This is an English translation from the Spanish original.
Only the SPANISH ORIGINAL VERSION applies.
1. Who is responsible for the processing of personal data?
TONIK24 TRADING, S.L. (hereinafter "TONIK24").
Headquarters: C/ Los Geranios, 3 - Los Patios - 35100 San Bartolomé de Tirajana (Las Palmas)
TAX IDENTIFICATION NUMBER: B76325869
Registered with the Trade Register of San Bartolomé de Tirajana (Las Palmas) on 31 August 2018, Volume 2201, Folio 41, Page GC-54611, first entry.
To regulate your questions and rights as a data subject, you can contact the Data Protection Officer of TONIK24 (hereinafter "DPO") by email:
2. For what purposes and for what legitimate reasons do we process your data?
The user's personal data are processed autonomously and manually and/or automatically for the following specific purposes:
The consents obtained for the above purposes are independent of each other, so that the user can revoke one or more of them without affecting the others.
3. What categories of data do we process?
The following categories of data are processed by data controllers:
Identifying data: Surname, first name, postal address, email address, postcode, telephone number, city, etc.
Professional data: Occupation, position, etc.
Traffic and location data.
Business data: tax identification number, company name and trade name.
The personal data requested are generally mandatory, except in cases where it is expressly stated otherwise, so that their refusal makes it impossible to fulfil the above purposes. Therefore, if the user does not provide them, it will not be possible to register him/her on the website or to process his/her request.
In the event that the interested party provides data from third parties, he declares that he has their consent and undertakes to provide them with the information contained in this clause, releasing the correspondents from any liability in this regard. However, controllers may carry out checks to confirm this fact by carrying out the appropriate due diligence in accordance with the data protection regulations.
We offer the option of processing the payment process via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This is in line with our legitimate interest in offering an efficient and secure payment method. In this context, we pass on the following data to PayPal, insofar as it is necessary for the fulfilment of the contract.
The processing of the data provided under this section is not required by law or contract. We cannot process a payment via PayPal without the transmission of your personal data. You have the option of choosing a different payment method.
PayPal carries out a credit check for various services such as payment by direct debit in order to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal and serves the execution of the contract. For this purpose, your data (name, address and date of birth, bank account details) are passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or a check is pending.
You can find more information about objection and removal options vis-à-vis PayPal at: https://www.paypal.com/en/webapps/mpp/ua/privacy-full.
Your data will be stored until payment processing is completed. This includes the period required for processing refunds, claims management and fraud prevention. We have a statutory retention period of 10 years for the following documents: Billing documents, delivery notes, orders.
4. Who are the recipients of the data?
Your personal data may be disclosed by the controllers to:
The service providers are used to fulfil the purposes stated in this policy. In this context, we point out that we ensure that these service providers process personal data in accordance with European data protection law in order to guarantee a high level of protection through corresponding contractual regulations, even if personal data is transferred to a country in which a different level of data protection exists and for which there is no adequacy decision by the EU Commission. Please note that no further transfer of personal data to other recipients will take place unless required by law. For more information on the adequate safeguards in relation to international data transfers or a copy of these safeguards, please contact the Data Protection Officer designated by the Joint Controllers by email at
6. How long will we keep your personal data?
Your personal data will be kept for different lengths of time depending on the purpose for which it is processed:
7. What rights do you have when your data are processed?
The data subject has the right to:
Revoke the consents given. Access their personal data. Correct inaccurate or incomplete data. Request the erasure of their data if, among other things, the data is no longer necessary for the purposes for which it was collected. Request from the controllers the restriction of the processing of the data if one of the conditions provided for in the data protection rules is met. In certain circumstances and on grounds relating to their particular situation, data subjects may object to the processing of their data. Controllers shall stop processing the data unless there are compelling legitimate grounds for doing so or in order to assert or defend claims. They may contact a human being to express their point of view and, where appropriate, to challenge automated decisions made by controllers. to request portability of their data. To know the essential aspects of the agreement between TONIK24, which regulates the functions and responsibilities of each entity in relation to the processing of users' personal data and their relations with them, as well as the procedures and mechanisms for exercising the rights of the parties concerned.
Likewise, you may file a complaint with the Spanish Data Protection Authority if the data subject considers that the data controllers have violated the rights recognised in the applicable data protection legislation. As the data controller, you may send a written request to the postal address C/los Geranios, 3, enclosing a photocopy of a document confirming your identity, in order to exercise the above rights at any time and free of charge. Without prejudice to the foregoing, the data subject may contact the Data Protection Officer, designated among those responsible, and request this in writing by email to the address
8. Where does the data come from if it does not come from the data subject?
In addition to the information you provide us directly (e.g. via forms, etc.), we receive information about your browsing habits if you consent to this.
If the data transferred relates to natural persons other than the data subject, the data subject must declare that he or she has been informed about and has given prior consent to the processing of his or her data for the purposes set out in these clauses. In the specific case of the involvement of professionals and invitations from industry colleagues and/or employees, it undertakes to have the necessary legitimacy and to obtain their express consent.
9. What security measures do we take to protect your data?
The data controllers will treat the data with absolute confidentiality at all times and will comply with the mandatory obligation of secrecy in accordance with the regulations in force, taking the necessary technical and organisational measures to this end to ensure the security of your data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of the art, the nature of the data stored and the risks to which it is exposed.
Last update: 05.09.2023