Privacy Policy

This Privacy Policy together with Terms and Conditions constitute the entire agreement between TodoTrades (“TodoTrades”, “Company”, “We”, “Data Controller”) and the Customer (“Customer”, “you”, “Data subject”) 

By accessing and using the TodosTrades platform, you agree to comply with and be bound by the following terms and conditions of use, which together with our privacy policy govern TodosTrades’ relationship with you in relation to this platform. 

1. Data Controller

The data controller for information collected via this website is EDUFIN CLUB LTD, a legal entity registered under the laws of the United Kingdom with registered office address 61a Bridge Street, Kington, United Kingdom, HR5 3DJ.

2. Purpose of Data Processing

A. Detailed Description

  • Advertising and Commercial Prospecting: Engaging in promotional and marketing activities.
  • Customer, Accounting, Tax, and Administrative Management: Handling customer relations, accounting, tax obligations, and general administrative tasks.
  • Electronic Commerce: Managing and facilitating online transactions.
  • Request Management: Processing and managing user inquiries and requests.

B. Data Retention Data will be retained as long as necessary to fulfill the purposes outlined above or as required by law. Specifically, data will be stored for the duration necessary to meet the purposes mentioned in point 2.A or as required by applicable legislation.

C. Automated Decisions No automated decisions or profiling will be made based on the data collected through this website.

3. Legal Basis for Processing

A. Applicable Legislation Processing is conducted in accordance with the General Data Protection Regulation (GDPR) 2016/679 and the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights.

B. Legal Basis for Processing

  • Consent (Art. 6(1)(a) GDPR): The processing is based on the consent provided by the data subject.
  • Contractual Necessity (Art. 6(1)(b) GDPR): The processing is necessary for the performance of a contract to which the data subject is a party.

C. Obligation to Provide Data and Consequences of Non-Compliance Providing personal data is not mandatory; however, it is necessary for managing requests and services offered through the website. Failure to provide the required data may result in the inability to fulfill user requests or provide certain services.

4. Data Recipients

A. General Recipients Data may be disclosed to organizations or individuals directly related to the company, and to public administrations with legal authority.

B. Specific Recipients Data processors who perform maintenance functions for the website may have access to user data. Additionally, user data may be transferred to group companies or collaborators.

C. Adequacy Decisions and Safeguards There are no adequacy decisions or specific safeguards applicable as the data processing occurs within the scope of the GDPR.

D. International Data Transfers No international transfers of personal data will occur.

5. Data Subject Rights

As a data subject, you have several rights regarding the personal data we process about you. These rights are designed to give you more control over your data and to ensure its protection. Below is a detailed explanation of each of these rights and how you can exercise them:

A. Right of Access You have the right to obtain confirmation from us as to whether or not we are processing personal data concerning you. If we are, you have the right to access the personal data and the following information:

  • The purposes of the processing.
  • The categories of personal data concerned.
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations.
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
  • The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing.
  • The right to lodge a complaint with a supervisory authority.
  • Where the personal data are not collected from you, any available information as to their source.

B. Right to Rectification You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

C. Right to Erasure (‘Right to be Forgotten’) You have the right to obtain from us the erasure of personal data concerning you without undue delay, and we have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • You withdraw consent on which the processing is based, and there is no other legal ground for the processing.
  • You object to the processing, and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes.
  • The personal data have been unlawfully processed.
  • The personal data must be erased to comply with a legal obligation in Union or Member State law to which we are subject.
  • The personal data have been collected in relation to the offer of information society services.

D. Right to Restriction of Processing You have the right to obtain from us the restriction of processing where one of the following applies:

  • You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
  • The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims.
  • You have objected to processing pending the verification of whether our legitimate grounds override yours.

E. Right to Data Portability You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:

  • The processing is based on consent or on a contract.
  • The processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

F. Right to Object You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests, including profiling. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

G. Right to Withdraw Consent Where the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

H. Right to Lodge a Complaint You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

6. Data Origin

A. Source of Data All personal data is provided directly by the data subject.

B. Categories of Processed Data

  • Name and Surname
  • Telephone Number
  • Email Address
  • NIF/DNI/NIE
  • Postal Address
  • Financial Data

7. Security Measures

The Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.

8. Updates to the Privacy Policy

The Company reserves the right to modify this privacy policy to adapt it to new legislation or case law, as well as to industry practices. We will notify users of any changes by posting the updated policy on our website.

This Privacy Policy ensures compliance with the GDPR and the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, providing transparency regarding the processing of personal data collected through this website.