Privacy policy

1. Data Controller

Data Controller:

CAFÈS ROMA, S.C.P.

Tax ID (NIF): J25380700

Address: C/ Urgell, 16 – 25600 BALAGUER (LLEIDA)

Contact Email: bustia@cafesroma.com

CAFÈS ROMA, S.C.P. (hereinafter, “the Controller”) is the owner of the website and responsible for the processing of personal data collected through it.

2. Personal Data Processed

The following categories of personal data may be collected and processed through this website:

  • Identification data: first and last name

  • Contact data: postal address, email address, telephone number

  • Customer and order data: purchased products, order history, billing

  • Browsing data: (via cookies, in accordance with the Cookies Policy)

  • Other data: voluntarily provided by the user through forms

 

Special categories of data (sensitive data) are not processed.

 

3. Purposes of Processing and Legal Basis

Personal data is processed for the following purposes:

  • a) Management of inquiries and contact

    • To handle requests for information or inquiries made through the contact form or email.

    • Legal basis: user consent.

  • b) Customer and order management (e-commerce)

    • To process orders, manage the shopping cart, billing, shipping, and returns.

    • Legal basis: performance of a contract.

  • c) Compliance with legal obligations

    • To comply with tax, accounting, and administrative obligations.

    • Legal basis: legal obligation.

  • d) Website improvement and browsing analysis

    • To analyze website usage in order to improve services and user experience.

    • Legal basis: consent (analytical cookies).

  • e) Commercial communications (if applicable)

    • To send commercial information or newsletters.

    • Legal basis: explicit consent of the user. If commercial communications are not carried out, this purpose does not apply.

4. Data Retention

Personal data will be retained as follows:

  • Customer and order data: for the duration of the contractual relationship and, subsequently, for the periods required by tax and accounting regulations.

  • Contact data: for the time necessary to handle the inquiry.

  • Commercial data: until the user withdraws their consent.

  • Browsing data: as specified in the Cookies Policy.

5. Data Recipients

Personal data may only be communicated, when necessary, to:

  • Transport and logistics companies, for the management of order delivery.

  • Financial institutions, exclusively for the management of payments through the virtual POS.

  • Technology service providers, such as:

    • Web hosting and server providers

    • Website maintenance and technical support

    • Email service providers

    • Web analytics tools (if applicable)

With all these providers, the corresponding data processing agreements have been formalized (Art. 28 GDPR).

6. Card Payments

Credit or debit card payments are made through a secure payment gateway (virtual POS) managed by a financial institution. CAFÈS ROMA, S.C.P. does not access or store complete card data (number, CVV, expiration date) under any circumstances, receiving only the confirmation or result of the transaction.

7. International Data Transfers

In the event of using third-party services that involve international data transfers (for example, analytics tools), these will be carried out with the appropriate safeguards provided for in the GDPR, such as standard contractual clauses approved by the European Commission.

8. Rights of Data Subjects

The user may exercise the following rights at any time:

  • Access to their personal data

  • Rectification of inaccurate data

  • Erasure of data (right to be forgotten)

  • Restriction of processing

  • Objection to processing

  • Data portability

To exercise these rights, you can send a request to: bustia@cafesroma.com

You also have the right to lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

9. Security Measures

The Controller has adopted the necessary technical and organizational measures to guarantee the security of personal data and prevent its alteration, loss, unauthorized processing, or access, taking into account the state of technology and the nature of the data.

10. Cookies Policy

This website uses first-party and third-party cookies. You can consult all the detailed information in the Cookies Policy, accessible at any time from the website.

11. Amendments to the Privacy Policy

The Controller reserves the right to modify this Privacy Policy to adapt it to new legislation or changes in the processing operations carried out.

Last updated: 28/01/2026