Data Controller
Granja Agas, S.A., Tax Identification Number (NIF): A16120263, with its registered address at Ctra. CM-3114, Km 43.5, 16200 Motilla del Palancar (Cuenca), Spain.
Email: info@granja-agas.com
Telephone: +34 969 33 10 87
Data Protection Officer
The Company has not appointed a Data Protection Officer (DPO), as none of the circumstances requiring mandatory appointment under Article 37 of the General Data Protection Regulation (GDPR) and Article 34 of the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD) apply.
Any questions relating to the processing of personal data may be addressed to the Data Controller using the contact details provided above.
Processing Activities, Purposes and Legal Bases
Handling Enquiries and Requests (Contact Form and Email)
Categories of data: Identification and contact details, as well as the content of the enquiry.
Purpose: To respond to and manage communications received.
Legal basis: The Company’s legitimate interest in responding to communications received (Article 6(1)(f) GDPR) and, where the enquiry relates to a potential contractual relationship, the implementation of pre-contractual measures at the request of the data subject (Article 6(1)(b) GDPR).
Customer and Supplier Management
Categories of data: Identification, contact and billing information.
Purpose: To manage the commercial relationship and fulfil contractual obligations.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and compliance with legal accounting and tax obligations (Article 6(1)(c) GDPR).
Marketing Communications (Where Applicable)
Categories of data: Contact details.
Purpose: To send information regarding the Company’s products, services and activities.
Legal basis: The data subject’s consent (Article 6(1)(a) GDPR) or, where permitted by applicable law and following a prior commercial relationship, the Company’s legitimate interest in accordance with Article 21 of the Spanish Information Society Services Act (LSSI-CE). In all cases, recipients will be provided with a simple means of opting out of future communications.
Website Browsing and Cookies
Categories of data: Online identifiers and browsing data.
Purpose and legal basis: As described in the Cookie Policy. Strictly necessary cookies are processed on the basis of the provision of the requested service, while all other cookies require the user’s consent.
Internal Whistleblowing Channel
Categories of data: Information relating to the reporting person, individuals concerned, and the facts reported.
Purpose: Management of the Company’s internal reporting channel.
Legal basis: Compliance with a legal obligation (Article 6(1)(c) GDPR in conjunction with Spanish Law 2/2023). Specific information is provided within the reporting channel itself.
Recipients and Data Processors
As a general rule, personal data will not be disclosed to third parties unless required by law.
For the provision of certain services, the Company engages service providers acting as data processors, including providers of website hosting and maintenance services, the whistleblowing platform and, where applicable, analytics tools. These processors are engaged under agreements compliant with Article 28 GDPR.
International Data Transfers
[TO BE CONFIRMED] Where any service provider processes personal data outside the European Economic Area (EEA), appropriate safeguards in accordance with Chapter V of the GDPR shall apply, including, where appropriate, the European Commission’s Standard Contractual Clauses.
Data Retention
Personal data will be retained for as long as necessary to fulfil the purposes for which it was collected and, thereafter, for the applicable statutory limitation periods in order to address potential legal liabilities. Once those periods have expired, the data will be securely deleted or blocked where required by law.
Where processing is based on consent, personal data will be retained until such consent is withdrawn.
Data Subject Rights
Data subjects have the right to request access to, rectification or erasure of their personal data, as well as the right to object to or restrict processing and the right to data portability, where applicable. Where processing is based on consent, consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to its withdrawal.
Requests may be submitted to the Data Controller at info@granja-agas.com, together with proof of identity.
If a data subject believes that their rights have not been properly addressed, they may lodge a complaint with the Spanish Data Protection Agency (AEPD).
Security Measures
The Company implements appropriate technical and organisational measures to ensure the security of personal data and to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, in accordance with Article 32 GDPR.
Updates to this Privacy Policy
This Privacy Policy may be updated from time to time for legal, regulatory or operational reasons. The date of the latest update will be indicated in this Policy.
