Address:

Av. San Marcos 31B
15820 Santiago de Compostela
Spain

Work Hours
Monday to Friday: 8AM - 5.30PM

Privacy Policy

Privacy Policy — ARTRONIK COMPONENTS SL

Version 3.0 | Last updated: 22 June 2026


1. Data Controller

FieldDetails
ControllerARTRONIK COMPONENTS SL
Tax ID (NIF)B72398084
Registered addressAvenida de San Marcos, 31B, 15820 Santiago de Compostela (A Coruña), Spain
Phone+34 600 850 800
General emailsales@ar-tronik.com
Privacy emailintelligence@ar-tronik.com
Websitewww.ar-tronik.com
DPONot appointed (not required under the current processing profile)


2. Personal Data Processed and Purposes

CategoryData processedPurpose
B2B CustomersCompany name, tax ID, contact name and job title, email, phone, billing/delivery address, order history, agreed commercial termsOrder management, invoicing, after-sales support, commercial follow-up
SuppliersCompany name, tax ID, contact name, email, phone, bank details (IBAN)Purchase and payment management
B2B ProspectsName, company, job title, email, phoneB2B commercial prospecting (Art. 19 LSSI-CE — B2B exception)
Newsletter subscribersEmail address, communication preferencesSending periodic newsletters on electronic components, partner news and sourcing opportunities
Website usersIP address, browsing data, browser type, pages visited, session duration, session and analytics cookiesWebsite security, anonymous usage statistics, user experience improvement
Job applicants (HR)Name, email, employment history, academic background, other CV dataRecruitment process

3. Legal Basis for Processing

Processing of your personal data is based on the following legal grounds set out in Article 6 of the GDPR:

  • Performance of a contract (Art. 6.1.b GDPR): order management, invoicing and commercial relationship with customers and suppliers.
  • Legitimate interest (Art. 6.1.f GDPR): B2B commercial prospecting, IT security and fraud prevention. Legitimate interest in B2B prospecting is expressly recognised by Recital 47 of the GDPR and Article 19.2 of the Spanish LSSI-CE.
  • Compliance with a legal obligation (Art. 6.1.c GDPR): retention of accounting and tax documents in accordance with Spanish tax law (Ley General Tributaria) and the Commercial Code (Código de Comercio).
  • Consent (Art. 6.1.a GDPR): newsletter subscription, non-essential cookies and commercial communications outside the direct B2B context. Consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal.

4. Processors and Recipients

4.1 Data processors

The following providers access personal data as data processors, under contract in accordance with Article 28 of the GDPR:

ProviderServiceLocation / TransferSafeguards
Pipedrive OÜCRM – customer and sales pipeline managementPaldiski mnt 80, 10617 Tallinn, Estonia (EU)Art. 28 GDPR – DPA available
Erplain SASERP – inventory and order managementFrance (EU)Art. 28 GDPR – DPA available
LWS (Ligne Web Services SARL)WordPress web hosting10 rue Penthièvre, 75008 Paris, France (EU)Art. 28 GDPR – DPA available
StatcounterWeb analytics (visit counter) — anonymous data (no individual identification)Guinness Enterprise Centre, Taylor’s Lane, Dublin 8, Ireland (EU)Art. 28 GDPR – DPA available
Visitors Traffic plugin (WP-Buy)Self-hosted visit statistics on the website serverPlugin installed locally; data stored on the LWS server (France, EU) — no transfer to the developerArt. 28 GDPR
Hu-manity.co (Crownpeak Technology)Cookie consent manager (CMP)Princeton, New Jersey, USAStandard Contractual Clauses (SCCs) – Decision 2021/914/EU
The Newsletter Plugin (Stefano Lissa)Self-hosted newsletter sending platformPlugin installed locally; data stored on the LWS server (France, EU)Art. 28 GDPR
WPForms (WPForms LLC)Self-hosted contact form platformPlugin installed locally; data stored on the LWS server (France, EU) — no transfer to the developerArt. 28 GDPR
Apollo.io (Apollo Data Company)B2B prospecting and contact data enrichment535 Mission St, San Francisco, CA 94105, USAStandard Contractual Clauses (SCCs) – Decision 2021/914/EU
Lusha Systems Inc. (and its affiliate Lusha Systems Ltd.)B2B contact data enrichmentBoston, USA (HQ) + Tel Aviv, Israel (subsidiary); data stored on AWS USAStandard Contractual Clauses (SCCs) – Decision 2021/914/EU for USA ; European Commission adequacy decision (Israel, 2011)

The website also uses the Polylang plugin for multilingual management; this plugin operates locally on the server and does not involve any data transfer to third parties.

4.2 Other recipients

  • Banking institutions: for the management of payments and collections via bank transfer (SEPA).
  • Carriers and logistics operators: for order delivery (Incoterms® 2020 terms).
  • Tax, legal and audit advisors: in the context of compliance with legal obligations.
  • Customs authorities and export control bodies: in accordance with EU Regulation 2021/821 on dual-use items.
  • Public authorities: Spanish Tax Agency, Social Security, and others as required by applicable law.

5. International Data Transfers

Hu-manity.co (Crownpeak Technology), provider of the cookie consent manager, is headquartered in the United States (Princeton, New Jersey). Data transfers to this processor are covered by the Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision 2021/914/EU), which constitute adequate safeguards under Article 46 of the GDPR. The data transferred is strictly limited to the information necessary to manage cookie consent (technical identifier, user preferences, timestamp).

All other identified processors are based in the European Union or the European Economic Area (EEA); therefore no additional international transfers take place.

For any new provider that may involve transfers outside the EEA, ARTRONIK COMPONENTS SL will ensure that equivalent safeguards (SCCs, adequacy decision, binding corporate rules, or other Article 46 GDPR mechanisms) are in place before processing begins.

On the use of generative AI: ARTRONIK COMPONENTS SL may use generative AI tools (such as Anthropic’s Claude or ChatGPT) for internal productivity tasks like generic content drafting, translation and creative thinking. These tools are not used to process identifiable personal data of customers, prospects or data subjects. Any information transmitted to these services is limited to generic or anonymised content.

Data subjects may request information about the safeguards in place for international transfers by writing to intelligence@ar-tronik.com. We will respond within the timeframe set by applicable law.

6. Cookies

The website uses both first-party and third-party cookies. The following table summarises their classification:

TypePurposeLegal basisDuration
Essential / technical cookiesWebsite operation, user sessionLegitimate interest (no consent required)Session or up to 12 months
Analytics cookiesVisit statistics (StatCounter) — anonymised dataConsentMax. 13 months
Preference cookiesLanguage, user settingsConsentUp to 12 months

Users may manage, accept or refuse non-essential cookies through the cookie banner displayed upon accessing the website, and may modify their preferences at any time through their browser settings. Withdrawal of consent does not affect the lawfulness of prior processing.

For more detailed information, please refer to our Cookie Policy at www.ar-tronik.com/politica-de-cookies/.


7. Newsletter

If you subscribe to our newsletter through the form available on the website, we will process your email address solely for the purpose of sending you periodic communications about electronic components, partner news and sourcing opportunities.

  • Legal basis: explicit consent (Art. 6.1.a GDPR).
  • Retention: until the data subject unsubscribes or withdraws consent.
  • Unsubscribe: you may cancel your subscription at any time via the unsubscribe link included in each email or by writing to intelligence@ar-tronik.com.

8. Retention Periods

Data typeRetention period
Customer data / commercial contractsDuration of relationship + 10 years (Art. 30 Commercial Code)
Invoices and accounting documents10 years (Commercial Code) / 4 years (General Tax Law)
B2B prospecting dataUntil objection; maximum 3 years without activity
Newsletter subscriber dataUntil unsubscription or withdrawal of consent
Web security logs12 months
CVs and applicant data12 months from receipt (unless explicit consent to extend)
Supplier dataDuration of relationship + 10 years
Analytics cookie dataMaximum 13 months

9. Data Subject Rights

In accordance with Articles 15 to 22 of the GDPR, you have the right to:

  • Access (Art. 15 GDPR): know what personal data we process about you and obtain a copy.
  • Rectification (Art. 16 GDPR): request correction of inaccurate or incomplete data.
  • Erasure (Art. 17 GDPR): request deletion of your data when it is no longer necessary for the purpose for which it was collected.
  • Objection (Art. 21 GDPR): object to processing based on legitimate interest, including commercial prospecting.
  • Restriction of processing (Art. 18 GDPR): request suspension of processing in certain circumstances.
  • Data portability (Art. 20 GDPR): receive your data in a structured, commonly used and machine-readable format.
  • Withdrawal of consent (Art. 7.3 GDPR): at any time and without retroactive effect, for processing based on consent.
  • Not to be subject to automated decisions (Art. 22 GDPR): including profiling with significant legal effects.

To exercise your rights, please send a written request to intelligence@ar-tronik.com stating the right you wish to exercise and enclosing a copy of your ID or equivalent identifying document. We will respond within a maximum of 1 month (extendable by 2 additional months in cases of particular complexity, with prior notification).

Right to lodge a complaint: If you believe that the processing of your data does not comply with applicable law, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD): C/ Jorge Juan, 6 – 28001 Madrid | www.aepd.es | +34 901 100 099

You also have the right to lodge a complaint with the supervisory authority in your country of residence or place of work within the EEA.


10. Security Measures

ARTRONIK COMPONENTS SL has implemented appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data processed, in accordance with Article 32 of the GDPR, including:

  • Role-based access control (RBAC).
  • Communication encryption via HTTPS/TLS.
  • Regular backups with integrity verification.
  • Staff training on data protection and cybersecurity.
  • Internal procedure for notifying personal data breaches in accordance with Article 33 of the GDPR.

11. Policy Updates

This Policy may be updated at any time to reflect changes in legislation, case law or business practices. The current version, with its update date, will always be available at www.ar-tronik.com. We recommend checking it periodically.


Version 3.0 | 22 June 2026 | ARTRONIK COMPONENTS SL | www.ar-tronik.com