Version 1.3 published on 23 January 2020
Frinsa del Noroeste, S.A. informs the users of the www.grupofrinsa.es website (hereinafter the WEBSITE) of its policy on the processing and protection of any personal data that may be collected both from users who browse this WEBSITE and from clients who buy or contract services through this WEBSITE.
In this sense, Frinsa del Noroeste, S.A. guarantees compliance with the current legislation on the protection of personal data, as reflected in Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights and in the Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data by means of which the Directive 95/46/EC (General Data Protection Regulation) was repealed.
2.- COLLECTION, PURPOSE AND PROCESSING OF DATA
2.1.- What data is collected on the website?
The following personal data may be collected through the interactions that a user or client may have while browsing the WEBSITE both automatically (creating a user account, making purchases on the WEBSITE, by filling in a form or installing cookies), or through personal communication with Frinsa del Noroeste, S.A. (via telephone, chat or e-mail):
- E-mail, both to create a user profile and process a purchase, to make a query or receive the newsletter and, in any case, with the mission of maintaining communication.
- Telephone number if an order is initiated through the corporate WhatsApp account, or for processing any query or incident.
- Identification details, such as name, surnames, physical address and any other information that may be useful for processing product shipments, issuing invoices and facilitating future purchases.
- Data from your browsing, related to how users use the WEBSITE, their IP address, browser and the operating system used, the duration of their visit, search history, language, log files and pages visited.
- Payment Data, although the payment will be processed through external services that receive and save, where appropriate, the details of the means of payment (Stripe in the case of the debit or credit card and PayPal).
- Data on the use of social networks, in the case of using the tools on the website of each social network such as Like, Share or Social Login when identifying with your user.
2.2 – How is data collected on the WEB? (LEGITIMIZATION)
Frinsa del Noroeste, S.A. has the duty to inform the users of its WEBSITE of its intention to collect personal data, whether this is done by sending an e-mail, by telephone or by filling in the forms included on the WEBSITE. In this sense, Frinsa del Noroeste, S.A. is the data controller of any data collected through the aforementioned means. Under no circumstances is this applicable to the collection of personal data by third parties or other websites.
The legal basis for the processing of data related to the preparation, invoicing and dispatching of orders, as well as for the resolution of any related queries or incidents, will be understood as the execution of the contract for the purchase and sale of the goods and services offered on the WEBSITE, in accordance with the terms described in the General Conditions accepted in each sale.
If the data is collected for the purpose of sending its own commercial information, the legal basis will be the legitimate interest of the Data Controller. You may unsubscribe from these communications at any time by clicking on the link that accompanies all our notifications or by exercising your right to object using the channels that are indicated in section 3 of this Policy.
At the same time, Frinsa del Noroeste, S.A. may process the data of the users of its WEBSITE for the following purposes:
- To reply to requests for information or any contact made by users.
- For the internal and external personalisation of any advertising with which the user will be impacted.
- For the public use of certain data or private elements, subject to previous express authorisation.
- To identify the user by the WEBSITE in order to allow them to publish content within the WEBSITE itself.
The legal basis for the processing of your data for these purposes is derived from the express consent that has been given by the interested party, either by checking a box to actively indicate acceptance or through a phone call or written signature, depending on the communication established between Frinsa del Noroeste, S.A. and the users.
The legal basis that allows Frinsa del Noroeste, S.A. to collect the personal data of its users is derived from the consent that is freely given by means of the verification boxes or the information-sending buttons that are contained on the WEBSITE when accepting the terms of service.
Likewise, in the case of customers who make purchases on the WEBSITE or who create an account on the portal, the legal basis that allows their personal data to be collected is the execution of the contract.
2.3 – Why is this personal data collected on the WEBSITE? (PURPOSE)
Frinsa del Noroeste, S.A. collects the aforementioned personal data for the following reasons:
- To send commercial advertising communications by e-mail, fax, SMS, MMS, social communities or any other current or future electronic or physical means, which makes it possible for commercial communications to be carried out.
- To allow the use of certain functionalities within the WEBSITE, such as the possibility to publish product ratings or comment on articles.
- To enable users to communicate with the Frinsa del Noroeste, S.A.’s personnel through the WEBSITE.
- To have a generic vision of behaviour on the WEBSITE and optimise its use.
In addition to the aforementioned reasons:
- To be able to send the orders that are processed to the correct address.
- To formalise the contract for the purchase-sale of goods or services sold on the WEBSITE.
- To inform the customer of the status of their order and any incidents that may occur.
- To issue and send an invoice or receipt for the purchase made by telematic means.
- To provide access to their order history for consultation or the downloading of documents.
- To enable web systems to recognise the customer in order to speed up the process for new purchases.
- To inform them when updating prices or contract terms.
The refusal to provide certain requested data may mean that certain services or processes cannot be provided correctly.
2.4 – Who processes the personal data collected on the website? (DATA CONTROLLER and TARGETS)
The data controller is Frinsa del Noroeste, S.A., a company with Tax ID No. (A15010564) and registered office in Avda. Ramiro Carregal Rey P.29, Polígono Industrial Xarás, 15.969, Ribeira (A Coruña – Spain), whose corporate purpose is the sale and marketing of tinned food and gourmet products.
The users and clients’ personal data is handled by Frinsa del Noroeste, S.A.’s employees who work in the Customer Service (to communicate any incidents to clients), marketing (to send emails or publish advertisements), web use (to analyse and improve browsing) and administration (for invoicing, payment and the preparation of orders) departments.
Frinsa del Noroeste, S.A. informs users that their personal data will not be transferred to any third-party organisations, except when a legal obligation exists or when a contractual relationship with another company’s data controller or third-party data processor is necessary in order to provide the service in an appropriate manner for the client (for example, when an order is sent and the logistics company has to contact the client).
Frinsa del Noroeste, S.A. will maintain the responsibility for the processing of this data when transferring or granting access to said data is considered essential in order to process the purchases or services requested by the clients or users if they wish for the purchase or service be carried out as efficiently as possible.
In this sense, the external services for which the WEBSITE or the user themselves may provide personal data for the purpose expressed in the previous paragraph are as indicated below:
- To manage communications between Frinsa del Noroeste, S.A. and the user.
This may be the case for instant messaging applications (WhatsApp Inc. with address at 1601 Willow Road Menlo Park, California 94025. United States) or e-mail (The Rocket Science Group- Mailchimp, LLC 675 Ponce de Leon Ave NE Suite 5000. Atlanta, GA 30308. The United States). In the case of international transfers, both entities are certified under EU-US Privacy Shield, in compliance with the requirements of the General Data Protection Regulation.
- To provide technical service for the correct functioning of the WEBSITE
To ensure that the website is always in good working order, Frinsa del Noroeste, S.A. has signed a maintenance contract with the company Zentinet Seguridad y Aplicaciones, S.L. (with registered office in calle Zaragoza, 18 in Gijón — Spain), and in order to perform its services correctly the company may require access to the personal data. In addition, the website is hosted on servers belonging to the company Microsoft Ireland Operations Limited (with registered office in 70 Sir John Rogerson’s Quay, Dublin 2, in Ireland and whose data centres are located in various countries) and in compliance with the requirements of the General Data Protection Regulation.
- Payment services
To proceed with the payment of the purchases made within the WEBSITE, an SSL protocol is produced via encryption that ensures the concealment of the identity and of the data provided. The payment information data is captured by the third-party entities that are in charge of said procedures: Stripe for card payments and PayPal for payment by these platforms acting as processors. Finally, payment by bank transfer is enabled, but in this case no payment or collection details are requested from the customer.
In any case, the aforementioned service providers will not have access to or be able to use this data, except in the case in which they have received express authorisation from the owner or when considered necessary according to the framework of the execution of the services and within the technical limitations of these services.
Although Frinsa del Noroeste, S.A. has adopted the necessary technical measures in order to prevent the consultation, alteration or non-authorised processing of its users and clients personal data, in the case of violation by third parties who gain access to users’ private data that could cause damage given its confidential nature and given that it has not been expressly shared by Frinsa del Noroeste, S.A., the company will inform the Control Authority of this violation and, if necessary, it will inform the affected parties of the violation within a maximum period of 72 hours from the time at which they were made aware of said violation.
With regard to the links from the WEBSITE to the websites of any third parties or social networks, Frinsa del Noroeste, S.A. loses control of the data collected by the servers of these third parties, and as such they may not be held responsible for the processing of personal data on these websites. We therefore recommend that you read the privacy policies of these digital platforms in order to understand how they will process any personal data that you may provide them with.
2.5 – How long does Frinsa del Noroeste, S.A. keep personal data?
Frinsa del Noroeste, S.A. keeps its clients’ personal data on a permanent basis as long as they do not express their desire to cancel certain services (either automatically by using cancellation buttons or by means of a physical or digital written communication) or to cancel their user or client account.
In the case of clients, records of transactions will be kept for the purpose of complying with the tax and accounting obligations required by law. If a client proceeds to cancel their data and comply with the aforementioned legal obligations, Frinsa del Noroeste, S.A. will proceed to convert the client’s account into an anonymous account, keeping this data duly blocked, unless the client exercises the right to object to this point.
In the case of users who have not created an account, the data will be kept for the time necessary in order to execute the order or resolve the query or incident that has arisen.
The data collected through the Google Analytics cookies will remain in the records for a period of 26 months after which it will be automatically deleted. From that moment on, the personal data will remain duly blocked for the statutory limitation period. Once said period has elapsed, Frinsa del Noroeste, S.A., will proceed to eliminate this data in a safe manner.
3.- USERS’ RIGHTS (RIGHTS)
The General Data Protection Regulation grants data subjects the possibility to exercise a series of rights related to the processing of their personal data.
Insofar as the user’s data is processed by Frinsa del Noroeste, S.A., the users will be able to exercise the rights of access, rectification, cancellation (for the data stored on the website as well as in external tools that manage cookie data to be eliminated or forgotten), restriction (to limit the use of the user’s data to certain licit treatments only when the rectification or objection has been previously requested), objection (to deny the right to process their data except for legitimate imperative reasons) and portability (to transfer the data to another organisation) in accordance with the provisions set forth in the current legal regulations on personal data protection.
To exercise these rights, users can go to their private account in the My Account section of the website, where they can exercise them directly or by written communication, by sending documentation that proves their identity (ID card or passport), to the following addresses:
Frinsa del Noroeste, S.A. (Personal data controller)
Av. Ramiro Carregal Rey P.29, Polígono Industrial Xarás, 15.969, Ribeira (A Coruña – Spain)
email@example.com (Personal data controller)
or the address that it may be replaced with in the Website’s Legal Notice.
This communication must reflect the following information:
- User’s name and surname.
- The request.
- Identification and accreditation data.
The exercising of rights must be performed by the users themselves or by a person authorised as the legal representative of said party. In this case, the documentation proving this representation must be provided.