Privacy Policy

The Business

Bodegas Cerdá Cremades SL

Nif: B 54326590

Street: San José,2

Email: info@bodegascerda.com

Which information we collect and why we collect it?

Commentaries:

Our bodega treats the information that we receive from you in order to give you a good service and to provide the correct invoice.

The information that we receive from you is stored while we have a commercial relationship or all the time that it needs legally.

You have the right to confirm if Bodegas Cerdá is treating your personal information correctly. You have the right to access your personal information you can change or eliminate your personal information when it is not being used.

  1. With what we mentioned before, DDSL can, in the name of Bodegas Cerdá, use the personal information necessary to give you a good service.
  2. Identify the affected information.

Bodega Cerdá gives the DDSL business the information available.

  1. Duration.

The duration is forever.

Once the contract is finished, the person who manages the information has to give it back to the provider and eliminate all the copies that they have. They can also block the information.

 

  1. DDSL can use the personal information for business activity.

We will not pass on your information to any third party, unless it is previously mentioned. Your personal details will be kept private at all times.

We guarantee that all your personal information will be protected at all times.

Facilities.

  1. Any details provided to make purchases will be protected at all times.
  2. Details of the contacted person to obtain more information.
  3. Description of the possible consequences in the case of any violation or security breach regarding personal information.

Description of the measures to solve the violation of the personal information.

The responsible person has to have the necessary information to show the fulfilment of his obligation.

  1. Assist the business in establishing the security measures for:

-Guarantee the confidentiality, integrity, availability, resilience of the systems and service at all times.

-Restore the availability and access of the personal information as soon as possible in the case of physical or technical incident.

-Verify, evaluate and regularly assess the efficiency of the technical measures for guaranteeing the security treatment.

The provider will not keep the personal information except during the period of time that he is lending the service.

 

  1. Obligation of the user:

-To allow the provider access to the computer/s to give the service contracted.

-During the entire period of the service the user must comply with the RGPD. (Regulation of data protection)

-Supervise the service.

Registry: clients.

Result of the service.

Manage the relationship between the clients.

Description of the client´s categories and the personal information categories.

Clients: people who maintain a commercial relationship as clients.

Categories of personal information the necessary information to maintain the commercial relationship.

To provide invoices, to send publicity through e mail or post, after sales service and loyalty bonuses.

Identification: Name, surname, NIF, NIE or Passport, postal address, telephone, e mail. Bank number: For direct debit payments.

The addressee categories to whom the personal information is communicated in the past and in the future.

Tributary administration. The periods to cancel the different personal information.

Mediums:

If you leave images on the web site, you should avoid images with location data (GPS EXIF).

Visitors to the web-page could download and extract any of the location data from the images on the web.

Contact forms: Cookies

If you leave a comment on our site, you can save your name, electronic address and web location in cookies in order to not to have to complete your details when you leave another comment.

These cookies have a duration of one year. If you have an account and you connect to this site we install temporary cookies to make sure that your browser accepts cookies.

These cookies don´t save personal information, they are eliminated when you close the browser.

When you start a session we install several cookies to save your information at the beginning of you session and your visual options on the screen.

The initial cookies in the session last for two days and the options of cookies on the screen have a one year duration.

If you select “Remember me” your initial session has two weeks duration.

If you exit your account, the initial cookies in the session will be eliminated.

If you edit or post an article it will save one additional cookie in your browser.

This cookie doesn´t include personal information and it indicates the ID of the article that you have just edited. It expires after one day.

One cookie is a little archive which is stored on the computer of the user and it allows us to recognise the user.

All the cookies are important for the function of the internet, giving us lots of advantages in giving interactive services, making it easier to surf and to use our webpage.

The information that we are going to give you now helps you to understand the different types of cookies.

Cookies in a session: They are temporary cookies which stay in the cookies archive in your browser until you leave the webpage, none of them are registered in the HDD (hard disk drive) of the user.

The information that we get through the cookies is used to analyse the traffic guidelines in the web. In the future it will allow us to give a better experience to improve the content and to ease its use.

-Permanent cookies: They are saved in the HDD, our web-site reads them each time you visit the page.

A permanent web has an expiration date. These cookies will only function until this date. We use them to simplify the service of registering and buying.

We are going to explain the different cookies that we use in our website.

-Necessary cookies. They are necessary for navigation and allow you to make services or payments solicited by the user or cookies which serve to ensure the contents of the web page.

-Third party cookies. They are used by social networks for example google maps.

-Analytic cookies with periodic maintenance give good service.

Google´s analytic cookies have anonymous information of the user, to know the origin of the visits and other information.

To manage the cookies activities from your computer, you have to accept them, block them or cancel them. However, if you accept none of the above but continue searching, you are automatically accepting the cookies.

To manage cookies, you must follow these instructions:

-Chrome htttp://support.google.com/chrome/bin/answer.py?hl=es&answer=95647

-Explorer http://windows.microsoft.com/es-es/windows7/how-to-manage-cookies-in-internet-explorer-9

-Firefox http://support-mozilla.org/es/kb/habilitar-y-deshabilitar-cookies-cookies-que-los-sitios-we

-Safari http://support.apple.com/kb/ph5042

For further information, consult help from your browser.

When you block the use of cookies, you could make some services or functions unavailable.

Contents from another website:

The articles from this page could contain (video, images, articles…) we call it embedded content.

The embedded content acts in the same way as if the visitor had visited the other webpage.

This webpage could take information about you, use cookies, follow third parties and watch what you are browsing in this embedded content, if you have an account and if you are connected with this webpage.

Analytic:

With who we share your information?

How long do we keep your information?

If you leave a comment, your metadata is saved forever.

This is so we will recognise and approve future comments.

For users who are registered in our website (if they are) we keep the personal information that you provide in your user profile. The user can see, edit and eliminate their personal information at any time (they cannot change the user name)

The administrator of the website can also edit and see this information.

What rights do you have?

If you have an account or you have left commentaries you can request details about what personal information we have about you, including any of the information that you have given us previously.

You can apply to eliminate any of the personal information. It doesn´t include any of the information that we are obliged to keep for administrative, legal or security reasons.

Where are we going to send your information?

The visitor´s commentaries could be check by the automatic detection service from spam.

Security measure annexed:

Information for general interest:

This document has been designed to treat personal information with low risk in regards to information related to ethnic or racial origin, political, religious and philosophic ideology, health information…as well as information which may affect the rights and the freedom of the people.

Article 5.1.f general protection of data (RGPD) determines the need to establish security guarantees against any unauthorized treatment, including the loss, destruction or accidental damage of the personal information. This involves establishing technical and organised measures to make sure that the integrity and confidentiality of the personal information and the possibility (article 5.2) to show that measures are in practice (proactive responsibility)

The minimum security measures to be aware of are:

-Organised measures.

-Information which has to be recognised for everyone with access to the personal information.

Anyone with access to the personal information has to be aware of their obligation in relation to the treatment of the personal information and they are informed of these obligation.

The minimum information which is going to be known for all personnel is:

-Confidentiality and privacy.

The personal information is not shared with unauthorized people. We do not give personal information to third parties, this consideration includes the screens which are used to see the images of the video surveillance system.

When you are not in your place of work, the screen will be blocked or the session terminated, paper documents and electronic supports will be saved in a secure place (any area where the access is restricted) 24 hours a day.

-It is not permitted to destroy documents or electronic supports without guaranteeing their destruction.

-It is not permitted to communicate personal information or other information to third parties, we will not divulge the personal information during telephonic consults, e mails…

-The privacy of the personal information and confidentiality also exists when the commercial relationship ends.

Rights of the owner of the personal information:

The employees will be informed about the process to help the rights of the interests of the people, defining the mechanisms in which they can make the rights, ensuring the following points:

-Previous presentation of the national identity document or Passport, the owners of the personal information can have the rights to access, amend, suppression, opposition and portability…

For the right of access, it is going to give the interested parties a list of the personal information explaining why it was taken, the identity of the addressees of the personal information, the period to keep it, the identity of the responsible person in which they can apply for the rectification, suppression and opposition to the treatment of the facts.

For the right of rectification, we will modify the facts of the interested parties, when they are inaccurate or incomplete

For the right of the suppression: The facts of the interested parties are going to be eliminated when they express their negativity or the opposition to the consent for the treatment of their facts, when there is no legal obligation.

For the right of opposition the interested parties should express their negativity to the treatment of the facts in front of the business who is going to leave them when a legal obligation exists.

-Right of transfer: the interested parties should communicate their decision and inform the responsible person about the identity of the new business that is to use the personal information. The owner of the treatment should inform everybody with access to the personal information.

 

 

Violation of security of personal details:

When there is a violation of personal details for example: access to and theft of personal information the Spanish agency of data protection will be notified within 72 hours and given all the necessary information required to identify the source of the theft. This notification is made electronically to:

https: sedeagpd.gob.es

-Capture of images with cameras to maintain the security

-Situation of the cameras: We avoid capturing images in employee rest areas.

-Situation of the monitors: The monitors where you see the images from the cameras are situated in a place where access is restricted in order to not be accessible by a third party.

-Saved images: the images are stored for a maximum period of one month, except images which are taken for investigation purposes.

To have information: we inform you of the existence of the cameras and recording of the images or pictogram with text which explains the right of access.

In this web site, the agency has models of the pictograms and texts.

Business control:

When the cameras are going to be used the employee will be informed, or his representatives, of the measured controls established by the owner in which he explains why he is capturing the images.

Have access to the images:

To give access to the interested people we are going to apply for a recent photo and the identification from the interested person also the date and the time in which this person has the right to access.

We do not apply direct access to the interested person of the images from the cameras in which there is a third party.

In the case that the interested person cannot see the images without showing images of third parties the interested person will submit a document in which he confirms, or not, the existence of images from the interested person.

For more information:

You can consult guides regarding video surveillance from the Spanish agency of data protection, they are published on the webpage: www.aepd.es

Technical Measures:

It is recommended to have profiles with administration rights to install and to set up the system and user without privileges or administration rights for access to personal information.

This measure will avoid that, in the case of cybersecurity, it can obtain privileges to access or modify the operating system.

It guarantees the existence of passwords to access the personal information stored in the electronic systems. The password must be at least eight characters with a mixture of numbers and letters.

When different people access the personal information, there will be one user and one specific password.

It has to guarantee the confidentiality of the passwords, ensuring that these are not exposed to third parties.

In regards to passwords, you can consult the privacy and security guide on the internet in the Spanish agency of data protection and the national institute of cybersecurity.

You should never share passwords nor leave them visible in a communal area nor should you give access to different people.

The obligation of safeguard:

We explain the different minimum technical measures to guarantee the safeguard the different personal information.

Update the computers and equipment:

The equipment and computers

The equipment and computers that are used to store, and the treatment of the personal information must be kept updated.

Malware:

Computers and equipment, where the treatment of the personal information is automated, will have an antivirus which guarantees against the theft or destruction of the information and the personal information. The antivirus system has to be updated frequently.

Firewall:

To avoid improper remote access to personal information there will be an active firewall in the computer or equipment where the treatment of the personal information is stored.

Encryption:

When it is necessary to collect personal information through physical mediums or electronic mediums, it should determine the possibility of using a method of encryption to guarantee information in the case of improper information.

Security copy:

Periodically, there will be a security copy in a second support different to that which it is used daily. The copy is stored in a safe place, different to that which is located in the computer with original files, to allow the recovery of personal information in the case of lost information.

The security measures will be reviewed frequently, any updates will occur automatically (software or programmes) or they can be updated manually. You have to consider that any security incident that has happened to anyone you know, could also happen to you and we want to prevent this happening.

If you need more information and technical guides for guaranteeing the security of your personal information and the information that your enterprise treats, the national institute of cybersecurity (INCIBE) in their web page www.incibe.es has at your disposal tools that focus on business “protect your business” where, between other services, there is:

-One section that practises with a videogame to find answers to incidents, there are also interactive videos of sectorial formation.

-A kit to make employees aware of cybersecurity.

Different tools to help businesses improve its cyber safety politics for the businessman, the personal technique and the employee, a business catalogue and security solutions and one tool to analyse the risks.

-Tematic dossiers complemented with videos, infographs and other services.

-Guides for the businessman.

Moreover INCIBE, through the internet security office, gives free informatics tools and additional information to use in business or professional activity.