Privacy Policy

Applicable Legislation Incorporated into this Privacy Policy

This Privacy Policy is adapted to the current Spanish and European regulations concerning the protection of personal data on the Internet. Specifically, it adheres to the following legal texts:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
• Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
• Royal Decree 1720/2007 of 21 December, which approves the implementing regulation of Organic Law 15/1999 of 13 December on the Protection of Personal Data (RDLOPD).
• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The controller of the personal data collected via the Website is: CONSERVAS ZALLO, VAT Number A48088215, registered with the Commercial Registry of Bizkaia under the following registration details: Volume 807, Book 507 of Section 3 of Companies, Folio 175, Sheet 5.115. The legal representative is: CONSERVAS ZALLO (hereinafter, the “Data Controller”), with the following contact information:

• Address: Polígono de Landabaso s/n, 48370, Bermeo, Bizkaia, Spain
• Telephone: (+34) 946186318
• Email: comercial@zallo.com

Personal Data Record

In compliance with the provisions of the GDPR and the LOPD-GDD, we inform you that the personal data collected by ZALLO through the forms provided on its webpages will be incorporated into and processed in our data file for the purpose of facilitating, expediting and fulfilling the commitments established between ZALLO and the User, or maintaining the relationship set out in the forms completed by the User, or to respond to a request or enquiry made by the User. Likewise, in accordance with the GDPR and the LOPD-GDD, unless the exception provided for in Article 30.5 of the GDPR applies, a record of processing activities is maintained which specifies, according to their purpose, the processing activities carried out and the other circumstances established in the GDPR.

Principles Applicable to the Processing of Personal Data

The processing of the User’s personal data shall be governed by the following principles, as set out in Article 5 of the GDPR and Articles 4 et seq. of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights:

1. Lawfulness, fairness and transparency: The User’s consent shall be required at all times following full, transparent disclosure of the purposes for which the personal data is collected.
2. Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes.
3. Data minimisation: The personal data collected shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
4. Accuracy: Personal data shall be accurate and kept up to date.
5. Storage limitation: Personal data shall be kept in a form that permits identification of the User for no longer than is necessary for the purposes for which the personal data is processed.
6. Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
7. Accountability: The Data Controller shall be responsible for, and able to demonstrate, compliance with the above principles.

Categories of Personal Data

The categories of data processed by ZALLO are solely identifying data. Under no circumstances are special categories of personal data, as defined in Article 9 of the GDPR, processed.

Legal Basis for Processing Personal Data

The legal basis for the processing of personal data is consent. ZALLO undertakes to obtain the User’s explicit and verifiable consent for the processing of their personal data for one or more specific purposes.

The User shall have the right to withdraw their consent at any time. Withdrawing consent shall be as easy as granting it. As a general rule, the withdrawal of consent shall not affect the use of the Website.

Whenever the User is required or able to provide their data via forms to make enquiries, request information or for reasons related to the content of the Website, the User shall be informed if the completion of any of those forms is mandatory because it is essential for the proper performance of the operation in question.

Purpose of Processing Personal Data

The personal data collected is used by ZALLO to facilitate, expedite and fulfil the commitments between the Website and the User or to maintain the relationship established in the forms completed by the User, or to respond to a request or enquiry.

The data may also be used for commercial purposes, including customisation, operational and statistical purposes, and for activities related to ZALLO’s corporate purpose. This includes data extraction, storage and marketing research to tailor the content offered to the User and to improve the quality, functionality and browsing experience of the Website.

At the time the personal data is collected, the User will be informed of the specific purposes of the processing — that is, how the information will be used.

Retention Periods for Personal Data

Personal data shall only be retained for the minimum time necessary for the purposes of processing and, in any case, only for a period of 12 months, or until the User requests its erasure.

At the time the personal data is collected, the User shall be informed of the retention period, or if this is not possible, of the criteria used to determine such period.

Recipients of Personal Data

The User’s personal data may be shared with the following recipients or categories of recipients:

• Google, Google Analytics, and the company providing hosting services.

If the Data Controller intends to transfer personal data to a third country or international organisation, the User shall be informed at the time the personal data is collected about the third country or international organisation to which the data is to be transferred, as well as whether or not there is an adequacy decision by the European Commission.

Personal Data of Minors

In compliance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, only individuals over the age of 14 may lawfully provide their consent for the processing of their personal data by ZALLO. In the case of individuals under the age of 14, parental or guardian consent shall be required for the processing, and such processing shall only be considered lawful to the extent that such consent has been provided.

Confidentiality and Security of Personal Data

ZALLO undertakes to implement the technical and organisational measures necessary, appropriate to the level of risk of the data collected, in order to guarantee the security of personal data and prevent the accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorised access to or disclosure of such data.

The Website is equipped with an SSL (Secure Socket Layer) certificate, ensuring that personal data is transmitted securely and confidentially, as data is fully encrypted during transmission between the server and the User.

However, ZALLO cannot guarantee the absolute invulnerability of the Internet or the total absence of hackers or others who may fraudulently access personal data. The Data Controller therefore undertakes to notify the User without undue delay when a personal data breach occurs which is likely to result in a high risk to the rights and freedoms of natural persons. In accordance with Article 4 of the GDPR, a personal data breach is defined as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Personal data shall be treated as confidential by the Data Controller, who undertakes to ensure, by means of a legal or contractual obligation, that this confidentiality is respected by employees, partners, and any person to whom the information is made available.

Rights Arising from the Processing of Personal Data

The User has the following rights in relation to ZALLO, which may be exercised by contacting the Data Controller in accordance with the GDPR and Organic Law 3/2018:

• Right of access: To obtain confirmation as to whether ZALLO is processing their personal data, and, if so, to access such data and obtain information about the processing performed.
• Right to rectification: To request the correction of inaccurate or incomplete data, taking into account the purposes of the processing.
• Right to erasure (“right to be forgotten”): To request the erasure of personal data when it is no longer necessary, when consent has been withdrawn and there is no other legal basis, or where the data has been unlawfully processed or must be erased to comply with a legal obligation.
• Right to restriction of processing: To request restriction of processing under certain conditions, such as when the accuracy of the data is contested or the User needs the data for the establishment, exercise or defence of legal claims.
• Right to data portability: Where processing is carried out by automated means, to receive the personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller.
• Right to object: To object to the processing of personal data, including profiling, based on public interest or legitimate interests.
• Right not to be subject to a decision based solely on automated processing, including profiling: To refuse decisions based solely on automated processing that significantly affect the User, except where authorised by law.

The User may exercise these rights by sending a written communication to the Data Controller with the reference “GDPR-zallo.com” and including:

• Full name and a copy of their national identity document. If representation is permitted, identification and authorisation of the representative must also be provided.
• A statement specifying the request.
• Address for notifications.
• Date and signature of the applicant.
• Any supporting documents.

This request may be sent to the following postal address and/or email:

Postal address: Polígono de Landabaso s/n, 48370, Bermeo, Bizkaia, Spain
Email address: comercial@zallo.com

Links to Third-Party Websites

The Website may include hyperlinks or links to websites of third parties not operated by ZALLO. The owners of such websites are responsible for their own privacy policies and data processing practices.

Complaints to the Supervisory Authority

If the User considers that there is an issue or violation of current data protection legislation in the way their personal data is being processed, they have the right to effective judicial remedy and to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement.

In the case of Spain, the supervisory authority is the Agencia Española de Protección de Datos (AEPD): https://www.aepd.es