Privacy Policy
Last updated: April 2026
Information on the processing of your personal data in accordance with theRegulation (EU) 2016/679 (GDPR)and theOrganic Law 3/2018 (LOPDGDD).
1. Data Controller
| Holder | Aida D. Acri (hereinafter,Acritech) |
|---|---|
| NIF | ESZ2346984T |
| Phone |
+34 960 41 10 07
|
| Website | www.acritech.es |
| Activity | IT equipment buyback, TPM maintenance, and sale of refurbished hardware |
2. Personal Data We Process
We only process the data necessary for the purposes described in this policy:
Name, surname, ID/NIF/NIE, passport number.
Email, phone, postal address.
Company, position, company NIF/CIF.
Model, serial number, condition, and location of the hardware.We do not access data stored on devices.
IP address, browser type, pages visited (via cookies). See our Cookie Policy.
Inquiries, quotes, and email exchanges related to our services.
3. Purposes and Legal Basis for Processing
In compliance with Article 13 of the GDPR, we inform you of the applicable purposes and legal bases:
| Purpose | Legal basis | Art. GDPR |
|---|---|---|
| Management of requests for the repurchase of IT equipment | Execution of contract / pre-contractual measures | Art. 6.1.b |
| Provision of TPM maintenance service | Execution of contract | Art. 6.1.b |
| Sale of refurbished equipment | Execution of contract | Art. 6.1.b |
| Certified deletion and destruction of data | Execution of contract | Art. 6.1.b |
| Management of inquiries received via web form or email | Consent of the data subject | Art. 6.1.a |
| Compliance with tax, accounting and commercial obligations | Legal obligation | Art. 6.1.c |
| Issuance of declarations in accordance with WEEE regulations (Art. 45 EU) | Legal obligation | Art. 6.1.c |
| Fraud prevention and information security | Legitimate interest | Art. 6.1.f |
| Sending of own commercial communications (only with explicit consent) | Consent of the data subject | Art. 6.1.a |
4. Retention Periods
| Type of data / operation | Period | Regulation |
|---|---|---|
| Customer data and contracts | 6 years after the business relationship | Commercial Code |
| Invoices and tax documentation | 4 years (tax prescription) / 6 years commercial | LGT / Commercial Code |
| Data stored on equipment received for repurchase | Immediate deletion after certified technical audit | GDPR Art. 5.1.e |
| Web consultation data (without contractual relationship) | 1 year or until consent is revoked | GDPR Art. 6.1.a |
| Commercial communications / marketing | Until consent is revoked | LOPDGDD / LSSICE |
| Access records and security logs | 12 months | LSSICE Art. 12 |
5. Recipients and International Transfers
Your datawill not be transferred to third partiesexcept in the following cases:
- Transport and logistics companies:for the collection and delivery of equipment, only with the essential data (name, address, phone).
- Public Administrations:when there is a legal obligation (Tax Agency, law enforcement agencies, judicial bodies).
- Odoo S.A. (Belgium):provider of the technological platform (CRM, web, invoicing). Acts asdata processorwith a DPA contract in accordance with the GDPR. Odoo S.A. is established in the EU.
We do not carry out international data transfers outside the European Economic Area (EEA).In the event that it occurs, appropriate safeguards provided for in Articles 46–49 of the GDPR would be adopted.
6. Your Rights (Arts. 15–22 GDPR)
You can exercise the following rights at any time, free of charge:
To know what data we process about you.
To correct inaccurate or incomplete data.
To request deletion (‘right to be forgotten’).
To object to processing under certain circumstances.
To restrict the use of your data in specific cases.
To receive your data in a structured and readable format.
How to exercise your rights?
Send an email to admin@acritech.es with the subject‘Exercise of GDPR rights’, attaching a copy of your ID card, residence permit or passport. We will respond within a maximum period of1 month(extendable by 2 more months in complex cases, with prior notification).
Right to lodge a complaint
If you believe that the processing of your data does not comply with current regulations, you have the right to lodge a complaint with theSpanish Data Protection Agency (AEPD): www.aepd.es — C/ Jorge Juan, 6, 28001 Madrid.
7. Cookie Policy
This website uses its own and third-party cookies to improve the browsing experience, analyse traffic and offer personalised content. You can manage or reject non-essential cookies at any time.
For detailed information about the cookies we use, their purpose and how to manage them, please see our Cookie Policy.
8. Information Security
Acritech applies appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure a level of security appropriate to the risk, including:
- Encryption of communications using HTTPS/TLS protocol.
- Restricted access control to personal data.
- Secure and certified deletion procedures for data stored on received equipment (in accordance with NIST 800-88 or DoD 5220.22-M standards).
- Periodic assessment of the effectiveness of the implemented security measures.
- Confidentiality agreements with collaborators and data processors.
9. Minors
Acritech's services are directed exclusively at businesses and professionals (B2B). We do not knowingly collect personal data from minors under14 years(Article 7 of the LOPDGDD). If we detect that we have received data from a minor without the appropriate parental consent, we will proceed to its immediate deletion.
10. Changes to this Policy
Acritech reserves the right to update this Privacy Policy to adapt it to legislative, jurisprudential changes or modifications to our services. Previous versions will be archived. In the event of substantial changes affecting your rights, we will notify you with reasonable notice via email or through a prominent notice on our website.