Privacy policy

This Privacy Policy has been developed by taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the movement of such data, hereinafter referred to as the GDPR, as well as Organic Law 3/2018 of 5 December on Data Protection and Digital Rights (hereinafter LOPDGDD) and other applicable regulations.

The purpose of this Privacy Policy is to inform individuals who provide their personal data, and/or those of the person they represent, in respect of which information is being collected, of the specific aspects relating to the processing of their data, the purposes of the processing, the contact details for exercising their rights, the storage periods for the information and the security measures, among other factors.

WHO IS THE DATA CONTROLLER?

As regards data protection, DELAVIUDA CONFECTIONERY GROUP S.L.U. must be considered the Data Controller, in relation to the processing of personal data carried out by this entity (hereinafter EL ALMENDRO or the Data Controller).

The contact details of the Data Controller are indicated below:

  • Identity of the data controller: DELAVIUDA CONFECTIONERY GROUP S.L.U, hereinafter referred to commercially as EL ALMENDRO.
  • TAX ID: B87484457
  • Physical address: Cardenal Marcelo Spínola, 2, 28016 Madrid
  • Email address: [email protected]
  • Telephone: 913 83 80 52

WHO IS THE DATA PROTECTION OFFICER?

The data protection officer is part of this entity and is the individual you may contact by emailing [email protected] or by writing to the address of this entity for the attention of the “Data Protection Officer”.

WHAT PERSONAL DATA DO WE PROCESS?

All information collected by EL ALMENDRO will be treated fairly, lawfully and transparently.

Also, the data requested in each of the processing mechanisms performed will consist only of data strictly necessary for meeting the intended, stipulated purpose in each case.

In this way, the data collected will be suitable, relevant and not excessive in regard to the purposes for which they are processed in each case. Likewise, your personal data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in such a way that is incompatible with said purposes. They will also be updated where necessary.

In general terms, within the framework of the different processing mechanisms of the activities carried out in the organisation, the following types are gathered:

  • Identification and contact details.
  • Commercial Information.
  • Goods and services transactions.
  • Employment Details.
  • Health data and/or other types of data. Such categories of data will only be processed in the event that the user has voluntarily included this type of information in the Customer Service form because he/she considers it relevant to make a complaint or report an incident. In any case, please note that the appropriate security measures will be applied by EL ALMENDRO in accordance with the type of data processed in each case.
  • Other types of data. Only in the event that the user registers via social media, the types of data that the user may have made public through the social network in question and that the user has agreed to being accessed and processed by EL ALMENDRO, will be processed.

WHERE DOES THE PERSONAL DATA COME FROM?

As a general rule, personal data are always directly collected from the owner of these. However, in certain exceptional cases, the data may be collected through third-party individuals, entities or services.

In this respect, the relevant party will be notified of this exception through the information clauses contained in the different information collection methods within a reasonable timeframe or in the first communication made to the user.

FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

Generally speaking, personal data are processed for the following purposes:

  • Employment: The personal data of users who wish to participate in our personnel selection processes are collected through the EL ALMENDRO website at https://delaviuda.epreselec.com/ and will be processed for the purpose of managing the receipt of CVs sent to EL ALMENDRO as well as for the purpose of analysing the candidate’s professional profile and, where applicable, their possible participation in the personnel selection processes of EL ALMENDRO and, where applicable, the company group to which EL ALMENDRO belongs, which forms part of GRUPO CONFECTIONERY GROUP S.L. In this section, you will be notified in detail about the personal data processing that will be carried out and you will be asked for your consent.
  • Promotions: The personal data of users collected through the registration of the user as a participant in any of the Promotions (e.g. competitions, raffles, etc.) made available by EL ALMENDRO on its website, will be processed for the purpose of managing the progress of the promotion in question, communicating the winner(s) of the promotion, handing over the corresponding prize to the winner(s) as well as managing EL ALMENDRO’s compliance of the legal and fiscal obligations that apply as the organising entity of the promotion in question.
  • Candidates: To conduct both current and future internal recruitment processes.
  • Contact: To respond to requests for information about the products and services we offer.
  • User registration management: The information you provide in the registration form will be processed for managing platform users. After registration, you will be able to view your history of orders, redeem gift cards or discount coupons, modify your personal details and/or delivery and billing addresses, wish lists, valuations or alerts.
  • Management, fulfilment and execution of the purchase contract: Specifically, personal data will be used to formalise the purchase contract; to manage payment transactions; to contact you in the event of any incident related to your order; to manage invoicing and delivery of purchase tickets and invoices; to manage returns of purchased products; to inform you about the availability of the products ordered; and/or to manage coupons or gift cards that you redeem on the website or in our shops.
  • Customers: To manage the sale of goods and services, invoicing, accounts, payments, outstanding payments, offers, quotes and contracts, customer services, contact and commercial relations. Newsletter management: The data collected from users who have joined the EL ALMENDRO Community will be used for sending information through the means provided about new developments, events, news items, products and services related to us or our sector, with their express prior consent.
  • Ecommerce: To manage your data in the online purchasing process and the creation of a new user/customer account.
  • Internal information system: To manage the internal information system (Whistleblowing channel), to investigate the facts and to propose remedial measures, to prevent violations of regulations and to correct those already identified, as well as to contribute to THE COMPANY’s effectiveness with the continual improvement of internal processes to manage and control conduct that is illegal or contrary to our code of ethics and included in the Internal Information System Policy and the Procedure that develops it.
  • Complaints Management: The data collected through our Customer Service form in the complaints section will be processed by EL ALMENDRO for the purpose of processing enquiries made about the products, as well as to manage incidents and/or claims made.

Through this processing, profiles are not made for users who browse the website nor, therefore, are automated decisions made based on these data.

WHAT IS THE LEGITIMACY OF THE DATA PROCESSING?

As a general rule, the consent of the relevant party is the legal basis for processing the data in accordance with the purposes mentioned above. This consent is given through a declaration or a clear affirmative action, such as ticking a box provided for said purpose, voluntarily signing or sending data though forms. This consent can be revoked at any time by addressing the company through its contact methods and, in general, we will request your consent for purposes that are different from those you initially granted consent.

Specifically, and for the processing indicated below, the following legitimate bases are used:

  • Compliance with legal and regulatory obligations: By way of example and without limitation. General Law for the Defence of Consumers and Users, General Tax Law, Corporate Tax Law, Account Audit Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the existence of a specific law or regulation that authorizes or requires the processing of the relevant individual’s data, which will be stated in the corresponding information clause.
  • Execution of a contract: for the pre-processing of a service or product purchased General Tax Law, Corporate Tax Law, Account Auditing Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the existence of a specific law or regulation authorising or requiring the processing of the data subject’s data, which will be set out in the corresponding informative clause.
  • Legitimate interest: the processing of data based on the legitimate interest of the controller will be primarily established for sending communications or commercial events about products or services similar to those contracted. According to article 21.2 of the Law on Information Society Services, this processing will only be valid when, as a client, you have not expressly refused at the time of data collection or in any of the communications we make.
  • Consent: there are certain processing operations that require the express and unequivocal consent of the data subject through the inclusion of informed consent clauses in the different information collection systems giving consent through a declaration or a clear affirmative action such as ticking a box provided for said purpose or signing the appropriate document or sending data through the contact means indicated. Please also note that we will only use personal details by virtue of this Privacy Policy and, generally speaking, we will request your consent for purposes that are different from those you initially granted consent.

HOW LONG DO WE KEEP PERSONAL DATA?

In general, personal data are processed for the time period needed to fulfil the purpose for which they were collected, as long as the service provided or the contractual relationship remains, there is a mutual interest and/or for the time period set out in the corresponding applicable regulations.

Once the criteria for storage periods have been met, the data will be cancelled. This cancellation will involve the data becoming blocked, remaining available only to Public Administrations, Judges and Tribunals to address any liabilities arising from the processing, during the period of limitation. Once this period has ended, the information will be destroyed.

WITH WHOM DO WE SHARE PERSONAL DATA?

As a general rule, your data are not transferred or shared with third-party entities, unless legally required.

Nevertheless, if necessary, the interested party will be this informed of this data transfer or sharing through the information clauses contained in the different personal data collection methods.

ARE DATA TRANSFERRED INTERNATIONALLY?

Please note that, generally speaking, data are not transferred internationally, outside the European Economic Area (EEA). In the event that data are transferred outside the EEA, THE ORGANISATION will have the appropriate guarantees to make said transfer, by virtue of the requirements established in the General Data Protection Regulation.

WHAT RIGHTS CAN YOU EXERCISE?

According to European legislation, your rights are as follows:

  • Right of Access. The right to request confirmation from the controller of a file about whether your personal data are being processed.
  • Right of Rectification. The right that allows the interested party to request the modification of data that are inaccurate or incomplete.
  • Right to Object. An individual’s right to object to the processing of their personal data or the cessation of these.
  • Right to be free from automated individual decision-making. The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
  • Right of Limitation. The right to restrict the processing of the user’s personal data in certain circumstances.
  • Right of Erasure. The right to eras the interested party’s personal data.
  • Right of Portability. The right to request the data controller to transmit the personal data in a structured, clear format to another controller.
  • The right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with the regulations in force.

HOW TO EXERCISE YOUR RIGHTS?

The applicant may exercise his or her rights by the following means:

You can materially exercise your rights in the following way: by filling in the form ‘Exercise of Arsol Data Protection Rights’. If you feel that your rights concerning the protection of your personal data have been infringed, in particular if you have not obtained satisfaction in the exercise of your rights, you may lodge a complaint with the competent Data Protection Supervisory Authority via its website: www.aepd.es

In both cases, if necessary, documentation that vouches for the applicant’s identity can be requested.

In any case, the guardianship of the Spanish Data Protection Agency can be requested on their website.

In this respect, your request will be dealt with as quickly as possible and bearing in mind the timeframes set out in the regulations regarding data protection.

WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING THE INFORMATION?

Data requested in the fields marked with an asterisk, or identified as compulsory, or data provided in media where the information is shown, are strictly necessary in relation to the purpose for which they are collected, or to provide a high-quality service to the interested party or as a result of a legal obligation imposed on the Data Controller or a requirement to sign a contract, with the voluntary inclusion of data in the remaining fields.

In the event that not all the data is provided, it is not guaranteed that the information and services provided are completely adjusted to your needs, so in the event that the data required are not provided or they are incorrect or incomplete, your request cannot be dealt with, making it impossible to provide you with the information requested or to undertake the contracting of the services and/or purchase of goods.

In the same way, the user guarantees that the information sent in any of the forms is true, accurate and corresponds to the user’s own data.

The services of our platforms are not intended for minors and only individuals over 18 years of age can register. Otherwise, please note that any liabilities that may stem from using our Platforms will be the responsibility of the minor’s parents or guardians. To prevent the use of our services by minors, we attempt to verify the age of our users when they formalise their registration by requesting their date of birth.

How is profiling carried out?

Please note that, in general, EL ALMENDRO does not create a commercial profile based on the information provided by the interested party and said individual’s interactions with the content offered for the purpose of sending personalised information about our products or services, including by electronic means.

WHAT SECURITY MEASURES DO WE HAVE IN PLACE?

The security measures adopted by EL ALMENDRO are those required, in compliance with the provisions of article 32 of the GDPR.

In this respect, bearing in mind the state of the technology, the application costs and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, the appropriate technical and organisational measures have been established to guarantee the appropriate level of security for the existing risk.

In any case, EL ALMENDRO has implemented sufficient mechanisms to:

  • Ensure the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
  • Quickly restore availability and access to personal data in the event of a physical or technical incident.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organisation measures implemented to ensure the security of the processing.
  • Enable encryption of data and communications.

CHANGES TO THIS PRIVACY POLICY

From time to time, this Privacy Policy may be revised in order to update changes in current legislation, update the procedures for collecting and using personal information, or due to the appearance of new services or the exclusion of others. These changes will be effective from the date of publication on the website, so it is important that you regularly review this Privacy Policy in order to remain informed about the changes.