Horizon

Privacy policy

At Horizon Products SL (hereinafter, “Horizon”), we are dedicated to protecting your privacy. Therefore, we handle your data and personal information in line with this privacy policy and in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or “GDPR”), Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (“LOPD-GDD”) and other relevant legislation.

This privacy policy applies to all activities conducted by Horizon.

By providing us with your personal data and using our website, we assume that you have read and understood the terms concerning the protection of personal data provided.

1. Data controller

Identification: Horizon Products SL
Address: C/ Tarragona, 157, 4th floor, 08014 Barcelona (Spain)
Company Tax ID No. (CIF): B-23802895
Phone number: +34 659459053
Contact: jescaich@horizonproducts.com

2. Personal data and special categories of personal data

Personal data refers to any information about an identified or identifiable natural person (the “data subject”), such as their name, address, telephone number or email address.

Special categories of personal data are a subset of personal data that reveal ethnic or racial origin, religious or philosophical beliefs, sexual orientation, medical or health information or union membership, among others.

Personal data (or data) encompasses any information relating to an identified or identifiable natural person, even indirectly, by reference to any other information, including a personal identification number.

3. Personal data we collect and purposes of processing

3.1 Request for personal data

The personal data we may request from you include your contact information (such as name, address, telephone number, email address, among others), identification data (such as national identity card number, foreigners’ identity card number or passport, among others) or any others that are necessary to fulfil the purposes outlined in this privacy policy. If we collect special category personal data about you, we will inform you, request your express consent for processing when necessary in accordance with applicable regulations and inform you of its purposes.

During your relationship with Horizon, it is possible that other personal data may be collected. In such cases, we will request your consent and provide you with information, including the processing to be carried out, its purpose, the legal basis for processing and your rights regarding your personal data.

Additional personal data collected may be indicated in other sections of this privacy policy or through informational texts displayed at the time of data collection.
Personal data may be provided directly by the user or collected automatically during the use of the website.

3.2 Purposes of processing

Horizon collects your personal data for various purposes, depending on the use and origin of such personal data (customers, suppliers, employees or third parties…).

Personal data of customers are processed solely for the development of the specific commercial relationships with Horizon. Any use of customers’ personal data beyond those indicated here will require prior, express and specific consent from their owners or legal representatives.

In accordance with current regulations, the personal data we may request to fulfil the aforementioned tasks are those necessary for the execution of commercial or service relationships entrusted to us by the customer and/or compliance with legal obligations (such as money laundering, protection of personal data, etc.).

In the case of personal data from its suppliers, Horizon collects and processes them to manage service offers and the commercial or service relationship with them.

As for the personal data of Horizon’s employees, the collection and processing of data are conducted to comply with and manage the employment relationship and to address Horizon’s activities, including personnel administration, occupational risk prevention, sending general or personal communications, including those related to managing awards or recognition, etc. In the case of CVs, for admitting and managing applications and recruitment processes, and, if applicable, subsequent hiring.

In all instances, the personal data collected will be used to meet legal obligations and those stemming from commercial relationships, contracts, administrative tasks, etc., in which Horizon is involved, as well as to address any labour or commercial complaints or claims.

Moreover, they may be used to distribute surveys, questionnaires and requests for evaluations of our services, as this information is valuable for monitoring their quality.

We will manage your contact information gathered through letters, emails or forms on this website to handle your requests and enquiries.

Cookie data: Any use of cookies or other tracking tools by the website or external service providers used by it, unless otherwise specified, aims to identify the user and record their preferences strictly for purposes related to providing the service requested by the user. This data is always processed in accordance with our cookie policy, available on our website.

Additionally, Horizon may use your data to provide you with information about our services, products or proprietary information. You can opt out of being contacted or informed about our products or services at any time, as well as prevent your information from being disclosed to third parties for such purposes, either by contacting us directly or by clicking the “unsubscribe” button in promotional emails.

3.3 Data collection methods

Typically, we obtain your personal data directly from you. We collect the information and personal data you provide to us electronically, including information submitted through the website, during phone conversations with Horizon staff, in the course of providing our services and through forms or any other written or electronic means you complete.

If we gather personal information about you from third parties, we will notify you, and if necessary, seek your consent for such processing.

Should we receive information or personal data about you that we have not requested or that is irrelevant to the stated purposes, we will either delete or anonymise the information, unless retention is mandated by applicable regulations.

3.4 What happens if you do not provide your information and personal data or do not authorise their processing

If you are a customer or a supplier, you have the right not to provide us with information or personal data. However, in that case, it may become impossible to subscribe to any type of contract or to provide services.

If you are an employee and do not provide information or personal data necessary for compliance with obligations, the exercise of legal or regulatory rights or the execution of an employment contract or service provision by Horizon, or for the satisfaction of legitimate interests, your employment relationship with Horizon may be hindered or affected in some way.

In the case of special category data, explicit consent will always be sought, except when processing is necessary to fulfil obligations and exercise specific rights of the data controller or the data subject in the fields of labour law, social security and protection, to protect vital interests or concerns data that you have clearly made public. Additionally, processing may occur for defence against claims, reasons of essential public interest or for preventive or occupational medical purposes, assessing your work capacity, medical diagnosis or providing healthcare or social treatment.

4. Legitimacy for the processing of personal data

The legal basis for processing your data for the aforementioned purposes will always be one of those outlined in Article 6 of the GDPR, namely:

  • Consent of the data subject.
  • Execution of a contract.
  • Compliance with a legal obligation applicable to the data controller.
  • Protection of vital interests of the data subject or another natural person.
  • Pursuit of legitimate interests by the data controller or a third party.


If the processing involves special category personal data, it will always be grounded in one of the legal bases outlined in Article 9 of the GDPR.

If the user is a minor, it is necessary for them to have prior consent from their parents or guardians before their personal data is included in the website’s forms. Horizon is not liable for any failure to comply with this requirement.

5. Duration of personal data processing

Generally, the personal data provided will be retained for the time necessary to fulfil the purposes described in this Privacy Policy or to address any requests from the data subjects, unless a longer retention period is legally permitted or required, or until their erasure is requested by the data subject.

When Horizon acts as the data controller, it will ensure that the data being processed:

  • Are suitable for the purpose for which they were collected.
  • Are not used for different and/or incompatible purposes than those that justified their collection and processing.
  • Are not indefinitely maintained without justification.
  • Are erased when they are no longer necessary for the purpose that justified their collection and processing.


Retention of data is considered justified when:

  • The data will be used for historical and/or statistical purposes.
  • Harm could be caused to the legitimate interests of the data subject or third parties.
  • A regulation imposes the obligation to retain the data for a specific period of time.
  • The data and documentation serve as proof of an activity or service provided, during the statute of limitations periods for civil, criminal, administrative or any other actions that may arise from the activity or service provided.
  • A longer retention period has been agreed upon by the interested parties.


In cases where there is a legal obligation to retain data for a specified period of time and/or during the statute of limitations periods for actions that may arise from the activity or service provided, Horizon will proceed to block the data for the mentioned periods. The blocked data will only be accessible to public administrations, judges and courts to address potential liabilities arising from the processing during the statute of limitations period of these liabilities and/or during the legal deadlines established for this purpose. Once these deadlines have expired, the blocked data must be deleted.

When Horizon acts as a data processor, in line with the GDPR and after fulfilling the contractual obligations that led to the processing assignment, personal data must either be destroyed or returned to the data controller, along with any media or documents containing personal data subject to processing.

Similarly to the previous scenario, data erasure by the data processor will not occur if there is a legal provision requiring their retention. In such cases, the data must be returned, with the data controller ensuring their preservation. It is also mandated that the data processor retains blocked data as long as liabilities may arise from its relationship with the data controller.

Following these guidelines, the following retention periods for personal data are established:

5.1 Regarding requests for information about products and services of the company

Period: If no contract is formalised, personal data will be retained solely for commercial or statistical purposes and as evidence in quality procedures in which Horizon participates.

5.2 Regarding customers

Period: Personal data of Horizon’s customers will be retained indefinitely in compliance with legal obligations while the contractual relationship exists, and once the commercial relationship has ended, as long as there is a legal obligation to retain them.

5.3 Regarding data concerning company personnel

Period: They will be retained for the duration necessary to fulfil the purpose for which they were collected and to determine any liabilities that may arise from that purpose and the processing of the data. The regulations on archives and documentation will be applicable.

Regulatory reference: Article 21.1 of Royal Decree-Law 5/2004 on offences and sanctions in the social order and Articles 6.1.b) and 6.1.c) of the General Data Protection Regulation.
In the specific case of job applications and CVs, they will be kept for a period of one year, unless otherwise indicated by the data subject.

5.4 Regarding occupational risk prevention

Period: They will be retained for the duration necessary to fulfil the purpose for which they were collected and to determine any liabilities that may arise from that purpose and the processing of the data. The regulations on archives and documentation will be applicable.

Regulatory reference: Article 4 of Royal Decree-Law 5/2004 on offences and sanctions in the social order and Articles 6.1.b) and 6.1.c) of the General Data Protection Regulation.

5.5 Regarding the processing of personal data for advertising and promotional purposes

Period: The personal data of individuals interested in receiving advertising and promotional information from Horizon will be retained in the system indefinitely until the individual requests their erasure.

Regulatory reference: Article 6.1.a) of the General Data Protection Regulation.

5.6 Regarding video surveillance

Period: 1 month.

Regulatory reference: Article 22.3 of the LOPD-GDD.

5.7 Regarding access control to buildings: applicable to administrative and service personnel of Horizon who must clock in:

Period: Three months from the collection of personal information.

5.8 Regarding accounting and tax documentation

Period: They will be retained for the time necessary to fulfil the purpose for which they were collected and to determine any liabilities that may arise from that purpose and the processing of the data, in accordance with Law 58/2003, of 17 December, General Tax Law, in addition to the periods established in the regulations on archives and documentation.

Regulatory reference: General period for the prescription of personal actions in civil legislation (Article 1964 of the Civil Code and 121–20 et seq of the Civil Code of Catalonia), Article 6.1.c) of the General Data Protection Regulation, Law 38/2003, of 17 November, General Subsidies Law, and Law 58/2003, of 17 December, General Tax Law.

5.9 For the purpose of justifying national or foreign public subsidies and aid

Period: Until the end of the prescription period for justifying the expenses incurred under them.

Regulatory reference: Law 38/2003, General Subsidies Law, of 17 November.

If you would like more information about the retention period of any of your personal data, you can contact us at the email addresses provided in this privacy policy.

6. Transfer of personal data to third parties

We may share or disclose your personal information to third parties for any of the reasons mentioned above. Such third parties may include providers, research centres, as well as their clients, external advisers, suppliers or subcontractors (e.g., postal service, support services, etc.), in compliance with the contractual relationships entered into with such third parties, both within and outside the EU/EEA. Likewise, your data may be communicated to third parties as a result of legal obligations or requirements, to courts, tribunals and public administrations when necessary, or to any other third party, individual or entity to whom you have authorised us.

When we need to transfer or disclose your data to third parties, we will maintain our commitment to safeguarding your personal data in line with this privacy policy and take all reasonable measures and precautions to ensure that third parties uphold confidentiality and secrecy commitments regarding the protection of your personal data. The transfer or disclosure of your personal data will always be carried out in compliance with legal obligations and based on data processing agreements, ensuring that your data is not processed for any purposes other than those clearly established, and that necessary security measures are implemented.

In the case of international transfers, we will always obtain your explicit consent to transfer your personal data to third parties located outside the country where we collected your data (if applicable), except where the transfer is authorised or required by law, regulation or court order.

We will not share special categories of personal data about you with any person or entity other than Horizon, our employees, Horizon collaborators, government agencies and others in compliance with legal obligations or requirements, courts, tribunals and public administrations, or any other third party authorised by law.

7. Storage and security of your personal data

We store your personal data in both paper and electronic files. We have implemented safeguards to protect the personal data we store from misuse, interference, loss, unauthorised access, modification or disclosure, as required by current regulations.

Horizon utilises technical security measures, including encryption where feasible. Moreover, various systems, such as secure document storage and restricted access to personal data for authorised individuals, help ensure the security of your personal data processing.

Furthermore, Horizon takes reasonable steps to permanently delete all personal data once its intended use period has ended, as outlined in this privacy policy.

8. Rights regarding your personal data

Horizon aims to ensure that the information we hold about you is accurate, current, complete and relevant. Nevertheless, you have the right to access this information and rectify it if it is incorrect, inaccurate, outdated or incomplete. You also have the right to withdraw your consent for the processing of your personal data.

Moreover, if you have any enquiries about this privacy policy or wish to access, amend or rectify your personal data in any manner, please feel free to contact us by sending your communication to C/ Tarragona, 157, 4th floor, 08014 Barcelona (Spain) or by emailing jescaich@horizonproducts.com.

What rights do you have regarding the processing of your data?

  • Right to request access to your personal data.
  • Right to request rectification or erasure.
  • Right to request restriction of its processing.
  • Right to object to the processing.
  • Right to data portability.
  • Right to withdraw consent granted.


Access/rectification and erasure: Data subjects have the right to access their personal data and request rectification of inaccurate data or, where appropriate, request erasure when, among other reasons, the data are no longer necessary for the execution of the contract.

Restriction: Under certain circumstances, data subjects may request restriction of data processing, in which case we will only retain the data for the exercise or defence of claims.

Objection: Data subjects may object to the processing of their data. Horizon will cease processing the data, except for legitimate, compelling reasons, or the exercise or defence of potential claims, and we will keep them duly blocked for the corresponding period while legal obligations persist. 
Likewise, data subjects have the right to object to the adoption of automated individual decisions that could produce legal effects or significantly affect them.

Portability: Data subjects may request and receive the data that concerns them and that they have provided to us, or request that we send it to another data controller of their choice, in a structured, commonly used and machine-readable format.

When will we respond to your request?

We aim to respond to your requests promptly and, in any case, within one month of receiving your request. This period may be extended by another two months if necessary, considering the complexity and number of requests. The data controller will inform the data subject of any extension within the first month of the request.

Do you have the right to withdraw your consent?

Yes, the data subject has the right to withdraw the consent given at any time. This withdrawal does not affect the lawfulness of the processing based on the consent given at the time of subscription or data provision.

Where should you go to exercise your rights?

To exercise your rights, you can send a letter with all your details, including a photocopy of your ID card or passport and an indication of the right being exercised, to Horizon, C/ Tarragona, 157, 4th floor, 08014 Barcelona (Spain), or by sending an email to jescaich@horizonproducts.com.

Do you have the right to file a complaint?

We’d like to inform you that if you submit a request to exercise these rights and feel that it hasn’t been adequately addressed by our institution, you have the option to file a complaint with the Spanish Data Protection Agency. The procedure for doing so is outlined at this address.

9. Electronic communications

In accordance with Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce, please note that email addresses may be used for sending company information. If you prefer not to receive such information or wish to revoke the consent granted for the processing of your data, please use the method mentioned above or contact us at the following email address: jescaich@horizonproducts.com.

10. Privacy policy updates

Our privacy policy may undergo updates, revisions or modifications at any time, including changes to how we handle your personal data. The latest version of the privacy policy will always be available on our website www.horizonproducts.com. Any updates will take effect upon publication.

11. Additional information

Upon request, users can receive additional information beyond what is outlined in this privacy policy, including details about specific processing activities or the collection and processing of personal data.

For further information on privacy matters, you can visit the websites of the Spanish Data Protection Agency (AEPD) and the Catalan Data Protection Authority (APDCAT).