Privacy Policy

https://delaviuda.com/ PRIVACY POLICY

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the movement of such data, hereinafter the GDPR, as well as the Organic Law 3/2018 of 5 December on Data Protection and Digital Rights (hereinafter LOPDGDD) and other applicable regulations.

The purpose of this Privacy Policy is to inform natural persons who provide their personal data, and/or data of the person they represent, in respect of whom information is being collected, of the specific aspects relating to the processing of their data, the purposes of the processing, the contact details for exercising their rights, the storage periods of the information and the security measures, among other things.

WHO IS THE CONTROLLER?

In terms of data protection, DELAVIUDA ALIMENTACIÓN SAU shall be considered the Data Controller in relation to the processing of personal data carried out by this entity (hereinafter DELAVIUDA or the Data Controller).

The contact details of the Data Controller are set out below:

Identity of the person responsible: DELAVIUDA ALIMENTACIÓN SAU
VAT NO: A45428117
Physical address: C/ SANTA MARÍA, 4, 45100, SONSECA, TOLEDO
Email: [email protected]
Telephone: 913838052

WHO IS THE DATA PROTECTION OFFICER?

This entity has a data protection officer, who may be contacted at the email address [email protected], or by writing to the address of this entity for the attention of the "Data Protection Officer".

WHAT PERSONAL DATA DO WE PROCESS?

All information collected by DELAVIUDA will be processed fairly, lawfully and transparently.

Likewise, the data requested in each of the processing operations carried out will consist only of those that are strictly necessary to achieve the intended, notified purpose in each case.

As such, your collected data will be adequate, relevant and not excessive in relation to the purposes for which they are processed in each case. Furthermore, your personal data will be collected for specified, explicit and legitimate purposes and will not be further processed in a way that is incompatible with those purposes. Furthermore, they will be updated whenever necessary.

In general terms, the following types of data are collected within the framework of the different processing activities carried out in the organisation:

  • Identification and contact details.
  • Commercial Information.
  • Transactions in goods and services.
  • Job Details.
  • Health data and/or other types of data. Such data categories will be processed only in the event that the user has voluntarily included this type of information in the free text of the Customer Service form because he/she considers it relevant to make a complaint or report an incident. In any case, DELAVIUDA will apply the appropriate security measures in accordance with the type of data processed in each
  • case.
  • Other types of data. Only in the event that the user registers through the social connectors of social networks, the types of data that the user has made public through the social network in question and that the user has agreed to be accessed and processed by DELAVIUDA will be processed.

WHERE DOES THE PERSONAL DATA COME FROM?

As a general rule, personal data is always collected directly from the data subject. However, in certain exceptions, data may be collected through third parties, entities or services other than the user.

As such, the data subject shall be informed of this by means of the information clauses contained in the different information collection channels and within a reasonable period of time or in the first communication made to the data subject.

FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

In general terms, personal data is processed for the following purposes:

  • Employment: The personal data of users who wish to participate in our personnel recruitment processes is collected through the DELAVIUDA website with URL https://delaviuda.epreselec.com/. It will be processed for the purpose of managing the receipt of CVs sent to DELAVIUDA, as well as for the purpose of analysing the candidate’s professional profile and, where appropriate, potentially participating in the personnel recruitment processes of DELAVIUDA and, where appropriate, of the business group to which DELAVIUDA belongs and which make up the GRUPO CONFECTIONERY GROUP S.L. In this section, you will be informed in detail of the processing of personal data that will be carried out, and you will be asked for your consent.
  • Promotions: The personal data of users collected through the registration of the user as a participant in any of the Promotions (e.g. competitions, raffles, etc.) made available by DELAVIUDA on its website, will be processed for the purpose of managing the development of the promotion in question, communicating the winner(s) of the promotion, delivering the corresponding prize to the winner(s) and managing DELAVIUDA's compliance with any legal and tax obligations applicable to it as the organiser of the promotion in question.
  • Candidates: Conduct internal recruitment processes, both current and future.
  • Contact: To respond to requests for information received about the products and services we offer, as well as to answer any other type of question sent by users.
  • User registration management: The information you provide in the registration form will be processed for managing users of our platform. After registering, you will be able to view your order history, redeem gift cards or discount vouchers, modify your personal data and/or delivery and billing addresses, wish lists, ratings or alerts.
  • Management, fulfilment and execution of the purchase contract: Specifically, personal data will be used to formalise the purchase contract; to manage payment transactions; to contact you in the event of any incident related to your order; to manage invoicing and delivery of purchase tickets and invoices; to manage returns of purchased products; to inform you about the availability of the products ordered; and/or to manage coupons or gift cards that you redeem on the website or in our shops.
  • Customers: to manage the sale of goods and services, invoicing, accounting, collections, non-payment, offers, budgets and contracts, customer service, contact and commercial relations.
  • Newsletter management: The data collected from users as a result of joining the DELAVIUDA Community, and with their express consent, will be used to send information through the means provided about new development, events, news items, products and services related to us or our sector.
  • Survey management: The data collected through surveys in order to improve our services and user satisfaction. We will process your personal data in order to obtain information about our products, services and/or about the assistance provided by our customer service.
  • Ecommerce: Manage your data in the online purchasing process and the creation of a new user/customer account.
  • Management of the Internal Reporting System: To manage the internal reporting system (Whistleblowing Channel), investigate the facts and propose resolutions, prevent breaches of regulations and correct those already detected, as well as contribute to the efficiency of THE COMPANY’s functioning with the continuous improvement of the internal processes for the management and control of illegal conduct or conduct contrary to our code of ethics, as set out in the Internal Reporting System Policy and the Procedure that develops it.
  • Managing complaints: The data collected through our Customer Service form in the complaints section will be processed by DELAVIUDA  for the purpose of processing queries made about the products, as well as to manage the incidents and/or complaints formulated.

By means of this processing, no profiles of the users who browse the website are drawn up nor, therefore, are automated decisions taken based on this data.

WHAT IS THE LEGITIMACY OF THE DATA PROCESSING?

As a general rule, the data subject's consent is the legal basis for the processing of data in accordance with the purposes described above. This consent is expressed by a declaration or a clear affirmative action, such as ticking a box provided for this purpose, voluntary subscription or by submitting data via the forms. This consent may be revoked at any time by contacting the company through its means of contact and, in general, we will request your consent for uses with purposes other than those for which you originally gave it.

Specifically, and for the processing indicated below, the following legitimate bases are used:

  • Compliance with legal and regulatory obligations: By way of example and without limitation. General Law for the Defence of Consumers and Users, General Tax Law, Corporate Tax Law, Account Auditing Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the existence of a specific law or regulation authorising or requiring the processing of the data subject's data, which shall be set out in the corresponding informative clause.
  • Execution of a contract: for the prior management of a purchased service or product, the execution of a contract or subsequent management derived from these operations.
  • Consent: there are processing operations based on obtaining the express and unequivocal consent of the data subject, through the incorporation of informed consent clauses in the different information collection systems, providing consent by means of a declaration or a clear affirmative action such as ticking a box provided for this purpose or signing the appropriate document or by sending data through the means of contact indicated. We also inform you that we will only use personal information in accordance with this Privacy Policy and, in general, we will request your consent for uses other than those for which you initially gave it.

HOW LONG DO WE KEEP PERSONAL DATA?

In general, personal data is processed for the time needed to fulfil the purpose for which it was collected, for as long as the service is provided or the contractual relationship is maintained, there is a mutual interest and/or for the time stipulated in the corresponding applicable regulations.

Once the established time criteria have been met, the data will be cancelled. Said cancellation will result in the blocking of the data, which will only be kept at the disposal of the Public Administrations, Judges and Courts, in order to deal with potential liabilities arising from the processing, during the period of limitation of these, after which time the information will be destroyed.

WITH WHOM DO WE SHARE PERSONAL DATA?

As a general rule, we do not transfer or communicate your data to third parties, except as required by law.

However, if necessary, the data subject is notified of such transfers or communications of data through the information clauses contained in the different ways of collecting personal data.

ARE DATA TRANSFERRED INTERNATIONALLY?

We hereby inform you that, in general, no international transfers are made outside the European Economic Area (EEA). In the event of a transfer of data outside the EEA, THE ORGANISATION will have the appropriate guarantees to carry out such transfer, in accordance with the requirements established by the General Data Protection Regulation.

WHAT RIGHTS CAN YOU EXERCISE?

According to European legislation, your rights are as follows:

  • Right of access. The right to request information from the data controller about whether personal data are being processed.
  • Right of rectification. A right that allows the person concerned to request the modification of data that are inaccurate or incomplete.
  • Right to object. The right of an individual to object to the processing of his or her personal data or the cessation of such processing.
  • Right to not be subject to automated individual decisions. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or similarly significantly affects him or her in a similar manner
  • Right of restriction. The right to suspend the processing of the user's personal data in certain cases.
  • Right of erasure. The right to erasure of the data subject's personal data.
  • Right of portability. The right to request the controller to give the personal data to another controller, in a structured and clear format.
  • The right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with the regulations in force.

HOW TO EXERCISE YOUR RIGHTS

The applicant may exercise his or her rights by the following means:

You can materially exercise your rights in the following way: by filling in the form ‘Exercise of Arsol Data Protection Rights’. If you feel that your rights concerning the protection of your personal data have been infringed, in particular if you have not obtained satisfaction in the exercise of your rights, you may lodge a complaint with the competent Data Protection Supervisory Authority via its website: www.aepd.es

In both cases, documentation proving the identity of the applicant may be required if necessary.

In any case, you can request the protection of the Spanish Data Protection Agency through its website.

In this regard, your request will be dealt with as soon as possible and taking into account the deadlines set out in the data protection regulations.

WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

The data requested in the fields marked with an asterisk, or identified as mandatory, or those provided in the media where the information is provided, are those strictly necessary in relation to the purpose for which they are collected, or for the provision of an optimal service to the data subject or through a legal obligation imposed on the Data Controller or a necessary requirement to enter into a contract, the inclusion of data in the remaining fields being voluntary.

In the event that all the data is not provided, it is not guaranteed that the information and services provided will be completely adjusted to your needs, so that in the event that the required data is not provided or is provided incorrectly or incompletely, we will not be able to deal with your request, making it impossible to provide you with the requested information or to carry out the contracting of services and/or purchase of goods.

Likewise, the user guarantees that the information conveyed in any of the forms is truthful, accurate and corresponds to the data of which he/she is the owner.

The services of our platforms are not intended for minors, so only persons over 18 years of age are allowed to register, otherwise we warn that any liabilities that may arise as a result of the use of our Platforms shall be borne by the parents or guardians of the minor. To avoid the use of our services by minors, we attempt to verify the age of our users when they register by requesting their date of birth.

HOW IS PROFILING CARRIED OUT?

We inform you that, in general, DELAVIUDA does not create a commercial profile based on the information provided by the interested party and their interactions with the content offered in order to send them personalised information about our products or services, including by electronic means.

WHAT SECURITY MEASURES DO WE HAVE IN PLACE?

The security measures adopted by DELAVIUDA are those required in accordance with the provisions of Article 32 of the GDPR.

In this regard, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, appropriate technical and organisational measures are in place to ensure the level of security appropriate to the risk involved.

In any case, DELAVIUDA has sufficient mechanisms in place to:

  • Ensure the continued confidentiality, integrity, availability and resilience of processing systems and services.
  • Restore availability and access to personal data quickly, in the event of a physical or technical incident.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
  • Enable encryption of data and communications.

CHANGES TO THIS PRIVACY POLICY

From time to time, this Privacy Policy may be revised in order to update changes in current legislation, update the procedures for collecting and using personal information, or due to the appearance of new services or the exclusion of others. These changes will be effective from the date of publication on the website, so it is important that you regularly review this Privacy Policy in order to remain informed about the changes.