Data Protection Policy

Corporación Alimentaria Peñasanta S.A., whose registered office is at Sierra de Granda, s/n, CP 33.199, Siero, Asturias and with tax number A-03161270, entered in the Asturias Trade Registry, Volume 1649, Folio 2, Page number AS-9927, is the owner of the website that you are visiting, and is also the Data Controller of the data gathered through this website.

Contact Data

• Ownership: Corporación Alimentaria Peñasanta S.A
• Address: Sierra de Granda, s/n, CP 33.199, Siero, Asturias
• Telephone: +34 985 10 11 00

Details of the Data Protection Officer

CAPSA has appointed a Data Protection Officer to guarantee the appropriate management in the processing of your data; you may contact the officer regarding any matter related to the processing of your personal data by sending an email to comiteseguridad@capsafood.com.

For what purpose do we process your data?

Your personal data will be used for the purpose of managing the services offered by CAPSA and which include, but are not limited to the following:

• Contact and management of users of the website.
• Factory visits, when available.
• Supplier, customer or consumer support services.
• Management of information requested from suppliers.
• Promotions and draws, advertised for that purpose on the website.
• Advertising, promotional or commercial communications regarding own services or products, when the user, consumer, customer or supplier have given their consent.
• Sending personalised product and service offers, based on personal preferences, behaviour and use of products and services, provided that the user, consumer, customer or supplier has authorised the processing of the personal data associated to the user profile.
• Managing access and sending out messages for the spaces that can solely be accessed by users and/or professionals on the websites where they have been set up, by means of the use of exclusive logins and passwords of each user.

Legitimacy of the processing?

The legitimacy for managing the services requested, as well as to process the orders and carry out commercial and administrative tasked, is based on the fulfilment of contractual obligations.

As regards the legal grounds for sending our commercial communications, it is based on user consent.

Storage periods

The storage periods for the data that users provide us through the web forms are as follows:

• In the case of contracting services: while the contractual relationship lasts and, in any event, during the legally established period to comply with the responsibilities arising from the Information Society Services Act.
• In the case of accepting the sending of commercial communications: while the data subject does not request the deletion of the data, during the legally established terms to comply with the responsibilities arising from the applicable legislation.

What security measures do we apply?

CAPSA has implemented an Information Security Management System that covers aspects related to all areas of our company where we process or there is a possibility of processing personal data. Therefore, our Information Security Management System covers: security policies; security organisation; security relating to HR; asset management; access control; cryptography; environment and physical security; operations security; communications security; acquisition, development and maintenance; relationship with suppliers; managing information security incidents; managing business continuity and legal compliance.

To whom are your data communicated?

The data that you provide us may be transferred to the group’s subsidiaries and investee companies for management and administrative purposes, with legitimate interest as the basis for such communication.

The data will not be disclosed to third parties – private and/or public entities – unless there is a legal obligation to do so or the data subject has given their consent. International transfers of data to third parties or organisation are not envisaged.

CAPSA uses Microsoft Office 365, as email customer, file storage and project management. Microsoft uses the Privacy Shield, which provides adequate levels of personal data protection.

How can you exercise your rights?

You as the interested party can at any moment object to receiving communications or the processing of your data for any of the purposes envisaged in this policy, by writing to us at comiteseguridad@capsafood.com, clicking on the cancel link on each of the communications you receive, as well as exercising your rights CAPSA by writing to Sierra de Granda, s/n, CP 33.199, Siero, Asturias, and indicating in the subject line: Ref. Data Protection, and attaching a copy of your ID.

You as the data subject may exercise the following rights:

• Obtain confirmation as to whether CAPSA is processing your personal data
• Access your personal data, as well as request modification of inaccurate data or, if applicable, request deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
• Request in certain circumstances: (i) The limitation of the processing of your data, in which case they will only be kept by CAPSA to exercise or defend claims; and (ii) Objecting the processing of your data, in which case CAPSA will stop processing data, except when there are reasons of legal imperative, or to make or defend possible claims.
• Exercise the right of portability. You have the right to receive the personal data that concern you, that you have provided to CAPSA, in a structured, commonly used and machine-readable format, and to send the data to another data controller without being prevented from doing so by CAPSA, when the processing is based on consent and is automated.

CAPSA informs you that you may make a claim regarding the protection of your rights with the Spanish Personal Data Protection Agency, at its electronic office or by writing to Calle Jorge Juan número 6, 28001 de Madrid. However, first of all, you can file a claim with the CAPSA Data Protection Office, who will settle the matter within two months.