jasa toefl
jasa toefl
jasa toefl
JIWAKU88
asia88
paris888
Privacy policy - HECO

 

HECO PRIVACY AND DATA PROTECTION POLICY

1. DATA CONTROLLER

This Privacy Policy describes how HECO / Industries Conesa S.L. (hereinafter “HECO”, “we” or “the company”) collects, processes, protects and uses your personal data when you interact with us.

Details of the data controller:

 

Trade name: HECO / Industries Conesa S.L.

Main activity: Distribution, sales and commercial services

Address: Ctra. N-IIa, Km 4.3 – E-17600 FIGUERES (Girona, Spain)

Tax ID: B17038233

Email: info@heco.es

Telephone: +34 972 503 055

Website: https://heco.es

Applicable legislation:

This policy complies with:

  • Regulation (EU) 2016/679 (GDPR) – General Data Protection Regulation
  • Organic Law 3/2018 (LOPDGDD) – Organic Law on Data Protection
  • Law 34/1988 (LSSI-CE) – Information Society Services

2. WHAT DATA WE COLLECT AND WHY

We collect different types of data depending on how you interact with us. Below, we detail each type, where it is collected, and what we use it for.

2.1. Data from contact forms on our website

When you complete a form (contact, quote, subscription, etc.):

  • Full name
  • Email address
  • Telephone number
  • Company (if you are a business)
  • Subject or description of your enquiry
  • Any other information you voluntarily provide

Purpose of processing:

  • To respond to your enquiry or request
  • To manage quotes and commercial enquiries
  • To send you information about products and services
  • To maintain relevant commercial communications.

This data is stored in our systems and may be accessed by our sales and customer service teams

2.2. Data collected via email

When you send us an email to info@heco.es:

  • Your name
  • Your email address
  • The content of the message
  • Any attachments you send

 

Purpose of processing:

  • To receive and respond to your request
  • To manage commercial communications
  • To archive communications

2.3. Data collected via WhatsApp Business

When we contact you or you contact us via WhatsApp Business:

  • The name displayed on your profile
  • Phone number
  • Profile photo (if you have set one)
  • Content of conversations
  • Information regarding message delivery and read receipts

 

Purpose of processing:

  • Commercial communication and responding to enquiries
  • Management of requests and orders
  • Customer support

 

IMPORTANT NOTE: We will only contact you via WhatsApp if you have given prior consent, are already a customer, or have contacted us first. See Section 8 for further details.

2.4. Technical data collected automatically

When you visit our website, we automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Pages you visit
  • Time spent on each page
  • Links you click
  • Approximate geolocation data (country, region)
  • Device (computer, mobile, tablet)

How it is collected: Through cookies and web analytics (Google Analytics, etc.)

Purpose of processing:

  • To improve and optimise our website
  • To understand how users interact with us
  • Usage statistics and behavioural analysis
  • Content personalization

Relevant advertising (if you have given your consent)

3. LEGAL BASIS FOR DATA PROCESSING

Under the GDPR, all data processing activities must have a valid legal basis. Here we explain the legal basis for each type of processing:

3.1. Consent

This is the legal basis when YOU give us your explicit permission. Examples:

✓ You fill in a contact form

✓ You agree to receive marketing communications (you tick a checkbox)

✓ You accept analytics or marketing cookies

✓ You give consent to be contacted via WhatsApp Business

Your consent is VOLUNTARY, SPECIFIC and INFORMED.

3.2. Contract

This is the legal basis when processing is necessary to fulfil a contract with you. Examples:

✓ Managing your order (name, delivery address, payment details)

✓ Processing your invoice

✓ Maintaining communication regarding your purchase or contracted service

3.3. Legal obligation

This is the legal basis when the law requires us to retain data. Examples:

✓ Retaining accounting data for 6 years (tax obligation)

✓  Invoice data (accounting obligation)

✓ Compliance with other Spanish or European laws

3.4. Legitimate interest

This is the legal basis when we process your data for our legitimate business interests, provided that this does not adversely and disproportionately affect your rights. Examples:

Responding to a business enquiry you send us

✓ Improving our services and website

✓ Statistical analysis and business trends

✓ Fraud prevention

We respect your right to object: if you do not wish us to use your data on the basis of legitimate interest, you may object

4. YOUR RIGHTS AS A DATA SUBJECT

The GDPR guarantees you a number of rights regarding your personal data. Below, we explain each of these rights and how to exercise them:

4.1. Right of access

What is it? You have the right to request access to ALL the personal data we hold about you.

How do you exercise it? Send an email to info@heco.es stating “I request access to my data”

Timeframe? We will respond within a maximum of 30 working days

4.2. Right to rectification

What is it? If your data is incorrect, inaccurate or out of date, you can request that we correct it.

Example: Your email address is misspelled in our records

4.3. Right to erasure (right to be forgotten)

What is it? You can request that we delete your personal data.

Limitations: We cannot delete data if:

  • We have a legal obligation to retain it (6 years for tax data)
  • It is necessary to fulfil a contract with you
  • We need to demonstrate legal compliance

4.4. Right to restriction of processing

What is it? You can request that we RESTRICT how we use your data.

Example: “Do not use my data for marketing communications, but keep it”

4.5. Right to data portability

What is it? You have the right to receive your data in a structured format (Excel, PDF, etc.)

Purpose: To share your data with another company

4.6. Right to object

What is it? You may object to the processing of your data for any purpose.

Examples:

✓ “I do not wish to receive marketing emails” → We will unsubscribe you immediately

✓ ‘Do not use my data for behavioural analysis’

4.7. Right not to be subject to automated decision-making

What is it? We cannot make decisions about you based SOLELY on automated processing without human intervention.

How to exercise your rights:

You can exercise any of these rights by contacting us:

  • Email: info@heco.es
  • Subject: ‘[Name of right] – Data protection request’
  • Include: Your name, email address, and a clear description of your request

We will respond within 30 working days. If we reject your request, we will explain the reasons.

If you are not satisfied with our response, you may lodge a complaint with:

Spanish Data Protection Agency (AEPD)

C/ Jorge Juan, 6 – 28001 Madrid

www.aepd.es | Tel: (+34) 901 100 099

5. SHARING DATA WITH THIRD PARTIES

We only share your data when it is absolutely necessary, and always in a secure manner:

5.1. Technical service providers

We entrust your data to certain companies that provide services to us:

Web hosting and storage: The company that hosts our website

Email and communications: Corporate email provider

Web analytics: Google Analytics (if you have given your consent)

CRM and data management: The system we use to manage customers

WhatsApp Business: Meta Platforms Inc. (the company behind WhatsApp)

ALL these providers are contractually bound under the GDPR to protect your data.

5.2. Public authorities and legal compliance

We may share data if:

  • A court order requires it
  • The tax authorities request it (tax data)
  • There is a Spanish or European legal obligation

5.3. Business partners

Only if you give your explicit consent. We never sell your information to third parties for marketing purposes without your permission.

COMMITMENT: We NEVER sell your data to telemarketing companies or any third party without your explicit consent.

6. DATA SECURITY

We implement technical and organisational measures to protect your data against loss, unauthorised access, alteration or disclosure:

Security measures in place:

  • SSL/TLS encryption across the entire website (HTTPS)
  • Strong passwords and multi-factor authentication
  • Regular backups on secure servers
  • Acceso restringido: Solo personal autorizado
  • Restricted access: Authorised staff only
  • Regular training in data protection
  • Firewalls and intrusion detection systems
  • Periodic security audits
  • Encryption of sensitive data at  rest

Security breach notification:

In the (highly unlikely) event that we experience a security breach, we undertake to notify you within 72 hours.

7. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar technologies. Cookies are small files stored in your browser.

Types of cookies we use:

Technical cookies (ESSENTIAL): These enable the basic functioning of the website. They do not require consent. Examples: authentication, security.

Analytics cookies: These collect information about how you use the website. Example: Google Analytics. Consent is REQUIRED.

Marketing cookies: These are used to personalise adverts. Consent is REQUIRED.

How to manage cookies:

When you visit our website, you will see a consent banner. You can accept all cookies, reject them, or choose which ones to accept.

8. CONTACT VIA WHATSAPP BUSINESS

We use WhatsApp Business to communicate with you about products and services, and to respond to your enquiries.

¿When can we contact you via WhatsApp?

Only if:

  • You gave your explicit consent via our web form
  • We are already customers with an established business relationship
  • You contacted us first

Your rights on WhatsApp:

You have the right to:

  • Stop receiving messages (reply ‘STOP’)
  • Request a copy of conversations
  • Request the deletion of your data

NOTE: Meta Platforms Inc. also processes your data. Please see their policy at www.whatsapp.com/legal/privacy

9. DATA RETENTION PERIOD

We do not retain your data for longer than necessary. Here are the retention periods by type:

  • Website browsing data: Up to 2 years from last contact
  • Active customer data: For the duration of the relationship + 3 years thereafter
  • Inactive customer data: 3 years from last contact
  • Accounting and tax data: 6 years (legal obligation)
  • WhatsApp data: Until deletion is requested (max. 3 years)
  • Cookies: Depending on type, generally 12 months.

10. CHANGES TO THIS POLICY

This Policy is reviewed periodically to adapt to legal changes and new technologies.

Significant changes will be communicated via:

  • Notice on the website homepage
  • Email
  • Notification on WhatsApp (where applicable)

Last updated: March 2026

11. HOW TO CONTACT US

If you have any questions or wish to exercise your rights, please contact us:

  • Email: info@heco.es
  • Telephone: +34 972 503 055
  • Address: Ctra. N-IIa, Km 4,3 – E-17600 FIGUERES (Girona)
  • Spanish Data Protection Agency (AEPD):
  • aepd.es | Tel: (+34) 901 100 099

At HECO, we take the protection of your data very seriously. This policy reflects our commitment to transparency and compliance with the GDPR.

Thank you for your trust.

HECO / Industries Conesa S.L.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
×