Vatiómetro Privacy Policy

1. Introduction and Scope

This Privacy Policy governs the processing of personal data collected and managed by Vatiómetro, a digital marketplace specializing in renewable energies, owned by Aleix Pellicer Garcia, with NIF 47746319K and address at Avinguda Catalunya 69, 08811 Canyelles (Barcelona). The processing is carried out in accordance with current legislation on personal data protection, specifically Regulation (EU) 2016/679 (hereinafter, GDPR), Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights (LOPDGDD) and other applicable regulations.

This policy complements the Terms of Use of the Platform www.vatiometro.com (hereinafter, the "Platform") and applies to all persons who access, use, register or interact with the services offered, including clients, professionals and anonymous users.

By using our services, you accept this Privacy Policy. If you do not agree, you must refrain from using the Platform.

2. Identity of the Data Controller

The data controller for personal data collected through the Platform is:

Owner: Aleix Pellicer Garcia
NIF: 47746319K
Address: Avinguda Catalunya 69, 08811 Canyelles (Barcelona)
Contact Email: info@vatiometro.com

For any questions related to data protection, you can contact the Controller through the indicated email.

3. Key Definitions

For the purposes of this Privacy Policy, the following shall be understood:

User: Any natural or legal person who accesses, uses or registers on the Platform, whether as a client or professional.
Professional: Any installer, supplier or company registered on the Platform for commercial or technical purposes.
Client: Natural or legal person who uses the Platform to request quotes or consult information.
Personal Data: Any information that allows a natural person to be identified directly or indirectly.
Processing: Any operation performed on personal data such as collection, storage, modification, consultation, deletion or communication.

4. Principles Applicable to Data Processing

Vatiómetro is committed to processing personal data respecting the principles established in Article 5 of the GDPR:

Lawfulness, fairness and transparency: data will be processed lawfully, fairly and transparently for the data subject.
Purpose limitation: data will be collected for specified, explicit and legitimate purposes, and will not be further processed in a manner incompatible with those purposes.
Data minimization: only data strictly necessary in relation to the purposes of the processing will be collected.
Accuracy: reasonable steps will be taken to ensure that data is accurate and kept up to date.
Storage limitation: data will be kept for no longer than is necessary for the purposes of the processing.
Integrity and confidentiality: appropriate security of the data will be ensured through the adoption of appropriate technical and organizational measures.
Proactive responsibility: Vatiómetro will apply effective measures to demonstrate compliance with the GDPR.

5. Categories of Personal Data Collected

Vatiómetro may collect, store and process different categories of personal data depending on the relationship with the User. These categories include, among others:

5.1. Identification Data

Name and surname
ID card or equivalent identification document
Postal address
Email address
Phone number
Company name (in case of professionals)

5.2. Professional Contact Data

Trade name
Company CIF or NIF
Technical specialization or professional sector
Approximate geolocation (city and province)
Professional website and social networks, if provided

5.3. Browsing Data

IP address
Device identifiers
Connection logs
Operating system, browser and device type
Usage patterns, behavior and interactions within the Platform
User preferences and time spent

5.4. Economic or Financial Data

Only in specific cases and exclusively for billing or collection management purposes for professionals:

Bank details (account number or IBAN)
Tax address, ownership and company name
History of payments, collections or subscriptions

5.5. Data Contained in Forms

Information provided by the User when requesting quotes or advice
Description of the project or energy need
Optional photographs or installation plans
Comments or texts written by the User

5.6. Recordings and Communications

Call recordings if customer service telephone systems are enabled
Emails exchanged between the User and Vatiómetro
History of chats or forms sent from the website

5.7. Data Collected Automatically via Cookies

Vatiómetro may use its own and third-party cookies to obtain additional information about Users. This information may include:

Language preferences
Navigation paths within the site
Access frequency
Interaction with specific elements of the Platform

For more information, it is recommended to consult the Cookie Policy available on the website.

6. Purposes of Personal Data Processing

Vatiómetro processes the User's personal data for the following specific purposes:

6.1. Registration and User Account Management

Allow the creation, maintenance and administration of an account on the Platform
Identify the User within the digital environment
Recover passwords and manage account access

6.2. Intermediation between Users and Professionals

Manage quote requests sent by the User
Transmit such requests to registered professionals
Enable direct communication between clients and professionals

6.3. Provision of Professional Services through the Marketplace

Facilitate access to technical information and personalized recommendations
Manage the participation of professionals in visibility or promotion campaigns

6.4. Sending Communications

Send notifications related to the User's account
Send newsletters, news, technical articles or satisfaction surveys

6.5. Improving User Experience

Analyze browsing behavior on the Platform
Personalize content and offers according to the User's profile
Conduct statistical studies on website usage

6.6. Legal Compliance

Comply with legal, administrative or judicial requirements
Manage claims or incidents linked to the use of the Platform

6.7. Platform Security

Prevent fraud, abuse or unauthorized access
Detect anomalous or suspicious behavior

7. Legitimation of Processing

Vatiómetro bases the processing of personal data on different legal bases in accordance with the General Data Protection Regulation (GDPR):

7.1. Execution of a Contract

The processing of personal data is necessary for the management of requests made by the User and for the correct provision of the services offered on the Platform.

7.2. Explicit Consent

In certain cases, such as sending commercial communications, using certain cookies or publishing identified ratings, the User's express consent will be requested. This consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal.

7.3. Compliance with a Legal Obligation

Vatiómetro may process personal data when necessary to comply with tax, consumer protection, IT security regulations or to meet requirements from public or judicial authorities.

7.4. Legitimate Interest

In certain cases, processing is based on the legitimate interest of the Controller, such as in fraud prevention, internal administrative management or service security. In any case, it will be assessed that such interests do not override the fundamental rights and freedoms of the User.

8. Data Retention

Personal data will be kept only for the time strictly necessary to fulfill the purposes established in this Privacy Policy.

8.1. General Retention Criteria

While a contractual relationship exists between Vatiómetro and the User.
During the legal periods required to address possible liabilities arising from the processing.
Until the User revokes consent, in processing based on that legal basis.

8.2. Specific Indicative Periods

Contact and registration data: until the User requests their deletion.
Billing and economic transaction data: 6 years, in accordance with the Commercial Code.
Quote requests and internal communications: 5 years from the User's last interaction.
Data processed for commercial purposes: until the User withdraws their consent.

Once the retention periods have expired, data will be securely deleted or anonymized, unless they must be kept by legal obligation.

9. Communication and Transfer of Data to Third Parties

Vatiómetro does not sell, rent or transfer Users' personal data to third parties for commercial purposes. However, it may share certain data with third parties when necessary to:

Properly provide the services requested by the User.
Comply with legal obligations.
Or when the User has given their express consent.

Specifically, personal data may be communicated to the following entities or categories:

Registered Professionals: in the context of a quote request or contact initiated by the User.
Technology Providers: companies in charge of web hosting, email sending, cloud storage, web analytics or messaging.
Collaborating Entities: when participating in the organization, promotion or execution of services offered through Vatiómetro.
Public Administrations and Competent Authorities: in compliance with legal obligations, court orders or administrative requirements.

In all cases, Vatiómetro will require third-party data recipients to strictly comply with data protection regulations, including appropriate technical and organizational measures to ensure the confidentiality and integrity of the information.

10. Categories of Recipients

Depending on the purpose of the processing, personal data may be communicated to the following categories of recipients:

Courier or Logistics Companies: for the delivery of documentation or physical material if applicable.
Banking Entities: exclusively in case of economic operations related to professionals or subscriptions.
CRM and Customer Service System Providers: for the management of the commercial relationship and technical support.
Digital Marketing Companies: for sending newsletters or automated communications.
Web Analytics Platforms: to improve user experience through traffic and site usage analysis.

11. Data Processors

Vatiómetro may hire external providers to act as data processors of personal data on behalf of the Controller. These processors will only access data to comply with specific instructions and will not use them for their own purposes.

Among the services provided by these processors may be:

Web hosting companies.
Transactional email platforms.
Automation and user management tools.
Backup and IT security services.

Vatiómetro will sign with all of them the contracts required by Article 28 of the GDPR, guaranteeing that:

They will only process data according to documented instructions.
They will not use them for purposes other than those contracted.
They will implement appropriate security measures.
They will not subcontract without prior authorization.

12. International Data Transfers

Generally, Vatiómetro processes personal data within the European Economic Area (EEA). However, some technology providers may be located outside the EEA or use servers in third countries.

In these cases, Vatiómetro guarantees that:

Data will only be transferred to countries with an adequate level of protection recognized by the European Commission.
Standard contractual clauses approved by the European Commission or equivalent mechanisms will be applied.
Additional technical and organizational measures will be adopted to ensure a level of protection equivalent to that required by the GDPR.

Some providers that could involve international transfers include:

Web analytics platforms like Google Analytics.
Newsletter sending services like Mailchimp or Sendinblue.
Cloud solutions like Amazon Web Services, Google Cloud or Microsoft Azure.

The User may request information on the guarantees applied in case of international transfers by writing to info@vatiometro.com.

13. User Rights regarding Data Protection

In accordance with the GDPR and Organic Law 3/2018, Users have the following rights regarding the processing of their personal data:

13.1. Right of Access

Allows the User to obtain confirmation as to whether Vatiómetro is processing data concerning them, as well as access to related information.

13.2. Right of Rectification

The User may request the correction of inaccurate or incomplete data.

13.3. Right of Erasure (Right to be Forgotten)

The User may request the deletion of their personal data when they are no longer necessary for the purposes collected, when they withdraw their consent or when unlawful processing has occurred.

13.4. Right to Object

The User may object to the processing of their data for reasons related to their particular situation. Vatiómetro will stop processing the data, except for compelling legitimate grounds or for the exercise or defense of claims.

13.5. Right to Restriction of Processing

Allows the User to request the suspension of the processing of their data in certain circumstances, such as when its accuracy is contested or the lawfulness of the processing is examined.

13.6. Right to Data Portability

Consists of the User's right to receive their personal data in a structured, commonly used and machine-readable format, and to transmit them to another controller.

13.7. Right not to be subject to automated decisions

Vatiómetro does not make automated decisions with legal effects for the User. In case of implementing automated processes in the future, the right to human intervention, to express the User's point of view and to contest the decision will be guaranteed.

14. Exercise of Rights

The User may exercise any of the rights described above free of charge and at any time. To do so, they must send an express request along with a copy of their identity document by any of the following means:

Email: info@vatiometro.com
Postal Mail: Avinguda Catalunya 69, 08811 Canyelles (Barcelona)

The request must contain:

Name and surname of the interested party.
Specific request motivating the exercise of the right.
Address or email address for notification purposes.
Copy of ID card or equivalent document proving identity.

Vatiómetro will respond within a maximum period of one (1) month from receipt of the request. This period may be extended by another two (2) additional months in case of particularly complex requests, notifying the User in advance of such extension and the reasons for it.

15. Claims before the Supervisory Authority

If the User considers that any of their rights regarding data protection have been violated, they may file a claim with the Spanish Data Protection Agency (AEPD) through the following channels:

Electronic Headquarters: www.aepd.es
Address: Calle Jorge Juan, 6 – 28001 Madrid
Phone: 900 293 183

Before filing the claim, it is recommended to contact Vatiómetro beforehand to try to resolve the issue amicably.

16. Security Measures Applied

Vatiómetro adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risks arising from the processing of personal data. These measures include:

Encryption of communications using HTTPS/TLS protocols.
Robust authentication in access to user accounts and internal systems.
Restriction of access to data only to authorized personnel.
Use of firewalls, intrusion detection systems and anti-malware measures.
Periodic backups and secure storage on protected servers.
Internal incident management policies and staff training on privacy and security best practices.

Vatiómetro regularly reviews and updates its security policies and measures to adapt to technological advances and new risks that may arise.

17. Principle of Proactive Responsibility

In application of Article 24 of the GDPR, Vatiómetro adopts a proactive approach in all its activities related to the processing of personal data. This implies:

Prior assessment of the risks of each personal data processing.
Implementing internal policies that ensure compliance with the GDPR at all levels of the organization.
Documenting relevant decisions related to privacy and security.
Training staff with access to data on legal obligations and best practices in data protection.

18. Data Protection Impact Assessment (DPIA)

In cases where processing may pose a high risk to the rights and freedoms of data subjects, Vatiómetro will carry out a Data Protection Impact Assessment (DPIA), as established in Article 35 of the GDPR.

This assessment will include:

A systematic description of the envisaged processing operations.
An assessment of the necessity and proportionality of the processing.
An analysis of the potential risks to data subjects.
The measures envisaged to mitigate such risks and ensure compliance with the GDPR.

If after the DPIA a high unmitigated risk is detected, Vatiómetro will consult the Spanish Data Protection Agency before starting the processing.

19. Record of Processing Activities

Vatiómetro maintains an updated Record of Processing Activities in accordance with Article 30 of the GDPR. This document reflects in detail all personal data processing carried out under its responsibility.

The record contains the following information:

Name and contact details of the data controller.
Purposes of the processing.
Categories of data subjects and types of data processed.
Categories of recipients to whom data is disclosed.
International data transfers, if any.
Envisaged deadlines for the deletion of different categories of data.
General description of the technical and organizational security measures applied.

This record may be made available to the supervisory authority if required in the exercise of its functions.

20. Use of Cookies on the Platform

Vatiómetro uses cookies and similar technologies (such as pixels, SDKs or local storage) to recognize the User, analyze their behavior, improve the services provided, personalize the experience and show adapted advertising.

When accessing the Platform for the first time, an information banner and a configuration tool will be displayed where the User can manage their preferences.

In compliance with Article 22.2 of Law 34/2002 on Information Society Services (LSSI), Vatiómetro will request the User's consent for the installation of cookies that are not strictly necessary for the functioning of the site.

21. Types of Cookies Used

Depending on their purpose, Vatiómetro may use the following categories of cookies:

Technical or Necessary Cookies: Allow basic navigation, authentication and site security. Do not require consent.
Preference or Personalization Cookies: Store information so that the User accesses with certain characteristics, such as chosen language or region.
Analysis or Measurement Cookies: Allow quantifying the number of users and performing statistical measurements on site usage. Used, for example, with Google Analytics.
Behavioral Advertising Cookies: Collect information on User behavior to show advertising adjusted to their interests.

Depending on their duration, cookies can be:

Session Cookies: Automatically deleted when closing the browser.
Persistent Cookies: Remain stored until they expire or the User manually deletes them.

Depending on their origin, they can be classified as:

Own Cookies: Generated directly by the domain vatiometro.com.
Third-Party Cookies: Installed by different domains, such as Google, Meta, Hotjar or other providers.

22. Cookie Management Tool

Vatiómetro makes available to the User a configuration tool accessible from the footer of the website. Through it, they can:

Consult detailed information on each type of cookie.
Accept or reject non-essential cookies.
Modify their consent at any time.

23. How to Disable Cookies from the Browser

In addition to using the site configuration tool, the User can block or delete cookies by modifying their browser settings. Below are the usual paths:

Google Chrome: Settings → Privacy and security → Cookies and other site data.
Mozilla Firefox: Preferences → Privacy & Security → Cookies and Site Data.
Safari: Preferences → Privacy → Manage Website Data.
Microsoft Edge: Settings → Cookies and site permissions.

Disabling cookies may affect some functionalities of the website.

24. Processing of Data Derived from Browsing

Vatiómetro may automatically collect certain technical information during User navigation on the website, including:

IP address and Internet Service Provider.
Device type, operating system and browser used.
Pages visited, time spent and actions taken.
Referrer URL or site from which accessed.

These data are used for statistical, security and browsing experience improvement purposes, and are kept only for the time strictly necessary.

25. Commercial and Promotional Communications

Vatiómetro may send the User informative or commercial communications related to its services, provided there is a legitimate basis for doing so.

The legal bases allowing the sending of these communications are:

Express Consent: When the User has granted it by checking the corresponding box in contact, registration or subscription forms.
Legitimate Interest: In case there is a prior contractual relationship with the User, and provided the communications are related to similar products or services.

In all cases, the User may object or unsubscribe easily through the link included in each message or by writing to info@vatiometro.com.

26. Consent for Commercial Purposes

Vatiómetro will request the User's consent to:

Receive newsletters.
Access exclusive promotions or personalized discounts.
Participate in satisfaction surveys or market studies.
Receive commercial information from third-party collaborators in the energy sector.

Consent may be withdrawn at any time, without retroactive effect, without affecting the lawfulness of processing prior to its withdrawal.

27. Commercial Profiling

Vatiómetro may create User profiles based on their browsing behavior, preferences, previous requests or interaction history with the Platform, for the following purposes:

Offer personalized recommendations.
Show ads or content adjusted to their interests.
Segment users into homogeneous groups for commercial purposes.

In no case will automated decisions producing significant legal effects for the User be made without human intervention. The User may object to this processing at any time by writing to info@vatiometro.com.

28. Technologies Used in Commercial Segmentation

For profiling and commercial segmentation, Vatiómetro may use:

Tracking cookies and remarketing pixels.
CRM platforms (Customer Relationship Management).
Advertising tools like Google Ads or Meta Ads.

All these processing activities will be carried out in accordance with the privacy preferences indicated by the User and under the principles of the GDPR and LOPDGDD.

29. International Data Transfers

Vatiómetro informs that, in certain circumstances, it may carry out international data transfers outside the European Economic Area (EEA), especially when:

Technology services from providers located in third countries are used.
Data is stored on servers outside the European Union.
Analytical, advertising or CRM platforms with headquarters outside the EU are used.

In all cases, compliance with Articles 44 to 50 of the GDPR will be guaranteed through:

Adequacy decisions issued by the European Commission.
Standard Contractual Clauses (SCC) approved by the Commission.
Binding Corporate Rules (BCR).
Explicit consent of the User previously informed.

30. Service Providers with Access to Data

Vatiómetro may rely on external providers who, to provide their services, need access to personal data. These providers include:

Hosting and web hosting companies.
Email sending platforms (such as Mailchimp or Sendinblue).
Customer management solutions (CRM).
Technical maintenance or IT development services.
Web analytics and advertising management companies (such as Google or Meta).

Vatiómetro formalizes data processing agreements with all these providers in accordance with Article 28 of the GDPR and guarantees that:

They will only process data according to documented instructions.
They will apply appropriate security measures.
They will not subcontract without prior consent.
They will collaborate in the exercise of Users' rights and in audits.

31. Guarantees Applied to External Processing

Before authorizing access to personal data to third parties, Vatiómetro rigorously evaluates its providers through:

Assessment of the security level offered.
Review of certifications (ISO 27001, SOC 2, etc.).
Verification of compliance with the GDPR.
Contracting clear and verifiable contractual clauses.

If the provider is located outside the EEA and there is no adequacy decision, Vatiómetro will apply additional measures such as encryption or pseudonymization prior to transfer.

32. Rights Recognized by Regulations

Vatiómetro Users have the right to:

Access their personal data.
Rectify them if inaccurate.
Request their deletion when no longer necessary.
Object to their processing for personal reasons.
Limit processing in certain circumstances.
Request the portability of their data to another controller.
Not be subject to automated decisions without human intervention.

33. Exercise of Rights

Users may exercise their rights by sending a request with a copy of their identity document to:

Email: info@vatiometro.com
Postal Address: Avinguda Catalunya 69, 08811 Canyelles (Barcelona)

Vatiómetro will respond within a maximum period of one month, extendable to two more months in case of complex requests. The User will be duly informed if a delay occurs.

34. Right to File a Claim with the Supervisory Authority

In case the User considers their rights violated, they may file a claim with the Spanish Data Protection Agency:

Electronic Headquarters: www.aepd.es
Address: Calle Jorge Juan, 6 – 28001 Madrid
Phone: 900 293 183

It is recommended, however, to contact Vatiómetro beforehand to try to resolve the incident amicably.

35. Security and Confidentiality Measures

Vatiómetro adopts measures to prevent unauthorized access, loss, destruction or accidental alteration of personal data. These measures include:

Encryption protocols and secure connection (HTTPS/TLS).
Role-based access controls.
Firewalls and intrusion detection systems.
Periodic security audits.
Automatic backups and disaster recovery measures.

All Vatiómetro staff are subject to confidentiality obligations and receive continuous training in data protection.

36. Data Retention

Vatiómetro will keep personal data only for the time necessary to fulfill the purposes for which they were collected. Subsequently, data will be kept blocked when there is a legal obligation for retention.

Registered Users: While the account is active or until its deletion is requested.
Quote Requests: Up to 12 months from the last interaction.
Commercial Communications: Until revocation of consent.
Cookies and Browsing: As indicated in the Cookie Policy.

Once these periods have expired, data will be securely deleted or anonymized.

37. Modifications to the Privacy Policy

Vatiómetro reserves the right to modify this Privacy Policy to adapt it to legislative, jurisprudential or technical changes. In case of significant changes, Users will be notified via:

Visible notifications on the Platform.
Informative emails.
Update of the "Last Revision" date.

The User is recommended to review this Policy periodically.

38. Final Provisions

This Privacy Policy forms an integral part of the Vatiómetro Terms of Use. In case of conflict between both texts, what is provided in this Policy regarding personal data processing shall prevail.

Use of the Platform implies express acceptance of this Policy by the User. If you do not agree with any of its terms, you must refrain from using the services offered.

For any questions related to this Policy, you can contact the data controller:

Email: info@vatiometro.com
Address: Avinguda Catalunya 69, 08811 Canyelles (Barcelona)