• Grup Heracles


Data protection policy


HE OWNER, GRUP HERACLES, S.A. with registered office at Av. Consell de la Terra, 14-16 -AD700- ESCALDES-ENGORDANY (PRINCIPALITY OF ANDORRA), undertakes to protect the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by THE OWNER implies acceptance by the user of the provisions contained in this Privacy and Data Protection Policy of the website, and that their personal data will be treated as stipulated. Please note that although there may be links from our website to other websites, this Privacy Policy does not apply to the websites of other companies or organisations to which the website is redirected. THE OWNER does not control the content of third-party websites and accepts no responsibility or liability for the content or privacy policies of these websites.


Questions regarding data privacy

In compliance with the LQPD 29/2021, of 28 October, qualified personal data protection and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, (GDPR) we provide the following information on the processing of your personal data:


1. Who is the controller of the processing of your data?

The OWNER; Our details are set out at the beginning of this Data Protection Policy.


2. For what purposes do we process your personal data?

  • We process the information provided to us in order to provide and invoice our services and products.
  • If you give us your consent, we may also process your data to send you the commercial information about our products or services.


3. How long will we keep your data?

The personal data provided will be kept for as long as you are a user of our services or wish to receive information, and thereafter, for the periods established to comply with our legal obligations.


4. What is the legal basis for processing your data?

The legal basis for the processing of your data is the consent you give us.

In the case of information sent to us by minors under 16 years of age, it will be understood that it has been sent with the consent of their legal representatives. If this is not the case, the legal representative of the minor must communicate this as soon as he/she becomes aware of it.


5. To which recipients will your data be communicated?

The data will not be disclosed to third parties, unless this is required by law or is necessary to fulfil the purpose of the processing.


6. What are your rights when you provide us with your data?
  • Any person has the right to obtain confirmation as to whether we are processing their personal data.
  • Data subjects have the right to access their personal data, as well as the right to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • In certain circumstances, data subjects may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defence of claims. Or, for carrying out the administrative, fiscal and accounting management of the services provided.
  • Also, in certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data. In this case, we will stop processing them, except for compelling legitimate reasons or for the exercise or defence of possible claims. • Data subjects also have the right to data portability.
  • Finally, data subjects have the right to lodge a complaint with the competent supervisory authority.


7. How can you exercise your rights?

By sending us a letter attaching a copy of a document that identifies you to our physical or electronic address.

Details identifying the person responsible: GRUP HERACLES, S.A. A-706845-Z Av. Consell de la Terra, 14-16 -AD700- ESCALES-ENGORDANY (PRINCIPALITY OF ANDORRA).

Tel. +376. 805 600

Identification of our DPD – Berta Faura: protecciodades@grupheracles.com


8. Who is the Data Protection Delegate?

The Data Protection Delegate (DPD) is the person who supervises compliance with the data protection policy of the GRUP HERACLES, S.A., ensuring that personal data is treated appropriately and that the rights of individuals are protected. Its functions include dealing with any queries, suggestions, complaints or claims from people whose data is processed.

You can contact our Data Protection Delegate by writing to Av. Consell de la Terra, 14-16 -AD700- ESCALDES-ENGORDANY (PRINCIPALITY OF ANDORRA), or to the following e-mail address: protecciodades @grupheracles.com

Identification of our DPD: Berta Faura, date of public designation 17/05/2022 in the APDA with Resolution Number: APD-2022-000013.


9. How did we obtain your data?

The personal data that we process comes from the interested party, who guarantees that the personal data provided is true and is responsible for communicating any changes. The data requested or marked with an asterisk are obligatory in order to be able to provide the requested service.


10. What data do we process?

The categories of data we may process are:

  • Data of an identifying nature.
  • Postal or e-mail addresses.
  • Other data requested in our forms.

The data is limited, given that we only process the data necessary for the provision of our services and the management of our activity.


11. Do we use cookies?

We use cookies on our website with the informed consent of the user. The user can configure their browser to be notified about the use of cookies and to avoid using them. For more information, visit our Cookies Policy.


12. What security measures do we have in place?

We have security measures in place established by Article 35 of LQPD – Security and Confidentiality in data processing and established by Article 32 of GDPR – Data Processing Security. We have adopted necessary security measures to guarantee an adequate level of security for the risks associated with processing data, with mechanisms that allow us to ensure confidentiality, integrity, availability and permanent resilience of the processing systems and services.


13. Some of these measures include:

  • Information on staff data processing policies
  • Periodical security copies produced
  • Data access controls

Regular and permanent verification, supervision, assessment and valuation processes.