11/05/2018

COSTA BRAVA MEDITERRANEAN FOODS, S.L.U. undertakes to protect the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by COSTA BRAVA MEDITERRANEAN FOODS, S.L.U. means the user’s acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stated therein. Please take into account that despite the fact that there may be links from our website to other websites or social networks, this Privacy Policy does not apply to the websites of other companies or organisations to which the website redirects. COSTA BRAVA MEDITERRANEAN FOODS, S.L.U. do not monitor the contents of third-party websites, or accept any responsibility for these websites’ contents or privacy policies.

Basic information on data processing Regulation (EU) 2016/679

Questions on privacy

In compliance with the European Parliament and Council Regulation (EU) 2016/679, of 27th April 2016 (GDPR), we offer you the following information about the processing of your personal data:

Who’s the data controller for your data?

Identity: COSTA BRAVA MEDITERRANEAN FOODS, S.L.U.
ID number: B55349880
Address: C/ L’Avellana, 11. 17178 – Les Preses (Girona, España)
Phone: +34 872 22 02 77
Email: dadesprotec@costabravafoods.com

Why do we process your personal information?

• We process the information submitted to us in order to provide and invoice our pig slaughterhouse and cutting plant services.
• If you give your consent, we may also process your data in order to send you information about our activities, products, and services.
• When accessing our facilities, your image may be recorded by our video surveillance cameras for security control purposes.
• If you send your CV to us, we’ll process the data with the purpose of managing the CV database for staff selection.

How long will we keep your information for?

• The personal data provided will be kept whilst you’re a user of our services or want to receive information, and subsequently for the established timelines in order to comply with our legal obligations.
• The images captured on the video surveillance system will be kept for one month.
• In the case of CVs, data will be kept for one year.

What’s the legal basis for processing your data?

The legal basis for processing data is found in the execution of the service contract and the authorisations it gives us.

Regarding the capture of images by the video surveillance system, the legal basis is given by the legitimate interest in safeguarding the security of people and goods.

Who will have access to your information?

Data will not be disclosed to third parties unless required to do so by law or should it be necessary to comply with the purpose of the processing.

What are your rights when you provide us with your data?

• Anyone has the right to obtain confirmation of whether or not we’re processing their personal data.
• Data subjects have the right to access their personal data, as well as to request rectification of inaccurate data or, where appropriate, to request its removal when, among other reasons, the data is no longer necessary for the purposes it was gathered for.
• In certain circumstances, data subjects may request the restriction of the processing of their data; in this case we’ll only keep this data to make or defend claims.
• Also, in certain circumstances, or for reasons related to their particular situation, data subjects can object to the processing of their data. In this case, we would stop processing the data, except for compelling legitimate grounds, or for making or defending possible claims.
• Data subjects also have the right to the portability of their data.
• Finally, data subjects have the right to file a claim with the competent Supervisory Authority.

How can you exercise your rights?

In writing, attaching a copy of an identification document, to our physical or email address.

How have we obtained your data?

The personal data we process comes from the data subject themselves. The data subject guarantees that the personal data provided is correct and they’re responsible for communicating any modification of the same. The details marked with an asterisk are required in order to be able to provide the requested service.

Which data do we process?

• The data categories which we may process in delivering our services are:
• Identification details
• Postal or email addresses

In the case of the video surveillance system:

• Image

In addition, in the case of CVs:

• Personal characteristics
• Academic and professional details

The data is limited, given that we only process the data necessary for our service provision and activity management.

What security measures do we apply?

We apply the security measures established in article 32 of the GDPR. Thus, we’ve adopted the necessary security measures to guarantee a security level appropriate to the risk of the data processing we carry out, with mechanisms which guarantee confidentiality, integrity, accessibility and permanent resilience of the processing systems and services.

• Some of these measures are:
• Information on the data processing policies for staff.
• Making regular backup copies.
• Data access control.
• Regular verification, evaluation and assessment.