As you are surely aware, the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (hereinafter GDPR) highlights the need to strengthen the level of security and protection of personal data. We wish to inform you that MANUEL BUSTO AMANDI, S.A. (hereinafter referred to as BODEGAS MAYADOR) complies with all the requirements of the aforementioned legislation and that all data under our responsibility will be treated in accordance with the legal requirements and with the appropriate security measures to guarantee their confidentiality. However, in light of new legislative developments, we believe it is appropriate to bring the following privacy policy to your attention and ask you to accept it:
WHO IS THE DATA CONTROLLER?
MANUEL BUSTO AMANDI S.A. (hereinafter BODEGAS MAYADOR) – CIF nº A33019951, and located at La Rasa S/N, 33316, Villaviciosa, Spain.
WHAT DO WE PROCESS YOUR PERSONAL DATA FOR?
- Responding to your enquiries and requests: Managing responses to inquiries, complaints or incidents, requests for technical or corporate information, resources and/or activities.
- Contact with the interested party through the means of communication provided (e-mail, postal address and/or telephone), in order to deal with the requests made through the channels provided, to manage communications and to coordinate the operations deriving from the services requested by persons associated with BODEGAS MAYADOR and/or persons in charge of processing in relation to the purposes authorised and/or consented to.
- Offer and commercial management of the products and services offered by BODEGAS MAYADOR. Contact to request commercial data to manage the design and proposal of products and services.
- Regulatory compliance management (applicable regulations as well as mandatory internal regulations): Investigating, monitoring and auditing the controls put in place for the prevention of crime, the establishment of access controls to the facilities, as well as controls related to the use of images captured by video surveillance systems for the investigation of accidents and/or incidents that may occur, as well as violations of regulations, crimes or illegal behaviour.
- Internal use, performance of operations and administrative, economic and accounting management deriving from the commercial and/or contractual relationship.
- Management of the organisation’s procurement and service delivery, and compliance with contractual and regulatory requirements relating to the organisation or operation being requested.
- Sending commercial communications about products or services similar to those contracted by the customer with whom there is a prior contractual relationship, legitimised in accordance with article 21 of the LSSICE.
- Quality control of our products and services, quality management of processes and activities, and evaluation of the results of the satisfaction/perception and performance of the organisation’s stakeholders.
- Provide evidence of justification for campaigns, activities, promotions, competitions, projects and grants in which the organisation participates.
- Regulatory compliance management (applicable regulations as well as mandatory internal regulations): Investigation, monitoring and auditing of controls put in place to prevent non-compliance, with the possibility of establishing access controls to facilities.
- In order to provide you with products and services that are relevant to your interests and to improve your user experience, we will create a “profile” based on the information you provide. No automated decisions will be taken on the basis of such a profile”.
- Evaluation of equity and credit solvency to confirm the economic viability of the requested operation and, where appropriate, the communication and management associated with the claim for the amounts agreed for the provision of the service.
- Statistical and historical purposes that allow us to improve the commercial strategy of our products and services.
- Managing and auditing the organisation’s process and facilities management and compliance systems.
- To contact you and send you personal messages, invitations to events and gifts for customers, congratulations, to carry out quality and satisfaction surveys, as well as to periodically inform you of new products, company news and information, prices, offers, catalogues and promotions of other products and services of BODEGAS MAYADOR, to evaluate the quality of our processes and to provide you with offers of products and services of interest to you by telephone, in writing or electronically, depending on the means of communication provided, provided that you have consented to this.
- Dissemination of our best practices in relation to the services we have provided and/or publication and/or communication of graphic material that may include the image of the owner and/or responsible personnel in corporate media (for example, but not limited to, web, social networks, newsletters, activity reports, reports, presence in the media) and/or other public media (sector publications and/or reports in the written press, TV, …), as dissemination of the results of the activity, promotion and dissemination, management of campaigns, activities and events and/or as accreditation of technical soundness in response to requests for justification in tendering procedures, technical offers, projects and events. …), as a means of disseminating the results of the activity, promotion and dissemination, management of campaigns, activities and events, and/or as an accreditation of technical solvency in response to requests for justification in tenders, technical offers, projects and grants in which BODEGAS MAYADOR participates, provided that it has clearly consented.
- Management of visits and video surveillance of facilities, as well as safety and regulatory compliance, investigation of possible incidents or accidents, management of related insurance, and management of warnings or sanctions for non-compliance with safety regulations.
- Time and/or attendance or presence control and monitoring through access registration, video surveillance and confirmation of functional performance, both in the organisation’s facilities and in those of third parties where the interested party carries out the functions of providing services to BODEGAS MAYADOR (monitoring and control to verify the supplier’s/collaborator’s compliance with contractual obligations).
- To demonstrate the organisation’s regulatory compliance to a third party that requires it: Providing third parties with the data relating to the data subject that they require for the purposes of coordinating business activities, demonstrating the organisation’s regulatory compliance and the third party’s internal rules and/or managing access to facilities. In cases where the data subject has given his or her unambiguous consent, the information/documentation required by the third party that is not explicitly included in the established legal or regulatory obligations, but rather in the third party’s internal rules, may be disclosed, provided that the data subject has given his or her consent.
- Verification of compliance by employees with their duties and obligations at work, in accordance with article 20.3 of the Workers’ Statute, which authorises the employer to adopt surveillance and control measures for this purpose (controls relating to the use of images captured by video surveillance systems for the investigation of accidents and/or incidents that may occur, as well as violations of labour regulations, crimes or unlawful behaviour).
- The international transfer of your data to the extent strictly necessary to carry out the management of a project in a country outside the EU.
- Health and safety management (occupational risk prevention and safety monitoring) and compliance assessment.
- And, if you have given your consent, for the purposes described in the additional consents that you have given us in an unequivocal manner by formal means and/or by ticking the boxes provided for in the privacy clauses contained in the form or basic document that regulates the relationship with BODEGAS MAYADOR, depending on the channel of contact.
If you have provided us with your CV, the uses and purposes for which we will process your data are as follows: - Internal use for selection processes for vacancies, for inclusion in the job bank, and for offering and managing any job offers or collaborations that may be generated.
- Management of competency assessment of candidates and individuals for selection and/or internal promotion to positions.
- Use in relation to the development of the application and its incorporation into the BODEGAS MAYADOR job board, for the purpose of offering and managing any job or collaboration offers that may be generated, provided that you have unambiguously consented to this. If you do not agree to this, we will not be able to accept your application as the candidate management will be carried out by the aforementioned recruitment agency.
- Use of your CV in the technical proposal for projects where you have given your unambiguous consent.
- Regulatory compliance management (applicable regulations as well as mandatory internal regulations): Investigating, monitoring and auditing the controls put in place for the prevention of crimes, the establishment of access controls to facilities, information systems and the printing of documentation for all personal data under the organisation’s responsibility and therefore for all information systems of the said entity, as well as controls related to the use of images captured by video surveillance systems for the investigation of accidents and/or incidents that may occur, as well as violations of labour regulations, crimes or unlawful behaviour.
- Managing contact with the interested party through the means of communication provided (e-mail and/or telephone), in order to manage communications and coordinate actions for the management of the selection process by personnel associated with BODEGAS MAYADOR and/or third parties to whom the selection of candidates for vacancies or jobs is outsourced.
- The completion of the aptitude tests and/or certifications that may be required for the purposes of personnel selection, which are optional, shall be deemed to constitute the user’s consent to the inclusion of the data provided and, where applicable, its processing in the BODEGAS MAYADOR Job Bank database and its automated processing for the purposes of carrying out this selection. As a consequence of access to the facilities that may require the performance of such tests and/or certificates, processing related to the security of such facilities may be carried out by means of access registration.
- Management of visits and video surveillance of facilities, as well as safety and regulatory compliance, investigation of possible incidents or accidents, management of related insurance, and management of warnings or sanctions for non-compliance with safety regulations.
HOW LONG DO WE KEEP YOUR INFORMATION?
- The data provided will be kept for as long as the lawfulness of the processing relationship is maintained, unless their deletion is requested by the data subject following formal written termination of the relationship with the data subject, with the exception of their retention for the formulation, exercise or defence of claims against the controller or to protect the rights of another natural or legal person and/or for reasons of legal obligation.
- In any event, at the end of the relationship, the data of the data subject will be duly blocked in accordance with the provisions of the applicable data protection legislation.
- Accounting and tax documentation – for tax purposes: The accounting books and other obligatory registers according to the applicable tax regulations (IRPF, VAT, IS, etc.), as well as the documentary evidence justifying the entries recorded in the books (including computer programmes and files and any other supporting documents that have tax significance), must be kept at least for the limitation period for tax offences – General Tax Act and Criminal Code, prescription offences 10 years.
- Accounting and tax documentation – for commercial purposes: Books, correspondence, documentation and justifications relating to your business – Commercial Code – 6 years.
- Images/sounds recorded by video surveillance systems are deleted within a maximum of one month of their recording, unless they relate to serious or very serious criminal or administrative offences relating to public security, to an ongoing police investigation or to an ongoing judicial or administrative procedure (Instruction 1/2006 AEPD on surveillance – 30 days).
- Data included in automated processing operations set up for the control of access to buildings – Instruction 1/1996 AEPD on automated files set up for the control of access to buildings – 30 days
- Solvency files: Data on certain, due and payable and unclaimed debts – LOPD – 5 years
- Occupational Risk Prevention Documentation – Documentation on information and training for workers. Files on accidents at work or occupational diseases – Social Offences Act – 5 years.
- The data processed in connection with the legal guarantee will be kept for the duration of the legal guarantee and, after the expiry of the legal guarantee, for as long as there may be a judicial or administrative claim in connection with the legal guarantee.
- The data processed for the sending of commercial communications will be kept until you withdraw your consent.
- Data relating to candidates who submit their CVs will be kept for a maximum of 1 calendar year from the date of receipt (except in cases where the candidate is selected, in which case it will become part of the contracting organisation’s personal data processing), as well as for the periods laid down by law for the exercise or prescription of any liability action for breach of contract on the part of the candidate or the organisation.
- Therefore, the data will be kept for the duration of the commercial relationship, based on the retention periods established by the aforementioned current regulations, as well as the legal or contractual periods established for the exercise or prescription of any liability action for breach of contract by the interested party or the organisation (the Civil Code establishes a period of 5 years to bring an action for civil liability, a period calculated from the date on which performance of the obligation can be demanded).
WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF YOUR PERSONAL DATA?
- The legal basis for processing your data is to fulfil your request. The data requested is necessary for the correct provision of the service.
- The execution of a contract, request, offer, order and/or commercial agreement.
- Comply with a legal obligation: administrative, commercial, tax, fiscal, accounting, civil and financial regulations, legislation in force on employment, prevention of occupational risks (coordination of business activities), social security and consumer and user protection, as well as regulations specific to the contracted activity and to the sector.
- To satisfy a legitimate interest of the data controller: As a party to a commercial relationship and/or contract, processing of data necessary for its maintenance or performance, fraud prevention, as well as in cases of legitimate interest where the data controller could be an injured party and the processing and communication of the data of the non-compliant party to third parties was necessary to manage legal compliance and to defend the interests of the data controller, video-surveillance purposes as a legitimate interest of the organisation in the protection of its assets, as well as the legitimate interest of direct marketing enabled by the LSSICE (sending commercial electronic communications about products or services similar to those contracted by the customer with whom there is a prior contractual relationship).
- Security and cases of legitimate interest where the controller may be an injured party and the processing and disclosure of the data of the non-compliant party to third parties is necessary for the purposes of managing compliance and defending the interests of the controller.
- 20.3 and 4 Royal Legislative Decree 1/1995, of 24 March 1995, approving the revised text of the Workers’ Statute Act (ET): The employer may adopt the measures he deems most appropriate for the supervision and control of the worker’s compliance with his duties and obligations at work, taking into account, in their adoption and application, the consideration due to his human dignity and, where appropriate, taking into account the actual capacity of disabled workers.
- In the case of data relating to candidates who submit their curriculum vitae, the basis for the legitimacy of the processing is the fulfilment of the request for inclusion in the employment exchange of the data subject through the self-candidacy of the data subject by submitting his/her curriculum vitae through the contact channels of the organisation and/or selection companies entrusted with the selection of candidates for vacancies or jobs, as well as the fulfilment of a legitimate interest of the data controller: Fraud prevention and cases of legitimate interest in which the data controller could be an injured party and the processing and communication of the data to third parties in the event of non-compliance is necessary for the management of legal compliance and the defence of the interests of the data controller.
- The consent of the data subject, unambiguously given to us by formal means and/or by ticking the boxes provided for this purpose in the privacy clauses contained in the basic document governing the business relationship, depending on the contact channel.
TO WHOM MAY YOUR DATA BE DISCLOSED?
- Organisations or persons directly appointed by the data controller to provide services related to the purposes of the processing (including but not limited to) Subcontractors for the execution of work/services that are the subject of the contract with the customer, distributors, collaborators, commercial collaborators, companies related to the management of the transport of our products, advertising/marketing agencies, legal, tax, accounting, collection management and credit insurance companies, management, accounting and/or regulatory compliance auditors, IT maintenance.
- Governing bodies: Board of Directors and shareholders.
- Insurance agents and insurers: Insurance taken out by the organisation in the event of an incident.
- Credit rating agencies to assess the creditworthiness of the prospect for payment methods or financing terms that require it.
- Agencies or public administration bodies with competence in the matters covered by the purposes of the processing: AEAT (Spanish Tax Agency)
- Financial institutions: Direct debit of bills and/or collection of bills and other means of payment.
- Law enforcement agencies: Where a justified right of access is required to investigate a breach of the law.
- Compliance Complaints Channel (complaints about breaches of regulations and the Code of Conduct are referred to the Regulatory Compliance Unit).
- Workers’ Representatives/Safety and Health Coordination, External Auditors: In accordance with R.D. 171/2004 – Accreditation of risk management by the Coordination of Business Activities.
- Insurance companies: In the event of a claim, incident or accident, insurance companies are provided to investigate the event in order to determine the scope and coverage of the insurance premium contracted by the data controller.
- In the case of data relating to candidates who provide their curriculum vitae, the possible recipients could also be organisations or persons directly contracted by the Data Controller for the provision of services related to the purposes of the processing: Temporary employment agencies and third parties involved in the selection of candidates for vacancies or jobs at BODEGAS MAYADOR.
WHAT ARE THE GUARANTEES FOR THE TRANSFER OF YOUR DATA?
- The transfer of data to third parties will be made to entities that are accredited to provide a personal data protection system in accordance with current legislation.
WHAT ARE YOUR RIGHTS?
- You have the right to obtain confirmation as to whether or not we are processing personal data relating to you.
- Interested parties have the right to access their personal data and to request the rectification of inaccurate data or, where appropriate, the deletion of data if, inter alia, it is no longer necessary for the purposes for which it was collected. It is not possible to exercise the right of rectification in the case of video-surveillance processing, since the nature of the data – images taken from reality that reflect an objective fact – would make the exercise of a right to content impossible.
- In certain circumstances, data subjects may request that we restrict the processing of their data, in which case we will only retain the data for the purposes of exercising or defending claims.
- In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data, in which case the data controller shall cease processing the data, except for compelling legitimate reasons or for the exercise or defence of possible claims.
- Under the right to portability, data subjects have the right to obtain personal data concerning them in a structured, commonly used and machine-readable format and to have it transferred to another controller.
- Where you have given your consent for a specific purpose, you have the right to withdraw your consent at any time without affecting the lawfulness of the processing based on your consent prior to its withdrawal.
WHERE TO GO TO EXERCISE YOUR RIGHTS?
- If you wish to exercise your rights, please contact the channel set up by the data controller for the exercise of your rights: rgpd@mayador.com, so that we can respond to your request in a controlled manner.
WHAT INFORMATION IS REQUIRED TO EXERCISE YOUR RIGHTS?
In order to exercise your rights, we will need proof of your identity and the specific request you are making, as we will ask you to provide the following information:
- Documented information (written/emai) of the request in which the request is made.
- Proof of identity as the owner of the data subject (name, surname(s) of the data subject and photocopy of the identity card of the data subject and/or the person representing him/her, as well as the document accrediting such representation. Similarly, in the case of video surveillance, an updated image must be provided as supplementary documentation, allowing the responsible party to verify and contrast the presence of the person concerned in its records.
- Address for notification purposes, date and signature of the applicant (if written) or full name (if e-mail) or validation of the request in the private area of the communication channel with a personal identity authentication key.
- Where the data controller has reasonable doubt as to the identity of the natural person making the request, the data controller may request additional information necessary to confirm the identity of the data subject.
WHAT IS THE GENERAL PROCEDURE FOR EXERCISING YOUR RIGHTS?
Once we have received the necessary information, we will deal with your request in accordance with the general procedure for exercising the rights of BODEGAS MAYADOR:
- The controller shall provide the data subject with information on his or her activities upon request in accordance with Articles 15 to 22 (rights of the data subject) and in any event within one month of receipt of the request.
- This period may be extended by a further two months if necessary, taking into account the complexity and number of applications.
- The data controller shall inform the data subject of any such extension within one month of receipt of the request, stating the reasons for the delay.
- If the data subject submits the request by electronic means, the information will be provided, where possible, by electronic means, unless the data subject requests otherwise.
- If the controller does not act on the data subject’s request, he shall inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for his failure to act and of the possibility of lodging a complaint with a supervisory authority and of taking legal action.
- The information provided shall be free of charge, except for reasonable administrative costs.
- The controller may refuse to comply with the request, but bears the burden of proving that the request is manifestly unfounded or excessive.
- In order to comply with the current regulations on video surveillance, AEPD Inst. 1/2006, we inform you that the retention period of the recordings is 1 month, as we will not be able to deal with requests formalised in later periods. Similarly, in the event of a request for access, we will issue a certificate specifying, as precisely as possible and without prejudice to the rights of third parties, the data processed. E.g. “Your image was registered on our systems on the ___ day of the month of the year between _ hours and _ hours. In particular, the system registers when you enter and leave the building.
WHAT REMEDIES ARE AVAILABLE?
If you feel that your rights have not been properly respected, you have the right to lodge a complaint with the competent data protection authority (agpd.es).
HOW DID WE OBTAIN YOUR DATA?
Through:
- The data subject or his or her legal representative, through the communication sent and/or through professional social networks.
- Commercial partners, events, trade fairs and conferences organised and/or in which the organisation participates, legitimate commercial databases, professional social networks, search engines and internet databases, as well as third parties with which the controller maintains a commercial or service provision relationship and for which it must have your personal data in order to process the requested service or to comply with our contractual commitments and fiscal and accounting obligations associated with the contracted service and/or for the verification of regulatory compliance under the responsibility of the organisation.
- In the case of data of candidates who provide their CV, the possible origin of the data could be, in addition to the interested party, temporary employment companies, entities with which agreements have been established for internships or training programmes with a commitment to hiring, professional social networks and/or third parties to whom the selection processes of candidates for vacancies or jobs at BODEGAS MAYADOR are contracted.
WHAT TYPE OF DATA DO WE PROCESS?
- The data structure that we process does not contain data relating to criminal convictions and offences, or specially protected data unless the data subject is the beneficiary of a special condition that must be considered in the provision of the service and/or in the management of the subsidy that may be processed (e.g.: situation of disability) and provides documentation that accredits this, as well as cases in which the holder has special conditions and must provide documentation that incorporates this information so that compliance with this condition can be accredited or justified.
- Identifying and contact data such as, but not limited to: name, surname, telephone number or e-mail address, commercial information data, economic, financial and/or payment conditions data; other types of data: contact data of persons in the organisation involved or related to the service object of the contract/request, as well as those related and/or provided with the Consultation, Request for technical or corporate information, Resources and/or Activities, Complaints or Incidents that you formulate, as well as the personal data of third parties that you may provide us with.
- Commercial data, of contact persons for the administrative and operational management associated with the execution of the contract/project and of workers who are going to carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational risks; In the case of workers who are going to carry out the contracted work in terms of coordination of business activities associated with the prevention of occupational risks; Licences or approvals, in the case of workers who are to carry out work contracted in terms of coordination of business activities associated with the prevention of occupational hazards; Commercial information and approval data; Economic, financial and/or collection conditions data; Goods and services supplied by the data subject, Financial transactions; Other types of data: Name, surname and NIF of the legal representative, contact details of persons in the organisation involved in or related to the project that is the object of the contract/order.
- In the case of data of candidates who provide their CV, the structure of data processed would be, by way of example but not limited to, identification and contact data (address, contact telephone number and contact e-mail); Academic and professional data relating to training, qualifications and professional experience; Personal data associated with marital status, family data, date and place of birth, age, sex, nationality; Work permit; Employment status data; Other data (professional aspirations, leisure and hobbies). If the candidate declares a disability, supporting documentation may be required.
HOW IS YOUR PERSONAL DATA KEPT SECURE?
- We inform you about the processing of your personal data:
The Controller will take all necessary measures to keep your personal data private and secure. Your personal data will only be accessed by authorised personnel of BODEGAS MAYADOR, by authorised personnel of third parties directly contracted by the Data Controller for the provision of services related to the purposes of the processing, or by authorised personnel of BODEGAS MAYADOR (who have the legal and contractual obligation to keep all information secure). All employees of BODEGAS MAYADOR who have access to your personal data are obliged to comply with the Data Controller’s Privacy Policy and Data Protection Regulations, and all employees of third parties who have access to your personal data are obliged to sign confidentiality agreements in accordance with current legislation. We also contractually ensure that third party companies who have access to your personal information keep it secure. In order to guarantee the protection of your personal data, BODEGAS MAYADOR has an IT security environment and takes the necessary measures to prevent unauthorised access.BODEGAS MAYADOR has formalised agreements to guarantee the correct treatment of your personal data, in accordance with current legislation on data protection. These agreements reflect their respective roles and responsibilities to you, and which entity is best placed to meet your needs. These agreements do not affect your rights under the Data Protection Act. For more information on these agreements, please do not hesitate to contact us.
- We inform you of the personal data that BODEGAS MAYADOR may have access to as a result of the services contracted:
The provision of the services covered by the contract may involve physical access by BODEGAS MAYADOR personnel to premises or facilities where personal data may be stored, for which the client is responsible. In this regard, BODEGAS MAYADOR has signed clauses with its staff that prohibit access to all types of confidential information and, specifically, to personal data belonging to the client, unless the scope of the service includes the processing of personal data, in which case, BODEGAS MAYADOR would act as data processor, establishing in this case the relevant contract in accordance with current data protection regulations, which would cover, among other aspects, the object, duration, nature, purpose, category of data processed, security measures, obligations and rights of the data processor, organisational and technical security measures to guarantee confidentiality during the process, as well as the agreements adopted between the client and the data processor, as well as the agreements adopted between the client and the data processor for the processing of personal data, duration, nature, purpose, category of data to be processed, security measures, obligations and rights of the processor, organisational and technical security measures to guarantee confidentiality during the process, as well as the agreements adopted between the client and the processor in relation to the transmission of security breaches and/or the exercise of rights. Failure to formalise the personal data processing service in a contract on the part of the client presupposes that BODEGAS MAYADOR has no associated responsibility as data processor.Notwithstanding the foregoing, in the event that it becomes aware of any confidential information for the purpose of providing the service, it undertakes to keep it secret, not to disclose it or publish it, either directly or through third parties or companies, or to make it available to third parties. This obligation of confidentiality is indefinite and shall survive termination of the contract for any reason. BODEGAS MAYADOR undertakes to inform and ensure that the personnel in its charge and those contracted on its behalf comply with the obligations established in terms of confidentiality.
- In relation to the video-surveillance systems with which the facilities under the responsibility of BODEGAS MAYADOR are equipped, we inform you that BODEGAS MAYADOR takes all the necessary measures to keep your personal data private and secure:
- LOCATION OF CAMERAS: The recording of images in areas intended for workers’ rest shall be avoided.
- LOCATION OF MONITORS: Monitors where camera images are displayed shall be located in a restricted access space so that they are not accessible to unauthorised third parties.
- CONSERVATION OF IMAGES: Images shall be stored for a maximum period of one month, with the exception of images provided to the courts and law enforcement agencies.
- DUTY OF INFORMATION: Information about the existence of the cameras and recording of images shall be provided by means of an informative sign with a pictogram and a text detailing the person responsible to whom the interested parties may exercise their right of access.
- LABOUR CONTROL: Insofar as the cameras may be used for the purpose of labour control as provided for in Article 20.3 of the Workers’ Statute, the worker or his/her representatives are informed of the control measures established by the employer with express indication of the labour control purpose of the images captured by the cameras, as indicated in the notification of inclusion clause and in this privacy policy.
- RIGHT OF ACCESS TO IMAGES: In order to comply with the interested parties’ right of access, a recent photograph and the National Identity Document of the interested party will be requested, as well as details of the date and time to which the right of access refers. The data subject shall not be provided with direct access to camera images showing images of third parties. If it is not possible for the data subject to view the images without displaying images of third parties, a document confirming or denying the existence of images of the data subject shall be provided to the data subject.
CHANGES IN PRIVACY POLICY
- BODEGAS MAYADOR reserves the right to carry out, at any time, as many modifications, variations, deletions or cancellations in the contents and in the way they are presented as it deems appropriate, and we therefore recommend that you consult our privacy policy whenever you consider it appropriate.
- By accepting and/or validating the process that serves as the basis for the formalisation of your relationship with BODEGAS MAYADOR, you expressly consent to the processing of data in accordance with the provisions of the clause and additional information on data protection, as well as informing and obtaining the consent of third parties from whom you provide us with personal data for said processing. If you have ticked the relevant consent box, the legal basis for these purposes is your consent, which you can withdraw at any time.
- Likewise, and to the extent that as a result of their relationship BODEGAS MAYADOR may have access to personal data and/or confidential information, they undertake to maintain absolute confidentiality and discretion regarding the information obtained about the activities, interested parties and entities related to BODEGAS MAYADOR, especially with regard to Personal Data, even after the end of their relationship with the organisation.