Privacy policy

1. Data Controller

Granja Agas, S.A., Tax Identification Number (NIF): A16120263, with its registered office at Ctra. CM-3114, Km 43.5, 16200 Motilla del Palancar (Cuenca), Spain.

Email: info@granja-agas.com

Telephone: +34 969 33 10 87

2. Data Protection Officer

The Company has not appointed a Data Protection Officer (DPO), as none of the circumstances requiring mandatory designation under Article 37 of the GDPR and Article 34 of the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD) apply.

Any questions relating to the processing of personal data may be addressed directly to the Data Controller using the contact details provided above.

3. Processing Activities, Purposes, and Legal Bases

Enquiries and Requests (Contact Form and Email)

Categories of data: Identification and contact details, together with the content of the message.

Purpose: To respond to and manage communications received.

Legal basis: Legitimate interest in responding to communications (Article 6(1)(f) GDPR) and, where the enquiry relates to a potential contractual relationship, the implementation of pre-contractual measures at the request of the data subject (Article 6(1)(b) GDPR).

Customer and Supplier Management

Categories of data: Identification, contact, and billing information.

Purpose: To manage the business relationship and fulfil the corresponding obligations.

Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and compliance with legal accounting and tax obligations (Article 6(1)(c) GDPR).

Marketing Communications (Where Applicable)

Categories of data: Contact details.

Purpose: To send information about products, services, and company activities.

Legal basis: Consent (Article 6(1)(a) GDPR) or, where permitted under a pre-existing customer relationship, legitimate interest pursuant to Article 21 of the Spanish Information Society Services and Electronic Commerce Act (LSSI-CE), while always providing a simple and effective opt-out mechanism.

Website Browsing and Cookies

Categories of data: Online identifiers and browsing data.

Purpose and legal basis: As described in the Cookie Policy (technical cookies based on service necessity; all other cookies subject to the user’s consent).

Whistleblowing Channel

Categories of data: Information relating to the reporting person, any individuals concerned, and the facts reported.

Purpose: To manage the internal whistleblowing channel.

Legal basis: Compliance with a legal obligation (Article 6(1)(c) GDPR, in conjunction with Spanish Law 2/2023). Further information is provided within the whistleblowing channel itself.

4. Recipients and Data Processors

As a general rule, personal data will not be disclosed to third parties except where required by law.

For the provision of its services, the Company uses service providers acting as data processors (including website hosting and maintenance providers, the whistleblowing platform provider, and, where applicable, analytics service providers), all of whom are engaged under data processing agreements compliant with Article 28 GDPR.

5. International Data Transfers

Where any service provider processes personal data outside the European Economic Area (EEA), appropriate safeguards in accordance with Chapter V of the GDPR shall be implemented, such as the European Commission’s Standard Contractual Clauses (SCCs).

6. Data Retention

Personal data will be retained only for as long as necessary to fulfil the purposes for which they were collected and, thereafter, for the applicable statutory limitation periods to comply with legal obligations or defend legal claims. Once these periods have expired, the data will be deleted or securely blocked, as appropriate.

Where processing is based on consent, personal data will be retained until such consent is withdrawn.

7. Data Subject Rights

Data subjects may exercise their rights of access, rectification, erasure, objection, restriction of processing, and data portability, as well as withdraw their consent at any time, by contacting the Data Controller at info@granja-agas.com and providing proof of identity.

If a data subject considers that their rights have not been properly respected, they may lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD) at www.aepd.es.

8. Security Measures

The Company implements appropriate technical and organisational measures to ensure the security of personal data and to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with Article 32 of the GDPR.

9. Updates

This Privacy Policy may be updated from time to time to reflect legal, regulatory, or operational changes. The date of the latest update will be indicated in the policy.