Products

About Us

Quality

Privacy Policy

cabezuelofoods.com

Date of last review: 26 September 2025

0. Introduction

Thank you for visiting this Website. The privacy and protection of users’ personal data are a priority for the Entity that owns this website.
The fact that you have accessed this section demonstrates your interest in understanding how your data is processed, which we greatly appreciate. We recommend that you carefully read this Privacy Policy each time you access a new website, particularly when you are asked to provide personal data, so that you can exercise your right to make informed and free decisions.
In this document, we explain what types of personal data are collected, the purposes for which they are processed, the legal basis that legitimises such processing, how long the data will be retained, to whom it may be disclosed, and your rights as a data subject, all in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD).
The processing of personal data on this Website is carried out exclusively for legitimate purposes related to the management of enquiries received, customer relations, compliance with legal obligations and, where applicable, the sending of professional information of interest, always on the basis of consent or another appropriate legal basis.
Children under the age of 14 must not provide personal data without the prior and express authorisation of their parents or legal guardians. Under no circumstances will data relating to a minor’s economic situation, professional circumstances or the privacy of other family members be collected without the informed consent of those exercising parental authority or guardianship.
If you are under 14 years of age and do not have such authorisation, please do not complete any forms or provide any personal data through this Website.
If you have any questions regarding this Privacy Policy or the processing of your personal data, you may contact the Data Controller using the contact details provided in the Legal Notice or, where applicable, the Data Protection Officer, if one has been appointed.
This Website and its owner are firmly committed to the protection of personal data and apply best practices in security and confidentiality to ensure that all processing activities are carried out lawfully, fairly and transparently.

The purpose of this document is to help data subjects understand how we process personal data when they visit this Website, contact us through third-party platforms, or interact with us via social media channels. This document is intended to provide a general overview of such processing activities.

In compliance with the provisions of the applicable data protection legislation (Regulation (EU) 2016/679 of 27 April 2016), Cabezuelo Foods S.L. (hereinafter referred to as the “Data Controller” or simply the “Controller”), owner of the website www.cabezuelofoods.com (hereinafter, the “Website”), sets out the following Privacy Policy, which shall govern the processing of personal data carried out through the Website.
This Policy shall be understood in all cases without prejudice to the provisions contained in the corresponding Legal Notice and Cookie Policy.

1. Who is going to ask me for my personal data?

Data Controller: Cabezuelo Foods S.L.

Address: Calle Campo De Criptana 86, 13630, Socuéllamos, Ciudad Real
Email: info@cabezuelofoods.com
Phone: 926 532 842

Data Protection Officer Details: dpo@cabezuelofoods.com If you have any questions, doubts, or suggestions regarding how we use your personal data, you can contact the Data Protection Officer through the email address.

We try to guarantee the privacy of the users of this website. You should know that we will never request personal information unless it is really necessary for the provision of services, we will never share it with third parties (except in certain cases in which it is essential and based on legitimate and previously informed situations), and we will never use your data for purposes other than those related to the contractual relationship. This entity assumes the commitments of Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, Regulation (EU) 2016/679 of the European Parliament and of the Council, and Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSICE or LSSI), as well as the regulations that develop or complement them.

This Data Controller guarantees the confidentiality of the personal data being processed and informs you that all persons with access to your information are subject to professional secrecy. However, we cannot guarantee the invulnerability of this website or the total absence of risks. To the extent that your privacy is considered to have been compromised, this controller undertakes to notify the user without undue delay of any personal data security breach that is likely to result in a high risk to rights and freedoms, in compliance with the provisions of the General Data Protection Regulation.

Therefore, data that may be requested from users of this Website through contact forms, data provided by the mere fact of accessing the Website (cookies), data related to possible comments on the various corporate pages of social networks linked from this Website, personal data that the user enters within the enabled sections, or data provided through other enabled communication channels (for example, email) will be processed by the indicated data controller in constant compliance with current legislation.

2. What data can I access?

In the event that contact forms exist, the data indicated therein (name, email, telephone, etc.). Also, all information provided to me by cookies that may exist on this website, as indicated in the cookies policy. Due to professional activity, if the interested party voluntarily provides information, I will have access to it depending on the medium chosen (for example, if you send us an email, I would have access to additional information).

3. What obligations do I have when providing my data?

By voluntarily providing personal data through the channels enabled on this Website, the User expressly declares that they are over 14 years of age and that the information provided is true, accurate, complete, and up to date. The User undertakes to keep their personal data permanently updated so that it reflects their real situation at all times, and shall be responsible for any inaccuracy or falsehood in the data provided, as well as for any direct or indirect damages that may derive from such non-compliance. The Entity Owning the Website reserves the right to exclude from the services any User who has provided false data, without prejudice to any legal actions that may correspond.

4. Why do we process your personal data?

When you access this Website, you may provide certain personal data, either directly—through contact forms, emails, or telephone calls—or indirectly, as occurs with technical data generated by mere browsing (for example, IP address, device identifiers, browser used, etc.). Depending on the channel used and the specific context in which they are requested, the data may include, among others, your name, surname, postal address, email address, telephone number, or any other information you voluntarily provide:

-By the mere fact of visiting this Website, certain technical information may be automatically collected by the servers providing the web hosting services. This information includes, for example, the source IP address, device identifier, browser type, operating system, date and time of access, and other technical data necessary to enable and optimize navigation. This information is processed for the legitimate purpose of ensuring the technical operation of the Website, detecting possible security incidents, and facilitating User navigation.

-In addition to the data you consciously provide, we may use cookies and similar technologies that collect and process personal data. In the Cookies Policy, we inform you about the purpose of the different cookies used by this website. You will have seen a banner and been asked to accept or reject cookies in a granular manner based on their purpose. Cookies can identify certain data from your equipment and also, depending on the type of cookie, could identify certain user data and distinguish one from another for individualized tracking. Therefore, cookies have an impact on your privacy, which is why an informative cookies policy exists. The only cookies that do not require your consent are technical or necessary ones, as you would not be able to view the page if they were not accepted. These are always activated by default.

-If the User provides their personal data through any of the forms enabled on this Website, the purpose of the processing will be specifically indicated in the form itself or the corresponding collection channel. For example, if the User completes a contact form, their data will be processed exclusively to manage and respond to the inquiry made, whether related to the services offered, the operation of the Website, the processing of personal data, or any other matter raised. This purpose implies that we may respond by sending emails, telephone contact, or other means, always in direct relation to the request received and using only the data voluntarily provided by the User. Under no circumstances will this data be used for purposes other than those expressly informed, nor will communications unrelated to the inquiry be made without prior consent.

-If the User provides personal data via email, telephone call, or other means of communication, such data will be processed exclusively to manage the request, inquiry, or communication made, and for the sole purpose of attending to the relationship derived from said contact. In compliance with Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, the Owning Entity will not send unsolicited commercial communications without prior notice or without having obtained the express consent of the recipient when legally required. However, messages or responses sent for the purpose of maintaining an existing contractual relationship, managing a specific request made by the User, or sending information directly related to said request will not be considered commercial communications, provided that such communication derives from the legitimate relationship between the parties.

-If the User provides information or interacts with any of the official profiles that this entity maintains on social networks—which are linked from this Website—the Owning Entity will act as the Data Controller regarding the personal data provided in that context (such as comments, private messages, reactions, mentions, or publicly shared images). Such data will be processed exclusively to manage the inquiry, communication, or comment made, and only within the scope of the social network itself, without proceeding to the extraction, conservation, or external processing of said information unless prior, express, and informed consent is obtained from the interested party. The User must take into account that the use of these platforms necessarily implies acceptance of their own privacy policies, terms of use, and data processing, which are beyond the control of this entity. The creation of these profiles is intended to offer an alternative information and communication channel to better publicize the activity of the Owning Entity and facilitate interaction with people interested in its services, but we do not assume any responsibility for the processing that the owning entities of said platforms may carry out on user data.

5. How long will you keep them?

As a general rule, personal data processed by this Data Controller will be kept only for the time necessary to fulfill the specific purpose for which they were collected, and will be deleted once they are no longer relevant, necessary, or appropriate, unless there is a legal obligation to keep them for an additional period. In cases where data cannot be deleted because they are necessary for the exercise or defense of claims, for commercial or tax reasons, or by legal mandate, their processing will be duly restricted by blocking them, and they will only be used for those specific and legitimate purposes, preventing any unauthorized access or use. Once the legal conservation periods have elapsed, the data will be deleted with appropriate guarantees.

In any case, it will depend on the data processing carried out:

Personal data associated with the use of cookies and similar technologies employed on this Website will be kept for the periods indicated in the Cookies Policy itself, depending on the type of cookie and its purpose (for example, technical, analytical, or personalization cookies). These periods have been established based on criteria of proportionality and necessity, in accordance with current data protection regulations and guidelines issued by supervisory authorities.

Personal data that the User provides through the various means enabled on this Website—such as forms or emails—will be kept as long as the relationship with the interested party is maintained or, where appropriate, until they revoke their consent. Once the relationship has ended, the data will be kept blocked only during the periods legally required based on the nature of the management carried out. For example, data related to billing will be kept for a minimum of six years, in compliance with tax and accounting legislation; likewise, in the event that civil claims could arise, the general statute of limitations of five years established by Article 1964 of the Civil Code for personal actions not subject to a special term will apply. Once these periods have elapsed, the data will be securely deleted.

Personal data included by Users in our official social networks—linked through this Website—will be kept by this entity only as long as the purpose for which they were collected is maintained or until the interested party revokes their consent, withdraws their interaction, or requests the deletion of said data within the platform itself. However, the data may be kept by the companies owning said social networks in accordance with their own privacy policies and terms of use, over which this entity has no control and assumes no responsibility, given that processing in such environments is subject to criteria, technologies, and decisions external to the Website’s Owning Entity.

6. For what reason can we process your personal data?

The processing of your personal data is carried out based on one or more legitimate legal bases expressly provided for in data protection regulations, specifically in Article 6 of Regulation (EU) 2016/679 (GDPR). Depending on the context and purpose of the processing, we may process your personal data for the following reasons: (i) because there is a legal obligation that requires it, such as the conservation of invoices and accounting documents during the periods established by tax and commercial regulations; (ii) because you have given us your free, specific, informed, and unambiguous consent, either by checking a box on a web form or by signing a document in physical or electronic format that proves it prior to the start of processing; and (iii) because there is a contractual or pre-contractual relationship, such as in cases where the User provides us with their data in the context of an inquiry, professional assignment, or request for information, it being necessary to process them for correct management and response. In all cases, processing will be carried out respecting the principles of lawfulness, fairness, and transparency, and exclusively for the informed purposes.

7. Are we going to transfer them to anyone?

In principle, your personal data will not be transferred to third parties except under legal obligation, vital interest, or express consent of the interested party. However, it is possible that certain processing operations require the intervention of third-party service providers, as data processors, with whom the corresponding contract has been signed in accordance with Article 28 of the GDPR. In these cases, all necessary legal, contractual, technical, and organizational guarantees will be adopted to ensure an adequate level of protection and confidentiality of the data, preventing their use for purposes other than those expressly authorized. Likewise, depending on the nature of the processing, other entities involved in the management or execution of the intended legitimate purposes may access the data, such as technology service providers, financial entities, tax or labor consultancies, insurers, or software providers, always within the corresponding legal framework. In any case, such third parties will only process the data following precise instructions from the Owning Entity and only to the extent necessary to provide the contracted service. In addition to the Data Controller set out above, the data may be processed by other entities depending on the nature of the data processing:

The entities responsible for the social networks linked from this Website may access the personal data that the User voluntarily provides through said platforms (comments, messages, interactions, or shared content), which remain subject to the terms of use and privacy policies of each social network. In such cases, the Website’s Owning Entity is not responsible for the processing carried out by these entities, which operate as independent data controllers.

Certain companies providing services linked to the technical operation of this Website may have limited access to personal data as Data Processors, always under contract and following documented instructions from the Controller. For example, the entity in charge of the web hosting service and domain name management, whose server infrastructure is located within the European Economic Area (EEA), specifically through Ionos Cloud with data centers in national territory, may process certain technical data such as IP addresses or connection logs, within the framework of Website maintenance, availability, and security. In all cases, the corresponding data processing agreements have been signed in accordance with Article 28 of the GDPR, and the application of appropriate technical and organizational measures to safeguard the confidentiality, integrity, and availability of the processed information is guaranteed.

By legal obligation, personal data may be communicated to Public Bodies, Administrations with jurisdiction in the matter, Courts and Tribunals, the Tax Agency, or other competent Authorities, when required by applicable regulations or when this Controller is legally obliged to provide them within the framework of an administrative, judicial, or tax procedure. These communications will be made exclusively in fulfillment of legitimate purposes, as provided for in Article 6.1.c) of the GDPR, and only to the extent that they are strictly necessary to comply with said legal obligation.

Certain third-party companies, responsible for managing cookies and similar technologies used on this Website, may access personal information associated with the User, such as their IP address, device identifiers, browser type, or browsing habits, simply by the fact of visiting and browsing the Website. Such processing is carried out in accordance with the provisions of the corresponding Cookies Policy, which details the type of cookies used, their purpose, duration, legal basis, and the third parties involved in the processing. These entities act as independent data controllers and, in some cases, may carry out international transfers or create browsing profiles; therefore, it is recommended to consult the Cookies Policy to exercise informed control over these technologies and, where appropriate, configure or reject their use through the enabled mechanisms.

This Data Controller applies strict selection criteria when hiring providers who may access personal data within the framework of service provision, in order to guarantee full compliance with personal data protection regulations. To this end, it undertakes to sign with each provider the corresponding data processing contract, in accordance with the provisions of Article 28 of the GDPR, through which specific obligations are imposed regarding: the application of appropriate technical and organizational measures; the limitation of processing to the agreed purposes; exclusive compliance with the documented instructions of the Controller; and the secure return or deletion of personal data once the service provision has ended. All this with the aim of guaranteeing the security, confidentiality, and legality of the processing at all times.

8. What rights do I have?

Anyone has the right to obtain confirmation as to whether or not we are processing personal data concerning them at this entity. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. In certain circumstances, interested parties may request the limitation of the processing of their data, in which case we will only keep it for the exercise or defense of claims. In other circumstances and for reasons related to their particular situation, interested parties may object to the processing of their data. In cases where you have given us your consent, we further inform you that you have the right to withdraw it at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal. If requested, this entity will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims. You may also require us to have your data processed by another entity, with this entity facilitating the portability of your data to the new controller. To this end, specific forms have been prepared (which are at your disposal and which you can request) so that you can exercise your rights of access, rectification, deletion, limitation of processing, objection to processing, objection to automated individual decision-making including profiling, and data portability. In any case, if you consider that these rights have not been satisfactorily met by us, we inform you that you may file a complaint with the supervisory authority (Spanish Data Protection Agency, Jorge Juan 6, 28001, Madrid, or through its electronic headquarters https://sedeagpd.gob.es).
If you prefer, the interested party can send a postal mail to the address that appears in the heading, or by email in the email indicated, including a document that proves identity and request the exercise of the rights mentioned above.

9. Mandatory or optional nature of the information we request. Veracity of the information.

In the event that forms exist, by checking the corresponding boxes and voluntarily completing the fields enabled in the forms on this Website, the User declares to have read and expressly accepted this Privacy Policy and consents freely, specifically, informedly, and unambiguously to the processing of their personal data by the Controller, to the extent necessary to attend to their request or manage their communication. The User guarantees that the data provided is true, accurate, complete, and up to date, undertaking to communicate any modification thereof. The Data Controller shall be exonerated from any liability derived from the use of false, inaccurate, or incomplete data entered by the User. All data requested through the Website is mandatory, as it is essential to establish adequate communication; if all the required data is not provided, it cannot be guaranteed that the information or services offered will fully meet your needs.

10. Principles we will apply when processing your personal data

The processing of the User’s personal data by the Controller is governed by the principles established in Article 5 of the GDPR. Firstly, the principle of lawfulness, fairness, and transparency applies, which implies that the User will be clearly informed at all times about the purpose of the processing and their consent will be requested, when necessary, in a prior and express manner. In accordance with the purpose limitation principle, data will be collected only for specified, explicit, and legitimate purposes, and will not be further processed in a manner incompatible with those purposes. The data minimization principle will also be respected, processing only those personal data that are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. In compliance with the accuracy principle, reasonable steps will be taken to ensure that personal data is kept up to date and corrected without delay when inaccuracies are detected. The storage limitation principle ensures that data will be kept only for the time strictly necessary for the fulfillment of the informed purposes, and will be deleted or blocked once that period has expired. Regarding the integrity and confidentiality principle, processing will be carried out by applying appropriate technical and organizational measures to protect the data against unauthorized access, alteration, loss, or destruction. Finally, in accordance with the accountability principle, the Data Controller assumes the duty to implement effective policies and mechanisms that ensure compliance with all the above principles, being able to demonstrate this at any time before the competent supervisory authority.

11. Regarding social networks

For the Owning Entity, as for any business, social networks represent a promotional channel and it uses them to entice and attract users and participants to our activities. Networks are used to answer your questions, to attend to your needs immediately and quickly without having to use the telephone. They can also be used to bring our activity closer to your life, to communicate, to chat, and to get to know each other.

The Owning Entity maintains various official profiles and pages on several social networks, accessible through this Website, but is not responsible for the content, opinions, or publications made by third-party users on said platforms. The processing of personal data that third parties may carry out on these social networks is governed by the policies, general conditions, and specific conditions of each platform, which may differ from those set forth here; therefore, the Owning Entity recommends that Users read and reflect on them carefully. If a User has a profile on any of these social networks and decides to join, follow, or interact with the page created by the Owning Entity or contact it through any of the channels enabled on the network, it will be understood that they grant their consent for the processing of the personal data they voluntarily publish on their profile. The User must be aware that publications made on these platforms will be visible to other users, so they are primarily responsible for the privacy of their data and the information they share. Images or content that may be published on said pages will not be stored in any information system belonging to the Owning Entity, although they will remain hosted and managed by the corresponding social network.

The user can access the privacy policies of the social network itself at any time, as well as configure their profile to guarantee their privacy.

In relation to the rights of access, rectification, deletion, limitation and opposition, which you have and which can be exercised before us, you must take into account the following nuances:

-Access: will be defined by the functionality of the social network and the ability to access information from user profiles.

-Rectification: can only be satisfied in relation to information that is under our control, for example, deleting comments published on the page itself. Normally, this right must be exercised before the social network.

-Deletion, limitation, and/or Objection: as in the previous case, can only be satisfied in relation to information that is under our entity’s control, for example, ceasing to be linked to the profile.

The Owner Entity may carry out the following actions:

-Access to public profile information.

-Sending personal and individual messages through social network channels.

-Page status updates that will be published on the user’s profile.

-The user can always control their connections, delete content that no longer interests them, and restrict who they share their connections with; to do so, they must access their privacy settings.

Our entity maintains a presence on the Facebook and Instagram platforms, operated by Meta Platforms, Inc. (1 Hacker Way, Menlo Park, California 94025, USA). By interacting with our official pages or profiles on said social networks, these entities may have access to your personal data exclusively within the environment of the corresponding social network. This consent enables the management of your participation as a follower and the sending of information related to our activities, events, and promotions, provided that such communications are made within the platform itself. This includes access to your public profile information and the possibility of establishing direct communications in response to your interactions with us, as well as the potential visibility of our page updates on your user profile. It is crucial to highlight that the responsibility of the Owning Entity is limited solely to the administration of the page on the aforementioned social network. The management and subsequent use of personal data by Meta Platforms, Inc., or any other third-party service providers or users, are beyond our control and responsibility. Therefore, we urge users to consult Meta’s privacy policies (available at https://www.facebook.com/privacy/policy) for a comprehensive understanding of their data processing practices. Likewise, the publication of personal data on these platforms implies its potential accessibility to other users and its indexing by search engines, with the veracity, authenticity, and updating of the information published being the sole responsibility of the user.

This website may include links or buttons that redirect to the corporate profile that the owning entity maintains on the professional social network LinkedIn, for the purpose of sharing institutional information, promoting professional services, generating corporate visibility, and facilitating additional contact channels with users, clients, and collaborators. The user is expressly informed that, by clicking on said link and being redirected to the LinkedIn platform, they will leave the technical and legal environment of this website, becoming subject to the terms of use, privacy policy, and other legal terms of the aforementioned social network, whose owning entity (LinkedIn Ireland Unlimited Company) assumes, from that moment, the status of Data Controller for the personal data that may be collected through its own platform. Consequently, this Data Controller is not responsible for the data processing that LinkedIn may carry out with the user’s personal information, whether through mere browsing, interaction with the entity’s profile, or any other functionality enabled by said network. The user is recommended to carefully review LinkedIn’s privacy policy before interacting on its platform: https://www.linkedin.com/legal/privacy-policy It is stated that no transfer of personal data is made from this website to LinkedIn, nor is there any automated communication between both platforms. Access to the owning entity’s LinkedIn page is carried out exclusively at the user’s own initiative and under their full responsibility.

12. Cookies and other aspects.

The protection of the information you entrust to us is a fundamental priority for our entity. For this reason, this website has been equipped with an SSL (Secure Socket Layer) certificate. This security protocol is essential for establishing an encrypted communication channel, ensuring that all data transmitted between your browser and our server travels integrally, confidentially, and securely, thus preventing unauthorized access or interception of information by third parties. We have implemented a robust set of technical and organizational security measures, which have been diligently selected and applied after conducting an exhaustive risk analysis in accordance with current data protection regulations. Among these measures, encrypted data transmission stands out as a primary feature, guaranteeing the protection of information from the moment it is entered on our website. In addition, rigorous access controls, protection against malicious software, and backup systems are applied, all designed to mitigate identified risks and safeguard the privacy and security of your personal data. Our commitment is to keep these measures updated and adapted to the latest technologies to ensure an optimal level of security.

As a user, you are solely responsible for the veracity and correctness of the data you submit to this website. The Owning Entity will not accept any type of responsibility in this regard, ensuring the accuracy, validity, and authenticity of the personal data provided.

This Data Controller reserves the right to modify and/or update the information on data protection when necessary for the correct compliance with the Data Protection Regulations. If any modification occurs, the new text will be published on this page, where you can have access to the current policy. In each case, the relationship with users will be governed by the rules provided at the precise moment in which the web is accessed. For all purposes, the validity of the document can be verified in the header.

This website integrates Google Analytics cookies, a web analytics tool provided by Google, Inc. Google Analytics allows website owners to obtain information about users’ browsing habits, generating reports that describe how visitors interact with content to optimize the experience offered. Our entity uses this tool to analyze user navigation, which allows us to understand general site trends without identifying individual users. Data processing by Google Analytics is governed by the Google Analytics general terms (available at http://www.google.com/analytics/tos.html) and Google’s privacy policies (accessible at http://www.google.com/intl/en/policies/privacy/). The main purpose of this processing is the analysis and measurement of data to provide web analytics services, such as obtaining statistics on page visits. You can obtain additional information about how Google Analytics works at the following link: https://support.google.com/analytics/answer/6004245?hl=es. It is important to highlight that this application does not collect identifying personal data such as names, surnames, or postal addresses of users. The information obtained is related to browsing metrics, such as the number of pages visited, browser language, the social network from which news is accessed (if applicable), the city assigned to the connection IP address, the number of users visiting the site, the frequency and recurrence of visits, time spent, the type of browser used, and the operator or type of device from which the visit is made. All this information is used with the aim of continuously improving our website, detecting new needs, and evaluating improvements to be introduced to offer a higher quality service to our users. In order to provide visitors with control over their data, Google has developed a browser opt-out add-on that prevents Google Analytics from collecting your browsing data. This add-on can be downloaded and installed from the following address: https://tools.google.com/dlpage/gaoptout/eula.html.

However, we remind you that you can deactivate Google Analytics cookies through your own browser settings:

-Chrome,support.google.com/chrome/answer/95647?hl=en

-Explorer,support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

-Firefox support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

-Safari support.apple.com/en-gb/guide/safari/sfri11471/mac

For the purposes of Google’s data processing activities, please note that Google will collect and store information about your usage. Regarding International Data Transfers (IDT) to the United States, we inform you that the European Commission adopted an adequacy decision on July 10, 2023, establishing the EU-U.S. Data Privacy Framework. Data transfers of personal data to organizations in the U.S. that adhere to this framework are considered lawful and offer adequate safeguards, as they are deemed to provide a level of protection essentially equivalent to that of the GDPR. Since Google adheres to the Privacy Framework List, data transfers made via Google Maps (API) to the U.S. are covered by this adequacy decision. In accordance with Article 13.1.f of the GDPR, we inform you of the existence of this adequacy decision and that you can consult the means to obtain a copy of the adequate safeguards in Google’s privacy policy. Therefore, we recommend that you carefully read our provider’s privacy policy beforehand and verify its adherence status on the official Data Privacy Framework list by clicking on https://www.dataprivacyframework.gov/s/participant-search. We remind you that this entity cannot control or be held responsible for the content and veracity of the referenced Google terms and conditions and privacy policies.

This website may include hyperlinks or links that provide access to third-party websites, which are therefore not our responsibility. The owners of such websites will have their own privacy policies, and they will be responsible for their own files and data processing in each case.

13. Security Information for Safe Browsing

-Always use an updated browser. Do so also through an updated operating system. Where applicable, review the apps and programs you use most frequently. Most major browsers today update automatically, either transparently to the user or through notifications that must be approved. These updates are often avoided because they seem cumbersome, but the reality is that they usually incorporate patches that fix small security vulnerabilities. Likewise, we recommend that add-ons and extensions be configured to update automatically. Also, ensure that the installation of these add-ons is done from reliable sources.

-It is advisable to disable add-ons such as Adobe Flash and Java for unknown services and sites. Mechanisms that allow clicking and executing or the use of certain extensions can facilitate this task. Likewise, it is recommended to disable JavaScript when browsing unknown web pages.

-It is advisable to review your browser’s security and privacy options. Browsers currently offer interesting features such as: not accepting third-party cookies, blocking pop-ups, preventing password synchronization, avoiding autofill, deleting temporary files and cookies when closing the browser, blocking geolocation, filtering ActiveX, etc.

-It is recommended to use the HTTPS protocol. This implies that information between your browser and the server will travel encrypted end-to-end. However, it is important to verify that certificates sent by “https” services handling sensitive information have been issued by a trusted entity. Any error or alert generated by the browser as a result of certificate validation (e.g., self-signed certificates) should be carefully reviewed. Be suspicious if the beginning of the internet address is not “https”. And in any case, keep in mind that the padlock icon in the browser does not guarantee security: the padlock only serves to indicate that communication to the web server is encrypted and that they have paid to have it, but it has nothing to do with whether the website is legitimate or a fraud.

-Take the necessary time to configure the cookies of the website you are visiting. In principle, a correct cookie configuration should allow you to disable them, and they should not be loaded automatically (except for essential cookies) under any circumstances.

-Protect your passwords, do not disclose them to third parties in writing or verbally, change your password periodically, and never respond to password requests received via email. Use combinations of numbers, letters, and symbols for your passwords. Do not store passwords by default through the browser and use more secure tools for their management (e.g., password managers that implement a robust encryption system). If you decide to use the browser, it is important to use a master key that encrypts the credential repository.

-Consider using additional extensions or add-ons that implement functionalities not covered by the browser. For example, those that improve privacy during browsing or that block, as much as possible, ads, advertising banners, and certain tracking techniques used by third parties.

-We recommend not trusting unknown Wi-Fi networks. When our connections fail, desperation leads us to search for and connect to Wi-Fi networks of dubious origin and legitimacy, but presented as free. These fraudulent networks can open the doors of your devices wide, which is why you should avoid them.

-It is also important to log out when you have finished browsing, especially if you have done so on a public computer.

14. Supervisory Authority

We trust that we can resolve any questions or concerns you may have regarding your personal information. However, if you wish to file a complaint with the competent authority, you have the right to do so. In Spain, the highest authority in data protection is the Spanish Data Protection Agency (AEPD). Its website is accessible at https://www.aepd.es/es and its telephone number is Tel: 91 266 35 17.

15. Updates to this Privacy Policy.

We reserve the right to modify this Privacy Policy to adapt it to any legislative or jurisprudential changes, or if our business activity undergoes significant variations affecting the processing of personal data. It is important to note that, in cases where modifications imply different data processing or a new purpose requiring the express consent of users, these changes will only be implemented if such consent is obtained beforehand. We urge our users to periodically review the content of this Privacy Policy to stay informed about any updates.