Privacy Policy
At Suministros Riol, S.A. («SURISA») we care about your privacy. Below we explain clearly and transparently what personal data we process, for what purpose, on what legal basis and what rights you have, in compliance with Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 (LOPDGDD) and Spanish Law 34/2002 (LSSI-CE).
Basic information on data protection
| Controller | Suministros Riol, S.A. (SURISA) — NIF A08368466 |
| Purpose | Management of users and orders in the online store, handling of enquiries and, where applicable, sending commercial communications. |
| Legal basis | Performance of the contractual relationship, the data subject's consent, legitimate interest and compliance with legal obligations. |
| Recipients | Data is not disclosed to third parties except by legal obligation or to providers necessary for the provision of the service (payment, transport, platform). |
| Rights | Access, rectification, erasure, objection, restriction, portability and the right not to be subject to automated decisions, as detailed below. |
| Additional information | The full detail is set out in the following sections of this policy. |
Who is the data controller?
- Identity: Suministros Riol, S.A. (SURISA)
- NIF: A08368466
- Registered office: C/ Marina, 127, Local 3 · 08013 Barcelona · Spain
- Registry details: Registered in the Barcelona Commercial Registry.
- Phone: +34 932 310 811
- Email: sales@surisa.es
For any query relating to the processing of your personal data you can contact us at sales@surisa.es.
What personal data do we process?
Depending on your relationship with us, we may process the following categories of data:
- Identification and contact data: first name, surname, postal address, telephone and email address.
- Data of the company you represent: company name, NIF/CIF, tax identification number for VAT purposes and tax address.
- Order data: products requested, shipping and billing address, and information relating to payments and returns.
- Browsing data: IP address, date and time of access, browser and operating system, as well as data collected through cookies and similar technologies.
- Any other information you choose to provide through the forms or communications.
In certain forms some fields are mandatory; failure to provide that data may prevent us from processing your request, registration or order.
Our services are aimed at companies and professionals and not at minors. We do not intentionally collect data from minors.
For what purpose do we process your data?
- Manage user registration and the customer account in the online store.
- Process, manage and deliver orders, as well as manage payments, billing and returns.
- Handle the enquiries, requests for information or quotes and other requests you send us.
- Maintain and manage the commercial relationship and provide after-sales support.
- Send commercial communications about our products and services, where there is a legal basis to do so.
- Comply with the applicable legal, accounting and tax obligations.
What is the legal basis for the processing?
- Performance of a contract or pre-contractual measures: management of registration, orders and the commercial relationship.
- The data subject's consent: contact forms, requests for information and subscription to commercial communications. You may withdraw it at any time.
- Legitimate interest: sending commercial communications to customers about similar products or services, and ensuring the security of the website.
- Compliance with legal obligations: tax, accounting and fraud-prevention obligations.
How long do we keep your data?
We keep your data for as long as necessary to fulfill the purpose for which it was collected and for the duration of the commercial relationship. Once it ends, the data will be duly blocked for the legally required periods (in particular, those arising from tax and commercial obligations) to address any possible liabilities, after which it will be deleted.
To which recipients is your data disclosed?
We do not sell your data to third parties. It is only disclosed when necessary to provide the service or by legal obligation, to recipients such as:
- Payment service providers, to process transactions.
- Transport and logistics companies, to deliver orders.
- Technology providers that support the online store (including the e-commerce platform).
- Public authorities and bodies, where there is a legal obligation.
Providers that access data as data processors do so in accordance with our instructions and with the safeguards required by the GDPR, and do not use it for their own purposes.
Are international data transfers carried out?
As a general rule, your data is processed within the European Economic Area (EEA). When a provider processes data outside the EEA, such transfers are carried out with the appropriate safeguards provided for in the GDPR, such as an adequacy decision by the European Commission or the signing of standard contractual clauses.
What rights do you have and how to exercise them?
You can exercise the following rights at any time by sending a request to sales@surisa.es, indicating the right you wish to exercise:
- Access: find out what personal data of yours we process.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request the deletion of your data when it is no longer necessary.
- Objection: object to certain processing, such as direct marketing.
- Restriction: request the restriction of processing in the cases provided for.
- Portability: receive your data in a structured, commonly used and machine-readable format, or have it transmitted to another controller.
- Not to be subject to automated decisions: including profiling with legal effects.
We will respond to your request within a maximum period of one month, which may be extended in cases of particular complexity. If you consider that the processing does not comply with the regulations, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), www.aepd.es.
Accuracy of the data provided
The user guarantees that the data provided is truthful, accurate and up to date, and undertakes to inform us of any changes. The user is solely responsible for any false, inaccurate or incomplete data they may provide. If the data provided belongs to a third party, the user must have previously informed them of the content of this policy.
Security measures
SURISA has adopted the technical and organizational measures necessary to guarantee the security of personal data and prevent its alteration, loss, unauthorized processing or access, in line with the state of technology. However, the user should be aware that security measures on the Internet are not impregnable.
Links to other websites
This website may contain links to third-party sites. SURISA is not responsible for the privacy policies of those sites, so we recommend reviewing their respective policies when accessing them.
Cookies
This website uses its own and third-party cookies to facilitate browsing and, with prior consent, for analytical purposes. You can find the details in our Cookie Policy.
Changes to this policy
SURISA may modify this Privacy Policy to adapt it to legislative developments or changes in its services. We recommend reviewing it periodically.
Last updated: 22 June 2026