AquaTenerife Privacy Policy

1. Introduction and Details of the Data Controller
This Privacy Policy governs the processing of personal data on the website of AquaTenerife (hereinafter referred to as the “Company”), which provides pool maintenance services in the Canary Islands. The Company acts as the data controller in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD). This policy reflects the requirements of European legislation and the recommendations of the Agencia Española de Protección de Datos (AEPD) and the European Data Protection Board (EDPB).
Data Controller: Borys Lisitsyn (+34 641 550 347).
Contact details: +34 (641) 550 347, oasis.pool.tf@gmail.com.
AquaTenerife has not appointed a Data Protection Officer. All questions regarding privacy and the exercise of data subject rights should be sent to oasis.pool.tf@gmail.com.

2. What Data We Collect
The website collects and processes only the personal data necessary to provide its services. Depending on the form of interaction, this data may include:

• Identification data: first and last name.
• Contact data: email address, phone number, residential address.
• Request data: the content of messages or comments submitted.
• Navigation data: IP address, date and time of access, browser used (collected by the server and analytics services). This data is used to ensure website security and to analyze usage.
• Cookies: the website may use its own and third-party cookies for technical purposes (e.g., session identifiers) and, with the user’s consent, for analytics and personalized marketing. Information on how consent is obtained and how users are informed about cookies is described in Section 8.

The Company does not process special categories of personal data (Article 9 GDPR) and does not carry out automated decision-making that produces legal effects or significantly affects users’ rights.

3. Purposes and Legal Bases for Processing
The main purposes and legal bases for data processing at AquaTenerife are as follows:
If consent is required for any specific processing activities, the Company will request it separately. When data processing is based on consent, the user has the right to withdraw it at any time without affecting the quality of the core service.

4. Data Retention Periods
At AquaTenerife, the following data retention rules apply:

• Client data (identification, contact details, order information) is stored for the duration of the contractual relationship and for the applicable limitation period (5 years) in order to protect the Company’s rights and comply with legal obligations.
• Data processed for marketing purposes is retained until the user withdraws consent or until the relevant marketing campaign ends. After that, the data may be anonymized or deleted.
• Navigation data (log files) is stored for no longer than 12 months, unless a longer period is required for security purposes or incident investigation.

After the expiration of the applicable retention periods, the data is deleted or anonymized, unless otherwise required by applicable law.

5. Data Recipients and International Data Transfers
AquaTenerife does not sell or transfer personal data to third parties for their own purposes. Data may be disclosed only in the following cases:

• Service providers: for website hosting, email delivery, CRM systems, or analytics tools (e.g., web analytics services). These entities act as data processors and have entered into agreements with us that ensure confidentiality and GDPR compliance. The categories of recipients and access to full information must be indicated in the first (“basic”) and second (“additional”) information layers.
• Public authorities: where required by law (e.g., tax or administrative authorities).
• International transfers: if service providers are located outside the European Economic Area (EEA), the Company ensures the existence of an adequacy decision by the European Commission or applies Standard Contractual Clauses to guarantee an adequate level of data protection.

6. Users’ Rights
Users have the right to:

• Right of access: obtain confirmation as to whether their data is being processed and receive a copy of such data.
• Right to rectification: request the correction of inaccurate data or completion of incomplete data.
• Right to erasure: request deletion of their data when it is no longer necessary for the purposes for which it was collected or when consent has been withdrawn.
• Right to restriction of processing: request a temporary limitation of processing in cases provided by law.
• Right to data portability: receive their data in a structured, commonly used, and machine-readable format and transmit it to another controller where technically feasible.
• Right to object: object to processing based on legitimate interest or for direct marketing purposes.
• Right not to be subject to automated decision-making, including profiling, that produces legal effects or similarly significantly affects the user.
• Right to withdraw consent: where processing is based on consent, it may be withdrawn at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to lodge a complaint: if the user believes their rights have been violated, they may contact us regarding data protection matters or file a complaint with the Agencia Española de Protección de Datos (AEPD), C/ Jorge Juan 6, 28001 Madrid.

The AEPD and EDPB emphasize that users must receive a response within one month and that an easy method for submitting requests must be provided. AquaTenerife accepts requests via the indicated contact details, records each request, and complies with the established deadlines.

7. How to Submit a Request
To exercise their rights, users may submit a written request specifying the subject (e.g., “Data Access,” “Data Rectification”), attach a copy of an identity document, and send the request by one of the following means:

• By email to: oasis.pool.tf@gmail.com..

The Company will process the request within one month of receipt. In complex cases or where there are multiple requests, this period may be extended by an additional two months, and the user will be informed in advance. If the request concerns data collected by third parties (e.g., external services), AquaTenerife will provide the contact details of the relevant processor.

8. Cookie Policy
The AquaTenerife website applies the following approach:

• Technical cookies (essential): ensure the proper functioning of the website (e.g., saving language preferences). These do not require consent and are set by default.
• Analytics cookies: help understand how users interact with the website and improve service quality. These cookies are set only after obtaining consent. In the initial pop-up banner, users see a brief description, a link to the detailed policy, and three buttons: “Accept,” “Reject,” and “Settings.” In “Settings,” users can provide consent selectively by category.
• Marketing cookies: used to display personalized advertising. These are also set only with explicit user consent.

Users can change cookie settings or withdraw consent at any time via the “Cookie Settings” link, which is permanently available on the website. Refusing analytics or marketing cookies does not affect the functionality of the website.

9. Data Security
The Company implements technical and organizational measures to ensure data security, including HTTPS encryption, access control, antivirus protection, regular backups, and staff training. In the event of a data breach, the Company undertakes to notify the AEPD and, where necessary, affected users within the legally established time limits (typically 72 hours) and to mitigate the consequences. AEPD guidance also emphasizes that the use of providers and third-party services requires audits and appropriate contractual arrangements, which AquaTenerife duly implements.

10. Processing of Minors’ Data
The Company does not target its services at minors and does not knowingly collect data from individuals under the age of 14. If it becomes aware that a child has provided personal data without parental consent, such information will be deleted immediately. When interacting with our services, individuals under 14 confirm that they have the permission of their parents or legal guardians.

11. Changes to the Policy
AquaTenerife reserves the right to update this Policy periodically due to changes in legislation or internal procedures. The date of the latest update will be indicated at the beginning of the document. In the event of significant changes, users will be notified via the website or by email. Continued use of the website after the publication of changes constitutes acceptance of the updated Policy.

12. Additional Information

• Two-layer information approach: In accordance with AEPD recommendations, the Company provides a brief notice (“first layer”) on data collection forms and cookie banners, containing essential information (controller, purposes, legal bases, rights) and a link to this Policy with more detailed explanations (“second layer”). This approach ensures clarity and accessibility for users.
• Commitment to transparency: All information is presented clearly, in plain language, and without unnecessary legal jargon, as recommended by the AEPD.
• Documentation of processing activities: The Company maintains an internal record of processing activities, documenting data categories, purposes, recipients, and retention periods. This documentation is available for inspection and audit by competent authorities.

If you have any questions regarding this Privacy Policy or the processing of your personal data, please contact us using the details provided above.