Who is responsible for the processing of user personal data?
The entity responsible for data processing is CAMPOFRÍO FOOD GROUP, S.A.U., with Tax Identification Number A-09000928 and registered office at Avenida de Europa, 24, 28108 Alcobendas (Madrid).
To ensure the proper management in the processing of user personal data, CFG has appointed a Data Protection Officer, whom you can contact to resolve any questions you may have. You can contact the Data Protection Officer at the following email address: email@example.com.
For what purpose do we process user personal data?
- Purpose: The personal data of users who contact CFG by any of the contact channels made available through the website, in order to receive inquiries and/or requests from users, will be processed for the purposes of: maintaining contact between the parties, management of website users, providing customer care or user services, and managing and processing such requests or inquiries.
- Data processed for this purpose: Identification and contact data consisting of first name, surname and email address (and any other additional data that the user voluntarily provides CFG).
- Lawful processing criteria: The lawful criteria for this processing is the processing and management of the legal relationship between the user and CFG.
- Purpose: The personal data of users who register and create a user account on the website will be processed in order to manage user profiles that allows access to the private area of the website, manage users of the website with access to the private area and provide access to the account and its content, functionality and services that are made available to the public through this restricted access space.
- Data processed for this purpose: Identification, account information (username and password) and contact data.
- Lawful processing criteria: The lawful criteria for this processing is the processing and management of the legal relationship entered into in each case between the user and CFG.
- Sending of CFG's own commercial communications to consumers that are not customers.
- Purpose: the personal data of users of the website who are consumers of products of the brand and, in addition, have given CFG their express consent in the forms provided for this purpose, may be processed by CFG for the purpose of sending advertising, promotional information or information that may be of interest to them regarding the products, promotions and commercial offers of CFG through postal or electronic channels (mail, courier, SMS or other equivalent electronic communication channels), including on the basis of the analysis and elaboration of the user’s profile that will be made exclusively with internal data. In relation to the analysis and elaboration of the user’s profile CFG, in order to optimize and improve the delivery of services as well as to offer adequate information according to the user’s preferences, may carry out processing consisting in the elaboration and analysis of profiles and apply segmentation techniques for commercial and advertising purposes, which will be carried out exclusively with the data provided to CFG by the user.
- Data processed for this purpose: Identification and contact data (first name, surname, e-mail) and data on personal characteristics or social circumstances (derived from the application of segmentation and profiling techniques).
- Lawful processing criteria: The consent of the user, requested and obtained through the forms provided for this purpose. The user may revoke consent to the processing of their data for this purpose, using the channels provided by CFG. However, this will not affect the lawfulness of any processing carried out before withdrawal of the user’s consent. CFG may not be able to provide certain products or services if consent is withdrawn and will advise the user if this is the case at the time of withdrawal of consent.
- Purpose: The personal data of users of the website who, in addition, have the status of client of CFG, may be processed by CFG for the purpose of sending advertising, promotional information or information that may be of interest to them relating to products, promotions and commercial offers of CFG through postal or electronic channels (mail, courier, SMS or other equivalent electronic communication channels), including on the basis of the analysis and elaboration of the user’s profile that will be made exclusively with internal data. With relation to the analysis and elaboration of the user’s profile CFG, in order to optimize and improve the delivery of services, as well as to offer adequate information according to the user’s preferences, may carry out processing consisting in the elaboration and analysis of profiles and apply segmentation techniques for commercial and advertising purposes, which will be carried out exclusively with the data provided to CFG by the user.
- Data processed for this purpose: Identification and contact data, data relating to transactions of goods and services, data on personal characteristics or social circumstances (derived from the application of segmentation and profiling techniques).
- Lawful processing criteria: This purpose is based on either (i) the consent of the user, requested and obtained through the forms provided for this purpose, or (ii) where the user did not opt-out of receiving marketing upon becoming as client and the commercial communications relate to similar goods or services, pursuant to applicable regulations (in case of communications by e-mail or similar channels) (a “soft opt-in”). The user may object at any time to the processing of their data for this purpose using the channels provided by CFG and in each of the commercial communications issued, the latter in the case of communications by email or similar channels. However, this will not affect the lawfulness of any processing carried out before the user’s objection. CFG may not be able to provide certain products or services if the user objects and will advise the user if this is the case at the time of objection. If a user wishes to obtain more information in relation to this purpose, you may request additional information at firstname.lastname@example.org.
- Purpose: The personal data of users collected through the registration of a user as a participant in any of the promotions made available by CFG through its website, will be processed for the purpose of managing the of the promotion in question, delivering the corresponding prize to the winner of the promotion, as well as for the compliance by CFG of all legal and fiscal obligations applicable to it in its capacity as organizer of the promotion in question, exclusively in the event that the user had consented to such purpose of data processing. In any case, the data will be processed in accordance with the applicable terms and conditions regulating the promotion in question, where the user may find detailed information on data protection, and which must be accepted by the user prior to his/her participation in the promotion.
- Data processed for this purpose: Identification and contact data, and economic-financial data.
- Lawful processing criteria: The legal basis for this processing is the performance of a contract (i.e., the applicable terms and conditions of the promotion that the user has agreed to, in order to participate in the promotion).
CFG will only use user personal data for the purposes for which it was collected, unless CFG reasonably considers that it needs to use such personal data for another reason and that reason is compatible with the original purpose. If a user wishes to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact CFG. If CFG needs to use your personal data for an unrelated purpose, it will notify the user and explain the legal basis which allows CFG to do so.
Please note that CFG may process personal data without the user’s knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
From what sources does the data come?
The data that CFG processes as a result of the interactions made by the user through the website come from the following sources:
- Data provided by the user by filling in the blanks to manage communication with users made available by CFG and/or the blanks made available for participation in promotions managed by CFG, by sending e-mails or by any other channels by which the user communicates with CFG.
- Data generated as a result of navigation and use by the user of the website(e.g., sections visited).
- Data generated as a result of the development, processing and management of a legal and / or contractual relationship between the user and CFG (e.g. number of contacts made with the client).
To whom is user data communicated?
The data collected by CFG through this website may be communicated to the following recipients, depending on the lawful processing criteria for the communication, and only if necessary:
In order to comply with applicable legal obligations, CFG may communicate user data to:
- To Public Bodies and Administrations (e.g., in case it is necessary for the management of claims, for the fulfillment of legal and fiscal obligations derived from the organization of promotions, etc.).
- To Public Notaries (e.g., for promotional sweepstakes).
CFG also uses third party providers and hosting companies to provide its services, so your data may be processed outside the United Kingdom, specifically in the European Union (EU). The provision of these services may involve access to personal data under the control of CFG. This will be done at all times on CFG’s instructions and on behalf of CFG.
CFG may transfer personal of the website’s users to its Mexican subsidiary. Whenever CFG transfers personal data out of the UK, it will ensure a similar degree of protection is afforded to that personal data, by ensuring that at least one of the following safeguards is implemented:
- only transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data (such as member states of the EU).
- using specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Do we obtain information from third parties?
How long will we keep user data?
The personal data provided will be kept for the period of time determined on the basis of the following criteria: (i) duration of the legal relationship and attention to any liabilities arising from such relationship; (ii) legal obligation of conservation; and (iii) request for deletion by the interested party in the cases in which it is appropriate. You can request more information about the retention periods at email@example.com.
What personal data must you provide in each case?
CFG informs users that, when personal data is collected through a form made available through the website, it will be necessary for the user to report at least the data indicated as mandatory in the corresponding form. In case of failure to provide at least such data considered as necessary, CFG will not be able to manage the provision of the service or meet the user's request.
Likewise, CFG informs users who wish to participate in a promotion made available by CFG that, in such cases, the user must provide the personal data requested in each case, in accordance with the promotional mechanism in question and with the provisions of the applicable terms and conditions regulating the promotion. In the event of failure to provide the data required in each case, the user will not be able to participate in the promotion in question and, if applicable, will not be able to receive the prize associated with the promotion.
What do you have to guarantee when providing your personal data?
The user guarantees that the data provided are true, accurate, complete and up to date, being responsible for any damage or loss, direct or indirect, that may arise as a result of a breach of this obligation.
The user must be over 16 years of age to provide personal data to CFG through the website. The user who provides data to CFG through this website declares and guarantees that the user, and any third party the user is submitting personal data on behalf of, is over that age, taking full responsibility for such statement.
Data of minors
CFG complies with the requirements of all applicable data protection laws regarding the protection of personal data of minors. Although the website and products are available to all ages, CFG does not collect any information from children under the age of 13 without the respective permission of their parents or legal guardians. If a user becomes aware that a child under the age of 13 has provided CFG with personal information without the permission of a parent or legal guardian, please contact CFG. If CFG becomes aware that a child has provided CFG with personal information without the permission of his or her parent or legal guardian, CFG will take steps to delete that information.
What security measures do we take to protect your personal data?
CFG ensures the security and confidentiality of your data, and has adopted the appropriate security measures for the protection of personal data and has installed the technical channels at its disposal to prevent the loss, misuse, alteration, unauthorized access and theft of personal data provided through the website. In any case, each user must take into consideration that internet security measures are not impregnable.
What are your rights regarding your personal data?
Users have the right to obtain confirmation as to whether or not CFG is processing personal data concerning the user.
Likewise, CFG informs each user that users have the following rights in relation to personal data:
- Right of Access: users have the right to access their data to know which personal data CFG is processing.
- Right to request the rectification and erasure of user data: under certain circumstances, users have the right to have their personal data rectified when the user considers that CFG processing inaccurate data. The user can also request the erasure of their personal data, when, among other reasons, the data is no longer necessary for the purposes for which it as collected.
- Right to restrict the processing of your data: under certain circumstances, the user is entitled to request CFG restrict the processing of their personal data. In those cases, CFG only keep the personal data for the exercise or defence of possible legal claims.
- Right to data portability: under certain circumstances, the user will be entitled to receive from CFG (in a structured, commonly used and machine-readable format) the personal data it holds relating to the user. The user also has the right to have CFG transfer this data to another data controller.
- Right to object to the processing of your information: under certain circumstances and based on grounds related to the user’s personal situation, a user may be entitled to object to the processing of their personal data. In that case CFG will stop processing the data unless it must continue processing based on legal grounds or for purposes related to the exercise or defence of possible legal claims.
Users have the right to object, at any time, to the sending of advertising of CFG's own products and services, as well as to withdraw any of the consents the user may have given for the processing of their data, without affecting the lawfulness of the processing based on the consent prior to such withdrawal.
Users may exercise their rights over your personal data by writing to CAMPOFRÍO FOOD GROUP, S.A.U., including the reference "Data Protection" to the following addresses:
- Avenida de Europa, 24, 28108 Alcobendas (Madrid); or
- To the e-mail: firstname.lastname@example.org.
In both cases, the identity of the person exercising their rights must be accredited. If CFG does not consider this to be sufficient, additional information may be requested.
CFG will provide the requested information within a maximum of one month from receipt of the request. This period may be extended by a further two months if necessary, taking into account the complexity and number of requests.
Finally, CFG informs you that you may submit a complaint to the competent Data Protection Supervisory Authority, which in the United Kingdom is the Information Commissioner's Office (www.ico.org.uk). However, in the first instance, you may lodge a complaint with CFG’s Data Protection Officer (email@example.com), who will resolve your complaint within a maximum period of two months.