Política de Privacidad · EFA Tattoo Barcelona

Privacy

Privacy policy

Last updated: April 2025

1. Data controller

The personal data provided through this website is processed by the owner of the EFA Tattoo studio, based in Barcelona, Spain.

This website operates under the trading name EFA Tattoo and is managed by its owner as a self-employed professional.

2. Data we collect

We only collect data that the user voluntarily provides through the appointment request form:

• Full name

• Email address

• Phone number

• Description of the desired tattoo and optional reference images

We do not collect sensitive data or carry out automated profiling.

3. Purpose of processing

The data is used exclusively to:

• Manage the appointment request and communicate with you about it

• Coordinate the booking process via WhatsApp or email

We do not use your data for advertising without prior explicit consent.

4. Legal basis

The legal basis for processing is the performance of a pre-contractual relationship (Art. 6.1.b GDPR): the user provides their data to request information or manage an appointment, which implies the start of a contractual relationship.

5. Data retention

Data is retained for the time necessary to manage the request and, if the relationship is formalised, for the legally required period to comply with applicable tax and commercial obligations. Once the relationship ends, data will be deleted unless legally required to retain it.

6. Sharing with third parties

Data is not shared with third parties except by legal obligation. Communication between the studio and the client takes place through messaging tools (WhatsApp) and email, whose providers may act as data processors with their own privacy policies.

7. Cookies and metrics

This site may use analytical cookies (Google Analytics) and marketing cookies (Facebook Pixel) only if the user gives explicit consent through the cookie banner shown when first accessing the site.

• Essential cookies: necessary for the basic functioning of the site, always active.

• Analytical cookies: allow obtaining anonymous visit statistics (Google Analytics 4).

• Marketing cookies: used for the measurement and optimisation of advertising campaigns on social networks (Facebook Pixel).

You can change your preferences at any time by clearing your browser cookies, which will cause the banner to appear again.

8. Your rights

Under the GDPR you can exercise the following rights:

• Access: find out what data we process about you.

• Rectification: correct inaccurate data.

• Erasure: request deletion of your data when it is no longer necessary.

• Objection and restriction: object to processing or request that it be limited.

• Portability: receive your data in electronic format.

You can exercise these rights by contacting us through the appointment request form, expressly stating the right you wish to exercise. You also have the right to lodge a complaint with the relevant data protection authority.

9. Security

We adopt appropriate technical and organisational measures to protect your data against unauthorised access, accidental loss or destruction, in accordance with the level of risk of the processing.

10. Changes

This policy may be updated to adapt to legal or functional changes to the site. The date of the last modification will be indicated at the bottom of this page. We recommend reviewing it periodically.