the regulations and, when necessary, we will ask for your consent. We understand that your data belongs to you. Thus, if you decide not to authorise us to process it, you can ask us to stop processing your data. Our priority is to guarantee your security and process your data in accordance with European regulations. If you wish to obtain more information about the processing of your data, you can consult the different sections of the Privacy Policy found below:

Who is responsible for processing your personal data?

Identity: Hartington Business, S.L.
Corporate address: Tecnocampus Mataró TCM-3 Avenida Ernest Lluch, 32, 6th Floor, Door 3, Company Tax Code: B-61190641
C.I.F. nº: B-61190641

Hartington Business, S.L. has appointed a Data Protection Delegate or an internal contact person within its organisation. If you wish to make an inquiry regarding the processing of your personal data, you can contact him by email at

What personal data do we collect?

The personal data that the user may provide: Name, address and date of birth. Telephone number and email address. Location. Information regarding payments and returns. IP address, date and time on which you have accessed our services, internet browser you use and data about the device’s operating system. Any other information or data that you decide to share with us. In some cases, it is mandatory to complete the registration form to access and use certain services offered on the e-Commerce site; additionally, not providing the requested personal data or not accepting this data protection policy means you will be unable to subscribe, register or participate in any of the promotions for which personal data is requested.

Why and for what reasons do we process your data?

At, we process the information provided by the data subjects for the following purposes: To manage orders or contract any of our services, either online or in physical stores. To manage the sending of the requested information. To develop commercial actions and carry out the maintenance and management of the relationship with the user, as well as the management of the services offered through the e-Commerce site and the information provided, being able to perform automatic assessments, obtain customer profiles and carry out segmentation tasks in order to customise the treatment they receive according to their characteristics and needs and thus improve the online customer experience. To develop and manage contests, raffles or other promotional activities that can be organised. In some cases, it will be necessary to provide information to the Authorities or third-party companies for audit-related reasons, in addition to handling personal data from invoices, contracts and documents to respond to complaints from customers or Public Administrations. We inform you that the personal data obtained as a result of you registering as a user will be part of the Records of Processing Activities and Operations, which will be updated periodically in accordance with the provisions of the GDPR.

What is the legal basis for processing your data?

The processing of your data may be based on the following legal grounds: Consent provided by the interested party in the contracting of services and products, contact forms, requests for information or subscribing to e-newsletters. Legitimate interest for the processing of our customers’ data in direct marketing actions and the express consent provided by the data subject in all matters relating to automatic assessments and profiling. Compliance with legal obligations for fraud prevention, communication with public authorities and third party claims.

Where is your data stored?

In general, data is stored within the EU. For data that is sent to third parties that are not part of the EU, we will ensure that they offer a sufficient level of protection, either because they have Binding Corporate Rules (BCRs) or because they have adhered to the Privacy Shield.

Which recipients will your data be communicated to?

In some cases, only when necessary, will provide user data to third parties. However, the data will never be sold to third parties. External service providers (for example, payment providers or delivery companies) that works with may use the data to provide the corresponding services, however, they will not use such information for their own purposes nor will they transfer it to third parties. tries to guarantee the security of personal data when sent outside the company and ensures that third-party service providers respect confidentiality and have the appropriate measures in place to protect personal data. These third parties have an obligation to ensure that the information is processed in accordance with the data privacy regulations. In some cases, the law may require the personal data to be disclosed to public bodies or other parties, and only that which is strictly necessary for the fulfilment of such legal obligations will be disclosed. The personal data obtained may also be shared with other companies in the group.

Where is your data stored?

In general, data is stored within the EU. For data that is sent to third parties that are not part of the EU, we will ensure that they offer a sufficient level of protection, either because they have Binding Corporate Rules (BCRs) or because they have adhered to the Privacy Shield.

What rights do you have and how can you exercise them?

You can direct your communications and exercise your rights through a request sent to the following email: Under the provisions of the GDPR, you can request:

  • Right of access: you can request information about the personal data we have about you.
  • Right to rectification: you can communicate any change in your personal data.
  • Right to erasure and the right to be forgotten: you can request the erasure of your personal data.
  • Right to restriction of processing: this involves the restriction of processing of personal data.
  • Right to object: you can withdraw your consent for the processing of your data, objecting to our continuing to process your data.
  • Right to portability: in some cases, you can request a copy of the personal data in a structured, commonly used and machine-readable format to transmit it to another controller.
  • Right to not be subject to individualised decisions: you can request that decisions not be made based solely on automated processing, including profiling, which produces legal effects or significantly affects the data subject.

In some cases, the request may be rejected if you request that data necessary for compliance with legal obligations be erased. Also, if you have a complaint about data processing, you can submit a claim to the data protection authority.

Who is responsible for the accuracy and veracity of the data provided?

The user is solely responsible for the veracity and correctness of the data included, exonerating from any responsibility in this regard. The user guarantees the accuracy, veracity and authenticity of the personal data provided, and agrees to keep it duly updated. The user agrees to provide complete and correct information in the registration or subscription form. reserves the right to terminate the contracted services that would have been provided to users, if the data provided is false, incomplete, inaccurate or not updated. is not responsible for the veracity of the information that it does not create and that comes from another source, thus it also assumes no liability whatsoever for hypothetical damages that may arise from the use of such information. reserves the right to update, modify or delete the information contained on its web pages and may even limit or not allow access to such information. Hartington Business, S.L. shall not be held liable for any damage or harm that the user may suffer as a result of errors, defects or omissions in the information provided by, provided that it comes from other sources. Likewise, the user certifies that they are over 14 years old and that they have the legal capacity required to provide consent regarding the processing of their personal data.

When do we process the personal data of minors?

Normally, our services are not specifically aimed at minors. However, in the event that any of them are directed at children under fourteen, in accordance with Article 8 of the GDPR and Article 7 of Organic Law 3/2018, of 5 December, on the protection of personal data and guarantee of digital rights, will require the valid, free, unambiguous, specific and informed consent of their legal guardians to process the personal data of minors. In this case, the national ID card or other form of identification of the person giving consent will be required. In the case of persons over fourteen, the data may be processed with the consent of the user, except those cases in which the Law requires the assistance of the parents or guardians.

What security measures do we apply to protect your personal data? has adopted the personal data protection security levels that are legally required, and intends on establishing all those other additional means and technical measures at its disposal to prevent the loss, misuse, alteration, unauthorised access and theft of personal data provided to is not responsible for hypothetical damages or losses that could be derived from interference, omissions, interruptions, computer viruses, telephone breakdowns or disconnections in the operational functioning of this electronic system, caused by reasons beyond the control of; or for delays or blockages in the use of this electronic system caused by deficiencies or overloads of telephone lines or overloads in the Data Processing Centre, in the Internet system or in other electronic systems, as well as damages that may be caused by third parties through illegitimate interferences beyond the control of Nonetheless, the user must be aware that Internet security measures are not impregnable.

Links to other websites

On the e-Commerce site, there may be links to other websites. By clicking on one of these links and accessing an external website, the visit will be subject to the privacy policy of said website, with Hartington Business, S.L. being disassociated from any type of liability regarding the third party’s privacy policy.

How do we use cookies?

The e-Commerce site uses cookies in order to optimise and personalise your browsing on it. Cookies are text files that are housed on the user’s own terminal, the information collected through cookies serves to facilitate user navigation on the portal and optimise the browsing experience. The data collected through cookies can be shared with their creators, but in no case will the information obtained by them be associated with personal data or data that can identify the user. However, if the user does not want cookies to be installed on their hard drive, they can configure their browser in such a way that prevents the installation of these files. For more information, please refer to our Cookie Policy

Can the Privacy Policy be modified?

This Privacy Policy may be modified. We recommend reviewing the Privacy Policy from time to time.