1. Data processing that this Privacy Statement covers

This Privacy Statement provides information about the processing and the protection of your personal data when you accept to attend in person or online to our BUFF® GTM sales Meetings.

  1. Who we are? 

The controller of the personal data provided by you is:

Company name: ORIGINAL BUFF, S.A. 

Address: C/ França nº 16, Igualada 08700 (Barcelona), Spain.  

TAX ID: A58034000  

Registration: Barcelona Commercial Registry, tome 34.401, sheet 45, page number 119.299.  

Tel.: +34 93 805 48 61 

Email: buff@buff.com 

ORIGINAL BUFF is the parent company of different subsidiaries, that may be also controllers or processors of the personal data provided by you: 


Aschheimer Str. 13, 85622 Feldkirchen (Germany) 


Buff Inc 

133 Aviation Blvd. Ste 105 Santa Rosa, CA 95403. 

(707) 569-9009 


Buff Canada Ltd. 

120-105 Bow Meadows Crescent, Canmore AB T1W 2W8 


Buff UK  

Cranborne House Level Part 2, Cranborne Road, Potters Bar, Hertfordshire  

EN6 3JN  


Buff France Eurl 

25-27, Rue Tronchet 75008 Paris 

(34) 93 8054861 


Buff Italy Srl 

Via Fabio Filzi, 27, Milano 

(34) 93 8054861 


We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO at dpo@buff.com .

  1. Information about you: which personal data do we collect and further process?

We collect, use, store and transfer different kinds of personal data about you as follows:

By registering for the event, you are informed and accept the above

  1. How we use your personal information?

We will only use your personal data for the specific purposes for which we collected which include the following: Managing the organization and attendance to the  BUFF® GTM sales Meeting.

  1. What is the legal basis for the processing of your data?

The legal basis for the processing of your data is:

You will give the aforementioned consent by completing the registration online form and accepting the consent boxes on the specific purpose and the present privacy statement.

Accepting this privacy statement and consent boxes on the specific purposes is required to registrate and attend to the BUFF® GTM sales Meeting. 

  1. Information we Disclose to Third Parties:

Access to your personal data is provided to our staff and  contractors out purposes of the processing as stated above according to the “need to know” principle.

We share your personal data within the COMPANY group and with external third parties for the purposes set out in this Privacy Statement. 

We carefully select third-party service providers. We have engaged these third-party service providers under contract and are required to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Consequently, we may share your information with the following entities:

We may share your personal data with other third parties, as to the extent and for the purpose we may be required to do so by law.

  1. Your data & Cross Border Transfers

Your data may be stored and processed in the European Union, Canada, UK and USA or in any country where we engage services providers, this includes any country outside the mentioned countries. 

We are committed to the sufficient protection of your personal information regardless of where the data resides and to providing adequate protection for your personal information where such data is transferred outside EU, Canada, UK, USA or the EEA.

  1. Retention of your Information.

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law and subsequently only in order to comply with its legal obligations.

Regardless of whether we process your data for the time strictly necessary to fulfil the relevant purpose, we will subsequently retain it, duly stored and protected for as long as liabilities may arise from the processing, in compliance with the legislation in force at any given time. Once the possible actions in each case have expired, we will delete the personal data.

  1. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, subsidiaries and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

  1. Your Rights

You have, in connection with your personal data, under certain circumstances, the right to:

 If you wish to exercise any of the rights set out above, please contact us at:

C/ França, 16, 08700, Igualada (Barcelona) Spain

Email:  dpo@bufff.com.

You have the right in any event to file a complaint with the competent  Data Protection Agency  

We would, however, appreciate the chance to deal with your concerns before you approach the Competent Data Authority, so please contact us in the first instance.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. 

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  1. What happens if you provide us with third-party data?

If you provide the personal details of a third party, you must prior to the inclusion of such data, have informed the third party and requested his/her consent for the purposes set out here, so that we can use it to attend to the requests made by you or the said third party.

  1. Changes to the privacy policy

This privacy policy may be modified from time to time to adapt to new situations and the current legislation, and Users will be informed accordingly.