Privacy and data protection policy

This Privacy Policy has been developed taking into account the provisions of Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the circulation of these data, hereinafter the GDPR, as well as Organic Law 3/2018, of December 5, on Data Protection and Digital Rights (hereinafter, LOPDGDD) and other applicable regulations.

The purpose of this Privacy Policy is to inform individuals who provide their personal data, and/or the data of the person they represent, in relation to whom information is being collected, of the specific aspects relating to the processing of their data, the purposes of the processing, contact details for exercising their rights, information retention periods and security measures, among other things.

WHO IS THE DATA CONTROLLER?

In terms of data protection, FRIBIN FOODS SL must be considered the Data Controller, in relation to the processing of personal data carried out by this entity.

The contact details of the Data Controller are provided below:

Identity of the person responsible: FRIBIN FOODS SL
Tax ID: B22004311
Physical address: PARTIDA CHUBERA S/N, 22500, BINéFAR, HUESCA
Email: fribin@fribin.com
Telephone: 974 43 15 00

WHO IS THE DATA PROTECTION OFFICER?

This entity is responsible for the figure of the data protection delegate, who can be contacted through the following email address: AGUSTIN AQUILUÉ lopd@fribin.com or by writing to the address of this entity for the attention of the “Data Protection Delegate”.

WHAT PERSONAL DATA DO WE PROCESS?

All information collected by FRIBIN FOODS SL will be treated in a fair, lawful and transparent manner.

Likewise, the data requested in each of the treatments carried out will consist only of those strictly essential to achieve the intended purpose and reported in each case.

In this way, the data collected will be adequate, pertinent and not excessive in relation to the purposes for which they are processed in each case. Likewise, your personal data will be collected for specific, explicit and legitimate purposes, and will not be subsequently processed in a manner incompatible with said purposes. In addition, they will be updated whenever necessary.

In general terms, within the framework of the different treatments of activities carried out in the organization, the following types are collected:

Identification data.
Academic, professional and training data.
Detailed employment data.
Commercial Information.
Transactions of goods and services.

WHERE DO PERSONAL DATA COME FROM?

As a general rule, personal data is always collected directly from the data subject; however, in certain exceptions, data may be collected through third parties, entities or services other than the data subject.

In this regard, this matter will be communicated to the interested party through the information clauses contained in the different information collection channels and within a reasonable period of time or in the first communication made to the interested party.

FOR WHAT PURPOSE DO WE PROCESS PERSONAL DATA?

In general terms, personal data is processed for the following purposes:

Candidates : Carry out internal staff selection processes, both current and future.
Contact : Respond to requests for information received about the products and services we offer, as well as answer any other type of question sent by users.
Management, fulfillment and execution of the purchase contract : Specifically, personal data will be used to formalize the purchase contract; to manage payment transactions; to contact you in the event of any incident related to your order; to manage billing and delivery of purchase tickets and invoices; to manage returns of purchased products; to inform you about the availability of the products requested; and/or to manage coupons or gift cards that you redeem on the website or in our stores.
Clients : manage the sale of goods and services, billing, accounting, collections, non-payments, offers, budgets and contracts, customer service, contact and business relations.
Potential Clients : Track and identify business opportunities for the organization.
Suppliers : carry out purchasing management, accounting, payments, delivery note and order management, contact and business relations.
Internal information system: Manage the internal information system (Complaints Channel), investigate the facts and propose remedial measures, prevent regulatory non-compliance and correct those already detected, as well as contribute to the effective operation of the Center with the continuous improvement of internal processes for the management and control of illegal conduct or conduct contrary to the ethical culture of the Center.

Through these treatments, profiles of users browsing the website are not created and, therefore, no automated decisions are made based on this data.

WHAT IS THE LEGITIMATION FOR DATA PROCESSING?

As a general rule, the consent of the interested party is the legal basis for the processing of data in accordance with the purposes described above. This consent is expressed through a statement or a clear affirmative action, such as checking a box provided for this purpose, voluntary subscription or by sending data through forms. This consent may be revoked at any time by contacting the company through its contact methods and, in general, we will request your consent for uses for purposes other than those for which you initially granted them.

Specifically and for the treatments indicated below, the following legitimizing bases are used:

Compliance with legal and regulatory obligations : By way of example and not limitation. General Law for the Defense of Consumers and Users, General Tax Law, Corporate Tax Law, Account Auditing Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the existence of a specific law or regulation that authorizes or requires the processing of the data of the interested party, which will be stated in the corresponding information clause.
Execution of a contract : for the prior management of a contracted service or product, development of the execution of a contract or subsequent management derived from said operations.
Consent : There are treatments based on obtaining the express and unequivocal consent of the owner of the data, by incorporating informed consent clauses in the different information collection systems, giving consent through a statement or a clear affirmative action such as checking a box provided for this purpose or signing the appropriate document or by sending data through the indicated contact methods. Additionally, we inform you that we will only use personal information in accordance with this Privacy Policy and, in general, we will request your consent for uses for purposes other than those for which you initially granted it.

HOW LONG DO WE KEEP PERSONAL DATA?

In general, personal data is processed for the time necessary to fulfill the purpose for which it was collected, while the provision of the service or the contractual relationship is maintained, there is a mutual interest and/or for the time provided for in the corresponding regulations.

Once the established time criteria have been met, the data will be cancelled. This cancellation will result in the blocking of the data, which will be kept solely at the disposal of the Public Administrations, Judges and Courts, to address any potential liabilities arising from the processing, during the limitation period for these; once this period has elapsed, the information will be destroyed.

WITH WHOM DO WE SHARE PERSONAL DATA?

As a general rule, your data will not be transferred or communicated to third parties, except as required by law.

However, if necessary, such transfers or communications of data are reported to the interested party through the information clauses contained in the different ways of collecting personal data.

ARE INTERNATIONAL DATA TRANSFERS MADE?

We inform you that, in general, international transfers are not carried out outside the European Economic Area (EEA). In the event that a transfer of data outside the EEA were to occur, THE ORGANIZATION will have the appropriate guarantees to carry out said transfer, in accordance with the requirements established by the General Data Protection Regulation.

WHAT RIGHTS CAN YOU EXERCISE?

According to European regulations, your rights are as follows:

Right of Access, right to request information from the person responsible for a file about whether your personal data is being processed.
Right of Rectification, a right that allows the affected person to request the modification of data that is inaccurate or incomplete.
Right to Objection, the right of a person to object to the processing of his or her personal data or to the cessation of such processing.
Right to automated individual decisions , right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her
Right of Limitation, right to suspend the processing of the user's personal data in certain cases
Right to Deletion or Forgetting , right to deletion of the personal data of the interested party
Right to Portability , the right to request the data controller to provide personal data in a structured and clear format to another controller.
Right to lodge a complaint with the competent supervisory authority if you consider that the processing does not comply with current regulations.

HOW TO EXERCISE YOUR RIGHTS?

The applicant may exercise his/her rights through the following means:

Email a lopd@fribin.com.
Postal mail to PARTIDA CHUBERA S/N, 22500, BINéFAR, HUESCA.

In both cases, documentation proving the identity of the applicant may be required if necessary.

In any case, you can request protection from the Spanish Data Protection Agency through its website .

In this regard, your request will be processed as soon as possible and taking into account the deadlines provided for in the data protection regulations.

WHAT COULD BE THE CONSEQUENCES OF NOT PROVIDING INFORMATION?

The data requested in the established fields marked with an asterisk, or identified as mandatory, or those provided in the media where the information is provided, are those strictly necessary in relation to the purpose for which they are collected, or for the provision of an optimal service to the interested party or through a legal obligation imposed on the data controller or a necessary requirement to sign a contract, the inclusion of data in the remaining fields being voluntary.

If all data is not provided, there is no guarantee that the information and services provided will be fully tailored to your needs.

Therefore, if the required data is not provided or is provided incorrectly or incompletely, your request cannot be processed, making it completely impossible to provide you with the requested information or carry out the contracting of the services.

Likewise, the user guarantees that the information transmitted in any of the forms is true, accurate and corresponds to his/her own data.

The services of our platforms are not intended for minors, so registration is only permitted for persons over 18 years of age. Otherwise, please be advised that any potential liabilities that may arise as a result of the use of our Platforms will be the responsibility of the parents or guardians of the minor. To prevent the use of our services by minors, we try to verify the age of our users when they register by requesting their date of birth.

WHAT SECURITY MEASURES HAVE WE IMPLEMENTED?

The security measures adopted by FRIBIN FOODS SL are those required, in accordance with the provisions of article 32 of the GDPR.

In this regard, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons, appropriate technical and organisational measures have been established to ensure the level of security appropriate to the existing risk.

In any case, FRIBIN FOODS SL has implemented sufficient mechanisms to:

Ensure the ongoing confidentiality, integrity, availability and resilience of treatment systems and services.
Restore availability and access to personal data quickly in the event of a physical or technical incident.
Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
Enable data and communications encryption.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be revised from time to time in order to update changes in current legislation, update the procedures for collecting and using personal information, the appearance of new services or the exclusion of others. These changes will be effective upon their publication on the website, so it is important that you regularly review this Privacy Policy in order to stay informed about any changes.