The personal data of users may be gathered through the use of this website in accordance with the legislation in force. SORIGUÉ S.A.U. (henceforth, SORIGUÉ) will only collect, process, keep, communicate or delete personal data as necessary and will always abide by the data minimisation principle.

We will always be transparent with our customers and users, which is why we are providing the greatest amount of information possible about the use and purpose of processing data.

All SORIGUÉ’s data processing procedures will be performed in strict compliance with Regulation EU 2016/679.

This Policy establishes the basis with which SORIGUÉ, as a “Data Controller”, manages the personal data of website users, users requesting information and customers.

This policy details elements related to the website, notwithstanding other information related to the General Data Protection Regulation, which may be detailed in other policies and which can be made available to you through different means.

You can make as many queries as you would like regarding privacy and the General Data Protection Regulation by contacting the email address rgpd@sorigue.com

Data Controller Information

Identity: SORIGUÉ, S.A.U.

CIF [Tax Identification Number]: A25007832     .

Postal Address: C/Alcalde Pujol, núm. 4, 25006 Lleida

Telephone: +34 901 020 002

Email: sorigue@sorigue.com

Email for GDPR Information: rgpd@sorigue.com

Personal Information

This website has been created to provide information about, promote and sell products marketed by SORIGUÉ to any Internet user.

Merely visiting our website can cause cookies to be stored. Please consult the information related to our Cookies Policy.

 

Purpose of Processing

Purpose

Data is collected and processed in order to manage requests submitted by users of the website, send Newsletters when they have been requested and process consumer orders for the products we offer.

If communications give rise to a relationship that goes beyond that described here, the purpose set forth in our Records of Processing Activities will be expanded.

Basis for Processing

The data obtained will be processed with your consent, which may be revoked at any time. Said consent shall be expressly communicated at each point of the website where it is required; simple, free and accessible systems for opposing the processing of your data when you consider it appropriate have also been established.

Providing personal data implies that said data are true and exact and that they should be updated when they change.

Record of Data Processing Activities

WEBSITE USER MANAGEMENT
Purpose of Processing Managing the contact data of website users. Managing queries. Managing information derived from cookies. Managing the Newsletter. Managing purchases.
Legitimacy of Processing Consent/legitimate interest
Categories of Personal Data: Identification data: First name and surnames; identifier; email. Telephone number.

Professional data (position and contact data).

Rights of the Affected Subjects Access, rectification, erasure, opposition, restriction and withdrawal of consent.
Third Party Access to Personal Data IT service providers with access to data (website/platform designers and providers; storage services; maintenance and support for our databases, software and web applications). Advertising/publicity partners for sending Newsletters.

 

CLIENT MANAGEMENT
Purpose of Processing Managing contact data for clients and potential clients.
Legitimacy of Processing Agreement/Legitimate interest
Categories of Personal Data: Identification data: First name and surnames; Identifier; DNI [National Identity Card]; email. Professional data (position and contact data).
Rights of the Affected Subjects Access, rectification, erasure, opposition, restriction and withdrawal of consent.
Third Party Access to Personal Data IT service providers with access to data (website/platform designers and providers; storage services; maintenance and support for our databases, software and web applications). Collaborators in charge of managing client relations.

 

MARKETING
Purpose of Processing Advertising and marketing activities for products and services associated with the business Group and its foundation. Relations with the press and communications.
Legitimacy of Processing Consent/Legitimate interest
Categories of Personal Data: Identification data: First name and surnames; DNI [National Identity Card]; email; telephone. Professional data (position and contact data).
Rights of the Affected Subjects Access, rectification, erasure, opposition, restriction and withdrawal of consent.
Third Party Access to Personal Data IT service providers with access to data (website/platform designers and providers; storage services; maintenance and support for our databases, software and web applications). Collaborators managing secondary publicity and marketing activities.

 

EXERCISE OF RIGHTS/NOTIFICATION OF SECURITY BREACHES
Purpose of Processing Exercising rights included in the General Data Protection Regulation (GDPR), as well as notifying data subjects about potential security breaches.
Legitimacy of Processing Legal obligations according to the General Data Protection Regulation.
Categories of Personal Data: Identification data: First name and surnames; DNI [National Identity Card]; email.
Rights of the Affected Subjects Access, rectification, erasure.
Third Party Access to Personal Data IT services providers with access to data (web platform designers; hosting services; maintenance and support on our databases and on our web software and applications).

 

 

Categories

Collected data

Identification data (full name, country, province and company) and contact data (email address, telephone number) can be collected on the website.

Occasionally, we may also process other unique numerical identifier data such as the IP address of your computer, the identifier of your mobile device or information that we obtain through cookies.

When you send us an email or use specific forms (which may be included), we will collect the data included in the communication that we might need to reply.

If you contact us via social media, your image may be collected on our profile.

 

Recipients

The personal data that is provided may be shared with entities that help us manage the commercial communications processes and provide and maintain technological services (e.g. the website). In addition, we have external collaborators who help us with design, development, marketing and publicity.

As per our policy, SORIGUÉ only works with companies that can provide adequate guarantees to implement appropriate technical and organisational measures. This means that the data you supply us will be processed in compliance with the requirements of data protection regulations and that the rights of the data subject will be protected.

We do not sell or exchange personal information. We only share or give access to data to the providers or subcontractors who have been previously evaluated and with whom we maintain confidentiality agreements.

The Supervisory Authority may also be able to access your data.

International Transfers

Generally, personal data will not be processed outside of the EU. However, some providers may store information outside Europe. These include social networks (Facebook®, Twitter®, LinkedIn®, Vimeo®, Instagram®) and tools that help us to manage activities (e.g. MailChimp® or Google®). All the providers are Privacy Shield certified, which demonstrates that their security measures meet the European area requirements.

Some of the cookies that we use are from third parties and are being transferred outside of the European area. However, these providers are Privacy Shield certified.

Our external providers must meet the security and due diligence measures in the provision of their services. Some will apply security standards such as ISO/IEC 27001 or the ISAE International Security Regulation.

If other providers are used in the future that are headquartered outside the EU/EEA and that do not have the level of security required by the EU, we will update our policy and provide you with detailed information about them.

Third-party Links

In some cases, we may provide access to third-party websites or applications (e.g. social networks) from our website. We cannot guarantee the security available in these external environments. Please read the legal policies for these third parties carefully. If you find that a third party has breached regulations or impacted on user integrity, please let us know by emailing us at rgpd@sorigue.com.

 

Storage Periods

Our corporate policy dictates that we will only keep your personal data for the time that is absolutely necessary for each purpose of processing. The storage period is generally determined by a legal requirement that applies to us because we are providing a service or because we have to keep evidence that we have complied with said requirement. In any case, the periods will vary based on each one of the processing activities that we perform.

By way of example and without limitation, the following criteria are used to determine how long data will be stored:

  • Data associated with cookies. 12 months after the consent of each user.
  • Exercising rights, during the period indicated by the legislation in force for the exercise of responsibilities.

In any case, data will be deleted once the purpose for which it was collected has ended. Initially, this period is three years.

When the data is no longer needed in order to comply with the established obligations and duties, it will be deleted in an orderly and safe manner.

User rights

You will be entitled to exercise your rights as the owner of your personal data. To exercise your rights with respect to SORIGUÉ, simply contact us at rgpd@sorigue.com or fill in the appropriate form on our ethics channel, which is available via the following link: https://www.sorigue.com/en/sustainability/ethical-channel

Below is a brief explanation of your rights:

You are entitled to obtain confirmation about whether or not we are processing your personal data. You are entitled to access your personal data, ask for any inaccuracies to be corrected and request that your data be erased when it is no longer needed for the purposes for which it was collected, among other reasons.

You are entitled to withdraw your consent. However, this will not impact the legality of any processing activities that took place before you withdrew consent. If you no longer wish to receive our Newsletter, you can unsubscribe through any of the messages (by following the actions indicated at the bottom), by sending an email to rgpd@sorigue.com or by filling in the appropriate form on our ethics channel, which is available via the following link: https://www.sorigue.com/en/sustainability/ethical-channel

Wherever technically possible, we will enable you to receive your data, or provide them to third parties, in a structured, accessible and machine-readable format in accordance with art. 20 of the European Union’s General Data Protection Regulation.

Rights in detail

We want to give you some more detailed information:

  1. The right to obtain information clearly and transparently regarding how your personal data is processed, the purpose of processing, the storage period, the transfer of data to third parties, or the international processing of the same, and the possibility of presenting claims to the Spanish Data Protection Agency.
  2. The right to access and know what personal data we are processing.
  3. The right to request:
  • The restriction of processing while your data is being rectified.
  • We keep your personal data to perform actions or submit claims in defence of your interests.
  1. The rectification of personal data that is inexact or incomplete.
  2. The right to erase personal data when the reason for its processing has ended, or if you withdraw your consent for it to be processed, at which point, said personal data will be deleted, unless there is a legal requirement to keep it.
  3. The right to oppose the processing of your personal data.
  4. The right to restrict the processing of your personal data to specific activities.
  5. The right to the portability of your personal data, which operates under specific circumstances in which data processing is automated, and whenever possible.

Remember that you can revoke or withdraw your consent at any time.

How to exercise your rights

It is always free to submit a request to exercise your rights, and you can do so by emailing us at rgpd@sorigue.com or by filling in the form for the right you wish to exercise on our Ethics Channel via the following link: https://www.sorigue.com/en/sustainability/ethical-channel. Remember that, in order to exercise your rights, you must reliably prove your identity using a valid identification document. If you are acting on behalf of a third party, you will need to present us with the document authorising representation.

Supervisory Authority protection

You can submit a claim to protect your rights to the Agencia Española de Protección de Datos Personales [Spanish Data Protection Agency) by contacting their electronic office, or by sending a letter to C/Jorge Juan, núm. 6, 28001 de Madrid. For more information, please visit the website www.aepd.es.

Security Measures

It is corporate policy to maintain the technical and organisational measures that are necessary to guarantee the security of personal data and prevent their unauthorised alteration, loss, processing or access thereto, in compliance with the legislation in force to protect personal data.

All the security measures developed and implemented are based on risk management. All the measures have been considered based on the requirements established in the General Data Protection Regulation.

We require our providers to implement our measures. Anyone employed by our company directly or via a third party who has access to personal data must follow the security measures imposed.

It is the policy of our group to maintain the security, integrity and confidentiality of personal data. Any breach of our standards will be investigated.

Our IT department will work in conjunction with security experts to protect data and investigate any act deliberately performed in order to attack our security measures.

Security Violation Notice

When we detect that we have been the victim of a security violation that affects your personal data, we will proceed to mitigate the damages. Furthermore, we will notify the Control Authority within a period of 72 hours. We will email the owners of personal data to provide them with necessary information if their data has been compromised. Where necessary, we will also provide information about the security measures that will be implemented to prevent a negative impact.

Security Measures as a User

As an Internet user, we would like to give you some tips about how to browse safely. Keep your operating system and software up to date. This applies to both Smartphones and computers. Make sure you are using the latest version of your browser. Disable unnecessary browser plugins by opting to monitor any plugins that have been installed.

Ensure that you have installed antivirus software and that it is up to date and activated. It is also a good idea to install anti-malware and anti-spyware software.

Remember your passwords; update them regularly, try to observe security criteria (at least eight characters, including numbers and symbols) and avoid using simple patterns or information that can be easily guessed. Ensure security mechanisms are activated on mobile devices to provide access.

Do not trust emails sent by banks or suppliers and never provide them with personal data or security codes over the Internet.

Minimise access to public Wi-Fi networks and do not use them to share data or access services that require a username and password.

Changes to the Policy

Any change in our privacy policy shall be published and shall take effect from the day of publication. This document is effective from the date indicated below.

If you think there are any elements that are not applicable or that need to be expanded on or amended, please email us at rgpd@sorigue.com.

Translation

This policy is available in several languages. If there are any discrepancies between the different texts, the original and official policy in Spanish will prevail. Therefore, all texts must be interpreted in accordance with the terms set forth in the Spanish version. Any error, omission or ambiguity shall not be considered the responsibility of our entity.

Cooperation

It is the policy of SORIGUÉ to cooperate and collaborate on anything that may be required by the Control Authority.

In addition, we shall, at all times, try to facilitate direct compliance with the legal provisions established in the privacy legislation in force, the exercise of the rights of interested parties and incident management.

Communications and Contact

To facilitate contact with our users and with any third party who may be interested in communicating with us, we have a free method of communication—email—that guarantees access to any user: sorigue@sorigue.com / rgpd@sorigue.com.

DATE OF LAST UPDATE 9/11/2020