This is an English translation from the Spanish original.


1. Who is responsible for the processing of personal data?

TONIK24 TRADING, S.L. (hereinafter "TONIK24").
Headquarters: C/ Los Geranios, 3 - Los Patios - 35100 San Bartolomé de Tirajana (Las Palmas)
Registered with the Trade Register of San Bartolomé de Tirajana (Las Palmas) on 31 August 2018, Volume 2201, Folio 41, Page GC-54611, first entry.

To regulate your questions and rights as a data subject, you can contact the Data Protection Officer of TONIK24 (hereinafter "DPO") by email: This email address is being protected from spambots. You need JavaScript enabled to view it.

2. For what purposes and for what legitimate reasons do we process your data?  

The user's personal data are processed autonomously and manually and/or automatically for the following specific purposes:

The registration as a user in the digital account (hereinafter "digital account") and the management of user accounts. The processing of data for this purpose is carried out in the context of the performance of the contractual relationship to which you are a party. Answering questions and doubts raised by users in connection with the digital account services. The processing of data for this purpose is legitimised in the context of the implementation of the pre-contractual and, where applicable, contractual relationship in which you are involved. If expressly authorised, in order to create a commercial profile of the user and carry out commercial actions tailored to it (browsing data, access habits, traffic) in accordance with the cookie policy. The processing of your data for this purpose is legitimised by the consent given by you through the configuration of cookies. Creation of statistical reports on the commercial profiles of users, carried out in accordance with the access habits and activities of users on the digital account, in accordance with the cookie policy. The processing of your data for this purpose is legitimised by the consent given by you through the configuration of the cookies. Compliance with the obligations established by law. To monitor the exercise of the protection rights by the user.  

The consents obtained for the above purposes are independent of each other, so that the user can revoke one or more of them without affecting the others.

3. What categories of data do we process?

The following categories of data are processed by data controllers:

Identifying data: Surname, first name, postal address, email address, postcode, telephone number, city, etc.
Professional data: Occupation, position, etc.
Traffic and location data.
Business data: tax identification number, company name and trade name.

The personal data requested are generally mandatory, except in cases where it is expressly stated otherwise, so that their refusal makes it impossible to fulfil the above purposes. Therefore, if the user does not provide them, it will not be possible to register him/her on the website or to process his/her request.

In the event that the interested party provides data from third parties, he declares that he has their consent and undertakes to provide them with the information contained in this clause, releasing the correspondents from any liability in this regard. However, controllers may carry out checks to confirm this fact by carrying out the appropriate due diligence in accordance with the data protection regulations.


We offer the option of processing the payment process via the payment service provider PayPal (PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg). This is in line with our legitimate interest in offering an efficient and secure payment method. In this context, we pass on the following data to PayPal, insofar as it is necessary for the fulfilment of the contract.

First name
Last name
E-mail address
Telephone number

The processing of the data provided under this section is not required by law or contract. We cannot process a payment via PayPal without the transmission of your personal data. You have the option of choosing a different payment method.

PayPal carries out a credit check for various services such as payment by direct debit in order to ensure your willingness and ability to pay. This corresponds to the legitimate interest of PayPal and serves the execution of the contract. For this purpose, your data (name, address and date of birth, bank account details) are passed on to credit agencies. We have no influence on this process and only receive the result of whether the payment has been made or rejected or a check is pending.

You can find more information about objection and removal options vis-à-vis PayPal at:

Your data will be stored until payment processing is completed. This includes the period required for processing refunds, claims management and fraud prevention. We have a statutory retention period of 10 years for the following documents: Billing documents, delivery notes, orders.

4. Who are the recipients of the data?

Your personal data may be disclosed by the controllers to:

National Police Authorities and other competent authorities and administrations, in accordance with the provisions of the law. Service providers who carry out the data processing described in the Privacy Policy in accordance with applicable data protection legislation. These providers will not process your data for their own purposes of which they have not been previously informed by the data controllers. Companies belonging to the TONIK24 Group, for the provision of administrative services, system support, as well as for the execution of the corresponding reports between them.

The service providers are used to fulfil the purposes stated in this policy. In this context, we point out that we ensure that these service providers process personal data in accordance with European data protection law in order to guarantee a high level of protection through corresponding contractual regulations, even if personal data is transferred to a country in which a different level of data protection exists and for which there is no adequacy decision by the EU Commission. Please note that no further transfer of personal data to other recipients will take place unless required by law. For more information on the adequate safeguards in relation to international data transfers or a copy of these safeguards, please contact the Data Protection Officer designated by the Joint Controllers by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

6. How long will we keep your personal data?  

Your personal data will be kept for different lengths of time depending on the purpose for which it is processed:

In the case of processing your data to manage your registration as a user on the Platform, your data will be kept for the period during which you have the status of a registered user (until you withdraw your consent) and also thereafter until the expiry of the limitation period for any legal action that may arise from the registration. In the case of processing of your data to respond to enquiries and doubts expressed through the website, your data will be processed for the duration of the enquiry and also thereafter until the expiry of the limitation period for any legal action. In the event that your personal data is processed to analyse user behaviour on the Platform in accordance with the Cookie Policy, your data will be processed by cookies for a period of one year from the date of collection. If your data is processed to comply with obligations laid down by law, your data will be processed for the periods laid down by law in relation to those obligations. If your data is processed to fulfil data protection rights exercised by you, your data will be processed for the duration of the processing of the exercise of the right in question and also thereafter until the expiry of the limitation period for any legal action that may arise from the exercise of the right in question.

7. What rights do you have when your data are processed?  

The data subject has the right to:

Revoke the consents given. Access their personal data. Correct inaccurate or incomplete data. Request the erasure of their data if, among other things, the data is no longer necessary for the purposes for which it was collected. Request from the controllers the restriction of the processing of the data if one of the conditions provided for in the data protection rules is met. In certain circumstances and on grounds relating to their particular situation, data subjects may object to the processing of their data. Controllers shall stop processing the data unless there are compelling legitimate grounds for doing so or in order to assert or defend claims. They may contact a human being to express their point of view and, where appropriate, to challenge automated decisions made by controllers. to request portability of their data. To know the essential aspects of the agreement between TONIK24, which regulates the functions and responsibilities of each entity in relation to the processing of users' personal data and their relations with them, as well as the procedures and mechanisms for exercising the rights of the parties concerned.

Likewise, you may file a complaint with the Spanish Data Protection Authority if the data subject considers that the data controllers have violated the rights recognised in the applicable data protection legislation. As the data controller, you may send a written request to the postal address C/los Geranios, 3, enclosing a photocopy of a document confirming your identity, in order to exercise the above rights at any time and free of charge. Without prejudice to the foregoing, the data subject may contact the Data Protection Officer, designated among those responsible, and request this in writing by email to the address This email address is being protected from spambots. You need JavaScript enabled to view it., in any case attaching a document confirming his/her identity and indicating the right or rights he/she wishes to exercise, under the conditions established in the regulations in force.

8. Where does the data come from if it does not come from the data subject?  

In addition to the information you provide us directly (e.g. via forms, etc.), we receive information about your browsing habits if you consent to this.  

If the data transferred relates to natural persons other than the data subject, the data subject must declare that he or she has been informed about and has given prior consent to the processing of his or her data for the purposes set out in these clauses. In the specific case of the involvement of professionals and invitations from industry colleagues and/or employees, it undertakes to have the necessary legitimacy and to obtain their express consent.

9. What security measures do we take to protect your data?  

The data controllers will treat the data with absolute confidentiality at all times and will comply with the mandatory obligation of secrecy in accordance with the regulations in force, taking the necessary technical and organisational measures to this end to ensure the security of your data and prevent its alteration, loss, unauthorised processing or access, taking into account the state of the art, the nature of the data stored and the risks to which it is exposed.

10. Changes to the privacy policy

The controllers reserve the right to amend this privacy policy in order to adapt it to any new legislation. In such cases, the changes will be announced on the platform in good time before they are implemented.

Last update: 03.01.2023