Vins i olis Suñer informs website users about its policy regarding the processing and protection of users' and customers' personal data.

And guarantees at all times the full and complete compliance with the obligations laid down by data protection and information society services regulations: Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR), the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD) and Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSIce).

Data Controller

Company that owns the website:

VAT number:

Address:

Telephone:

Email:

Purposes of the data processing

The data provided by the User are used for various purposes listed below:

Purpose of processing

• Manage inquiries submitted through the inquiry form.
• Sending newsletters, commercial communications, and promotions.
• Manage website issues and maintenance.

Legal basis for processing

• The Society's legitimate interest in meeting information requests through the web.
• Explicit consent provided at the time of data collection through web forms.
• Explicit consent provided at the time of data collection through web forms.
• Legitimate interest of the Society.

DATA RETENTION PERIOD

Purpose of processing

• Manage inquiries submitted through the inquiry form.
• Sending newsletters, commercial communications, and promotions.
• Manage website issues and maintenance.

Retention period

• We will process your data for as long as necessary to handle your request or petition.
• We will process your data until you unsubscribe.
• We will process your data for as long as necessary to comply with any applicable legal limitation periods.

Data Recipients

To fulfill the purposes set forth in this Privacy Policy, it is necessary for us to grant access to your personal data to third parties who support us in the services we offer you (Processing Parties).

The processors responsible for executing a contract or providing a service to the Controller, following its instructions at all times and ensuring the same levels of security.

User Rights

The user has the right to:

• Request access to your personal data that is being processed and receive that information in writing by the requested medium.
• Request the correction of inaccurate personal data or, where applicable, request its erasure when, among other reasons, the data are no longer necessary for the purpose for which they were collected.
• Request the restriction of the processing of your data.
• Object to the processing of your personal data where applicable; in that case, your data will no longer be processed except for legitimate reasons.
• Right to data portability. The data subject has the right to receive the personal data they have provided in a structured, commonly used, and machine-readable format, and to transmit it to another controller, provided the following requirements are met:

1. The processing is based on consent or a contract.
2. The processing is carried out by automated means.

• Right to withdraw consent given.
• Right to lodge a complaint with the Spanish Data Protection Agency.

The User may exercise the above-mentioned rights at the Data Controller's postal or email address, by verifying their identity with a scanned copy of their ID card or equivalent document, and specifying the right they wish to exercise.

Data Source

Personal data must be provided by the data subject themselves on a completely voluntary basis. The absence of certain data or failure to answer questions posed to the data subject during registration processes or via electronic forms may make it impossible to access certain services for which this personal data is essential. In this case, the Data Controller must inform the individual whether providing personal data is mandatory or necessary for the service to function.

The Data Controller ensures the confidentiality of personal data and guarantees its security by adopting the necessary measures to prevent its alteration, loss, processing, or unauthorized access.

Information provided by the interested party

Minors under 18 years of age may not provide their personal data without the prior consent of their parent(s) and/or legal guardians.

By entering their data in the contact forms or in the download forms, the data subject expressly, freely, and unequivocally consents that their data is necessary for the Data Controller to process their request, and that providing data in the remaining fields is voluntary.

The data subject guarantees that the personal data provided to the provider are accurate and is responsible for notifying any changes to them.

All data requested through the website are necessary to provide the data subject with optimal service. If not all data are provided, it cannot be guaranteed that the information and services provided by the controller will fully meet their needs.

SECURITY MEASURES

In compliance with the provisions of current personal data protection regulations, the Data Controller is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of personal data under its responsibility, and manifestly with the principles described in Article 5 of the GDPR and in Article 4 of the LOPDGDD, which are processed lawfully, fairly, and transparently in relation to the data subject and adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.

The controller guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of the data subject, and has provided them with the necessary information so they can exercise those rights.

Security Breaches

The Data Controller will notify any person whose data may have been affected, as well as the relevant authorities, of any security breach affecting the database used by this website or any of our third-party services, within 72 hours of the breach being detected.

Applicable Law and Jurisdiction

For the resolution of any disputes or issues related to this website or the activities carried out on it, Spanish law shall apply, to which the parties expressly submit, and the Courts and Tribunals of Tarragona shall have jurisdiction to resolve any conflicts arising from or related to its use.