Website policies

Privacy policy

Download Privacy policy

1. Introduction

2. Scope of application of the Policy

3. Commitment to privacy

4. Purposes of the processing

5. Source of the data

6. Legitimate basis for the processing of your personal data

7. Sending commercial notifications

8. Automated decisions and the creation of profiles

9. Sharing of Information

10. Duration of the processing and data retention period

11. Exercising of rights and claims with the Data Protection Authority

12. Tracking Technology Choices

13. Your California Privacy Rights.

14. Children

15. Confidentiality and Security in the processing of data

16. Social networks

17. International Transfers

As a general rule, TOUS tries to keep your personal data within the European Union (EU) or the European Economic Area (EEA). However, on an exceptional basis, TOUS may need to provide them to other companies in the Group or to service providers located in other countries, either by necessity to provide the requested service, or to be able to offer you the service with the highest quality standards.

When the data need to be transferred to a third party in the context of a commercial relationship or corporate transaction (including mergers and acquisitions, among others), the companies that could receive your information are the suppliers, subsidiaries or franchisees, or, where appropriate, potential purchasers and advisers (legal, accounting or financial, among others) involved. TOUS will only communicate your personal data to those third parties to the extent that this communication is necessary for the execution of the services or to evaluate or complete the relationship or transaction.

In these situations, TOUS applies necessary measures and controls designed to protect the processing of your personal data, such as:

  1. Communication to countries that, despite not being part of the EU or the EEA, have been considered by the European Commission as countries that have data protection regulations that guarantee a level of security similar to that applicable in Europe.

  2. Existence of contractual clauses of the type approved by the European Commission: to ensure that companies in third countries that are not part of the EU or the EEA comply with a similar level of protection. TOUS will sign these agreements as long as there is no equivalent alternative that guarantees the protection of your personal data.

  3. Definition of binding corporate rules (BCRs) approved by the companies, which are reviewed and approved by control authorities, with the aim of ensuring that the company, in any country, to whom we provide your data complies with an adequate level of protection.

  4. In certain cases, the company to which TOUS provides the data may have Data Protection Certificates that guarantee the correct use of your data in accordance with current regulations.

You can request information about these foregoing from the addresses indicated below.

18. Contact with TOUS

If you have any questions or concerns about the processing of your personal data, please contact us through:

(i) Email that must be sent to the address dataprotection@tous.com
(ii) Web contact forms
(ii) Post addressed to Carretera de Vic, El Guix 3, 08243 Manresa (Spain)
(iv) DPO contact details: dpo@tous.com