Data-protection

“BODEGA DE SARRIA, S.A. (hereinafter referred to as BODESA) makes available to you through this website the following privacy policy in order to inform you, in detail, about how we process your personal data and protect your privacy and the information you provide us with. In the event of future modifications to it, we will communicate them to you through the website or through other means so that you can be aware of the new privacy conditions introduced.

In compliance with Regulation (EU) 2016/679, General Data Protection Regulation and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, we inform you of the following:

Minors In accordance with data protection regulations, Bodega de Sarría S.A. (hereinafter BODESA) determines it as an essential requirement for you to access this website that you are over 18 years old. If you are under 18 years old and have accessed this website, you must leave it.

The responsibility for the truthfulness of this information lies with you. BODESA, in the event that it verifies that the aforementioned requirement is not met, has the authority to ignore the information request sent. Under no circumstances will data relating to the professional, economic situation, or the privacy of other family members be collected from minors without their consent.

Who is the Data Controller? BODEGA DE SARRIA, S.A. with CIF A-31100662, located at Finca Señorío de Sarría S/N, 31100, Puente la Reina (Navarra), telephone: +34 983 868 116 and email address: info@bornosbodegas.com.

Data Protection Officer As a proactive measure of responsibility, BODESA has voluntarily appointed a Data Protection Officer, who is responsible for protecting the fundamental right to the protection of personal data and ensuring compliance with data protection regulations.

You can contact Bodesa’s Data Protection Officer at the following address: dpd@bornosbodegas.com.

In accordance with art. 37.1 LOPDGDD, you may contact the Data Protection Officer prior to filing a complaint against Bodesa with the Spanish Data Protection Agency, with the Data Protection Officer informing you of the decision taken regarding your complaint within a maximum period of two months from the receipt of the complaint.

What information do we collect and for what purpose? At BODESA, we process personal information that the user provides to us directly.

In general, we will process identifying data (such as name, surname, telephone, postal address, email, IP address).

The user guarantees the authenticity, accuracy, and truthfulness of all the information provided to us, committing to keep the personal data updated so that they respond, at all times, to their real situation. The User will be solely responsible for false or inaccurate statements and the damages they may cause.

The personal data that you provide us with within the framework of the provision of our services are mandatory and are the minimum necessary for us to manage your order.

The data you provide us with may be used for one or more of the purposes that we will indicate below, which will be determined by factors such as your relationship with BODESA or by the means used to transmit the data. Below, we detail the processing referred to in this privacy policy, without prejudice to the fact that there may be others for which you are informed or asked for the appropriate authorization:

Compliance with legal obligations It may be necessary to process personal data in order to comply with the legal requirements that correspond. Specifically, to comply with data protection, tax, statistical, insurance legislation, etc.

Contract formalization and execution The personal data of the interested party are processed for the purpose of managing the contractual relationship and complying with the terms of the contract in case you make a purchase in our online store, and our tax obligations, complying, monitoring, and executing, if necessary, the service guaranteed in the contract formalized.

Communication-contact The data you send us by email, instant messaging applications, or filing a claim are used to respond to the request made.

Sending of commercial communications by any means in the event of additional consent If you explicitly consent, your data may be transferred to collaborating entities in order to inform you by any means for promotional and advertising purposes about the centers, services, products, or events organized or participated by us.

How do we obtain your personal data? We collect your personal information through different means, but you will always be informed at the time of collection through informative clauses about the data controller, the purpose and legal basis of the processing, the recipients of the data, and the retention period of your information, as well as how you can exercise the rights that assist you in data protection matters.

In general, the personal information we process is limited to identifying data (name and surname, address, ID number, telephone, and email), contracted services, and payment and billing data.

For how long do we keep your data? We only keep your information for the period of time necessary to fulfill the purpose for which it was collected, comply with the legal obligations imposed on us, and address any potential liabilities that may arise from the fulfillment of the purpose for which the data was collected. Your personal data will be kept for the duration of the legal and/or contractual relationship and, subsequently, as long as you have not exercised your right to deletion, they will be kept taking into account the legal deadlines that are applicable in each specific case, taking into account the type of data, as well as the purpose of the processing.

In the event that you exercise a deletion right and it is appropriate, in compliance with art. 32 LOPDGDD, its blocking will proceed, being available only at the request of Judges and Courts, Ombudsman, Public Prosecutor’s Office, or the competent Public Administrations during the statute of limitations of the actions that may arise, and, once this period has elapsed, they will be completely deleted.

We process your data lawfully, fairly, transparently, appropriately, relevantly, limitedly, accurately, and updated. That is why we undertake to adopt all reasonable measures to have them deleted or rectified without delay when they are inaccurate.

What is the legitimacy for processing your data? Depending on the relationship we maintain and therefore the purpose of the processing, the legal basis may be different. Below, we expose the different applicable bases depending on the processing carried out:

CONTRACTUAL RELATIONSHIP: For the contracted provision. LEGITIMATE INTEREST: Among others, for profiling, quality or opinion surveys, website maintenance, or telephone assistance. LEGAL OBLIGATION: For compliance with obligations established in any other applicable regulations. CONSENT: When you provide us with your data through the contact forms on the website, for sending commercial communications about products or other services. You should know that in those treatments where consent is requested, its non-granting or eventual withdrawal thereafter will not have negative consequences for you.

In the event that third-party data is provided, you declare to have the consent of the owners thereof for said data communication or, where appropriate, to hold their legal representation, exempting BODESA from all responsibility.

What types of data do we process? The categories of data we process are

Contact: identifying data (name, country, email, postal address, and IP address). Contractual compliance: Identifying data, personal characteristic data, social circumstances data, academic and professional data, employment detail data, commercial information data, economic, financial, and insurance data, goods and services transaction data, health or disability data. To which recipients will your data be communicated? Depending on the services we provide you with, your personal data may be communicated to third parties, and said communication is necessary for the proper fulfillment of legal and/or contractual obligations. These providers will not process your data for purposes of their own that have not been previously informed by BODESA.

In those cases where access to data on behalf of third parties is necessary for better management and provision of services, BODESA guarantees the maintenance of confidentiality in the processing of personal data. In any case, these transfers will be duly communicated to the User, detailing the identity of the Assignee and the purpose thereof.

Your data may be transferred to:

WhatsApp ®: if you use this instant messaging system to communicate with us, you should know that your data will be processed by WhatsApp Ireland Limited. You can learn how this company processes your data here. Financial entities. Tax Advisory. Labor Advisory Auditors. Lawyers and Solicitors. Tax Administration. Insurance companies What are your rights when you provide us with your data? These rights are characterized by the following: Their exercise is free, except in cases of manifestly unfounded or excessive requests (e.g., repetitive nature), in which case BODESA may charge a fee proportional to the administrative costs incurred or refuse to act You can exercise the rights directly or through your legal or voluntary representative We must respond to your request within one month, although, considering the complexity and number of requests, the period may be extended for another two months. We have an obligation to inform you about the means to exercise these rights, which must be accessible and without being able to deny you the exercise of the right for the sole reason of opting for another means. If the request is made electronically, the information will be provided by these means when possible unless you request otherwise. If BODESA does not process the request, it will inform you, at the latest within one month, of the reasons for its non-action and the possibility of filing a complaint with a Control Authority In order to facilitate its exercise, we provide you with the links to the request form for each of the rights:

Access right exercise form

Rectification right exercise form

Opposition right exercise form

Suppression right exercise form (right to be forgotten)

Right to limitation of processing exercise form

Right to portability exercise form

Right not to be subject to automated individual decisions exercise form

How do we protect your information? At BODESA, we are committed to protecting your personal information. We use measures, controls, and procedures of a physical, organizational, and technological nature that are reasonably reliable and effective, aimed at preserving the integrity and security of your data and ensuring your privacy.

In addition, all personnel with access to personal data have been trained and are aware of their obligations regarding the processing of personal data.

All these security measures are reviewed periodically to ensure their adequacy and effectiveness.

However, absolute security cannot be guaranteed, and there is no security system that is impenetrable, so, in the event that any information subject to processing and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Control Authority, and, if necessary, those users who may have been affected so that they can take appropriate measures.

Commercial communications by electronic means BODESA informs you that it complies with Law 34/2002 of July 11, on Services of the Information Society and Electronic Commerce and does not engage in SPAM practices, so it will request your consent for the processing of your email or mobile phone for commercial purposes at all times.

Update of privacy policy BODESA reserves the right to modify its privacy policy or conditions of use of its services for reasons of adaptation to current legislation or other reasons. When this occurs, we will notify you of any changes and ask you to reread the most recent version of our policy and, if applicable, confirm your acceptance. The absolute confidentiality and privacy of the personal data collected are ensured, and for this reason, security measures have been adopted to prevent alteration, loss, treatment, or unauthorized access, thus guaranteeing their integrity, availability, and security. However, BODESA will not be responsible for incidents that may arise concerning personal data when these arise: either from an unauthorized attack or access to the systems in such a way that it is impossible to detect or prevent it even if measures are taken according to the state of current technology.

Last updated on August 4, 2020.”