Privacy policy
Last updated: June 2026
1. Data controller
- Trading name: Dartel Solutions
- Owner: Rodion Tulba (self-employed)
- Tax ID (NIF): X6932159M
- Address: C/ Azahar 3, portal 6, 3D, 29730 Rincón de la Victoria, Málaga, Spain
- Contact & DPO email: info@dartelsolutions.com
- Phone: +34 612 49 49 00
This privacy policy applies to both the website dartelsolutions.com and the online shop shop.dartelsolutions.com.
2. Data we collect, purposes and legal basis
| Source / form | Data collected | Purpose | Legal basis (GDPR art. 6) |
|---|---|---|---|
| Contact form / WhatsApp / direct email | Name, phone number, email address, free-text message | Responding to enquiries and preparing quotes | Legitimate interest (art. 6.1.f) / Consent (art. 6.1.a) |
| Online shop — order (shop.dartelsolutions.com) | Full name, delivery and billing address, email, phone number, payment data (processed by the payment gateway provider; never stored by Dartel) | Order management, invoicing, shipping and after-sales support | Performance of a contract (art. 6.1.b) |
| Shop account registration (optional) | Email address, hashed password, order history | Facilitating future purchases and order tracking | Consent (art. 6.1.a) |
| Website browsing | IP address, pages visited, device type, session duration (only if the user accepts analytical cookies) | Improving site performance and user experience | Consent (art. 6.1.a) |
| Installation / technical service request | Name, property address, phone number, email, description of requirements | Preparing and carrying out the installation or maintenance quote | Performance of a contract / pre-contractual measures (art. 6.1.b) |
We do not collect special category data (health, ideology, etc.) or data from children under 14 years of age intentionally. If we detect that a minor has provided data without parental authorisation, we will delete it promptly.
3. Retention periods
We retain your personal data only for as long as necessary for the purposes described above and, once those purposes are fulfilled, for the mandatory retention periods established under Spanish law:
- Invoicing and order data: minimum 5 years (tax obligation under the Spanish General Tax Act 58/2003) and up to 10 years in certain commercial law situations.
- Enquiry data with no subsequent contract: deleted after 12 months if no active commercial relationship exists.
- Shop account registration data: for as long as the account remains active; deleted upon the user’s request or after 3 years of inactivity.
- Service contract data (installation): for the duration of the contract and 5 additional years thereafter.
4. Recipients and processors
We do not share your personal data with third parties for their own commercial purposes. We only disclose data where strictly necessary to provide the service:
- Hostinger International Ltd. — web hosting provider for dartelsolutions.com and shop.dartelsolutions.com. Server location: European Union. Data processing agreement in place pursuant to GDPR art. 28.
- Email (Hostinger): order confirmation emails and after-sales communications are sent via Hostinger’s email service, already listed above as hosting provider. No additional email provider is involved.
- Google Ireland Ltd. (Google Analytics): web analytics to measure visits in aggregate, only if you accept analytics cookies. This may involve a transfer of data to the USA (see the next section). Google’s privacy policy.
- Payment gateway provider — secure processing of card payments made in the online shop. Payment data is transmitted directly from the user to the provider; Dartel Solutions does not store card numbers. The specific provider is identified during checkout and has its own privacy policy.
- Shipping company — courier company responsible for delivering orders. It only receives the recipient’s name, delivery address and contact phone number, solely for completing the delivery.
- Legal obligation: when required by a competent authority (court, data protection authority, tax administration), we will provide the requested data.
With your consent we use Google Analytics (Google Ireland Ltd.) to measure use of the site. Google may transfer data to servers in the United States; such transfers are covered by the EU Standard Contractual Clauses and the EU-US Data Privacy Framework to which Google adheres. Apart from this case, we do not carry out international transfers outside the European Economic Area (EEA); should we use other services involving transfers to third countries, we will ensure appropriate safeguards and update this policy accordingly.
5. Your rights
Under the GDPR (EU Regulation 2016/679) and applicable data protection law, you have the following rights:
- Access: obtain confirmation of whether we process your data and, if so, receive a copy.
- Rectification: correct inaccurate data or complete incomplete data.
- Erasure (“right to be forgotten”): request deletion of your data when it is no longer necessary for the purpose for which it was collected, you withdraw consent, or you object to processing.
- Objection: object to processing based on legitimate interest or for direct marketing purposes.
- Restriction of processing: request that we restrict the use of your data in the cases provided for in GDPR art. 18.
- Portability: receive your data in a structured, commonly used and machine-readable format, where processing is based on consent or a contract.
- Not to be subject to automated decision-making: we do not make decisions based solely on automated processing that produce legal or similarly significant effects on you.
To exercise any of these rights, send an email to info@dartelsolutions.com with the subject line “GDPR Rights”, stating your full name and attaching a copy of your identity document. We will respond within a maximum of one month (extendable by a further two months in complex cases, with prior notice).
If you consider that the processing of your data does not comply with applicable law, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.
6. Security
We apply technical and organisational measures appropriate to the level of risk to protect your personal data against unauthorised access, accidental loss, alteration or unlawful disclosure. These include, among others:
- Encrypted communications via HTTPS/TLS across the entire website and shop.
- User passwords stored using a secure hash algorithm (bcrypt/WordPress).
- Access to personal data restricted to those who need it to provide the service.
- Regular server backups.
In the event of a security breach affecting your data that poses a risk to your rights and freedoms, we will notify the AEPD within 72 hours and inform affected individuals without undue delay, in accordance with GDPR art. 33 and 34.
7. Cookies
For detailed information on the use of cookies on this site, please see our Cookie policy.
8. Changes to this policy
We may update this policy when our data processing activities or applicable law change. The update date at the top of this document always reflects the current version. Material changes will be communicated prominently on the site.