Data Protection Declaration

Data protection statement from HA Ilarduya

Protecting your personal data when you visit our website is something we take very seriously. We protect your data in accordance with the statutory provisions of the EU General Data Protection Regulation (GDPR, effective from 25 May 2018).   

HA Ilarduya endeavours to compile, carefully check and regularly update all of the information on our website to the best of our knowledge and belief. However, a guarantee of the completeness, correctness and validity of this information cannot be provided. Furthermore, HA Ilarduya accepts no liability whatsoever for any damage arising in connection with your access to this website or the use of the contents contained herein. HA Ilarduya reserves the right to amend, modify or delete the content of this website at any time without prior notice and at its own discretion. If this website contains information from third parties or links to Internet pages operated by third parties, these are provided exclusively as an additional service for users. HA Ilarduya is not responsible for the content of third-party websites and does not adopt these contents as its own. HA Ilarduya assumes no liability for damage arising in connection with the access to third-party websites or from the use of the contents of those sites.


Article 1 Information about the collection of personal data

(1) In the following, we provide you with information about the collection of your personal data when you use our website. Personal data are all data relating to you as a personally identifiable person, e.g. name, address, email addresses, user behaviour, etc.

(2) Legally responsible under Article 4 (7) of the EU General Data Protection Regulation (GDPR) is HA Ilarduya (see our legal notice). You can contact our data protection officer at ha[at] or by sending a letter addressed to “der Datenschutzbeauftragte” (Data Protection Officer) at our postal address.

The Data Protection Officer of HA Ilarduya is Christian Wolff (DSB Cert) c/o Data Business Services GmbH & Co KG, Schierholzstraße 27, 30655 Hanover, Germany, Phone: +49 (0)89 12501375-6, wolff-dpo[at]

(3) When you contact us by email or via our website’s contact form, the data you provide (your email address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We will delete the data you have provided in this context as soon as storage is no longer necessary or restrict the processing of your data if these are covered by statutory retention obligations. HA Ilarduya assumes that no communications of any kind sent to HA Ilarduya via this website or in any other way are subject to confidentiality.

(4) If we use contracted service providers for individual functions of our services or would like to use your data for advertising purposes, we will provide detailed information about the respective processes below. We will then also specify the criteria used to determine the period for which your data will be stored.


Article 2 Your rights

(1) You have the following rights with regard to your personal data:

  • Right to be informedRight to rectification or erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

(2) You also have the right to lodge a complaint with a data protection supervisory authority about the way we process your personal data. The responsible data protection supervisory authority for HA Ilarduya.

President of the National Supervisory Authority for Personal Data Processing, Directora Mar España Martí, C/Jorge Juan, 6, E - 28001 Madrid, Tel.:+ 34 901 100 099; + 34 91.266.35,


Article 3 Collection of personal data when visiting our website

(1) Personal data is information that can be used to identify a person, i.e. information that can be traced back to a person. These include, for example, a person’s name, email address or telephone number. But data about preferences, hobbies, memberships or which websites were viewed by someone also count as personal data. As far as the user has made personal data available to our website, we use these data only to answer the user’s and/or customer’s enquiries, to process contracts concluded with the user and/or customer of the website and for technical administration. Personal data will only be passed on or otherwise transferred to third parties if this is necessary for the purpose of contract processing or for billing purposes or if the user of the website and/or customer has given his or her prior consent. When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transfers to our server. When you visit our website, we collect the following data, which are technically required in order to enable you to view our website and to guarantee stability and security (pursuant to Article 6 (1) f) of the GDPR):

  • IP address
  • Date and time of the query
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (the actual page)
  • Access status/http status code
  • The amount of data transferred in each case
  • Website from which the request came
  • Browser
  • Operating system and interface
  • Language and version of browser software.

(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your computer when you visit a website via your browser. Cookies contain certain information which is shared between your computer and the website that created the cookie (in this case, us). Cookies cannot run programs or transmit viruses to your computer. They serve to make our website more user-friendly and effective.

(3) Use of Cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (see b)
  • Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close your browser. This includes in particular session cookies, which store a unique session ID, enabling us to assign different requests to your browser until you close your browser. Transient cookies allow us to identify your computer when you return to our website. Session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can manually delete cookies at any time in the security settings of your browser.

d) You can configure your browser settings according to your personal preferences and, for example, refuse third-party cookies or all cookies. If you do so, please note that you may not be able to use the full functionality of our website.

e) If you have an account with us, we use cookies to help us identify you each time you visit our website. This means you are not required to repeat the log in for each visit.

f) Flash cookies are not managed by your browser, but by your Flash plugin. We also use HTML5 local storage objects that are stored on your device. These store the required data just like your browser does but in a separate location on your hard drive. They do not have an automatic expiry date. If you do not wish us to process Flash cookies, you will need to install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox ( or the Adobe Flash killer cookie for Google Chrome. You can also prevent the use of HTML5 local storage objects by enabling your browser’s private mode. We also recommend that you regularly delete your cookies and your browser history manually.


Scope, validity and legal effectiveness of the data protection statement

By using our website, you consent to the processing of personal data as described above. This data protection statement is currently valid and effective from May 24, 2018. As we continue to develop our website and/or implement new technologies, it may become necessary to amend this data protection statement. HA Ilarduya reserves the right to amend the data protection statement at any time with effect for the future. We recommend that you re-read the current data protection statement at regular intervals.