Respecting the provisions of current law, the website (hereinafter also known as the Website) agrees to adopt the technical and organizational measures required, according to the security level adapted to the risk of the data collected.

Laws incorporating this privacy policy

This privacy policy is adapted to current Spanish and European laws regarding personal data protection on the Internet. More specifically, it respects the following regulations:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
Spanish Personal Data Protection Act (LOPD) 15/1999 of 13 December.
Spanish Royal Decree 1720/2007 of 21 December approving the Regulation implementing the Personal Data Protection Act 15/1999 of 13 December.
Information Society Services and e-Commerce Law (LSSI-CE) 34/2002 of 11 July.

Identity of the personal data controller

The controller of the personal data collected on the website is: FLEXBRICK S.L.,, with tax identity number: National identity number B65177313(hereinafter known as the Processor). Its contact details are as follows:

Ctra. Esparreguera, km 10 08781 Els Hostalets de Pierola – Barcelona-
Phone number: 34 93 771 22 11

Principles applicable to the processing of personal data

The processing of the data subject’s personal data shall be subject to the following principles, as set forth in Article 5 of the GDPR:

  • Principle of lawfulness, fairness and transparency: the data subject’s consent shall be required at all times following fully transparent information on the purposes for which the personal data is collected.
  • Principle of purpose limitation: personal data shall be collected for specific, explicit and legitimate purposes.
  • Principle of data minimization: the personal data collected shall be only that strictly necessary in relation to the purposes for which it is processed
  • Principle of accuracy: personal data must be accurate and must remain up to date.
  • Principle of storage limitation: personal data shall only be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Principle of integrity and confidentiality: personal data shall be processed in a manner that ensures appropriate security and confidentiality.
  • Principle of accountability: the Controller shall be responsible for ensuring that the above principles are fulfilled.

Personal data categories

The categories of data processed on the website are solely identifying data. Under no circumstances shall special categories of personal data in the sense given in Article 9 of the GDPR be processed.

Legal basis for the processing of personal data

The legal basis for the processing of personal data is consent. The website agrees to obtain the express, verifiable consent of the Data subject in order to process his or her personal data for one or several specific purposes.

The Data subject shall be entitled to withdraw his or her consent at any time. It shall be as easy to withdraw consent as it is to give it. As a general rule, withdrawal of consent shall not determine use of the website.

Whenever the Data subject must or may provide his or her data through forms in order to make inquiries, request information or for reasons relating to the Website contents, he or she shall be informed wherever completion of any of said forms is mandatory because said data is essential in order for the operation to be performed correctly.

Purposes of the processing given to the personal data

The personal data is collected and managed by the website in order to be able to facilitate, streamline and fulfill the agreements established between the website and the Data subject or to maintain the relationship established in the forms that the latter completes, or to deal with a request or inquiry.

Likewise, the data may be used for a commercial purpose of operational and statistical customization and for the activities involving the corporate purpose of the website , as well as for the extracting and storage of data and marketing studies to adapt the contents offered to the data subject and to improve the quality, functioning and browsing of the website.

When the personal data is obtained, the Data subject shall be informed of the specific purpose or purposes for which the personal data is to be processed. In other words, the use or uses to be given to the information collected.

Personal data withholding periods

The personal data shall only be withheld for the minimum time required in order to process it and, in all cases, only for the following period: 2 years or until the data subject requests its deletion.

When the personal data is obtained, the Data subject shall be informed of the period during which the personal data is to be kept or, when this is not possible, the criteria used to determine this period.

Recipients of the personal data

The personal data of the Data subject shall not be shared with third parties.

In all cases, when the personal data is obtained, the Data subject shall be informed of the recipients or the categories of recipients of the personal data.

Personal data of minors

Respecting the provisions of Article 8 of the GDPR and Article 13 of the RDLOPD, only individuals over the age of 14 may give their consent for their personal data to be legally processed by the website . In the case of minors under the age of 14, the consent of their parents or guardians shall be required for processing, and this shall only be deemed legal whenever this consent is given.

Secrecy and security of personal data

The website agrees to adapt the necessary technical and organizational measures, according to the security level adapted to the risk of the data collected, in order to guarantee the security of the personal data and avoid the accidental or illegal destruction, loss or alteration of the personal data transmitted, kept or processed in any other manner, or the unauthorized communicating of or access to said data.

However, given that the website cannot guarantee the invulnerability of the Internet or the complete absence of hackers or others fraudulently accessing the personal data, the Controller agrees to inform the Data subject without any undue delay in the event of a breach of the security of the personal data that may likely lead to a high risk for the rights and freedoms of individuals. In line with the provisions of Article 4 of the GDPR, a breach of the security of personal data is understood as being a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

The personal data shall be treated confidentially by the Controller, which agrees to inform of and guarantee by way of a legal or contractual obligation that said confidentiality shall be respected by its employees, associates, and any individual to whom the information is accessible.

Rights arising from the processing of the personal data

In relation to the website , the Data subject has and, therefore, may exercise the following rights with regard to the Controller, as acknowledged in the GDPR:

Right to access: The Data subject has the right to obtain confirmation as to whether or not personal data concerning him or her are being processed by the website and, where that is the case, to obtain information on his or her specific personal data and on the processing that the website has made or is making, as well as the information available regarding the source of said data and the recipients to whom the communications have been or will be disclosed.

Right to rectification: The Data subject is entitled to modify any of his or her personal data that is inaccurate or, considering the purposes of the processing, incomplete.

Right to erasure (“right to be forgotten”): Provided current law does not establish otherwise, the Data subject is entitled to obtain the erasure of his or her personal data when the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; the Data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing; the Data subject objects to the processing and there are no overriding legitimate grounds for the processing; the personal data has been unlawfully processed; the personal data have to be erased for compliance with a legal obligation; or the personal data has been collected in relation to the direct offer of information society services to a minor below the age of 14. As well as erasing the data, and considering the technology available and the cost of its application, the Controller must adopt reasonable measures to inform the processors of the personal data of the request by the data subject to erase any link to that personal data.

Right to restriction of processing: The Data subject is entitled to restrict the processing of his or her personal data. The Data subject is entitled to obtain the restriction of processing when he or she contests the accuracy of his or her personal data; the processing is unlawful; the Controller no longer needs the personal data but it is required by the Data subject to make legal claims; and when the Data subject has objected to processing.

Right to data portability: Where processing is automated, the Data subject shall be entitled to receive from the Controller his or her personal data a structured, commonly used and machine-readable format, and to transmit this data to another controller. Whenever technically possible, the Controller shall transmit the data directly to this other controller.

Right to object: The Data subject is entitled to object to the processing of his or her personal data as is entitled to ask the website to stop processing said personal data.

Right not to be subject to a decision based solely on automated processing, including profiling: The Data subject shall have the right not to be subject to an individualized decision based solely on the automated processing of his or her personal data, including profiling, except where current law establishes otherwise.
Hence, the Data subject may exercise his or her rights by writing to the Controller under the reference “GDPR- “, specifying:

Given name and surnames of the Data subject and a copy of his or her identity document. Where representation is accepted, identification in the same manner shall be required of the individual representing the Data subject, as well as the document accrediting said representation. A photocopy of the identity document may be replaced with any other valid legal form of proof of identity.
Request with the specific reasons for the request or information to which access is required.
Address for notification purposes.
Date and signature of the applicant.
All documents proving the request being made.
This request and all other attached documents may be sent to the following postal and/or e-mail address:

Postal address:
Ctra. Esparreguera, km 10 08781 Els Hostalets de Pierola – Barcelona-

Complaints to the supervisory authority

Where the Data subject believes there is a problem or breach of current law in the way in which his or her personal data is being processed, he or she shall be entitled to effective legal defense and to file a complaint with the supervisory authority in particular in his or her usual country of residence, place of work or place of the supposed breach. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (


Access to this website may involve the use of cookies. Cookies are small amounts of information that are stored in the browser used by each User – on the different devices that can be used to browse – so that the server remembers certain information that only the server implementing them may later read. Cookies make browsing easier, more user-friendly, and do not damage the browsing device.

Cookies are automatic procedures for the collection of information relating to certain User preferences during his or her visit to the website in order to recognize him or her as a User and to customize his or her experience and use of the website, and may also, for example, help identify and solve errors.

The information collected by cookies may include the date and time of website visits, the pages viewed, the time taken to visit the website and the sites visited just before and after it. However, no cookie allows for the User’s phone number to be contacted or for any other form of personal contact. No cookie can extract information from the User’s hard drive or steal personal information. The only way that the User’s private information can form part of the cookie file is if the user personally gives this information to the server.

Cookies that allow for a person to be identified are considered personal data. Therefore, they are included in the aforementioned Privacy Policy. Along these lines, the Data subject’s consent is required in order to use them. This consent shall be communicated based on a real choice, offered by way of an affirmative and positive decision before the initial, removable and recorded processing.

Third-party cookies

These cookies are used and managed by external organizations that provide the website with the services it requests in order to improve the website and the user experience when browsing the website. The main goals for using third-party cookies include the obtaining of statistics regarding hits and to analyze browsing information. In other words, how the User interacts with the website.

The information obtained refers, for example, to the number of pages visited, the language, the location of the IP from which the User accesses the website, the number of Users accessing the website, the frequency and reoccurrence of visits, the time of the visit, the browser used, the operator or type of device from which the visit is made. This information is used to improve the website and to detect new needs to offer Users top quality Contents and/or service. In all cases, the information is collected anonymously and website trend reports are produced without identifying individual users.

You can obtain more information on cookies, information on privacy, or consult the description of the cookies used, their main characteristics, expiry period, etc. at the following link(s):

Google Analytics

The organization(s) responsible for supplying cookies may transfer this information to third parties whenever required by law or where a third party is processing this information for said organizations.

Social network cookies

The website includes social network plugins so that they can be accessed from the website. Therefore, social network cookies may be stored in the User’s browser. The owners of these social networks have their own data protection and cookies policies and, in all cases, are responsible for their own files and their own privacy practices. Users must refer to them for information on these cookies and, where applicable, of the processing of their personal data. Below, solely for informative purposes, are the links where you can consult these privacy and/or cookies policies:








Disabling, rejecting and deleting cookies

Users may totally or partially disable, reject and delete the cookies installed on their device using the settings of their browser (including, for example, Chrome, Firefox, Safari, Explorer). Along these lines, the procedures for rejecting and deleting cookies may differ from one Internet browser to another. As a result, Users must read the instructions provided by the Internet browser they are using. Where the use of cookies is totally or partially rejected, the website may still be used although the use of some of its features may be limited.


The Data subject must have read and agree with the conditions regarding personal data protection contained in this Privacy and Cookies Policy, and must accept the processing of his or her personal data so that the Controller may do so in the manner, during the times and for the purposes indicated. Use of the website shall imply acceptance of its Privacy and Cookies Policy.

The website reserves the right to modify its Privacy and Cookies Policy, according to its own criteria, or due to a change in law, jurisprudence or doctrine of the Spanish Data Protection Agency. Any changes or updates to this Privacy and Cookies Policy shall not be explicitly notified to Data subjects. Data subjects should consult this page regularly in order to remain up to date on the latest changes or updates.

This Privacy and Cookies Policy was updated on 25th of May of 2018 to adapt to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).