Left Right

Privacy Policy

Last updated: [25/02/2026]

This Privacy Policy describes how the personal data of users accessing and using the website http://www.pulpure.com (the “Website”) is collected, processed and protected.

By using the Website, you acknowledge that you have read and understood this Privacy Policy.

1. Data Controller

  • Controller: SOLUCIONS DE TERMOFORMACIÓ DE POLPA, S.L. (hereinafter, “Pulpure”)
  • Tax ID (NIF/CIF): B55719132
  • Registered office: C/ TRAMUNTANA, 22-24, POLINYÀ, 08213, BARCELONA, Spain
  • Email: info@pulpure.com
  • Telephone: +34 877 449 554
  • Website: www.pulpure.com

2. Categories of Data Processed

We may process the following categories of personal data:

  • Identity data: first name, last name, identity document, username/alias.
  • Contact data: email address, telephone number, postal address, country.
  • Account data: credentials (hashed), settings, preferences, activity history.
  • Communications data: content of enquiries, support requests, complaints, surveys.
  • Special categories of data: we do not request special categories of personal data. Please refrain from providing such data unless strictly necessary and supported by an appropriate legal basis.

Sources of Data

  • Directly from the data subject via forms, registrations, contractual arrangements, support services or communications.

3. Purposes and Legal Bases for Processing

The legal terms on which we process users’ personal data depend on the purpose for which Pulpure processes them:

  • User consent: To send communications and newsletters where required.
  • Performance of a contract or pre-contractual measures: Management of services or enquiries requested by the user.
  • Compliance with legal obligations: To comply with the legal obligations applicable to our activity.
  • Legitimate interest: To improve our services and ensure the security of the Website.

Accordingly, Pulpure processes personal data for the following purposes and under the corresponding legal bases:

  • Provision of Services and Website Management
    • Purpose: to enable browsing, user registration, technical maintenance, customer service, and performance of orders/services.
    • Legal basis: performance of a contract or pre-contractual measures; legitimate interest in maintaining and securing the service; compliance with legal obligations.
  • Handling Enquiries and Support
    • Purpose: to respond to requests, incidents and complaints.
    • Legal basis: performance of a contract or legitimate interest in providing efficient assistance.
  • Invoicing, Accounting and Legal Compliance
    • Purpose: invoicing, bookkeeping, compliance with tax, commercial and consumer law obligations.
    • Legal basis: compliance with a legal obligation.
  • Security and Fraud Prevention
    • Purpose: monitoring, detecting and mitigating unauthorised access, cyberattacks, misuse and fraud.
    • Legal basis: legitimate interest; where applicable, compliance with legal obligations.
  • Commercial Communications and Newsletters
    • Purpose: sending commercial information, updates and offers relating to our services or related third-party services.
    • Legal basis: consent; where applicable, legitimate interest in respect of existing customers pursuant to Law 34/2002 (LSSI), with the right to opt out in each communication.
  • Basic Personalisation and Analytics
    • Purpose: measuring Website usage, improving functionalities and user experience, audience segmentation and content/offers personalisation.
    • Legal basis: consent obtained through the cookie banner/manager; legitimate interest where applicable following a balancing test and with appropriate opt-out mechanisms.

Where processing is based on consent, such consent may be withdrawn at any time without retroactive effect.

4. Automated Decisions and Profiling

We do not adopt decisions producing legal effects or similarly significant effects based solely on automated processing without human intervention, unless expressly informed, supported by an appropriate legal basis and subject to applicable safeguards and rights.

We may carry out profiling for analytical or non-intrusive personalisation purposes. You may object at any time to processing based on legitimate interest and withdraw consent where processing is based on consent.

5. Data Retention Periods

Personal data shall be retained:

  • During the contractual relationship/service and for the period necessary to address any resulting liabilities.
  • Accounting and invoicing records: at least six (6) years pursuant to commercial and tax regulations.
  • Commercial communications data: until consent is withdrawn or objection is raised.
  • Technical/security logs: between six (6) and twenty-four (24) months, unless incidents require longer retention.

Upon expiry of the applicable retention periods, data shall be blocked and retained solely for the purpose of addressing potential liabilities during statutory limitation periods, and subsequently securely erased.

6. Recipients and Data Processors

Personal data may be disclosed to:

  • Public administrations and authorities where required by law.
  • Service providers acting as data processors under contractual arrangements, including:
    • Hosting/cloud service providers.
    • Communication and CRM tools.
    • Analytics and A/B testing providers.
    • Technical support and cybersecurity providers and logistics partners.

Personal data shall not be transferred to third parties for their own purposes without prior consent, except where required by law or justified by a duly informed legitimate interest.

7. Data Subject Rights

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to object (including objection to marketing communications)
  • Right to restriction of processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right not to be subject to automated individual decision-making, including profiling, under the terms of the GDPR

Requests may be submitted to info@pulpure.com or by post to the registered office address, specifying the right exercised and providing proof of identity where necessary. Representatives must provide appropriate authorisation.

You also have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) at www.aepd.es, without prejudice to any other competent supervisory authority.

8. Minors

We do not knowingly collect personal data from children under 14 years of age in relation to information society services without parental or guardian consent. If such data is detected without valid consent, it will be reasonably deleted.

9. Information Security

We implement appropriate technical and organisational measures to ensure confidentiality, integrity, availability and resilience, including:

  • Encryption (TLS)
  • Access controls
  • Data minimisation
  • Pseudonymisation where feasible
  • Backup systems
  • Business continuity plans
  • Confidentiality agreements and staff training

No system is entirely secure; however, we will diligently mitigate incidents and notify them where required under the GDPR.

10. Cookies

Our Website does not use cookies or other tracking technologies that collect users’ personal information without their consent. Should the implementation of cookies be introduced in the future, users will be duly informed and their consent will be obtained in accordance with the applicable legal framework.

11. Social Media and Communications

  • Interactions via social media platforms are governed by this Privacy Policy and the respective platform’s privacy policy.
  • Commercial communications may be unsubscribed from via the link included in each communication or by contacting info@pulpure.com.

12. Forms, Registration and Authentication

  • Contact/support forms: data is processed for the purpose of managing requests and duly retained for the necessary period.
  • Account registration: registration data is processed to create and maintain user accounts. Users are responsible for safeguarding credentials. Security verification measures (e.g., 2FA) may be implemented.

13. Processors, Joint Controllers and Supply Chain

  • Data processors operate under written agreements in compliance with Article 28 of the General Data Protection Regulation.
  • Where joint controllership applies, the essential aspects of the arrangement pursuant to Article 26 GDPR shall be made available.

14. Amendments

This Policy may be updated to reflect legal, technical or operational changes. Substantial amendments will be duly notified. The applicable version shall be the one published with the “Last updated” date.

15. Contact

  • Email: info@pulpure.com
  • Postal address: C/ TRAMUNTANA, 22-24, POLINYÀ, 08213, BARCELONA, Spain

This Privacy Policy is primarily governed by Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 (LOPDGDD) and Law 34/2002 (LSSI).