Legal notice and Privacy Policy
Last updated: May 26, 2026
1. Data Controller
In accordance with article 10 of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE):
- Name: PROMO-TIENDA, S.L. ("PROMOTIENDA")
- Address: Avda. Paral·lel, 110, 08015 Barcelona (Spain)
- Tax ID (CIF): B60840675
- Phone: +34 93 329 74 64
- Email: salvador@promotienda.es
- Registered with: Barcelona Commercial Registry, Volume 28,140, Folio 10, Sheet B-131680
- Privacy contact: privacidad@digitalsignagerds.com
2. Scope
This Legal Notice and Privacy Policy governs:
- The corporate website www.digitalsignagerds.com.
- The SaaS application rds.digitalsignagerds.com ("the Application"), which allows business customers to manage digital signage devices, playlists, media content and the associated billing.
3. Data we process and purposes
| Category | Data | Purpose | Legal basis (GDPR) | Retention |
|---|---|---|---|---|
| User account | name, username, email, password (hash), language, company, role | Create and maintain the account, authenticate the user, provide the service | Performance of a contract (art. 6.1.b) | For the duration of the contract + 2 years |
| Security and 2FA | login attempts, last login, 2FA codes sent by email, trusted-device cookie | Protect the account against unauthorised access | Legitimate interest (art. 6.1.f) and statutory security obligation | 12 months for access logs |
| Billing data | company name, tax ID (NIF/CIF), billing address, Stripe customer ID, subscription history | Manage billing and subscription payments | Performance of a contract (art. 6.1.b) and legal obligation (art. 6.1.c) | 6 years from the last transaction (art. 30 Spanish Commercial Code, tax legislation) |
| Customer content | images, videos, playlists, devices, locations | Provide the contracted functionality | Performance of a contract (art. 6.1.b) | For the duration of the contract + 90 days |
| Marketing communications | email, name, language, consent flag (marketing_consent), consent timestamp, unsubscribe token | Sending newsletters and promotional communications by email | Consent (art. 6.1.a GDPR; art. 21 LSSI-CE) | Until consent is withdrawn or unsubscription is requested |
| Terms acceptance | date and version accepted | Evidence of contractual consent | Legal obligation (art. 6.1.c) | Contractual limitation period (5 years, art. 1964 Spanish Civil Code) |
| Activity logs | user actions, IP address, date/time | Audit, security, fraud prevention | Legitimate interest (art. 6.1.f) | 12 months |
| Contact data (web form) | name, email, message | Respond to the request | Consent (art. 6.1.a) | 1 year from the last communication |
4. Source of the data
The data is provided by the data subject themselves, whether when registering for the Application, when using it, or when contacting PROMOTIENDA.
5. Disclosures to third parties and data processors
In order to provide the service, PROMOTIENDA relies on the following data processors, with which it maintains contracts under article 28 GDPR:
| Processor | Service provided | Location |
|---|---|---|
| Amazon Web Services EMEA SARL | Hosting of the Application (EC2) and database | Ireland (EU) |
| Amazon Web Services EMEA SARL (SES) | Transactional and marketing email relay | Ireland (EU) |
| Stripe Payments Europe, Ltd. | Payment processing and subscription management | Ireland (EU) + United States |
| Soluciones Corporativas IP, S.L.U. (DonDominio) | Secondary SMTP relay | Spain (EU) |
Additionally, data may be disclosed to the competent authorities when required by law.
6. International transfers
Stripe may process certain data in the United States. This transfer is carried out under the European Commission's Standard Contractual Clauses (Decision 2021/914) and, where applicable, under the EU-US Data Privacy Framework. All other processing takes place within the European Economic Area.
7. Marketing communications (LSSI-CE)
PROMOTIENDA will send marketing communications by email only to users who have expressly granted their consent during registration or at a later stage (the "marketing_consent" checkbox).
Each message includes:
- A clear identification of the sender.
- An immediate unsubscribe link (one click, no login required) that withdraws consent (
/unsubscribe.php?token=...).
The user may revoke their consent at any time without affecting the use of the contracted service.
8. Security
PROMOTIENDA applies reasonable technical and organisational measures to preserve the confidentiality, integrity and availability of the data, including: encrypted communications (HTTPS/TLS), hashed password storage, two-factor authentication (2FA) — optional or mandatory depending on the role —, CSRF protection, role-based access control and activity logging.
9. Breach notification
In the event of a personal data security breach that poses a risk to the rights and freedoms of the data subject, PROMOTIENDA will notify the Spanish Data Protection Agency (AEPD) within a maximum of 72 hours (art. 33 GDPR) and, where appropriate, the affected data subject (art. 34 GDPR).
10. Rights of the data subject
You may exercise the following rights at any time:
- Access, rectification, erasure ("right to be forgotten"), objection, restriction of processing and portability of the data.
- Withdrawal of consent previously granted, with no retroactive effect.
- Complaint to the Spanish Data Protection Agency (www.aepd.es).
Procedure: send a request by email to privacidad@digitalsignagerds.com, or by post to the address listed in section 1, together with a copy of an identity document. PROMOTIENDA will respond within a maximum of one month from receipt, extendable to two months depending on the complexity or number of requests.
11. Minors
Access to the Application is reserved to persons over 18 years of age or legal representatives of legal entities. PROMOTIENDA does not knowingly collect data from children under 14; if it detects that such data has been provided, it will delete it.
12. Intellectual and industrial property
All rights to the elements of the websites and the Application (trademarks, designs, texts, software, etc.) belong to PROMOTIENDA or its licensors, except for content uploaded by customers, who retain ownership of it. Full or partial reproduction without express authorisation is prohibited.
13. Links to other websites
PROMOTIENDA is not responsible for the content, practices or privacy policies of third-party websites linked from its services.
14. Governing law and jurisdiction
This policy is governed by Spanish law. The parties submit, waiving any other jurisdiction, to the Courts of Barcelona, except where the applicable regulations establish a different mandatory jurisdiction.
15. Amendments
PROMOTIENDA may modify this policy to adapt it to legislative or service changes. The date of update appears at the top of the document. If the changes substantially affect the processing, users will be notified with reasonable advance notice.