Privacy policy

Last updated: October 2025

This Privacy Policy describes how ELITEX ECOMMERCE, S.L. (“Elitex Training”, “we”, “our” or “the company”) processes the personal data of users of elitextraining.eu, in accordance with the Regulation (EU) 2016/679 (GDPR), the Organic Law 3/2018 (LOPDGDD) and the Law 34/2002 (LSSI).

1. Data controller

ELITEX ECOMMERCE, S.L.
CIF: ESB09895806
Home: Teodosio Street 12, 60. 11139, Chiclana de la Frontera (Cádiz), Spain
Email: soporte@elitextraining.es

2. Personal data processed and obtained

We may collect and process the following categories of personal data:

  • Identification and contact information: name, surname, address, telephone number, email address.

  • Order and billing data: order number, items purchased, amount, payment method (without retaining full bank details).

  • Technical data: IP address, device identifiers, cookies or trackers (see Cookie Policy).

  • Preference, navigation and behavior data.

  • Consent data, unsubscriptions, and logs associated with commercial or transactional communications.

Data can be obtained through:

  • Purchase and account creation forms.

  • Contact or subscription forms.

  • Interaction with emails or SMS.

  • Cookies and similar technologies (with prior consent).

3.Purposes and legal bases

Purpose Legal basis Data processed Conservation period
Order management, shipping, and customer service Execution of contract Identification, contact, order, payment and delivery data Contractual relationship + 6 years (legal obligations)
Creating and maintaining a user account Execution of contract Registration data (name, email, address, password) Until request for discharge
Email and SMS marketing (sending promotions, news, reminders, or gifts) Express consent Contact information, interaction or purchase history Until withdrawal of consent or 24 months of inactivity
Web analytics, performance, and non-essential cookies Consent IP address, session ID, browsing behavior According to Cookies Policy
Compliance with legal and tax obligations Legal obligation Billing and accounting data Applicable legal deadlines
ARCO rights and claims management Legal obligation/legitimate interest Identification, request, traces Until 3 years after closing the file
Logistics management of shipments and returns (Outvio) Execution of contract Name, email, phone, address, order, delivery status Contractual relationship + associated legal deadlines
Billing and accounting (Holded) Legal obligation Billing and accounting data 6 years or longer legal deadlines
Post-purchase surveys and reviews (Loox/Trustpilot) Legitimate interest of the Owner (art. 21 LSSI) Email, name, order number, products, language/country Until opposition or 24 months after purchase

4. Contact and forms

When a user contacts through forms elitextraining.eu, we process the data to respond to the request.
Data processed: name, surname, email, message and other data provided.
Legal basis: user consent when submitting the form.

Data processing in lead generation campaigns

When you participate in forms or promotional campaigns through TikTok, Meta (Facebook/Instagram) or other platforms, the personal data you provide (name, surname, email and/or telephone number) will be processed by ELITEX ECOMMERCE, S.L. (CIF ESB09895806) for the purpose of:

  • Manage your participation in the campaign or promotion.

  • Send you information about discounts, news or product launches Elitex Training.

  • Contact you by email or SMS if you have given us your express consent.

Legal basis: consent of the interested party (art. 6.1.a of the GDPR).
Conservation: The data will be kept as long as you maintain your subscription or until you request its deletion.
Data controllers: TikTok Technology Limited, Meta Platforms, Inc., Shopify and proprietary marketing tools (e.g. internal spreadsheets or YSMS for SMS marketing).
Rights: You can access, rectify or delete your data, as well as withdraw your consent, by writing to soporte@elitextraining.es with the matter “Data Protection”.

5. Commercial mailings and marketing

a) Email marketing (Shopify Email)

Promotional emails are sent via Shopify Email (Shopify Inc.), which acts as data controller.
The data is hosted on Canada and Ireland, countries with adequacy decision and Standard Contractual Clauses.
Each email includes a free, visible link to unsubscribe.

b) SMS marketing (YSMS)

Sending SMS messages is managed through YSMS, property of InkOfPixel Srl, with the following data:

InkOfPixel Srl
Piazza Castello 26, 20121 Milano (Italy)
VAT: 09287730965 – REA MI-2081233
Mail: info@inkofpixel.com
Web: https://ysms.me
Privacy Policy: https://ysms.me/privacy

YSMS acts as in charge of the treatment for the management of contacts, shipments, analytics and segmentation.
Each SMS includes a free method to unsubscribe (by replying “STOP” or via link).
They are preserved technical logs of consent and opt-out (date, IP, accepted text version) to prove compliance with the GDPR.

6. Statistics and digital advertising

We can use tools to analyze web traffic and optimize advertising campaigns:

  • Meta Events Manager/Meta Pixel (Meta Platforms Ireland/Inc.)

  • TikTok Remarketing (TikTok Information Technologies UK Limited)

  • Google Ads/Analytics (Google Ireland Limited)

These services can install cookies or identifiers to measure conversions or perform remarketing. Its use requires prior consent (cookie banner).

7. Platform, hosting and management services

Our store operates on Shopify (Shopify International Limited/Shopify Inc.), which allows you to host and run elitextraining.eu, process orders and manage databases, users and payments.

Other services with access to data:

  • Outvio: management of shipments, returns and delivery notifications.

  • Holded: accounting management and billing.

  • Loox and Trustpilot: sending surveys and collecting post-purchase reviews.

Everyone acts like data processors, with a GDPR contract and appropriate technical measures (encryption, access control, logs, limited retention).

8. Publication of reviews and testimonials

If you submit a review via Loox either Trustpilot, we may publish it on the website and official profiles (name/alias, text, rating and photo if included).
You can request your editing or deleting writing to soporte@elitextraining.es.
We reserve the right to moderate offensive or illegal content.

9.International transfers and guarantees

  • Shopify hosts data in Ireland and Canada (adequacy decision).

  • YSMS (InkOfPixel Srl) operates in the EU (Italy) and can rely on suppliers with Standard Contractual Clauses (e.g. AWS Germany or Mailchimp US).

  • Outvio, Holded, Loox and Trustpilot may make transfers outside the EEA under CCT and complementary measures (encryption and access controls).

  • Google, Meta and TikTok also apply CCT approved by the European Commission.

You can request information about the specific guarantees at soporte@elitextraining.es.

10. Minors

Elitex Training does not direct its services to minors 14 years oldIf we detect data from a minor without valid consent, we will delete it immediately.
If you believe a minor has provided us with data, please contact us.

11. Retention periods

Data type Term
Contracts, orders and invoicing Contractual relationship + 6 years (legal)
Customer accounts Until request for discharge
Marketing (email/SMS) Until withdrawal of consent or 24 months without interaction
Consent and opt-out logs Until 3 years for defense against claims
Reviews and surveys Until opposition or removal of the publication
Rights Requests/Claims Until 3 years since the file was closed

After the deadlines, the data is securely deleted or anonymized.

12. User rights

You can exercise the rights recognized by the GDPR:

  • Access: know what data we process.

  • Rectification: correct inaccurate or incomplete data.

  • Deletion (right to be forgotten): delete your data when it is no longer needed.

  • Opposition: object to processing (e.g. review or marketing emails).

  • Limitation: restrict treatment in certain cases.

  • Portability: receive your data in a structured format.

  • Withdrawal of consent: at any time, without affecting previous treatments.

How to exercise them: write to soporte@elitextraining.es indicating the right you wish to exercise.
We may ask you for proof of identity.
Response time: maximum 1 month, extendable for another month in complex cases.
If you are not satisfied, you can file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

13. Opposition to review or marketing communications

If you do not wish to receive further emails inviting you to rate a purchase, use the link “not to receive again” included in each message or write to us at soporte@elitextraining.es.
Your objection will not affect necessary communications (e.g., invoices, incidents, or shipment tracking).

14. Security

Elitex Training implements appropriate technical and organizational measures to protect personal data against loss, alteration, unauthorized access, or disclosure, including:

  • TLS encryption of communications,

  • role-based access control,

  • two-factor authentication (MFA) on systems with personal data,

  • activity log,

  • backups and limited retention policies.

15. Additional information and system logs

For operational and safety reasons, these may be retained. technical records (logs) that include IP address, server events and action traces.
This data is used exclusively to ensure security and technical maintenance.

16. Changes to this policy

We may update this Privacy Policy at any time.
If the changes affect the purposes or consents granted, this will be communicated by means of a visible notice and, where appropriate, new consent will be requested.

17. Contact information

Responsible: ELITEX ECOMMERCE, S.L.
CIF: ESB09895806
Address: Teodosio Street 12, 60. C.P. 11139, Chiclana de la Frontera (Cádiz), Spain
Email: soporte@elitextraining.es