Privacy Policy

Privacy Policy Information

This document regulates the Privacy Policy of the domain www.grupoerik.co.uk owned by GRUPO ERIK UK LTD (with trade name GRUPOERIK) hereinafter "Grupoerik" or "Website", as well as the information on data protection to which the interested party may have access to in compliance with section 44, Chapter 3, "Information: Controller´s general duties", of Data Protection Act 2018.

Information on processing personal data by GRUPOERIK.

Who are we? We are GRUPO ERIK UK LTD, and we process your personal data as data controller. That is, we take care of how we use and protect your personal data.

What do we use your data for? We will use your data (online or personally), among other purposes to manage your registration as a user, to manage the purchase of products, to answer your queries, as well as, in the event that you expressly wish, to send our commercial communications.

What do we use your data for? We are entitled to process your personal data, mainly to execute the contract you accept with us when registering to make a purchase. Likewise, we use your data to be able to respond to your requests or queries, as well as to send you commercial communications that you have requested us to receive.

Who do we share your data with? We will share your data with data processors with whom we have a contract, mainly with service providers who help us provide support.

Your Rights: You have the right of access, the right to rectification, the right to erasure, the right to object, the right to restriction and the right to data portability, as explained below.

Privacy Policy of Users of the website

  1. Identification and contact details of the Controller of the processing of personal data.
  2. General Information: Application and description of the information contained in the privacy policy.
  3. Required and updated information.
  4. Confidentiality.
  5. Secure Environment.
  6. Link policy.
  7. Minors.
  8. Questions and concerns about this policy and your privacy.
  9. Updates to the privacy policy.

1. Identification and contact details of the Controller of the processing of personal data.

GRUPO ERIK UK LTD. with VAT 404174234 and address at 1 Healthaid House, Harrow - HA1 1UD - GB, (hereinafter GRUPOERIK), is the Controller of the processing of personal data of users who access the websites www.grupoerik.com, whose activity consists of providing online wholesale services of paper, cardboard and gifts, including all the services that are necessary for the correct development of said activity, presenting and allowing access to the public to information regarding the contents and various activities offered by the online store.

This policy provides information on the use that GRUPOERIK will make of your personal data, and the website users' rights under the Data Protection Act 2018 ("DPA").

If you have any questions regarding the processing of your personal data, you can contact us at customerservice@grupoerik.co.uk

2. General Information: Application and description of the information contained in the privacy policy

This Privacy Policy governs the processing of data carried out by GRUPOERIK in relation to users who access or contact it through the Website: www.grupoerik.co.uk. As well as the rest of the processes that it carries out. The aforementioned would cover the processing of personal data of:

  • Customers and potential customers.
  • Candidates & employees
  • Suppliers and/or potential suppliers.

Therefore, this Privacy Policy reflects, in general, the information relating to the processing with respect to the different categories of data subjects.

What are the legal grounds for the processing of your data?

The legal bases that allow the processing of data by GRUPOERIK for each of the purposes provided for in its Register of Processing Activities, in general they are:

Data subject's consent:

  • Sending advertising and commercial information about the products offered on the website.
  • Requests for information and contact forms.

Contractual execution and pre-contractual measures:

  • Execute the contracted service or formalize the established relationship (purchase of products).
  • Carry out the proposal requested by the interested party.
  • Communication necessary for the maintenance of the contractual relationship.
  • Staff hiring.

Compliance with a legal obligation:

  • Communicate information to public authorities, regulators or government bodies in cases where it is necessary to do so by law, local regulations or in compliance with regulatory obligations.

Legitimate interest of the data controller:

  • Processing of contact data.
  • Sending advertising and commercial information about the products and services offered by GRUPOERIK by any means, including electronic, when there is a prior contractual relationship with the interested party, this being proprietary advertising.

For how long will we store your data?

For these purposes, user data will be kept as long as they are necessary to provide the requested services or carry out the accepted commercial operations. In the case of registered users, the data will be kept until the request to unsubscribe from the created account.

Your data will subsequently remain restricted for the exercise or defense of judicial, administrative or fiscal claims during the restriction periods of the legal actions determined by regulations in force.

You can request more information regarding our data retention policy by sending an email to customerservice@grupoerik.co.uk, indicating the specific processing for which you would like more information.

What type of data do we collect and how do we collect it?

The data collected at no time are specially protected, but are categorized as academic or professional data; identifiers (for example, your name, surname, image, language and country from which you interact with us, contact data, etc.); economic and transactional information (for example, your payment or card data, information about your purchases, orders, returns, etc.); connection, geolocation and navigation data (for example, location data, device identification number or advertising ID); commercial information (for example, if you are subscribed to our Newsletter); data about your tastes and preferences.

Where do they come from?

The personal data processed by GRUPOERIK will come from the data subject:

  • When you contact us. The data provided through the contact form will be processed to meet the request.
  • When you create an account or buy a product from us, through the registration form, we will collect your contact and billing information, to manage the user's registration and access to the website.
  • When you buy our products through our sales agents, they will send us your information so that we can place the order/shipment correctly.
  • When you use our websites, we will collect information such as the browser and device you are using, your IP address, your location, the site you have accessed from, what you have used and have not used our website for, or the site you access after visiting ours. For additional information on how we collect this information, see our Cookies Policy.
  • When you use any social media feature within our website and make any social media postings, the social media site will provide us with some information about you.
  • When you subscribe to our lists through the Newsletter form, to send you commercial communications, and thus keep you informed about products, services, events or news.

We also use the information you provide for the following purposes:

  • To carry out the correct provision of the service. We will process your data for the maintenance of the business relationship and the performance of tasks involving information, advisory, administrative and other of our activities.
  • To comply with our Legal Obligations. We will process your data to comply with a legal obligation that requires it, for example, to respond to a legal process or a request from a competent supervisory authority.
  • To support and improve the services offered by this website. By browsing our website, non-identifying data may be collected, which may include IP addresses, geographic location, a record of how services and sites are used, along with other data that cannot be used to identify the user. The non-identifying data also includes information related to your browsing habits through third-party services. We use this information to analyze trends, manage the site, track user movements around the site, and to gather demographic information on our user base as a whole. See our Cookie Policy for more information.
  • To manage social media sites. The domain associated with GRUPOERIK is on social networks. The processing of data of people who become followers on the social networks of the official pages of GRUPOERIK will be governed by this section, as well as by those conditions of use, privacy policies and access regulations that belong to the relevant social network in each case and are previously accepted by the user. Your data will be processed for the purposes of correctly managing your presence on the social network, reporting activities, products, or services as well as for any other purpose that the regulations of social networks allow. In no case will we use follower profiles on social media to send advertising individually.

Who do we share your data with?

We do not transfer your personal data to third parties except when there is a legal obligation (Public Treasury, Judges and Courts, Security Forces and Bodies, Information Commissioner's Office (ICO), etc.).

On the other hand, the Data Processors of GRUPOERIK, that is, the service providers who must access your personal data for the performance of their functions, may have access to your personal data. The service providers that access your personal data, in general, are dedicated to the sectors of information systems, technology, telecommunications, cloud computing and network security, customer service and transport.

Likewise, your data may be shared with third parties that supply the products and services purchased by you (in the case of merchandise) so that they can carry out the processing and fulfillment of orders. However, you can request more detailed information regarding the recipients of your data by sending an email to the address customerservice@grupoerik.co.uk, indicating the specific processing for which you would like information.

The existence of potential international transfers of data.

For these purposes, some of our processing requires transferring data internationally to technology service providers located out of United Kingdom, for which the appropriate guarantees will be adopted, international data transfer agreements (IDTAs) or Binding corporate rules (BCRs).

What are your rights when you provide us with your data?

You may exercise the following rights:

Right of access to your personal data to find out if they are being processed, and if so, which ones are being processed and the specific processing carried out with them, including the purposes, categories of data processed and recipients, among other information.

The right to rectification any inaccurate personal data. The UK GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. This right is closely linked to the controller's obligations under the accuracy principle of the UK GDPR (Article (5)(1)(d)).

The right to erasure your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected, and as long as the legitimizing basis that enables us to process it is not a legal obligation. The right to erasure is also known as 'the right to be forgotten'.

The right to restrict processing of your personal data, provided that the legitimate basis that enables us to process it is the legitimate interest of GRUPOERIK or a third party. GRUPOERIK will stop processing your data unless it proves an overriding or superior legitimate interest for the processing, or if they are simply blocked for the formulation, exercise or defense of claims. This right has close links to the right to rectification (Article 16) and the right to object (Article 21).

The right to request the restriction of the processing of your personal data when the accuracy, legality or necessity of the processing of the data is in question, in which case, we may keep the blocked data for the exercise or defense of claims.

The right to data portability, that is, to receive your personal data in a structured, commonly used and machine-readable format, to transmit them to you, or to another data controller, provided that the legitimizing basis that enables us to process them is the existence of a contractual relationship or your consent.

The right not to be subject to automated decisions that have legal effects on you, or that significantly affect you, as long as such decisions are being made.

The right to revoke the consent granted to GRUPOERIK for the processing of your data, as long as the legitimizing basis that enables us to process it is your consent.

You can exercise your rights at any time and free of charge through the following link:

📄 Right of access

📄 Right to object

📄 Right of rectification

📄 Right of portability

📄 Right of limitation

📄 Right of cancellation

In any case, you may notify us by making a request addressed to GRUPOERIK, with address at 1 Healthaid House, Harrow - HA1 1UD - GB, or to the following email address: customerservice@grupoerik.co.uk.

Finally, if you want more information about your data protection rights or need to file a complaint if you believe that a violation of data protection legislation has been committed with regard to the processing of your personal data, you may contact GRUPOERIK or Information Commissioner's Office (ICO), Wycliffe House Water Lane, Wilmslow, Cheshire, SK9 5AF, Telephone: 0303 123 1113, Textphone: 01625 545860 (https://ico.org.uk/for-the-public/how-to-make-a-data-protection-complaint/).

Sending commercial communications

GRUPOERIK informs the user that the commercial communications they request, or if they have not objected to their receipt by ticking the corresponding boxes on the forms, will be sent through the prestahsop and accumbamail.

In addition, we will include an unsubscribe link for commercial communications at the bottom of all the communications we send, so that by accessing it, you can unsubscribe from the specific category of commercial communications you have received.

3. Necessary, up-to-date and truthful information

All the fields that are requested through the different means enabled for this purpose, including GRUPOERIK's digital portals, email, telephone channels, contact forms or Newsletter forms, must be completed, in such a way that the omission of any of them could make it impossible to send the communication or process the contracting of the services provided. Likewise, by completing and sending the required information, you declare that the information and data you have provided in them are accurate and truthful.

For the information provided to be always up-to-date and free of errors, you must inform GRUPOERIK, as soon as possible, of the modifications and rectifications of your personal data that occur through our website www.grupoerik.com, privacy policy, exercise of rights section.

Likewise, we inform you that the mere browsing of the Website, in general, will not imply the processing of your personal data, beyond, in specific cases, your IP address and data relating to your browsing, to manage and optimize the Website, based on the legitimate interest of GRUPOERIK to preserve the security and integrity of the Website.

4. Confidentiality

The personal data that we may collect through our website, portals, forms, as well as through the different electronic or telephone communications that we maintain with you or your representative will be treated by GRUPOERIK with confidentiality, committing us to keep them secret in accordance with the provisions of the applicable legislation.

GRUPOERIK will ensure that anyone who is authorized to process customer data (including its staff, collaborators, and providers) will be under an obligation of confidentiality.

5. Secure Environment

In order to comply with the legal requirements on the protection of personal data, access to some of the areas of the GRUPOERIK websites is carried out in a secure environment, which implies that all operations and transactions are carried out on a secure server whose access is restricted to certain users, and that all the information exchanged is encrypted, which ensures the authenticity of the GRUPOERIK websites from which the personal data is collected, as well as the integrity and confidentiality of the personal data during its transmission.

The Website is designed to provide our customers and prospective customers with information about our company, as well as our products and services. GRUPOERIK does not sell or provide third parties with any information for mailing lists or direct marketing companies, nor does it send communications that have not been previously requested or accepted by users.

It is understood that the user who makes a request by email wants it to be answered by GRUPOERIK in the same way, including, where appropriate, the sending of the promotional information requested by the user.

GRUPOERIK has appropriate policies and technical and organizational measures in place to safeguard and protect your personal data against undesirable actions such as illegal or unauthorized access, accidental loss or destruction, damage, illegal or unauthorized use and disclosure. In addition, GRUPOERIK will take all reasonable precautions to ensure that employees who have access to your personal data have received appropriate training.

In any case, you are informed that any transmission of data over the Internet is not completely secure and, as such, is done at your own risk. Although we will make every effort to protect your personal data, GRUPOERIK cannot guarantee the security of personal data transmitted through our website.

If we share your personal data with any third party, we will take all necessary steps to make sure that your personal data is handled lawfully and securely by that third party.

6. Link policy

GRUPOERIK is not responsible for the content or information of third-party websites that the user can access through the links established on its website. Nor shall it guarantee the technical availability, accuracy, reliability, validity, or legality of any pages not owned by it that may be accessed through the links. As a result, we recommend that you review the privacy policies of said websites.

7. Minors

Respecting the provisions of GDPR and DPA 2018, only those over 13 years of age may give their consent to the processing of their personal data in a lawful manner by GRUPOERIK. If you are under the age of 13, the consent of your parents or guardians will be required for the treatment, and this is only considered lawful to the extent that they have authorized it.

8. Questions and concerns about this policy and your privacy

If you have questions about this policy or if you have privacy concerns regarding access to or correction of personal information, you may contact us at customerservice@grupoerik.co.uk.

While most access-related questions and issues can be handled quickly, complex requests may need more research and time. In such cases, the issues will either be resolved, or you will be informed regarding the nature of the issue and the appropriate next steps, within thirty days.

You also have the right to complain to your local Data Protection Authority

A list of European Union Data Protection Authorities can be found here

The United Kingdom's Data Protection Authority's contact details can be found here.

9. Updates to the privacy policy

Our privacy policy is subject to periodic changes in order to adapt it to the relevant legislative changes. Therefore, it is necessary that you review this policy periodically and, if possible, each time you access the GRUPOERIK website, in order to be adequately informed about the type of information collected and its processing. This Privacy Policy is effective 28th of november of 2024.