This is the data protection policy of Swite Duo, referring to the data of individuals with whom it interacts within the scope of its activities. The processing is carried out in compliance with the Spanish law, specifically the Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y Garantía de los Derechos Digitales (Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights).

Who is responsible for the processing of personal data?

The controller of personal data processing is Swite Duo, with address in Navàs, postal code 08670, province of Barcelona, and email

On what criteria do we process personal data?

In processing data, we fully adhere to the principles of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights and the General Data Protection Regulation.

  1. We process them lawfully (only when we have a legal basis that permits it and with transparency towards the data subject).
  2. We use them for specific, explicit, and legitimate purposes explained at the time of obtaining them. Subsequently, we do not process them in a manner incompatible with those purposes.
  3. We only process data that is adequate, relevant, and limited to what is necessary for each case and purpose.
  4. We strive to keep the data up-to-date.
  5. We retain them for the necessary time, in accordance with the regulations governing information retention.
  6. We apply appropriate technical or organizational measures to prevent unauthorized or unlawful processing, or its loss, destruction, or accidental damage.

Who is the Data Protection Officer?

The Data Protection Officer (DPO) is the person overseeing compliance with Swite Duo's data protection policy and ensuring the proper processing of personal data and protection of individuals' rights. Among their duties is addressing any doubts, suggestions, complaints, or claims raised by individuals whose data are processed. The Data Protection Officer can be contacted by phone or by sending a letter to our postal address or a direct message to the email address

For what purposes do we process data and to whom do we disclose it?

Swite Duo processes personal data primarily to manage contracts and successfully carry out the contractual relationship, send you information and newsletters about our products, services, and promotions, and develop business relationships with our suppliers. Below are the main purposes.

  1. Contact. We respond to inquiries from people using the contact forms on our website. The data is used solely for this purpose and is not disclosed to others.
  2. Information about activities and services. With the explicit authorization of each person, we use the contact data provided to inform them of our initiatives, services, or activities. We do this through different channels depending on the authorization granted by each person. The data is not disclosed to others without their consent.
  3. Management of our suppliers' data. We register and process the data of suppliers providing us with services or goods. This may include data of individuals acting as freelancers and data of representatives of legal entities. We obtain only the necessary data to maintain the commercial relationship and use it solely for this purpose. In compliance with our legal obligations (tax regulations), we disclose data to the tax authorities.
  4. Users of our website. The browsing system and software that enables our website's operation collect data typically generated in the use of Internet protocols. This data includes, among others, the IP address or domain name of the computer used by the person connecting to the website. This information is not associated with specific users and is used exclusively to obtain statistical information about website usage. Our website uses cookies, which facilitate navigation and provide us with information about our users and their interests (more information about the cookie policy).

What is the legal basis for data processing?

The data processing we carry out has different legal bases, depending on the nature of each treatment.

  1. Contractual relationship fulfillment. The processing occurs within the framework of relationships with our clients and suppliers, and all actions and uses of data resulting from these business relationships.
  2. Based on consent. When we send information about our initiatives, services, or activities, we process the contact data of recipients with their explicit authorization or consent. We also obtain, with consent, browsing data from the person visiting our website, a consent that can be revoked at any time by disabling cookies.
  3. Fulfillment of legal obligations. Data processing in the context of administrative procedures is carried out in accordance with the regulations governing each procedure. It is done to comply with legal obligations.

How long do we retain the data?

The data retention period is determined by various factors, but the main one is that the data remains necessary to fulfill the purposes that led to their collection in each case. Second, they are kept to address potential responsibilities related to the processing of data by Swite Duo and to respond to any requests from public administrations or judicial bodies.

Therefore, the data will be retained for the time necessary to preserve its legal or informative value or to demonstrate compliance with legal obligations, but not for a period longer than necessary according to the purposes of the processing.

In certain cases, such as data in accounting documentation and billing, tax regulations require keeping them until the responsibilities in this matter are prescribed.

In the case of data processed solely based on the consent of the data subject, it is kept until the person revokes that consent.

What rights do individuals have regarding the data we process?

As provided by the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, individuals whose data are processed have the following rights:

  1. To know if they are being processed. Any person has the right to know if we process their data, regardless of whether there has been a previous relationship.
  2. To be informed at collection. When personal data is obtained from the data subject, they must be clearly informed at the time of providing them about the purposes for which they will be used, who will be responsible for processing, and the main aspects derived from such processing.
  3. Right to access. A very broad right, including the right to know precisely what personal data are being processed, the purpose for which they are processed, their disclosure to other people (if applicable), or the right to obtain a copy or know the expected retention period.
  4. Right to request deletion. Under certain circumstances, there is the right to request the deletion of data when, among other reasons, they are no longer necessary for the purposes that motivated their collection and justified processing.
  5. Right to request restriction of processing. Also, in certain circumstances, the right to request restriction of data processing is recognized. In this case, they will no longer be processed and will only be retained for the exercise or defense of claims.
  6. Right to portability. In cases provided for in the regulations, the right to obtain personal data in a structured, commonly used, machine-readable format, and to transmit them to another data controller if the data subject decides so.
  7. Right to object to processing. A person can invoke reasons related to their particular situation, reasons that will cause their data to stop being processed to the extent or extent that it may cause harm to them, except for legitimate reasons or for the exercise or defense against claims.
  8. Right not to receive information. We immediately address requests to no longer receive information about our activities and services when such shipments were based solely on the consent of the person receiving them.

How can rights be exercised or defended?

The rights we have just listed can be exercised by submitting a request to Swite Duo, specifically to the postal address or other contact channels indicated in the heading.

In case of not obtaining a satisfactory response in the exercise of rights, it is possible to file a complaint with the Catalan Data Protection Authority, through the forms or other channels accessible from its website.

In all cases, whether to file complaints, request clarifications, or make suggestions, it is possible to contact the Data Protection Officer by sending an email to the address

Collection of personal data

Swite Duo may collect your data through the contact form.

In accordance with the provisions of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, we inform you that the personal data you communicate to us through the contact form will be included in the processing activities record, whose controller is Swite Duo, for the purpose of providing you with a correct provision of services and carrying out internal administrative and organizational processes, as well as addressing your requests and/or queries, so they will be subject to professional secrecy.

When you contact us via the contact form, you give your consent to Swite Duo to electronically store and process your personal data, as well as the data of third parties you provide us, in an automated file. Your data will be processed solely for the exclusive purpose of managing your inquiry. The data requested when making any inquiry via the contact form will be: name, surname, and email address.

In addition to the contact details you provide us, Swite Duo will also store data required by law, such as payment and billing data.

Swite Duo undertakes to comply with all necessary technical and organizational measures to ensure the security of personal data, preventing its alteration, loss, processing, or unauthorized access.

The exercise of the rights of cancellation, rectification, opposition, and access to data will be carried out in writing as established by the General Data Protection Regulation and Digital Rights Guarantee in the email address