Basic information on data protection
Identity of the Data Controller
THE HOFF BRAND, S.L.
C/ Juan Herrera 39
03203 - Elche (Alicante) - Spain
Registered with the Companies Registry of Alicante in volume 3941, book 0, sheet 114, section 8, page A-149,731
You can access our website anonymously. We will process two types of data in your name if you decide to register on the Website:
Identification data. Basic contact information such as your name and surname, email address, postal address, telephone number, purchase order number, email address of the recipient of the purchase invoice and encrypted data related to your credit card or bank account will be collected if you register on the Website, make an online purchase, subscribe to our newsletter or respond to a survey.
Data generated by the system. Our service automatically stores metadata based on other types of information such as registration data including the contract start date and the date of the last invoice. The invoices issued in relation to the purchased products are stored for your convenience.
HOFF will keep you informed about important changes in our services such as implementation of additional functions only if you expressly subscribe to our newsletter to be sent by email.
Reason for collecting the data
We collect personal data for the following purposes:
To customise your experience (this information will help us to serve your individual needs better).
To improve our website.
To identify you as a party to a contract with us.
To set up a communication channel with you.
To enable us to issue valid VAT invoices and process transactions (HOFF reminds you that your information will not be sold, transferred, delivered and/or exchanged to any other entity without your express consent for any reason other than to provide the requested service).
To enable management of subscriptions to our communication channels with you.
To provide you with information about your choices and preferences as a user.
1. General Data Protection Regulation
2. Obligation to provide the requested data
You must provide us with the required personal data in order to properly execute the contract for purchase and acquisition of our products.
If you fail to provide all the requested information we will not be able to provide you with our services/products.
HOFF scrupulously complies with the requirements stipulated in the aforesaid European legislation on the protection of minors’ data and we will never knowingly collect any information from persons under 14 years of age. The Website, the purchase of our products and the use of our services are expressly aimed at persons over 14 years of age.
How we protect your information
HOFF implements physical, technical and organisational measures to ensure the security of your personal data and to minimize the chances of accidental or illegal destruction, accidental loss, unauthorised use, alteration, unauthorised alteration, disclosure and/or access and any other illicit way of processing your data.
HOFF employs the tools required to ensure a high level of availability of the website services but cannot guarantee constant full availability. Physical security is maintained by HOFF’s subcontractors who meet industry standards for physical security and availability.
All data transmission is appropriately encrypted in line with the best practice to protect your confidentiality and the integrity of your data of a personal nature. Consequently, all credit card information that you provide is transmitted by Secure Socket Layer (SSL) technology and is subsequently encrypted in our payment gateway service provider’s database to ensure that only the data can only be accessed by personnel duly authorised to access these systems.
All HOFF personnel are subject to full confidentiality in relation to processing of your data of a personal nature. Furthermore, all subcontractors and assistant processors with access to your data must sign a strict non-disclosure agreement before they are allowed to work with HOFF.
Authorised personnel can only access your personal data through an encrypted connection. The IP address of the authorised personnel who access your data must be previously cleared in order to do so.
Any device used by HOFF to access your personal data is protected and has HOFF's corporate anti-virus program installed. In addition, any electronic device other than the usual equipment on which your data is temporarily stored must also be encrypted.
Consequently, all local devices that temporarily store personal data are under constant supervision and physically located in a locked cabinet.
HOFF declares that your personal data is never stored on mobile devices, such as USB pen drives, CDs or DVDs.
HOFF will keep you informed at all times about changes in our procedures including practices, protocols and policies to protect the privacy and security of your personal data. You may demand to be informed where and how your personal data is being stored, protected and used at any time. Upon request, HOFF will provide summaries of any independent audits performed on our services provided that we can do so without incurring excessive costs that HOFF cannot bear.
All access to personal data controlled by HOFF is blocked by default and protected by our “zero-trust privilege” policy. This means that access to personal data is restricted exclusively to individually-authorised personnel based on a “never trust, always verify, enforce least privilege” approach.
6. Ability to intervene
7. Notice of personal data breach/security breaches
A violation of personal data means that there has been a breach of the security of HOFF’s I.T. systems that has caused or may cause the destruction, alteration, loss, unauthorised disclosure or accidental or deliberate access to the personal data related to the provision of our services during transmission, storage or processing.
HOFF will notify you promptly if your data of a personal nature is compromised in any way provided that such notification is required by the currently applicable regulations. HOFF will also notify the competent authorities of the security breach within a maximum of 72 hours from the time it is detected. We will inform you of the scope of the violation, the data that has been compromised, the impact on the service and the mitigation plan and protection measures set up to limit the potential detrimental effects on your personal data if we are obliged notify you of the breach of the same due a security incident.
Recipients Disclosure of information to third parties
HOFF will not sell, transfer and/or exchange your data of a personal nature with unauthorised third parties. This does not include identified third parties or subcontractors that help us to manage this website and provide you with our services and which you have duly authorised. These trusted third parties may have access to personal data for information needs and are contractually bound to maintain the confidentiality of the information provided.
HOFF may have to reveal part of your personal information (data of a personal nature) when we are obliged to comply with the law, enforce the policies of our website or to protect the security of our systems. Your personal data may also be provided to other third parties for marketing, advertising or other purposes, but only with your express consent.
1. Trusted subcontractors/third parties
The subcontractors that process your data are supervised and audited.
HOFF supervises its subcontracted data processors to the best of our ability to ensure that they maintain the aforesaid standards and submit to audits to guarantee that they meet the data protection-related requirements stipulated in this document.
2. Legally required disclosure
HOFF undertakes not to disclose your personal data except when bound by the currently applicable regulations or a judicial order that requires us to provide the police or the law courts with any or all of your personal data in our power. HOFF will only disclose the specific data required by a binding judicial order or police requirement.
We will notify you immediately if we are compelled to disclose some or all of your personal data by judicial order or as required by the police and we will provide you with a copy of said request unless we are legally prohibited from doing so.
Links to third-party websites
Where we store your data
HOFF does not transfer, make back-up copies or recover any personal data stored in places outside the European Union.
1. Location of personal data
All your personal data is stored in databases and file repositories hosted on servers owned and operated by HOFF, the registered office of which is located in Elche, Alicante province, in Calle Juan de Herrera 39, 03203 - Parque Industrial, Elche / Elx (Spain), registered in the Companies Registry of Alicante in Volume 3941, Book 0, Sheet 114, Section 8, Page A-149731.
HOFF makes backup copies of the databases it manages through its trusted provider to enable restoration of the information at any time as required.
2. Installation software on the customer’s system in the cloud
You are not required to install software of any kind in order to use the Website. You can access it by means of a standard Internet browser.
Access assistance, data portability, migration and transfer
HOFF will inform you on request of whether we are processing your data of a personal nature or not at any time.
You have the right to receive, on request at any time, a full copy of all the personal data that we hold in your name that you can send to another data controller. Your data will be delivered to you in a widely-used format within 1 month, a period that may be extended to 2 months in the event of complex requests.
Request for rectification, restriction or erasure of personal data
If the personal data held by HOFF concerning you is inaccurate or incomplete you have the right to obtain rectification without undue delay.
2. Restriction of processing of personal data
You have the right to request that processing of your personal data be restricted at any time for any of the following reasons:.
When you contest the accuracy of the personal data held by HOFF for a period that enables us to verify the accuracy of the same.
When processing of your personal data is illegal in accordance with the currently applicable legislation and you choose to restrict use of the data instead of deleting it.
When you require your personal data to establish, exercise or defend yourself against a legal claim despite the fact that HOFF will no longer process them and delete them even without your request.
You may request the deletion of your personal data and HOFF must erase them without undue delay under any of the following circumstances:
When the personal data are no longer necessary for the purposes for which they were collected or processed.
If you withdraw your consent to processing of your data there will no longer be a legal basis on for the use of said data.
When you object to the processing because it is being used for direct marketing purposes.
When the personal data has been or is being illegally processed.
When the data must be erased to comply with a legal obligation at the European Union and/or national level.
4. Where to exercise these rights
You may exercise the aforesaid rights before The Hoff Brand S.L. by sending the corresponding request to our postal address: Calle Juan de Herrera 39, 03203 - Parque Industrial, Elche/Elx (Spain), registered in the Companies Registry of Alicante in Volume 3,941, Book 0, Sheet 114, Section 8, Page A- 149,731. You may contact us by email at the following address: firstname.lastname@example.org or by telephone on: (+34) 664 232 208.
Data storage and retention
1. Data retention policy
Data related to purchase and rental transactions that generate invoices will be kept until the end of the contractual relationship and subsequently during the legally required period. Configuration data and data generated by the system will be deleted immediately you cancel the user account.
2. Data retention to comply with legal requirements
Except for deletion reasons as set forth in the relevant clause, HOFF is bound by the data protection-related legislation to comply with the personal data retention periods laid down by law.
3. Return or deletion of data
Except for account information, HOFF will not retain any data following termination of the contract. You can request a copy of the data at any time before termination of the contract. You should not cancel your account until you have been provided with a copy of your personal data.
HOFF records system updates, site configuration changes and access to provide an audit trail if unauthorised or accidental changes are made.
HOFF is always willing to cooperate with you in complying with the currently applicable data protection-related provisions, especially those aimed at ensuring effective exercise of the rights of access, rectification, deletion, cancellation, blocking, opposition to and limitation of processing, portability and opposition to automated decision-making and management of security incidents.
We strongly recommend that you also display our General Contract Conditions, Legal Notice, How to Buy and Cookies Policy sections that regulate the use, waivers and limitations of liability that govern this Website and many other important aspects.
If you consider that your rights with regard to the collection and processing of your personal data are being infringed, you can file a claim with the Spanish Data Protection Agency (AEPD):
Spanish Data Protection Agency
C/ Jorge Juan, 6
901 100 099
91 266 35 17