Data Protection Policy
Corporación Alimentaria Peñasanta S.A., with registered address at Sierra de Granda, s/n, CP 33.199, Siero, Asturias and with Corporate Tax ID No. A-03161270, registered in the Asturias Commercial Registry in Volume 1649, Folio 2, Page AS-9927, is the owner of the website you are visiting, as well as the Data Controller of the data collected through this website.
- Ownership: Corporación Alimentaria Peñasanta S.A
- Address: Sierra de Granda, s/n, CP 33.199, Siero, Asturias
- Telephone: +34 985 10 11 00
Data Protection Delegate’s details
In order to guarantee that your data is correctly processed and managed, CAPSA has designated a Data Protection Delegate, whom you may contact regarding any question related to your personal data processing by writing to email@example.com.
What is the purpose for which your data is processed?
Personal data is used for the purpose of managing the services offered by CAPSA, which are listed below for a purely descriptive purpose:
- Contact and user management on the website.
- Factory visits, when so required for this purpose.
- Consumer, customer or supplier care services.
- Management of information requested from suppliers.
- Promotions and raffles, advertised for this purpose as such on the website.
- Sales, promotional or advertising communications of CAPSA’s own products or services when the user, consumer, customer or supplier has provided consent for such purpose.
- Sending personalised products or service offers based on personal preferences, behaviour and the use of products and services, as long as the user, consumer, customer or supplier has authorised the processing of personal data associated with their user profile.
- Management of access and sending communications for exclusive access spaces for users and/or professionals on the websites where they are so enabled through unique usernames and passwords for each user.
Legitimacy of processing
The legitimacy for managing the requested services, as well as for processing orders and carrying out administrative and commercial tasks, is based on the execution of the contractual obligations.
The legal basis for sending commercial communications is based on the user’s consent.
The conservation periods for the data that users provide through the forms on the website are:
- In the case of contracting services: As long as the contractual relationship endures and in any case, during the legally established terms to comply with the responsibilities derived from the Information Society Services Act.
- In the case of accepting the sending of commercial communications: As long as deletion is not requested by the interested party, during the legally established terms to comply with the responsibilities derived from applicable legislation.
What security measures are applied?
CAPSA has implemented an Information Security Management System that covers aspects related to all areas of the company whenever personal data is processed or there is a possibility that it may be processed. Its Information Security Management System thus covers: security policies; security organisation; HR related security; asset management; access control; cryptography; physical and environmental security; operational security; communications security; acquisition, development and maintenance; relationship with suppliers; information security incident management; business continuity management and legal compliance.
Who is your data communicated to?
The data you provide may be transferred to the group’s subsidiaries and investee companies for management and administrative purposes, with legitimate interest as the basis for communication.
The data will not be communicated to third parties (public and/or private entities) unless there is a legal obligation to do so or if the interested party has provided consent. Nor are international data transfers to third countries or organisations envisaged.
CAPSA uses Microsoft Office 365 for an email client, file storage and project management. Microsoft is covered by the Privacy Shield, which provides adequate levels of personal data protection.
How can you exercise your rights?
The interested party may object at any time to receiving communications and the processing of their data for any of the purposes included in this policy by writing to firstname.lastname@example.org, by clicking on the unsubscribe link contained in each of the communications received, or by exercising your rights before CAPSA by writing to Sierra de Granda, s/n, CP 33.199, Siero, Asturias, indicating ‘Ref. Data Protection’ in the subject line and attaching a copy of your ID.
Persons interested to do so may exercise the following rights:
- Obtain confirmation as to whether CAPSA is processing your personal data.
- Access your personal data, as well as request modification of inaccurate data or, if applicable, request deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- Request in certain circumstances: (i) limitation on processing of your data, in which case it will only be kept by CAPSA for exercising or defending claims; and (ii) Opposition to processing your data, in which case CAPSA will stop processing the data, except for compelling legitimate reasons, or exercising or defending possible claims.
- To exercise the right of portability. You have the right to receive the personal data that concerns you, that you have provided to CAPSA, in a structured, commonly used and machine-readable format, and to send it to another data controller without being prevented from doing so by CAPSA, when the processing is based on consent and is automated.
CAPSA informs you that you may lodge a claim for the protection of your rights at the Spanish Data Protection Agency’s electronic headquarters or by post to Calle Jorge Juan número 6, 28001, Madrid. However, in the first instance, you may lodge a claim with CAPSA’s Data Protection Officer, who will resolve the claim within a maximum period of two months.