+34 925 394 003  –  olibrok@olibrok.com

Home|Philosophy|About us|Services|Contact

Privacy Policy
  1. 1. General Information

This Privacy Policy aims to inform the User about the processing of their personal data on the website www.olibrok.com (hereinafter the Website) in accordance with the provisions of Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 of December 5 (LOPDGDD).

  1. 2. Data Controller

Controller: ACEITE DE OLIVA BROKERS S.L.
Address: C/ COLÓN 14 – MADRIDEJOS 45710
Telephone: 619766394
Email: luysa.argudo@olibrok.com
Tax ID: B45411527

  1. 3. Purpose of Personal Data Processing

3.1. Main Purposes

The personal data provided by the User will be used for the following purposes:

  • Processing Requests and Inquiries: To process and respond to requests, inquiries, or complaints submitted through the Website forms.
  • Commercial Information: To send information about products, services, promotions, and news, provided the User has given their explicit consent to receive these types of communications.
  • Commercial Relationship Management: To maintain and manage the existing commercial relationship with the User, including billing and shipping of contracted products or services.
  • Service Improvement: To analyze and improve the offering of products and services by analyzing Website usage data.
  • Compliance with Legal Obligations: To comply with the legal and regulatory obligations applicable to the CONTROLLER.

3.2. Legal Basis for Processing

Data processing is based on the following legal bases established in Article 6 of the GDPR and Article 13 of the LOPDGDD:

  • User Consent: When the User has given their explicit consent for one or more specific purposes, in accordance with Article 6.1.a of the GDPR and Article 7 of the LOPDGDD.
  • Performance of a Contract: When processing is necessary for the performance of a contract to which the User is a party or for the implementation of pre-contractual measures, in accordance with Article 6.1.b of the GDPR and Article 5 of the LOPDGDD.
  • Legitimate Interests of the Controller: For direct marketing purposes, service improvement, and other legitimate interests of the CONTROLLER, provided that the rights and freedoms of the User do not prevail, in accordance with Article 6.1.f of the GDPR and Article 6 of the LOPDGDD.
  1. 4. Categories of Data Processed

The following categories of personal data may be collected and processed:

  • Identification Data: First name, last name, tax identification number, address, telephone number, and email address.
  • Usage Data: Information about browsing and use of the Website, such as IP addresses, browser type, pages visited, browsing time, etc.
  • Interaction Data: Messages, inquiries, requests for information, and any other type of communication sent through the Website.
  • Profile Data: User preferences, purchase history, and other data related to the User’s interaction with the Website and its services.
  1. 5. Data Retention Criteria

5.1. Retention Periods

Personal data will be retained for the time necessary to fulfill the purposes for which they were collected and to determine any potential liabilities that may arise from said purpose and the processing of the data.

Specifically:

  • Contact and Business Management Data: These will be retained for the duration of the business relationship and during the applicable legal limitation periods, in accordance with Article 33 of the GDPR and Article 33 of the LOPDGDD.
  • Browsing Data: These will be retained anonymously for the time necessary to compile statistics or analyze Website usage, in accordance with Article 5.1.e of the GDPR and Article 5.1.a of the LOPDGDD.
  • Profile Data: These will be retained as long as the User maintains a relationship with the CONTROLLER or until the User requests their deletion, in accordance with Article 5.1.a of the GDPR and Article 5.1.b of the LOPDGDD.

5.2. Criteria for Determining Data Retention Periods

The criteria used to determine data retention periods include:

  • Duration of the Business Relationship: Until the end of the contractual relationship and the statutory limitation periods, in accordance with Article 33 of the GDPR and Article 33 of the LOPDGDD.
  • Legal Obligations: Compliance with legal data retention obligations under applicable law, such as the retention of invoices for 6 years in accordance with Article 18 of the LOPDGDD.
  • Legitimate Interests: Data retention for the protection of legitimate interests of the CONTROLLER or the User, in accordance with Article 6.1.f of the GDPR and Article 6 of the LOPDGDD.
  1. 6. Legitimacy of Processing

The processing of personal data is based on the following legal grounds:

  • User Consent: In accordance with Article 6.1.a of the GDPR and Article 7 of the LOPDGDD, for specific purposes such as sending commercial communications.
  • Execution of a Contract: In accordance with Article 6.1.b of the GDPR and Article 5 of the LOPDGDD, necessary for the provision of contracted services.
  • Legitimate Interests: In accordance with Article 6.1.f of the GDPR and Article 6 of the LOPDGDD, for the improvement of services, analysis of Website usage, and other legitimate activities of the CONTROLLER.
  1. 7. Recipients of Personal Data

7.1. Internal Communications

The data may be shared internally with the CONTROLLER’s staff and collaborators who need access to it to fulfill the aforementioned purposes, in accordance with Article 28 of the GDPR and Article 28 of the LOPDGDD.

7.2. Third Parties and Service Providers

Data will not be transferred to third parties, except in the following cases:

  • Legal Obligation: When there is a legal obligation to communicate the data to a competent authority, in accordance with Article 6.1.c of the GDPR and Article 6 of the LOPDGDD.
  • Provision of Services: To service providers acting as data processors (for example, hosting services, email marketing platforms, etc.), always under strict confidentiality and security clauses, in accordance with Article 28 of the GDPR and Article 28 of the LOPDGDD.

7.3. International Transfers

In the event of international data transfers outside the European Economic Area (EEA), such transfers will be guaranteed in accordance with the safeguards established in Chapter V of the GDPR, such as the adoption of Standard Contractual Clauses approved by the European Commission, the existence of adequacy decisions, or the implementation of Binding Corporate Rules.

  1. 8. User Rights

The User has the right to exercise the following rights in relation to their personal data:

8.1. Right of Access

Request confirmation as to whether the CONTROLLER is processing their personal data and, if so, obtain access to it, in accordance with Article 15 of the GDPR and Article 20 of the LOPDGDD.

8.2. Right to Rectification

Request the correction of inaccurate or incomplete data, in accordance with Article 16 of the GDPR and Article 21 of the LOPDGDD.

8.3. Right to Erasure (Right to be Forgotten)

Request the correction of inaccurate or incomplete data, in accordance with Article 17 of the GDPR and Article 22 of the LOPDGDD.

8.4. Right to Restriction of Processing

Request the restriction of the processing of your data in certain circumstances, such as when the accuracy of the data is contested, in accordance with Article 18 of the GDPR and Article 23 of the LOPDGDD.

8.5. Right to Data Portability

Receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller, when technically feasible, in accordance with Article 20 of the GDPR and Article 24 of the LOPDGDD.

8.6. Right to Object

Object to the processing of your personal data for reasons related to your particular situation, in accordance with Article 21 of the GDPR and Article 21 of the LOPDGDD.

8.7. Right to Not Be Subject to Automated Decisions

Challenge decisions based solely on the automated processing of your data, which produce legal effects or significantly affect you, in accordance with Article 22 of the GDPR and Article 25 of the LOPDGDD.

8.8. How to Exercise Your Rights

To exercise these rights, the User may send a written request to the CONTROLLER at the postal address or email address listed in section 2 of this Privacy Policy. The request must include a copy of a document that proves the requester’s identity.

8.9. Right to File a Complaint

If the User considers that the processing of their data violates current regulations, they have the right to file a complaint with the Spanish Data Protection Agency (AEPD) through its website, in accordance with Article 77 of the GDPR and Article 52 of the LOPDGDD.

  1. 9. Mandatory or Optional Nature of the Information Provided

The fields marked with an asterisk (*) in the Website’s contact forms are mandatory in order to process the User’s request. Failure to provide this information will prevent proper processing. The remaining fields are optional and their inclusion is voluntary.

The User guarantees the veracity of the data provided and undertakes to keep them updated. If their data changes, they must notify the CONTROLLER to maintain their veracity and accuracy, in accordance with Article 16 of the GDPR and Article 21 of the LOPDGDD.

  1. 10. Security Measures

The CONTROLLER implements the necessary technical and organizational measures to
guarantee the security of personal data and protect it against unauthorized access, loss, alteration, or improper disclosure, in accordance with Article 32 of the GDPR and Article 22 of the LOPDGDD. These measures include:

  • Control of Access: Restricting access to personal data to authorized personnel only, using appropriate authentication and authorization systems.
  • Data Encryption: Using encryption technologies to protect data during transmission (SSL/TLS) and storage.
  • Audits and Reviews: Conducting periodic audits to evaluate and improve security measures, in accordance with Article 32.3 of the GDPR.
  • Staff Training: Continuous staff training on data protection and information security, ensuring that staff are informed of their responsibilities.
  • Security Incident Management: Implementing procedures to detect, report, and manage security incidents related to personal data, in accordance with Article 33 of the GDPR.
  1. 11. Use of Cookies and Similar Technologies

11.1. Definition and Function of Cookies

Cookies are small text files that are stored on the User’s device when accessing the Website. These allow us to improve the browsing experience, remember preferences, and analyze Website usage.

11.2. Types of Cookies Used

  • Technical Cookies: Necessary for the operation of the Website, such as session management and user authentication, in accordance with Directive 2002/58/EC and Royal Decree 1720/2007.
  • Performance Cookies: These collect information about how Users use the Website, allowing its operation to be optimized.
  • Functionality Cookies: These allow us to remember User preferences and settings to personalize their experience.
  • Advertising and Marketing Cookies: These are used to manage and display personalized ads based on the User’s browsing habits.

11.3. Cookie Management

The User can manage and configure their cookie preferences through their browser settings. However, disabling certain cookies may affect the proper functioning of the Website.

For more information on the use of cookies, please see our Cookie Policy.

  1. 12. Use of the Website by Minors

12.1. Access and Processing of Data by Minors

The Website is not intended for minors. However, if personal data from minors is collected, it will be done in accordance with Article 8 of the GDPR and Article 12 of the LOPDGDD.

12.2. Consent of Parents or Guardians

If the User is under 14 years of age, the consent of their parents or legal guardians will be required for the processing of their personal data. The CONTROLLER will take all reasonable measures to verify that consent has been granted or authorized by the minor’s parent, in accordance with Article 8.1 of the GDPR.

12.3. Rights of Minors

Minors who wish to exercise their rights regarding their personal data must do so through their parents or legal guardians, who will be authorized to exercise such rights on their behalf, in accordance with Article 8.4 of the GDPR and Article 12.1.d of the LOPDGDD.

  1. 13. Obligations of Website Users

13.1. Accuracy and Updating of Data

The User undertakes to provide truthful, accurate, up-to-date, and complete information when using the Website’s forms and services. They also undertake to keep their personal data updated and to notify the CONTROLLER of any changes.

13.2. Appropriate Use of the Services

The User undertakes to use the services offered by the Website lawfully, respecting current legislation and the rights of third parties. They shall also refrain from engaging in any activity that may damage, disable, or overload the Website or the CONTROLLER’s computer or communication systems.

13.3. Protection of Access Information

The User is responsible for maintaining the confidentiality of their access credentials (username and password) and for any activity carried out under their account. If they detect any unauthorized use of their account, they must immediately notify the CONTROLLER.

13.4. Compliance with the Privacy Policy

The User agrees to comply with the terms established in this Privacy Policy and any other regulations applicable to the use of the Website.

  1. 14. Exemptions of the CONTROLLER According to Law

14.1. Limitation of Liability in Cases of Force Majeure

The CONTROLLER shall not be liable for the breach of its obligations under this Privacy Policy if such breach is the result of a force majeure event, in accordance with Article 79 of the GDPR and Article 35 of the LOPDGDD.

14.2. Legal Obligations of Third Parties

The CONTROLLER cannot be held liable for the failure of third parties acting under its instructions to comply with their data protection obligations, except when it is proven that they have acted negligently, in accordance with Art. Article 82 of the GDPR and Article 35 of the LOPDGDD.

14.3. Public Information

Personal data processed for dissemination or public information purposes, in accordance with applicable law, will not be subject to the restrictions of this Privacy Policy. This includes information published on official websites of the CONTROLLER.

14.4. Specific Legal Requirements

In certain sectors or activities, there may be specific legal requirements that impose additional obligations on the CONTROLLER regarding the processing of personal data. In such cases, the CONTROLLER will comply with these additional obligations in accordance with current regulations.

  1. 15. Third-Party Link Policy

The Website may contain links to third-party websites that are not managed by the CONTROLLER. In such cases, the CONTROLLER’s Privacy Policy will not apply to such sites, and Users are advised to review the privacy policies of each website they visit.

  1. 16. Modifications to the Privacy Policy

The CONTROLLER reserves the right to modify this Privacy Policy to adapt it to new legislation, case law, or technology, or to changes in data processing practices. Updates will be published on the Website and, when necessary, Users will be informed appropriately, in accordance with Article 12.6 of the GDPR and Article 21 of the LOPDGDD.

(AFI-E10284)