ES/EN/
ES/EN/
Inicio - Privacy policy

Privacy and Personal Data Protection Policy of Bodegas Valparaíso

Processing of personal data through the website

In compliance with the provisions of the applicable Data Protection regulations, we inform you that your data will be processed as the Data Controller by BODEGAS VALPARAÍSO, S.L.U. with the purpose of providing the service you request through our contact form. For this, we need you to check the designated box indicating acceptance of this policy; if you do not do so, we will not have your express consent and therefore will not be able to respond to your request.

For the correct provision of the services offered by BODEGAS VALPARAÍSO, S.L.U., the user must answer each and every one of the questions appearing on the forms present on our website. Likewise, the user declares that they are of legal age.

The processing of the requested personal data will also have the purpose of sending commercial information relating to products and services currently and in the future offered by BODEGAS VALPARAÍSO, S.L.U. This information includes advertising and promotional communications via postal mail, fax, email, or any other means you provide us with and for which you give us your consent. To carry out this processing, the user must check the box provided for this purpose on the website form.

In the event that you subscribe to our newsletter, your email address will become part of our database for sending news. To subscribe to this service, it is necessary to check the subscription box. Otherwise, you will not be subscribed to our newsletter.

Given the personal nature of the data provided, BODEGAS VALPARAÍSO, S.L.U. undertakes to treat them with strict confidentiality, maintaining the due secrecy. To this end, the entity has implemented appropriate security measures based on the risk analysis carried out.

We inform you that your data will not be transferred to third parties, nor will international data transfers be carried out, except under legal obligation, transfer necessary for the performance of the contract, or where you provide your express consent.

Complete information on the processing of personal data

Data Controller

Who is responsible for processing your data?

  • Identity: BODEGAS FRANCO ESPAÑOLAS, S.A. // BODEGAS LACORT V, S.A. // BODEGAS VALPARAÍSO, S.L.U // INVERSORA MER, S.L. // BODEGAS FRANCO ESPAÑOLAS VINO Y ESPERIENCIAS, S.L.U.
  • Postal Address: Logroño, Calle Cabo Noval Nº2 // Lugar los llanillos, s/n, Quintana del Pidió
  • Email: info@francoespanolas.com

Purpose of processing

For what purpose do we process your personal data?

At GRUPO EGUIZÁBAL we process the information provided by interested parties for the following purposes:

  • Management and administration of the contractual relationship established with suppliers, clients, and employees.
  • Providing interested parties with commercial information about products and services that may be of interest to them.
  • Producing corporate and advertising publications in the event that your image is used on websites, social networks, or corporate publications.
  • Security of the facilities and persons in the event that you are recorded by our video surveillance cameras.
  • Evaluating your candidacy for a future job vacancy, in case you have provided us with your CV.
  • Compliance with occupational risk prevention regulations in the event that we request data from employees of our subcontractors.
  • Managing access control to the facilities.
  • Managing data of persons who detect serious or very serious criminal or administrative offences and report them through the mechanisms regulated by the regulations (Ethics Channel).
  • Sending you the newsletter in the event that you requested it.
  • Responding to your inquiries and questions in the event that you ask us a question through the website.
  • Management of personal data collected through cookies installed on the website, in accordance with the cookie policy.

How long will we keep your data?

The personal data provided will be kept:

  • a) As long as the commercial relationship is maintained. The data necessary to comply with the obligations generated will be kept for the time necessary to legally respond to them and will remain blocked until their definitive cancellation. This includes administrative and financial data, as well as any other data necessary to carry out the commercial relationship. Contact and communication data will be kept until consent is revoked or the data subject objects to the processing. Stored images will be kept until consent is revoked. Newsletter or service subscription data will be kept until consent is revoked.
  • b) As long as its erasure is not requested by the data subject.
  • c) Information that by legal mandate must be kept for a specific time will not be deleted until the time indicated by law has elapsed:
    • Accounting documentation: 4 years. Article 30 of the Commercial Code.
    • Tax documentation: 6 years. Articles 66 to 70 of the General Tax Law.
    • Social security-related documentation: 4 years. Legislative Decree 5/2000, of 4 August, approving the revised text of the Law on Infringements and Sanctions in the Social Order.
    • Occupational Risk Prevention documentation: 5 years, with extensions in specific cases (asbestos).
    • Video surveillance images: 1 month. LOPDyGDD art. 22.
    • Internal complaints: 3 months. LOPDyGDD art. 24.

Legal basis for processing

What is the legal basis for processing your data?

The legal basis for processing your data is as follows:

  • Performance of the contract in the event that you are an employee, partner, client, or supplier.
  • Legitimate interest when sending advertising communications to our clients.
  • Consent provided by you in the event that we have published your image in corporate publications, on our website, or on social networks.
  • Public interest in the event that you have been recorded by video surveillance cameras for the purpose of physical security of the facilities.
  • Pre-contractual measures at the request of the data subject in the event that you have submitted your CV.
  • Compliance with occupational risk prevention law in the case of data from subcontractors’ employees.
  • Compliance with a legal obligation for the employment relationship and access control (labour and Occupational Risk Prevention regulations).
  • Compliance with a legal obligation (Law 2/2023, of 20 February, regulating the protection of persons reporting regulatory infringements and combating corruption) in the event that you are a whistleblower.
  • Consent of the data subject provided on the website in the event that you make a request or inquiry in our contact form or subscribe to our newsletter.
  • Consent of the data subject in the event that you have accepted the installation of cookies through the website.

Recipients of the supplied data

To which recipients will your data be communicated?

a) Data will be communicated by legal requirement to:

  • Social security agencies (in the case of employees)
  • Tax administration (in the case of suppliers and partners)
  • Other bodies of the public administration (in the case of partners and clients)
  • State Security Forces and Bodies (in the case of video surveillance)

b) Data will be communicated by contractual requirement to:

  • Organisations/persons related to the controller
  • Banks, savings banks, and rural banks

c) Data (IMAGES) of employees/clients will be communicated to the following social networks:

  • Facebook
  • Twitter (X)
  • Instagram
  • YouTube
  • LinkedIn

d) Data may be shared between companies belonging to the EGUIZÁBAL group on the basis of legitimate interest as a business group.

* The transfers described in section c) above involve an international transfer of data to the USA, of which the data subject has been informed.

Rights of the data subjects

What are your rights?

Anyone has the right to obtain confirmation as to whether or not GRUPO EGUIZÁBAL is processing personal data concerning them.

  • Right of access: the data subject may request from the Controller the data being processed and, if so, which specific personal data are processed.
  • Right to rectification: the data subject may request from the Controller the correction of their personal data if they are inaccurate.
  • Right to erasure: the data subject may request from the Controller the erasure of their personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • Right to object: the data subject may object to the Controller processing their personal data.
  • Right to restriction of processing: the data subject may request that the Controller temporarily refrain from processing their personal data in specific cases.
  • Right to data portability: the data subject may request from the Controller their automated data in a structured, easily accessible, and manageable format.

How can the rights be exercised?

By writing to GRUPO EGUIZÁBAL, Calle Cabo Noval Nº2, Logroño

What channels of complaint exist?

If you consider that your rights have not been duly addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency, Calle Jorge Juan, number 6 – 28.001, Madrid.

More information about your rights at www.aepd.es