Thank you for visiting this website. 

Please read the terms set out in this document carefully, as use of this website implies your express and full acceptance of them in the version published at the time you access it. We recommend that you review this document each time you visit thewebsite to check whether any changes have been made to the terms of use. If you do not agree with such changes, you should discontinue using the website. If we believe that certain modifications are significant, we will update the “Last updated”date at the top of this page. You are responsible for reviewing and becoming familiar with any such changes. 

Laws applicable to this Privacy Policy 

This Privacy Policy has been adapted to the following regulations currently in force in Spain and Europe: 

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) 

• Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD) 

• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE) 

1. IDENTIFICATION

In compliance with the duty to provide information set out in Article 10 of Law 34/2002 of 11 July on Information Society Services and Electronic Commerce, and in accordance with current data protection legislation, in particular Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), which fully implements Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), we provide the followingdetails: 

Data Controller: START ONE ROCKET S.L. (hereinafter, THE COMPANY) 
Trade name: BEST FLAT INTERNATIONAL 
Tax ID (CIF): B87993788 

2. CONTACT

If you wish to contact us regarding any matter related to the processing of personal data, you may do so through the following channels: 

Phone: +34 659 77 68 83 
Email: gdpr@staronerocket.com 
Registered address: Calle Marqués de Lema 13, Bajo A, 28003 Madrid, Spain 
Website: https://www.bestflat.com/ 

All notifications and communications made through any of the means listed above shall be considered valid and effective for all purposes. 

We understand that the privacy and security of your personal information are extremely important. This policy explains what we do with your information, how we keep it secure, where and how we collect it, and the rights you have in relation to anypersonal information we hold about you. 

Principles applicable to the processing of personal data 

The processing of the user’s personal data is subject to the principles set out in Article 5 of the GDPR and in Organic Law 3/2018, including: 

• Lawfulness, fairness and transparency: personal data will only be processed with the user’s consent or on another valid legal basis, and users will be informed clearly of the purposes of the processing. 

• Purpose limitation: personal data will be collected for specified, explicit and legitimate purposes. 

• Data minimisation: only the personal data strictly necessary for the relevant purposes will be collected. 

• Accuracy: personal data must be accurate and kept up to date. 

• Storage limitation: personal data will only be kept for as long as necessary for the purposes of the processing. 

• Integrity and confidentiality: personal data will be processed in a manner that ensures appropriate security and confidentiality. 

• Accountability: THE COMPANY is responsible for ensuring compliance with all of the above principles. 

Measures taken to protect the confidentiality, integrity and security of your data 

We have taken a number of steps to protect your personal data, including: 

• requesting only the minimum information necessary for each purpose; 

• entering into confidentiality agreements with suppliers, staff and collaborators; 

• relying on specialist legal advice to ensure ongoing compliance with applicable regulations; 

• implementing technical and organisational security measures to protect against external attacks; 

• reviewing our internal documentation and procedures to ensure compliance with data protection laws; 

• assessing the impact of our procedures on the protection of personal data; and 

• training our staff so that they act diligently and ethically in compliance with applicable data protection requirements. 

Legal bases for the collection and use of information 

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the type of data concerned and the context in which it is collected. 

In most cases, our processing activities are based on: 

1. the performance of a contract; 

1. one or more legitimate interests of THE COMPANY or a third party, provided these are not overridden by your data protection interests or fundamental rights and freedoms; or 

1. your consent. 

In certain cases, we may also process your personal data where we are under a legal obligation to do so or where processing is necessary to protect your vital interests or those of another person. 

Processing of personal data 

Below we explain how we collect, use, disclose, transfer and store your information. This Privacy Policy applies to personal information collected through our website. We recommend reviewing this Privacy Policy regularly in case it is updated

All users may access our website and view its content without having to provide personal information. Your personal data will only be collected when you voluntarily complete one of our forms. 

In such cases, the user guarantees that the information provided is authentic, accurate and truthful, and undertakes to keep their personal data updated at all times so that it reflects their actual situation. The user shall be solely responsible for anyfalse or inaccurate statements and for any damage that may result from them. 

By using these communication channels, you expressly agree to receive communications from THE COMPANY where appropriate. THE COMPANY will keep personal data received through the website strictly confidential and will adopt the necessarytechnical measures to prevent alteration, loss, misuse or unauthorised access. 

We also inform you that all data provided through electronic forms and/or email is strictly necessary to identify the sender correctly. This information will be processed confidentially and solely for the purpose of managing information requests, contracting our services and products, and for the purposes described below. 

The consent given for the processing and, where applicable, transfer of personal data may be withdrawn at any time by contacting gdpr@staronerocket.com, under the terms set out in this policy. Such withdrawal will not have retroactive effect. 

How we use your data 

We may use your personal data in the following ways: the information you provide may help us make decisions, respond to requests, improve services, identify new needs, develop promotions, understand your expectations and provide you with a better service. 

We may also use your data for the following purposes: 

To process your order and provide products and services 

• To process orders for products or services you have purchased from us and keep you informed of their status 

• To provide the relevant product or service 

Billing and customer service 

• To invoice or charge you for the use of our products and services 

• To contact you if the billing information you have provided is outdated, about to expire, or if we are unable to process payment 

• To answer any questions or concerns you may have about our products or services 

Service communications 

• To contact you with important information relating to the products and services you have with us 

Other purposes 

Specific purpose: If you provide your personal data for a specific purpose, we will use it in relation to that purpose. For example, if you contact us by email, we will use the personal data you provide to respond to your question or solve the issue raised, and we will reply to the email address from which the message was sent. 

Internal purposes: We may use your personal data for internal purposes such as improving the content and functionality of our services, understanding our customers’ needs, improving services, preventing or detecting fraudulent activity, enforcing ourterms of service, managing your account, providing customer support, and generally managing our services and business activity. 

Commercial communications: Provided that we have your express consent, obtained through a specific checkbox on our forms, we may use your personal data to contact you in the future regarding commercial communications that may be of interestto you and that are related to the company’s products and/or services. 

You will always be able to unsubscribe from these communications through the link included at the bottom of each message or by emailing gdpr@staronerocket.com. However, you may still receive notices and emails that are necessary and essentialfor the maintenance of contractual relations. 

In accordance with Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE), THE COMPANY does not engage in spam practices and undertakes not to send commercial communications unless they are properly identified and legally permitted. 

Please note that even if you decide not to subscribe or choose to unsubscribe from promotional or commercial electronic communications, THE COMPANY may still need to contact you with important information regarding your account, purchases, bookings or contracted services. 

Categories of data processed and purposes 

Legal bases 

Data collected 

Consequences of not providing the data 

Possible disclosures to third parties 

International data transfers 

Retention periods 

Other aspects related to disclosure of data 

As a general rule, the data you provide will not be disclosed to third parties without your consent, except where there is a legal obligation to do so, for example in response to a court order or a request from a government authority, or where we believein good faith that such action is necessary to: 

• comply with a legal obligation; 

• protect or defend our rights, interests or property, or those of a third party; 

• prevent or investigate potential wrongdoing in connection with the services; 

• act in urgent circumstances to protect your personal safety; or 

• protect against legal liability. 

We also inform you that your data may be shared with companies within our corporate group solely for the purpose of offering you services more suited to your specific needs, ensuring that you receive the solutions and proposals that best match yourexpectations and requirements. Any such sharing will take place under strict security and confidentiality standards. 

Storage 

We may store your data ourselves or transfer it to a third party that will store it in accordance with this Privacy Policy. We take reasonable measures to protect personal data against loss, misuse, unauthorised use, unauthorised access, accidental disclosure, alteration and destruction. 

However, no internet, email, server or database transmission is ever completely secure or error-free. In the event of a personal data breach affecting data under our control, we will take all necessary steps to mitigate its consequences and will notifythe competent supervisory authority in accordance with applicable law. 

Consent 

Consent, as defined by data protection law, is a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they accept the processing of their personal data for a specific purpose under certain conditions. 

Can you modify or withdraw your consent? 

Yes. Information regarding the processing activities you have consented to will always be available to you. You may modify or withdraw your consent at any time by contacting us at gdpr@staronerocket.com. 

You may also request to be removed from our database at any time by sending an email to the same address. 

Automated decision-making 

THE COMPANY does not make any decisions based solely on automated processing of your data. 

Statistical studies 

THE COMPANY does not carry out scientific, historical or statistical studies involving personal data. If this were ever to occur, data would be anonymised or otherwise dissociated where possible in order to preserve confidentiality. 

Personal data breach notification 

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with our services. 

If the personal data processed by THE COMPANY is compromised in any way, we will notify affected individuals and the competent supervisory authority where required under Article 33 of the GDPR. 

Data protection rights 

Users may send a written request to THE COMPANY’s registered address or to the email address indicated at the top of this policy in order to exercise the following rights: 

• Right to rectification: You have the right to request the correction of inaccurate personal data. 

• Right of access: You have the right to request a copy of the personal data we hold about you. 

• Right to data portability: You have the right to receive the personal data you have provided to us in certain circumstances. 

• Right to object: You have the right to object to the processing of your personal data. 

• Right to erasure: You have the right to request deletion of your personal data. Data may be retained in a blocked form where necessary to comply with legal obligations or deal with claims. 

• Right to restriction of processing: You have the right to request that we store your data but not use it in certain circumstances. 

You may also revoke any consent previously given by writing to us with the reference “Data Protection” at the postal or email address indicated above. 

These rights are personal and may only be exercised by the data subject, except where the applicable legislation allows representation. THE COMPANY will respond within 30 days of receipt of the request. If the request cannot be complied with, thedata subject will be informed of the reasons within the same period. 

Where deletion is appropriate but physical erasure is not possible for technical reasons, the data will be blocked in order to prevent its use until it can be fully deleted from the information systems. 

Social media 

Social media forms part of the daily life of many internet users, and we have created profiles for THE COMPANY on various platforms. 

THE COMPANY informs users that through its social media profiles it may publish events, competitions, activities, programmes or other advertising information relating to its business activities. By becoming our friend or follower on a social media platform, the user accepts being a recipient of such information. 

All users are free to join or follow our pages or groups on social media. To stop receiving such information, users simply need to unfollow THE COMPANY on the relevant platform. 

Please note, however, that in order to register with a social media platform, users must first accept the contractual terms of that platform and its privacy policies. We therefore recommend reading those terms carefully and configuring your privacypreferences appropriately. 

Payment service providers 

In accordance with Article 6(1)(b) of the GDPR, as part of the order process, user data may be transferred together with order information (such as first name, last name, postal address, bank account number, bank code, credit card number whereapplicable, invoice amount, currency and transaction number) to our payment service provider. 

Such data will be transferred solely for the purpose of processing payment and only to the extent necessary for that purpose. 

Users may object to the processing of their data by contacting the relevant payment service provider directly. The privacy policies and contact options of those providers may be set out in the table included at the end of this policy, where applicable. 

Data relating to minors 

Our website is not intended for children under the age of 16. We do not knowingly collect information, including personal data, from children or from individuals who are legally unable to use our services. 

If we become aware that we have collected personal data from a child under the age of 16, we will delete it as soon as possible unless we are legally required to retain it. 

Please contact us at gdpr@staronerocket.com if you believe we may have collected information from a child under 16 by mistake or unintentionally. 

Special categories of personal data and criminal data 

Free-text fields on our website must not be used to submit personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifyinga person, health data, data concerning a person’s sex life or sexual orientation, or personal data relating to criminal convictions and offences. 

If any such information is submitted through our forms or by email, it will be immediately deleted from our information systems and we may not be able to process the related request, as such data is not necessary or relevant for the purposes of theprocessing activities carried out through this website. 

Data Protection Officer 

We have appointed a Data Protection Officer: 

ELEONORA CARCERONI GARBAYO 
Lawyer, Bar Association No. 4693 of the Provincial Bar Association of A Coruña 
Email: info@edora.es 

In accordance with Article 38.4 of the GDPR, data subjects may contact the Data Protection Officer regarding all issues relating to the processing of their personal data and the exercise of their rights under this Regulation. 

Complaint to the supervisory authority 

If you believe that your rights have not been properly respected, you may lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD) through one of the following channels: 

Website: www.aepd.es 
Postal address: Agencia Española de Protección de Datos, C/ Jorge Juan, 6, 28001 Madrid, Spain 
Phone: +34 901 100 099 / +34 91 266 35 17 

Filing a complaint with the Spanish Data Protection Agency is free of charge and does not require the assistance of a lawyer or legal representative. 

START ONE ROCKET S.L. has adapted this website to comply with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Law 34/2002 on Information SocietyServices and Electronic Commerce (LSSI-CE). 

© All rights reserved: START ONE ROCKET S.L.