Legal
Cookie privacy
01
Data controller
In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and Organic Law 3/2018, of 5 December (LOPDGDD), it is hereby informed that the controller of personal data collected through this website is:
- Controller
- Urbancat Obres i Reformes S.L.
- CIF
- [CIF: pending confirmation]
- Address
- Gran Via Carles III, 98 · Floor 10 · 08028 Barcelona
- Contact email
- hola@urbancat.cat
- Data Protection Officer (DPO)
- Not required by volume of processing. Privacy enquiries: hola@urbancat.cat
02
Purposes of processing
Personal data provided by the user are processed for the following purposes:
- Management of enquiries and quote requests submitted through the web form: responding to the user's request, evaluating their project and, where appropriate, sending a technical and financial proposal.
- Handling communications initiated via WhatsApp by the user themselves: maintaining the conversation and responding to the questions raised.
- Commercial communications related to Urbancat's services, when the user has given their express consent or a prior contractual relationship justifying it exists.
Data will not be used for purposes other than those indicated without first informing the data subject and, where necessary, without obtaining their consent.
03
Legal basis for processing
- Web form — Consent of the data subject (Art. 6.1.a GDPR). The user gives their consent by ticking the privacy policy acceptance box before submission.
- WhatsApp initiated by the user — Legitimate interest of the controller (Art. 6.1.f GDPR) in handling communications received on the data subject's own initiative, given that the processing is proportionate and the user can reasonably expect it.
- Performance of a contract — In the event of service engagement, the processing necessary for the formalisation and performance of the contract is based on Art. 6.1.b GDPR.
- Compliance with legal obligations — The retention of data with tax or accounting relevance is based on Art. 6.1.c GDPR and applicable tax legislation.
04
Categories of data collected
Through the channels enabled on this website and in direct communication with the user, only identifying and contact data are processed:
- First and last name.
- Email address.
- Phone number.
- Content of the message or request (project description, preferences, etc.).
No special category data within the meaning of Art. 9 GDPR (health data, political ideology, racial origin, etc.) are collected. Should the user voluntarily include such data in the body of a message, Urbancat will treat them with the utmost confidentiality and delete them as soon as they are no longer necessary for the stated purpose.
05
Retention period
Data will be retained for the time strictly necessary for the purpose for which they were collected and, in any event:
- Enquiries without subsequent engagement: until the user requests their deletion or 2 years have elapsed since the last contact.
- Contractual relationships: for the duration of the contract and, once it has ended, for a maximum period of 5 years to meet possible tax, accounting or civil liability obligations, in accordance with the General Tax Law and the Civil Code.
- Commercial communications (with consent): until the user withdraws their consent.
Once the applicable periods have elapsed, data will be deleted or anonymised irreversibly.
06
Recipients and disclosures
Urbancat Obres i Reformes S.L. does not disclose personal data to third parties, except in the following cases:
- Legal obligation: when required by a legal provision or a competent authority (tax authorities, judicial bodies, etc.).
- Data processors: technology providers acting on behalf of and under the instruction of Urbancat (web hosting, email service, etc.), with whom the corresponding data processing agreements have been signed in accordance with Art. 28 GDPR.
- Meta Platforms (WhatsApp): when the user initiates a conversation via WhatsApp, their data pass through the infrastructure of Meta Platforms Inc., which acts as a data processor. This is inherent to the use of said messaging platform and the user accepts its own terms of use when using it.
07
International transfers
As a general rule, data are not transferred outside the European Economic Area (EEA). However, there is one relevant exception:
Meta Platforms Inc. (WhatsApp): is headquartered in the United States. The transfer of data to the US that occurs through the use of WhatsApp is covered by the EU-US Data Privacy Framework (EU-US Data Privacy Framework), adopted by the European Commission on 10 July 2023, which guarantees an adequate level of protection for data transferred to companies certified under that framework.
For more information on the applicable safeguards you may consult the European Commission's Adequacy Decision and the AEPD website (www.aepd.es).
08
Data subject rights
The user may exercise at any time the following rights recognised by the GDPR and the LOPDGDD:
To exercise any of these rights, the user must send a written request to hola@urbancat.cat, stating the right they wish to exercise and enclosing a copy of their national ID or equivalent document proving their identity. Urbancat will respond within a maximum period of one month (extendable to three in cases of particular complexity).
Furthermore, where processing is based on the user's consent, they have the right to withdraw it at any time, without this affecting the lawfulness of processing prior to the withdrawal.
09
Right to lodge a complaint with the AEPD
If the user considers that their data protection rights have been violated, they may lodge a complaint with the Spanish Data Protection Agency (AEPD), the competent supervisory authority in Spain.
The AEPD can be contacted through its electronic headquarters: www.aepd.es
However, before approaching the supervisory authority, Urbancat invites the user to get in touch directly via hola@urbancat.cat to attempt to resolve any discrepancy in a friendly manner.
10
Security measures
Urbancat Obres i Reformes S.L. has implemented the necessary technical and organisational measures to ensure the security of personal data and prevent its alteration, loss, processing or unauthorised access. These measures include:
- Encryption in transit: all communications between the user's browser and the website server are carried out via HTTPS protocol with TLS encryption.
- Restricted access: access to personal data is limited to Urbancat personnel who need to know them to carry out their duties, under a duty of confidentiality.
- Periodic review: security measures are periodically reviewed and updated based on identified risks and the evolution of the state of the art.
Despite the measures adopted, no electronic transmission or storage system is completely secure. In the event of detecting any incident that may affect your data, Urbancat will act in accordance with the security breach notification procedure provided for in the GDPR.