Privacy Policy

The Company is dedicated, in accordance with its corporate purpose, to the management of a restaurant, food and beverage business.

Our data protection policy is constructed and communicated in accordance with applicable regulations, especially in relation to EU Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, GDPR) and Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights.

The Company has also adopted the necessary technical and organizational measures to guarantee the confidentiality, security, and proper handling of personal data, preventing its alteration, loss, unauthorized processing, or access, in accordance with applicable regulations. Effective measures are taken, and in all cases, the level of security is appropriate to the sensitivity of the data processed. This work is carried out continuously, taking into account legislative and societal developments.

This policy may change over time due to legislative changes or other operational reasons. Any changes will be immediately reflected on the website, and appropriate notifications will be sent as needed.

The firm manages personal data of individuals in the performance of their professional duties or functions, as well as personal data in the private sphere. Both categories have been addressed in establishing this privacy policy. The entity may act as a DATA CONTROLLER or as a DATA PROCESSOR. This privacy policy addresses and covers both types of actions.

Who is responsible for processing your data?

CUAJO Y TANINO, SL (hereinafter “the Company”), with CIF B87985032 with address at 28015 Madrid, Calle Bernardo López García 11, bj., telephone 911100669 and e-mail info@lacarboneramadrid.com.

DATA PROTECTION OFFICER:

Marcelo Rafael Álvarez Borderre

PURPOSE OF DATA PROCESSING AND RETENTION

We process the information provided to us by our clients and other interested parties for the following purposes:

1. PURPOSES OF A CONTRACTUAL NATURE, in relation to associates, suppliers, collaborators and employees, to manage the provision of rights and obligations arising from the contractual relationship.

2. PURPOSES BASED ON THE CONSENT OF THE INTERESTED PARTY: For information purposes related to the activities and actions of the entity.

The Company will be responsible for providing the information and collecting the consents necessary for the commercial use of the data.

1. REGULATORY PURPOSES: For compliance with its legal and/or regulatory obligations.

2. PURPOSES BASED ON LEGITIMATE INTEREST, under the provisions of Article 19 of the LOPDGDD (Organic Law 3/2018 of December 5) and Article 6.1.f) of EU Regulation 2016/679.

Data is processed in the capacity of DATA CONTROLLER, when it is collected and processed by us.

Data is processed in the capacity of DATA PROCESSOR, when the firm processes the data to provide a service to a third party that is responsible for the data.

DATA RETENTION

The personal data provided will be retained

1. For as long as required to fulfill the purpose for which they are collected, or as required by the contractual relationship, including the time necessary, in accordance with applicable regulations, to fulfill the relevant obligations and actions that may arise from it.

2. Unless its deletion is requested by the interested party.

being blocked when the first of the two events mentioned above occurs.

From that moment on, the data will be available exclusively to Judges and Courts, the Public Prosecutor's Office, or the competent Public Administrations, particularly data protection authorities, for addressing any potential liabilities arising from the processing, for the duration of the applicable statute of limitations. Once this period has expired, the data will be deleted.

Profiling is not performed.

LAWFUL TREATMENT

As the DATA CONTROLLER, the legal basis for processing your data is based on:

1. In the contractual relationship and execution of the contract signed with us.

2. If you have expressly given your consent, the legal basis is that consent.

3. Legal legitimacy based on regulatory purposes.

4. In the legitimate interest, under the protection of article 19 of the LOGPGDD.

As the PROCESSOR, it is the responsibility of the entity that has contracted us as a service provider, in its capacity as the CONTROLLER, to establish the legitimacy and processing model.

DATA RECIPIENTS

The data is shared with our partners who provide services as subcontractors, law firms, and other data processors. In these cases, the corresponding data processing agreement, as required by the General Data Protection Regulation, is signed with the recipient.

INTERNATIONAL DATA TRANSFERS

In relation to any transfer of your personal data to countries outside the EEA, the firm will implement appropriate specific measures to ensure an adequate level of protection for your personal data.

USER RIGHTS

1. Everyone has the right to obtain confirmation as to whether or not we are processing personal data concerning them.

2. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

3. In certain circumstances provided for in Article 18 GDPR, interested parties may request the restriction of the processing of their data, in which case we will only retain them for the exercise or defense of claims.

4. Those concerned may object to the processing of their data for marketing purposes, including profiling. The Foundation will cease processing the data, except for compelling legitimate grounds or for the establishment, exercise, or defense of legal claims.

5. Under the right to data portability , data subjects have the right to obtain the personal data concerning them in a structured, commonly used and machine-readable format and transmit it to another controller.

EXERCISE OF GDPR RIGHTS BY THE USER

By means of a letter addressed to the addresses indicated above.

USER RESPONSIBILITY

The User guarantees that the personal data provided through the form is truthful and is obligated to notify any changes to it. Likewise, the User guarantees that the information provided corresponds to their actual situation, is up-to-date, and is accurate. Furthermore, the User is obligated to keep their data updated at all times, and is solely responsible for any inaccuracy or falsity of the data provided and for any damages that this may cause to the company, SL, as the owner of the portal.

COMPLAINT TO THE SPANISH DATA PROTECTION AGENCY

If you believe that the Company has not correctly resolved your request, you may request the protection of the Spanish Data Protection Agency, whose details can be found at www.agpd.es.

DATA CATEGORIES

What categories of data do we process?

1. Identifying data.

2. Information about your role or professional activity.

3. Economic data.

Generally, special categories of data under Articles 9 and 10 of the GDPR are not processed. Should this ever change, the entity will comply with the requirements of Articles 9 and 10 and obtain explicit consent.

The data received or collected is necessary to fulfill the stated purposes, and is treated confidentially in accordance with the privacy and security policies established by the firm.

The data received or collected is necessary to fulfill the stated purposes.

ORIGIN

As the DATA CONTROLLER, the personal data we process comes from the information you provide when you request services or resources, access our website, or establish any type of relationship with us, directly or indirectly.

As DATA PROCESSORS, the data comes from the DATA CONTROLLER, or we collect it for him during the provision of the service contracted with the CONTROLLER.