Privacy Policy
At Quokka, we are committed to protecting your personal data and processing it in a responsible, transparent and secure manner. Below, we clearly explain how we collect, use, store and protect your personal information when you browse our website, contact us, register or make a purchase.
1. Controller 2. Purposes 3. Legal basis 4. Retention 5. Recipients 6. Rights 7. Security 8. Cookies 9. Changes 10. DPO
1. Data Controller
In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation “GDPR”) and the applicable Spanish data protection regulations, we inform you that the data controller of the personal data collected through this website is:
Company
STOR, S.L.
Tax ID (CIF)
B28256873
Address
Paseo General Martínez Campos, nº 53, 28010, Madrid, Spain
Email
info@byquokka.com
Phone
+34 911 213 450
Registered in the Madrid Commercial Registry, Volume 2966, Page 62, Sheet M-50861.
2. Purposes of processing
Your personal data may be processed for the following purposes, depending on your relationship with us and your use of the website:
- Manage the purchase of products and the contractual relationship with customers.
- Process payments, issue invoices and organize the preparation and shipment of orders.
- Manage your user account and order history.
- Handle inquiries, information requests, incidents, suggestions, complaints or claims.
- Send commercial communications, promotions, updates or newsletters, provided you have given your prior consent. In case of subscription to commercial communications, a double verification system (double opt-in) may be applied to ensure the validity of consent.
- Carry out statistical analysis and website usage analysis to improve navigation, user experience, performance and service quality.
- Prevent fraud, misuse of the website or security-related incidents.
- Manage recruitment processes if you send us your CV or professional information.
- Comply with applicable legal, tax, accounting, commercial or consumer obligations.
3. Legal basis of processing
We process your personal data based on one or more of the following legal grounds:
- Performance of a contract: when processing is necessary to manage your orders, provide the requested services, process payments, manage shipments or address aspects related to the contractual relationship.
- Compliance with legal obligations: when processing is necessary to comply with tax, accounting, commercial, consumer or any other applicable legal requirements.
- User consent: when you explicitly authorize us to send commercial communications, use non-essential cookies or process your data for specific purposes.
- Legitimate interest: to respond to inquiries, prevent fraud, enhance website security, improve our services and optimize user experience.
If processing is based on legitimate interest, you may request additional information about the balancing test carried out by writing to info@byquokka.com.
4. Data retention
We will retain your personal data only for as long as necessary to fulfill the purpose for which it was collected and, subsequently, for the legally required periods to address possible liabilities.
- Purchase, order and invoicing data: for the periods required by tax regulations (5 years under the General Tax Law) and commercial regulations (6 years under the Commercial Code).
- Customer account data: while your account remains active or until you request its deletion.
- Data processed for commercial purposes: until you withdraw your consent or unsubscribe.
- Data related to inquiries or contact requests: for the time necessary for their management, follow-up and resolution.
- Recruitment data: for the time necessary to evaluate your application and, where appropriate, for the legal or reasonable period associated with the selection process.
5. Data recipients
Your data may be communicated to third parties only when necessary for the proper provision of our services, the execution of the contractual relationship or compliance with legal obligations.
- Transport and logistics companies responsible for delivering orders.
- Financial institutions, banks or payment service providers when necessary to process transactions.
- Technology and service providers such as web hosting, email, technical support, web analytics or tools related to business operations.
- Public administrations, official bodies, judges, courts or competent authorities when there is a legal obligation.
Some of these providers may be located outside the European Economic Area. In such cases, international data transfers will be carried out with appropriate safeguards required by applicable regulations, such as standard contractual clauses or other legally valid mechanisms under the GDPR.
6. User rights
- Access: to know what personal data we are processing about you.
- Rectification: to request the correction of inaccurate or incomplete data.
- Erasure: to request deletion of your data when it is no longer necessary or when legally applicable.
- Restriction of processing: to request limitation of processing in certain cases.
- Objection: to object to the processing of your data when legally applicable.
- Portability: to receive your data or request its transfer to another controller in a structured, commonly used and machine-readable format.
- Not to be subject to automated decision-making: including profiling, when applicable under Article 22 of the GDPR.
To exercise any of these rights, you can write to us at info@byquokka.com, indicating the right you wish to exercise and providing the necessary information to verify your identity.
You also have the right to file a complaint with the competent supervisory authority, in particular the Spanish Data Protection Agency, if you consider that the processing of your data does not comply with current regulations.
7. Data security
We apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in order to protect your personal data against unauthorized access, alteration, loss, destruction or any improper processing.
Among other measures, we may apply encryption during data transmission, access controls, backup systems, technical monitoring measures and internal procedures aimed at protecting the confidentiality, integrity and availability of data.
In the event of a personal data breach, actions will be taken in accordance with applicable regulations, including, where appropriate, notification to the competent supervisory authority within a maximum period of 72 hours and, where legally required, communication to affected users when there is a high risk to their rights and freedoms.
8. Cookies
This website uses its own and third-party cookies for technical, analytical and, where applicable, advertising or personalization purposes. You can consult detailed information about the cookies used, their purpose, duration and how to manage them in our corresponding Cookies Policy.
9. Changes to this policy
We reserve the right to modify this Privacy Policy to adapt it to legislative, jurisprudential, technical or website operation changes. Any relevant changes will be published on this same page so that you can consult them at any time.
10. Data Protection Officer
STOR, S.L. is not required to appoint a Data Protection Officer in accordance with Article 37 of the General Data Protection Regulation, given the nature of its activity and the data processing carried out at present.
