Privacy Policy

---

1. Who we are

Clara Futura SL (“Clara Futura”, “we”, “our”) is a limited company incorporated in the Principality of Andorra, registered with the Mercantile Registry under number 25816, with its registered office at Carrer de l’Aigueta, 19, 1, 3, AD500 Andorra la Vella Contact: privacy@clarafutura-andorra.world. Clara Futura is the data controller for all personal data processed via this website, unless stated otherwise.

2. Applicable legislation

Our processing complies with:

• Qualified Law 29/2021 on Personal Data Protection and Digital Rights (LQPD), in force since 17 May 2022.
• Cookie Guidelines of the Andorran Data Protection Agency (APDA), effective 24 January 2024.
• EU Commission Adequacy Decision 2010/625/EU, recognising Andorra as providing an adequate level of protection for personal data.

When we offer services to EU/EEA residents or monitor their behaviour, we also apply the EU General Data Protection Regulation (GDPR).

3. Personal data we collect

• Identity and contact data: name, postal address, email address, telephone number, passport or N.I.E. details.
• Professional data: job title, employer, industry sector, stated preferences.
• Technical and browsing data: IP address, device identifiers, browser type and version, pages visited, date and time stamps, and other standard server‑log information collected through cookies and similar technologies.
• Marketing and communications data: newsletter or event opt‑in status, feedback you provide, records of promotional interactions.
• Payment and billing data (if e‑commerce or paid services are offered): masked card token, invoicing details, VAT or NRT number.

We do not intentionally collect special‑category data (e.g., health or religious information). If you provide such data (for example, dietary requirements for events), we will seek explicit consent or rely on a relevant legal exemption.

4. Purposes and legal bases for processing

1. Operation and security of the website, generation of usage statistics – Legitimate interest in running a secure, user‑friendly site.
2. Responding to enquiries and supplying requested information or quotes – Processing necessary to take pre‑contractual steps.
3. Fulfilling contracts and managing customer accounts – Processing necessary for the performance of a contract.
4. Sending newsletters, event invitations and promotional offers – Processing based on your prior consent, which you may withdraw at any time.
5. Meeting accounting, tax and anti‑money‑laundering obligations – Processing necessary to comply with legal obligations.
6. Preventing fraud and defending legal claims – Legitimate interest in protecting our business and enforcing our rights.

5. Data recipients

• Internal employees and contractors, all bound by confidentiality commitments.
• External service providers acting as data processors (hosting, email distribution, CRM, analytics, payment gateways). Each has a contract with Clara Futura that meets LQPD requirements and, where relevant, incorporates EU Standard Contractual Clauses.
• Public authorities, courts or law‑enforcement bodies when required by law or necessary to defend our legal rights.

We do not sell or rent your personal data to third parties.

6. International data transfers

Because the EU recognises Andorra’s data‑protection framework as adequate, personal data may be exchanged freely between Andorra and the EU/EEA.
If we need to transfer data to a country without an adequacy decision, we will adopt an appropriate safeguard (such as Standard Contractual Clauses or Binding Corporate Rules) and perform a transfer‑impact assessment.

7. Data retention

• Contact and enquiry records are retained for three years after the last interaction.
• Contractual and billing documentation is retained for ten years to meet accounting and tax requirements.
• Marketing‑consent records are retained until you withdraw consent and for up to three years thereafter as proof of compliance.
• Server logs are retained for up to twelve months unless a security incident requires longer storage.
• Analytics‑cookies data are retained for no more than twenty‑five months, in line with APDA guidance.

When a retention period ends, data are securely deleted or irrevocably anonymised.

8. Cookies and similar technologies

Our website uses three categories of cookies: essential cookies (strictly necessary for site operation), analytics cookies (to understand traffic and improve performance) and marketing cookies (to personalise content or measure campaign effectiveness).
Non‑essential cookies are only set after you have provided explicit, granular consent through the cookie banner. The banner offers equally prominent “Accept” and “Reject” options, and you can change or withdraw consent at any time via the persistent “Cookie Settings” link in the footer. Further detail is provided in our separate Cookie Policy.

9. Security measures

We implement appropriate technical and organisational measures, including:

• TLS 1.3 encryption for data in transit and AES‑256 encryption for data at rest.
• Role‑based access controls and multi‑factor authentication for administrative users.
• Regular vulnerability scanning, penetration testing and supplier‑risk reviews.
• An incident‑response plan consistent with APDA breach‑notification requirements.

10. Your rights under the LQPD (and, where applicable, the GDPR)

• Right of access – obtain confirmation whether we process your data and receive a copy.
• Right to rectification – correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”) – request deletion of data that are no longer necessary or are processed unlawfully.
• Right to restriction of processing – require us to limit processing while a contested issue is resolved.
• Right to data portability – receive data you have provided in a structured, machine‑readable format or ask us to transmit it directly to another controller.
• Right to object – object to processing carried out on the basis of legitimate interests or for direct marketing.
• Right not to be subject to automated decisions – object to decisions based solely on automated processing that significantly affect you.

We aim to respond to all valid requests within one month, extendable to three months for complex cases.

11. How to exercise your rights

Send an email to privacy@clarafutura‑andorra.world or write to the postal address in Section 1, stating “Data‑Protection Request” and specifying:

1. The right you wish to exercise.
2. Details of the data or processing in question.
3. Proof of identity (e.g., scanned passport or N.I.E., or a qualified electronic signature).

If you believe we have not handled your request properly, you may file a complaint with the Andorran Data Protection Agency (APDA), C/ Doctor Vilanova 15‑17, Edifici Montserrat Bloc 3, 5a planta, AD500 Andorra la Vella, or via apda.ad.

12. Automated decision‑making and profiling

We do not carry out fully automated decision‑making that produces legal or similarly significant effects on individuals. Should we introduce such processing in future, we will notify affected users and ensure full compliance with Article 37 LQPD.

13. Processing of minors’ data

Our services are not directed to children under fourteen years of age. If we become aware that personal data of a child under fourteen have been collected without verified parental consent, we will delete them promptly.

14. Changes to this policy

We may update this Privacy Policy to reflect legal or technical developments. The “Last updated” date below will change accordingly. Significant changes will be announced on the website or, where appropriate, by email.

Last updated: 15 July 2025

15. Contact

Data Protection Officer
Clara Futura SL
26 Avinguda Príncep Benlloch, Andorra la Vieja, Andorra La Vella, Ad500, Andorra

privacy@clarafutura‑andorra.world

Disclaimer

This document is provided for informational purposes only and does not constitute legal advice. Verify all placeholders and obtain advice from qualified counsel to ensure full compliance with Andorran and any other applicable laws.