1. Data controller

• Legal name: CONSTANKITCHEN, S.L.U. (Single-shareholder Limited Liability Company)
• Trade name: ConstanKitchen
• Spanish Tax ID (CIF): B10462869
• Address: Lugar Ejido La Estrella, Urbanización “Las Arenas”, no. 13, 10910 Malpartida de Cáceres (Cáceres), Spain
• Phone: (+34) 628 72 09 38
• Email for data protection matters: info@constankitchen.com

The appointment of a Data Protection Officer (DPO) is not mandatory, as the cases provided for in Article 37 of the GDPR or Article 34 of the LOPDGDD do not apply. For any question regarding the processing of your data, the User may contact the email address indicated.

2. Categories of data and processing purposes

We process personal data voluntarily provided by the User through forms or contact channels of the Website, as well as data derived from browsing:

2.1. Contact form

• Data processed: name, email address, subject, message and, optionally, any additional data the User chooses to include.
• Purpose: to respond to the enquiry, commercial request or message sent; to manage the relationship with potential customers, distributors and collaborators.
• Legal basis: consent of the data subject (Art. 6.1.a GDPR) and, where applicable, performance of pre-contractual measures taken at the request of the data subject (Art. 6.1.b GDPR).
• Retention: for the time necessary to handle the request and, thereafter, for up to 3 years, unless the User withdraws consent earlier or a different legal retention obligation applies.

2.2. Commercial communications (optional)

• Data processed: name and email address.
• Purpose: sending informational or commercial communications about products, news and services of the controller, only if the User expressly consents by ticking the corresponding box.
• Legal basis: express consent of the data subject (Art. 6.1.a GDPR and Art. 21 LSSI-CE).
• Retention: until the User withdraws consent or unsubscribes.

2.3. Cookies and similar technologies

• Data processed: device identifier, IP address, language, date of visit and browsing behaviour.
• Purpose: to ensure the operation of the Website, remember language preferences and, with the User’s consent, generate usage statistics.
• Legal basis: legitimate interest of the controller for strictly necessary cookies (Art. 6.1.f GDPR) and consent of the data subject for non-essential cookies (Art. 6.1.a GDPR and Art. 22.2 LSSI-CE).
• Further information: see the Cookie Policy.

3. Third-party data

If the User provides personal data of third parties, the User declares that he or she has informed those persons and has obtained their express consent to communicate their data to the controller for the purposes indicated.

4. Retention period

Personal data will be kept for the time necessary to fulfil the purpose for which it was collected and to determine any possible liabilities arising therefrom. Applicable rules on archiving and documentation will be observed. In any case, data may be kept blocked during the legal limitation periods of the actions arising from the processing.

5. Recipients of the data

The User’s personal data will not be transferred to third parties, except by legal obligation. To provide services and manage the Website, the controller may rely on processors duly bound by contract under Article 28 GDPR. The main processors are:

• Web hosting provider: server located in Germany (EU).
• Email service provider: mail server associated with the hosting.
• Cookie banner and consent management provider: [PENDING — e.g. CookieYes Ltd. (Ireland)] when advanced cookie management is activated.
• Form plugin: SureForms (Brainstorm Force), processing hosted on the controller’s own server.

No international data transfers outside the European Economic Area are envisaged. Should they be necessary in the future, they will be carried out only with appropriate safeguards provided for in Chapter V of the GDPR (standard contractual clauses, adequacy decisions, etc.), and the User will be informed.

6. Rights of the data subject

The User may exercise the following rights at any time:

• Access: to know which personal data we process about the User.
• Rectification: to request the correction of inaccurate or incomplete data.
• Erasure (“right to be forgotten”): to request the deletion of data when no longer necessary.
• Objection: to object to processing on grounds relating to the User’s particular situation.
• Restriction of processing: to request the suspension of processing in the cases provided for in the regulations.
• Portability: to receive the data in a structured, commonly used and machine-readable format, or to request its transmission to another controller.
• Withdrawal of consent previously given, without affecting the lawfulness of processing based on consent prior to its withdrawal.
• Not to be subject to automated decisions producing legal effects or significantly affecting the User.

The User may exercise these rights by sending a written request, accompanied by a copy of an identity document, to the postal address indicated or by email to info@constankitchen.com, stating in the subject line the right being exercised.

7. Complaints to the supervisory authority

If the User considers that the processing of his or her personal data does not comply with regulations or that his or her rights have not been properly addressed, the User has the right to file a complaint with the Spanish Data Protection Agency (AEPD):

• Website: www.aepd.es
• Address: C/ Jorge Juan, 6, 28001 Madrid, Spain
• Phone: +34 901 100 099 / +34 91 266 35 17

8. Data security

The controller has implemented appropriate technical and organisational measures to ensure a level of security adequate to the risk of processing, in accordance with Article 32 GDPR. Among others: SSL/TLS encryption of the Website, access control to the content management system with strong passwords, periodic backups and training of staff with access to personal data.

9. Accuracy and truthfulness of data

The User is responsible for the truthfulness and accuracy of the data provided, as well as for notifying any changes. Any false or inaccurate statement made as a result of the information communicated, as well as any damages it may cause, shall be the User’s responsibility.

10. Amendments

The controller reserves the right to modify this Privacy Policy to adapt it to legislative or jurisprudential changes. In such cases, the changes will be announced on the Website with reasonable notice before their entry into force.

Last update: 12 May 2026.