Privacy Policy

This Privacy Policy (hereinafter referred to as the "Policy") defines the procedure for processing and protecting the personal data of users of the Caterizi platform (owner – Natalia Babkina, individual entrepreneur, NIE Y5479825C, Spain) in accordance with the General Data Protection Regulation (GDPR) of the EU and the legislation of the EU on personal data protection. We comply with the principles of lawfulness, fairness, and transparency in data processing and take necessary measures to protect the confidentiality of your data.

Data Controller: Natalia Babkina is the controller of your personal data collected through the Caterizi platform. For the purposes of applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), Caterizi acts as the data controller in relation to the personal data collected through the Platform. If you have any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at: privacy@caterizi.com.

We collect and process the following categories of users' personal data:

• Identification data: user's first and last name.
• Contact data: postal address (delivery address), phone number, email address.
• Payment information: data required for processing payment (e.g., information about a bank card or other payment method). Note: payment credentials may be processed directly by our payment provider, and we do not store your full bank card data on our servers for security reasons.
• Order data: history of orders made through the platform (ordered goods or services, transaction dates and amounts, order statuses, etc.).
• Technical data: IP address, cookies, data on activity on the website (e.g., viewed pages, clicks, visit time), and other online identifiers. These data allow us to analyze the use of the platform and ensure the correct functioning of services.

We do not request or collect special categories of personal data (such as data on health, political views, religious beliefs, etc.), as such information is not required for the operation of Caterizi. Please refrain from providing us with such information through the platform.

Personal data is provided by users directly and collected by us automatically when interacting with the platform:

• Account registration: when creating an account on Caterizi, you provide us with your first name, last name, email address, phone number, and (if necessary) home or delivery address. These data are required to identify the user and ensure the functionality of the platform.
• Placing an order: when ordering goods or services through Caterizi, you enter data necessary to fulfill the order – for example, name and delivery address, contact phone number, payment details. We also retain information about the order itself and its history.
• Using the website: during your use of the platform, we automatically receive some technical data. For example, when visiting the site, your IP address and cookies are recorded, which allow us to recognize you upon subsequent visits. We use cookies and similar technologies to collect information about how you interact with our site (e.g., which pages you view, which actions you take). This helps improve service performance, remember your preferences, and customize a convenient interface. You can manage cookie settings in your browser; however, disabling cookies may affect the availability of certain platform functions.
• Support requests: if you contact us for support, we may receive additional data that you provide in your request (e.g., information about the issue, attached screenshots, etc.). These data will be used exclusively to resolve your request.

We collect only the minimally necessary personal data, limited to information without which we cannot provide you with our services or improve their quality. All data is obtained lawfully and in accordance with this Policy.

We process personal data on the following legal bases under the GDPR:

• Performance of a contract – when processing is necessary to provide the services requested by users through the Platform.
• Legitimate interests – when processing is necessary for the operation, improvement, and security of the Platform, including fraud prevention and service optimization.
• Legal obligations – when we are required to process or disclose personal data in order to comply with applicable laws and regulations.
• Consent – when users voluntarily provide consent for specific processing activities such as marketing communications.

The Platform may use cookies and similar technologies to enhance user experience, analyze traffic, and improve the functionality of the website. Cookies may include:

• essential cookies necessary for the operation of the Platform;
• analytics cookies used to understand how users interact with the Platform;
• preference cookies that remember user settings and preferences.

Users may manage cookie preferences through their browser settings.

We process the personal data of Caterizi users for specific and lawful purposes. Each data operation is carried out on a relevant legal basis in accordance with the GDPR (Art. 6 GDPR). Below are the purposes of processing and justifications:

• Order processing and fulfillment. Your data (name, address, phone number, order contents, etc.) is used to process, confirm, and deliver your order, as well as to issue invoices and receive payment. Legal basis: performance of a contract between you and us (Art. 6(1)(b) GDPR).
• User communication. We use contact data (phone, email) to inform you about the order status, clarify details, provide service communications, and respond to your support requests. Legal basis: performance of a contract and/or our legitimate interest in providing quality customer support.
• Payment processing. Payment information is transferred to our payment provider to process order payments. We process this data to confirm the payment and prevent fraud. Legal basis: performance of a contract and compliance with legal obligations.
• Compliance with legal obligations. We may process and store some of your data to comply with legal requirements. Legal basis: compliance with our legal obligations (Art. 6(1)(c) GDPR).
• Analytics and service improvement. Data about your interaction with the platform is used for analytical purposes to understand user needs and improve our site and services. Legal basis: our legitimate interest (Art. 6(1)(f) GDPR).
• Feedback and notifications. We may use your data to send important notifications about platform operation, policy or terms changes, and request feedback about service quality. Legal basis: legitimate interest in maintaining communication with users. Marketing communications will be sent only with your explicit consent.

We treat the confidentiality of your data with respect and do not sell or disclose personal data to third-party organizations, except in cases expressly stated in this Policy or provided by law:

• Payment providers: To process payment, your payment data is securely transferred to our external payment provider. All such third parties are required to comply with data security and confidentiality requirements.
• Order fulfillment partners: In some cases, to fulfill your order, we engage third-party partners who receive only the data necessary to fulfill the order. Partners are required to use the provided data solely for the purpose of fulfilling your order.
• Disclosure required by law: We may disclose your personal data to government bodies, supervisory authorities, or other third parties if required by law.

All third-party data recipients are checked for GDPR compliance and enter into data protection agreements (DPAs) with us.

Caterizi may share personal data with trusted third-party service providers acting as data processors:

• payment processing providers;
• cloud hosting and infrastructure providers;
• analytics and performance monitoring services;
• customer support tools;
• marketing and communication platforms.

Such processors are contractually obligated to process personal data only in accordance with our instructions and applicable data protection laws.

Caterizi does not use personal data for automated decision-making processes that produce legal effects or significantly affect users without human involvement.

Caterizi implements appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include secure infrastructure, encryption technologies where appropriate, and restricted access to personal data.

Personal data will be retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, including compliance with legal, tax, and regulatory obligations.

Under the GDPR, users have the following rights regarding their personal data:

• the right to access their personal data;
• the right to request correction of inaccurate or incomplete data;
• the right to request deletion of personal data in certain circumstances;
• the right to restrict or object to certain types of data processing;
• the right to data portability;
• the right to withdraw consent where processing is based on consent.

Requests regarding personal data rights may be submitted by contacting us at privacy@caterizi.com

In certain circumstances, personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, Caterizi ensures that appropriate safeguards are implemented in accordance with GDPR requirements, including Standard Contractual Clauses approved by the European Commission.

Users also have the right to lodge a complaint with a competent data protection authority if they believe their personal data has been processed in violation of applicable data protection laws.

Personal data may be stored and processed on secure servers operated by Caterizi or its service providers in accordance with applicable data protection laws. We use modern security tools, including data encryption, secure networks, firewalls, and intrusion detection systems. Access to personal data is restricted to employees and authorized persons who need these data to perform their duties.

We retain users' personal data no longer than necessary for the purposes for which they are processed:

• Account data: Your profile information is stored for the entire duration of your use of the Caterizi platform.
• Order and payment history: Data about your orders, transactions, and payments is retained as long as necessary for contract performance and legal compliance (e.g., 5 years for tax/accounting).
• Correspondence and requests: Typically retained for no more than 1–2 years after resolving your issue.
• Technical and analytical data: Server logs stored usually up to 1 year.

Once the processing purposes are fulfilled and the retention period expires, the data is subject to deletion or anonymization.

In accordance with the GDPR:

• Right of access – you have the right to request confirmation of whether your personal data is being processed, as well as to obtain a copy of all personal data we hold about you.
• Right to rectification – you have the right to request correction or completion of your personal data if it is inaccurate or incomplete.
• Right to erasure ("right to be forgotten") – you may request the deletion of your personal data.
• Right to restriction of processing – you have the right to temporarily restrict the processing of your data.
• Right to data portability – you can obtain your personal data in a structured, commonly used, machine-readable format.
• Right to withdraw consent – you have the right to withdraw consent at any time.
• Right to object to processing – you have the right to object to the processing of your personal data based on legitimate interest.
• Right to lodge a complaint – you may lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos).

To exercise your rights, contact us at privacy@caterizi.com.

The Caterizi platform is not intended for use by individuals under the age of 18. We do not knowingly collect or process the personal data of children. If we discover that we have received personal data from a minor user without proper parental consent, such data will be deleted. Parents or legal guardians may contact us at privacy@caterizi.com.

For all questions related to this Privacy Policy:

Email: privacy@caterizi.com

We will review your inquiry and respond within 10–15 business days.

By registering on the Caterizi platform or using our website and services, you confirm your agreement with this Privacy Policy. If you do not agree with any provision, please stop using the platform. Accepting this Policy is a mandatory condition for registration and use of Caterizi services.

We reserve the right to periodically make changes to this Privacy Policy. If we make significant changes, we will notify users by posting a notice on the website or via email. The current version of the Policy is always available on our website. Continuing to use the Caterizi platform after changes indicates your acceptance of the updated terms. Thank you for your trust in Caterizi.