Privacy Policy

At GRUPO CAFERSA, we understand that it is essential to maintain a transparent relationship with you. Therefore, below we present our Privacy Policy, so that you are always properly informed about how we collect and securely process any data you provide us.

Your data will be processed in accordance with the applicable legislation and, specifically, in compliance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data. Also, regarding Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.

A careful reading of our Privacy Policy will provide you with the necessary information to understand the purpose of the data you provide us.

1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

If you or an authorized person have provided us with your data, we inform you that GRUPO CAFERSA is the data controller. This data will be processed in accordance with the provisions of the applicable regulations on personal data protection.

There may be other controllers in the processing we carry out. In such cases, we will always inform you of the data controller and their identification details.

GRUPO CAFERSA, located at Polígono Industrial de A Raña, C.4, 32300, O Barco de Valdeorras, Ourense, is composed of the following entities:

  • CANTERAS FERNANDEZ S.L. EXTRACCIÓN, S. COM., with CIF: D32006363
  • CANTERAS FERNANDEZ S.L., GEOLOGÍA, S.COM., with CIF: D32203184
  • CANTERAS FERNANDEZ S.L., ELABORACIÓN S.COM., with CIF: D32031395
  • CASTRELOS ELABORACIÓN, S.L., S. COM., with CIF: D32016099
  • PIZARRAS LA BAÑA, S.A., with CIF: A24031874

The Website may include hyperlinks or links to third-party websites other than www.cafersa.es, which are not operated by GRUPO CAFERSA. The owners of these websites will have their own data protection policies, and they are responsible for their own processing and privacy practices.

From GRUPO CAFERSA, we are committed to complying with the obligation to keep personal data confidential and to store it securely. For this purpose, we adopt the necessary measures to prevent its alteration, loss, processing, or unauthorized access, in accordance with the provisions of the Regulation.

2. WHERE DO WE PROVIDE INFORMATION?

At GRUPO CAFERSA, we inform through the website www.cafersa.es in the section corresponding to the privacy policy. More information in the "Legal Notice."

3. WHAT PERSONAL DATA DO WE PROCESS?

The personal data we process are:

  • Those that you decide to voluntarily provide to us.
  • The data derived from communications you have with us.
  • The information related to your own navigation in the case of Online Services, (IP address or information derived from cookies or similar devices (you can view our Cookie Policy on the website)).
  • Information available in publicly accessible sources that we can legitimately access.
  • Data derived from the contractual or pre-contractual relationship you have with us, including your image, always informing you in such cases of the possibility of capturing your image.
  • Data that third parties provide us about you, where there is a legitimate basis for it or your consent has been obtained.
  • Third-party data you provide to us, with prior consent from the third party in question.

You can consult more information in the activity log section of this privacy policy.

4. HOW DO WE PROCESS THE DATA?

At GRUPO CAFERSA, we process your personal data always in strict compliance with current legislation. We also inform you that we have the necessary technical and organizational measures in place to ensure an optimal level of security, guaranteeing that only authorized persons will have access, that the data will remain intact, avoiding any intentional or accidental loss, and that we have reinforced the data processing systems and services.

However, since GRUPO CAFERSA cannot guarantee the invulnerability of the internet or the total absence of hackers or others who might fraudulently access personal data, we commit to informing you without undue delay when a data security breach occurs that is likely to pose a high risk to the rights and freedoms of natural persons. According to Article 4 of the GDPR, a personal data breach is understood to be any breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.

The operations, management, and technical procedures we carry out, whether automated or not, that enable the collection, storage, modification, transfer, and other actions on personal data, are considered personal data processing.

Additionally, we inform you that the data may be jointly processed by the entities of the group detailed in point 1 of this privacy policy.

5. WHAT IS THE LEGITIMACY FOR THE PROCESSING?

The legal basis for the processing of Personal Data will be that which arises from the contractual or pre-contractual relationship, the employment relationship, or any other relationship that requires data processing, such as express consent.

6. HOW DO WE HANDLE ELECTRONIC COMMUNICATIONS?

In accordance with Law 34/2002 of July 11, on Information Society Services and Electronic Commerce, and Directive 2002/58/EC, we inform you that you may receive communications and information of a commercial nature through this electronic communication system (emails, automated response messages from forms, and other communication systems) when you have granted your consent or when the communications are commercial communications related to products or services similar to those previously provided by the data controller.

If you do not wish to receive such communications, you can notify us via this same method, indicating in the subject line "UNSUBSCRIBE COMMERCIAL COMMUNICATIONS" so that your personal data is removed from our database. Your request will be processed within 1 month from submission. If we do not receive an express response from you, we will assume that you accept and authorize our entity to continue making the aforementioned communications.

If you receive such communications by these means, please be informed that the messages are directed exclusively to the intended recipient and may contain privileged or confidential information. If you are not the intended recipient, we notify you that the use, disclosure, and/or copying without authorization is prohibited under the applicable legislation.

7. HOW LONG DO WE RETAIN YOUR DATA?

Personal data of natural persons that we collect through any means will be kept until the data subject requests its deletion. Additionally, the data will be kept as long as the relationship that initiated the data processing remains, always respecting any applicable legal retention periods. After this period, personal data will be deleted from all GRUPO CAFERSA systems.

8. WILL YOUR DATA BE SHARED WITH THIRD PARTIES?

There will be no assignment, transmission, or transfer of personal data, except for those already informed, unless required by a legal obligation. If we are required to provide your data by Public Administration or Autonomous Institutions within the functions expressly assigned by law, your data will be transmitted.

If there is an assignment, transmission, or transfer of personal data outside the aforementioned cases, you will be informed in advance so that, if applicable, you can grant us your consent.

To ensure proper organization, good operations, and procedures that guarantee effective management, GRUPO CAFERSA may need to hire the services of advisors, professionals, or other service companies to process data under our instructions.

This third-party processing is regulated by a written contract or in another legally accepted form, which allows proof of its existence and content, expressly stating that the processor will process the data according to our instructions and will not apply or use them for any other purpose, nor communicate them, even for storage, to other persons.

9. WHAT ARE YOUR RIGHTS?

Data protection regulations grant you the following rights:

  • Right of access: The right of the user to obtain confirmation as to whether or not GRUPO CAFERSA is processing their personal data, and if so, to obtain information about their specific personal data and the processing carried out by GRUPO CAFERSA, as well as information on the origin of the data and the recipients of any communications made or planned.
  • Right to rectification: The right of the user to modify their personal data that is inaccurate or, considering the purposes of the processing, incomplete.
  • Right to erasure ("right to be forgotten"): The right of the user to obtain the erasure of their personal data when it is no longer necessary for the purposes for which it was collected or processed; the user has withdrawn their consent, and no other legal basis exists; the user objects to the processing, and no legitimate grounds exist for continuing the processing; the data has been unlawfully processed; the data must be erased to comply with a legal obligation; or the data was obtained through the direct offer of information society services to a child under 14 years of age. In addition to erasing the data, the data controller must, taking into account available technology and cost, adopt reasonable measures to inform the processors who are handling the personal data of the user's request to delete any links to such data.
  • Right to restriction of processing: The right of the user to limit the processing of their personal data. The user has the right to obtain restriction of processing when disputing the accuracy of their personal data; the processing is unlawful; the data controller no longer needs the personal data, but the user requires it for claims; or when the user has objected to the processing.
  • Right to data portability: If processing is carried out by automated means, the user has the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller. Where technically feasible, the data controller will directly transmit the data to that other controller.
  • Right to object: The right of the user to prevent the processing of their personal data or to stop processing by GRUPO CAFERSA.
  • Right not to be subject to a decision based solely on automated processing, including profiling: The right of the user not to be subject to an individual decision based solely on automated processing of their personal data, including profiling, unless otherwise provided by current legislation.
    If you want more information regarding the processing of your data, rectify inaccurate data, object to and/or limit any processing you consider unnecessary, or request the cancellation of processing when the data is no longer necessary, you can send a written request to GRUPO CAFERSA at Polígono A Raña, C/4, 32300, O Barco, Ourense, or by email to canaldecomunicaciones@cafersa.com.
  • This communication must include the following information: User's full name, request for the request, address, and supporting data.
  • The exercise of rights must be carried out by the user themselves. However, they may be executed by an authorized person as the user's legal representative. In this case, documentation accrediting this representation of the data subject must be provided.

We also want to inform you that you can withdraw your consent without affecting the lawfulness of the processing carried out before the withdrawal, by sending your request to the same address mentioned in the previous paragraph. In this case, you must accompany your request with a copy of your ID card or a document proving your identity.

If you believe there is a problem or violation of the current regulations regarding how your personal data is being processed, you have the right to effective judicial protection and to file a complaint with a supervisory authority, particularly in the state where you habitually reside, work, or where the alleged violation occurred. In Spain, the supervisory authority is the Spanish Data Protection Agency (https://www.aepd.es/) - C/ Jorge Juan, 6 28001-Madrid - FAX: 914483680- TELF: 901 100 099- E-mail: ciudadano@agpd.es

10. WHAT IS THE PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF THE DATA AND HOW LONG WILL THE DATA BE RETAINED?

Below, we detail the purposes of the data processing carried out by one or all of the aforementioned Data Controllers.

11. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

It is necessary for the User to have read and agreed to the conditions regarding the protection of personal data contained in this Privacy Policy, as well as to accept the processing of their personal data, so that the Data Controller may proceed with the processing in the manner, for the periods, and for the purposes indicated. The use of the Website will imply acceptance of its Privacy Policy.

GRUPO CAFERSA reserves the right to modify its Privacy Policy at its discretion, or due to a legislative, jurisprudential, or doctrinal change by the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. It is recommended that the User periodically consult this page to stay informed about the latest changes or updates.

This Privacy Policy was updated to comply with Regulation (EU) 2016/679 of the European Parliament and the Council of April 27, 2016, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR), and with Organic Law 3/2018 of December 5, on Personal Data Protection and Guarantee of Digital Rights.

This Privacy Policy document was reviewed on: 04/11/24.