Privacy Policy

TREATMENT OF PERSONAL DATA

At VINOS DE LOS HEREDEROS DEL MARQUÉS DE RISCAL, S.A. we care about the personal data that we process and that prevailing legislation on personal data protection is strictly complied with, among others Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC and Organic Law 3/2018, of 5 December, on Personal Data Protection and digital rights guarantee.

As such, we provide information on the following matters relating to the personal data processing that we perform at MARQUÉS DE RISCAL:


Who is responsible for processing your personal data?

Identity: VINOS DE LOS HEREDEROS DEL MARQUÉS DE RISCAL, S.A.
Tax ID:: A01000306          

Address: Calle Torrea 1, 01340 de Elciego (Álava)    

Tel.:: 945 60 60 00             

E-mail: marquesderiscal@marquesderiscal.com


With regard to the bodega tour section and the sub-domain visitas.marquesderiscal.com, responsibility for processing corresponds to:

OwnerSERVICIOS AGRUTURÍSTICOS RISCAL, S.L.
Tax ID:  B01342872          

Address: Calle Torrea 1, 01340 de Elciego (Álava)     

Tel.: 945 60 60 00              

E-mail: marquesderiscal@marquesderiscal.com.


With regard to the Asador Torrea section, responsibility for processing corresponds to:


Owner: ASADOR TORREA, S.L.
Tax ID:  B01570159
Address: Calle Torrea, nº 1
              01340 Elciego (Álava)
Tel.: 945 60 60 00
E-mail: marquesderiscal@marquesderiscal.com.


With regard to the online store, responsibility for processing corresponds to:

Owner: BODEGA DE LOS HEREDEROS DEL MARQUÉS DE RISCAL, S.L.U.
Tax ID:  B01414531
Address: Calle Torrea, nº 1
              01340 Elciego (Álava)
Tel.: 945 60 60 00
E-mail: marquesderiscal@marquesderiscal.com.


This is without prejudice to the fact that, in certain cases, such companies may be considered co-responsible for the processing, as in the case of processing derived from the contact section.


Therefore, the references made in this legal notice to MARQUÉS DE RISCAL will be understood to be made to the previously mentioned companies.


Contact details for Data Protection Officer
In MARQUÉS DE RISCAL we have appointed a Data Protection Officer who has the following contact data:

Address: Calle Torrea, nº 1

              01340 Elciego (Álava)

E-mail: dpo@marquesderiscal.com.


Principles related to processing

In processing personal data we respect the principles demanded by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (Hereinafter the RGPD).

  • Principle of lawfulness, faithfulness and transparency: the data we collect are processed in a lawful, faithful and transparent way, with the prior consent of the interested parties where necessary, or if applicable, for the execution of a contract which the interested person is party to or for the application of pre-contractual measures at the request of the latter, or when, if the processing is necessary for complying with an applicable legal obligation, to protect the vital interests of the interested person or other natural person, or for the satisfaction of the legitimate interests pursued by the person responsible or a third party, providing that the interests or fundamental rights and liberties of the interested party do not prevail over said interests which may require the protection of personal data, in particular when the interested party is a child.
  • Principle of limitation of purposethe personal data which we process are used for the purposes indicated in the section “For what purpose do we use your personal data”.
  • Principle of minimisation of data: in accordance with this principle, the only personal data we collect from users are those strictly necessary for managing the purposes described in the section “For what purpose do we use your personal data
  • Principle of accuracy: the personal data we collect will be kept accurate and updated whenever necessary. For this purpose, if there should be any change in the user’s personal data, they should inform us so that we can make the corresponding amendments.
  • Principle of limitation of the time they are kept: the personal data that we process will be kept for the periods indicated in the section “How long do we keep your personal data?”.
  • Principle of integrity and confidentiality: to respect this principle, the personal data will be processed in such a way that appropriate security is guaranteed, including protection against unauthorised or unlawful processing, and against their loss, destruction or accidental damage, applying the appropriate technical and organisation measures for this purpose.


What kinds of personal data do we process?

The categories of data we process via this web site and the sub domains visitas.marquesderiscal.com and tienda.marquesderiscal.com are:

  • Data gathered via the booking form for the services of the City of Wine: name, surnames, city of residence, country, email, telephone, data related  to the reservation of the visit and comments.
  • Data gathered via the winery visits form: ID/VAT Nº, name and surname, postal address, telephone, email, bank card.
  • Data gathered via the form for purchases: ID/VAT Nº, name and surname, postal address, telephone, email, purchases made, bank card.
  • Data gathered via the Club Amigos Riscal form: name and surname, email address.

All the personal data requested are compulsory so that if the user does not facilitate one of them, we will not be able to deral with their request and, therefore, we will not be able to fulfill the purpose associated with the corresponding form.

For their part, through the use of cookies information is gathered regarding the behaviour of the users on the web site, the pages visited, provenance, geographical location,  IP addresses, although such information will be collected in an aggregated way, that is, without identifying the users. You can consult information regarding the cookies we use in the Cookies Policy.


For what purpose do we use your personal data (whether or not users of the web page)?

  • Data regarding customers and purchases from the online shop: for the correct administration, performance, compliance and control of the contractual relationship with customers, for the handling and shipment of orders or purchases they make and of the services they request.

    Furthermore, we will use the identification and contact details for conducting customer satisfaction surveys and for sending, via electronic or traditional means, technical, operational and/or commercial information of news and commercial information about the promotions, activities, products and services of Marqués de Riscal.

    In this sense, to manage them in a more efficient, dynamic and effective way  and to enable us to control the commercial information we send via email better, we use ActiveCampaign, a platform developed by ActiveCampaign, Llc., the use of which involves allowing the providers of this service to include monitoring devices in these messages to receive information about the recipients’ activities, so as to control the opening of the emails and the clicks on the links contained in the messages and thereby draw up reports from the data gathered regarding the monitoring of campaigns.

  • Supplier data: for the correct maintenance, execution, compliance and control of the contractual relationship with our suppliers and of the services they provide.

  • Staff data: for the maintenance, execution, compliance and control of the contractual relationship with our employees, as well as compliance with the current labour, Social Security and Occupational Risk Prevention legislation and regulations that may be applicable.
  • Applicants’ data: to manage the participation of the interested parties in the company’s staff recruitment selection processes.
  • Data collected through contact section: to manage and respond to enquiries, complaints, suggestions and requests made by users through the web page.
  • Datails of the members of the  Club Amigos Riscal: in order to manage their adhesion and club membership, and, consequently, the rights and benefits they have as members as well as the purchases they make.

    Furthermore, we will use the identification and contact details for sending, via electronic or traditional means, technical, operational and/or commercial information about the offers, promotions, news, activities and other information about the products and services of Marqués de Riscal.

    In this sense, to manage them in a more efficient, dynamic and effective way  and to enable us to control the commercial information we send via email better, we use ActiveCampaign, a platform developed by ActiveCampaign, Llc., the use of which involves allowing the providers of this service to include monitoring devices in these messages to receive information about the recipients’ activities, so as to control the opening of the emails and the clicks on the links contained in the messages and thereby draw up reports from the data gathered regarding the monitoring of campaigns.

  • Data collected through the Asador Torrea table booking form: to manage bookings in our Asador Torrea restaurant.
  • Data collected through the bodega tour booking form: in order to manage bookings and winery tours as wellas to conduct customer satisfaction surveys and to send, via electronic ortraditional means, technical, operational and/or commercial information aboutthe offers, promotions, news, activities and other information about theproducts and services of Marqués de Riscal.

In any case, regarding the sending of commercial information about Marqués de Riscal to clients and winery visitors who make their reservation through our website, we inform you that in order to manage in a more efficient, dynamic and operative way and to be able to have a better control of such sending that we make by e-mail ActiveCampaign, a platform developed by ActiveCampaign,Llc., whose use implies the installation by the provider of this service of tracking devices for the activity of the recipients, in order to control the opening of the emails and the clicking of the links contained in the emails, and to be able to prepare with the information collected reports on the monitoring of the campaigns.


What is the legal basis for processing your personal data?

  • Customer data: the legal basis for processing the personal data of customers is the execution of the contract or dealing with orders they place. With regards to customer satisfaction surveys and the sending of marketing material, the legal basis is the satisfaction of the legitimate interests of MARQUÉS DE RISCAL pursuant to article 6.1. f) of the RGPD, based on the provisions of Report 195/2017 of the AEPD. This will be notwithstanding the possibility of the customer to oppose the sending of this marketing information.
  • Supplier data: the legal basis for processing the personal data of suppliers is the execution of the contract or commercial relationship which exists with the company.
  • Staff data: the legal basis for processing the personal data of staff is the execution of the employment contract between the company and its employees.
  • Applicants’ data: the legal basis for processing the personal data of the interested party is the consent they give by giving us their curriculum vitae in order to participate in the staff selection processes we may have.
  • Data collected through the contact section: the legal basis for processing your personal data is the consent given by contacting us and, consequently, the need for this processing in order to deal with and respond to the request for contact that you make.
  • Details of members of the Club Amigos Riscal: the legal basis that legitimises the processing of their personal details is that this is necessary for executing the contract to which they are party.

    With respect to customer satisfaction surveys and the sending of commercial information, the legal basis which legitimises the treatment of their personal details is that this is necessary for satisfying  the legitimate interests pursued by MARQUÉS DE RISCAL as contemplated by articule 6.1. f) of the data protection Act (RGPD), based on the provisions of the AEPD Report 195/2017. This is notwithstanding the possibility that they have to oppose  the sending of this commercial information. To this effect, in each communication which we send, we will offer the possibility of cancelling the subscription and to cease to receive them.

  • Data collected through the Asador Torrea table booking form: the legal basis for the processing of personal data is the execution of a contract to which the interested person is a party.
  • Data collected through the bodega tour booking form: the legal basis for the processing of personal data is the execution of a contract to which the interested person is a party. For sending sales information, the legal basis is the satisfaction of the processor’s legitimate interests.

For sending sales information, the legal basis isthe satisfaction of the processor’s legitimate interests pursued by MARQUÉS DERISCAL as provided for in Article 6.1. f) of the RGPD, based on the provisionsof Report 195/2017 of the AEPD. This shall be without prejudice to thepossibility they have of opposing the sending of such commercial information.


How have we obtained your personal data?

All the personal data that we process are provided to us by the interested parties themselves or by their legal representatives.

 The personal data we collect via the web site have been gathered through the various forms provided or through the email addresses established for contacting us.


Who will your personal data be shared with?

The personal data of customers, suppliers and employees will be shared, if applicable, with the tax authorities for compliance with legal and tax obligations, as well as with the banking establishment/s through which VINOS DE LOS HEREDEROS DEL MARQUÉS DE RISCAL, S.A. collect payments (in the case of customers) and make payments (in the case of suppliers and employees).

The personal data of customers, suppliers, employees and applicants may be shared with other MARQUÉS DE RISCAL companies (indicated in the initial section of this privacy policy) for internal administrative purposes.

In the same way, for some issues we use services of third parties, who act as data processors, with whom we have signed the corresponding data processing contract in accordance with Article 28.3 of the RGPD.


Transfers of personal data to third countries
In order to manage in a more efficient, dynamic and operational way and to be able to have a better control of the commercial communications that we send by e-mail we use ActiveCampaign, a platform developed by ActiveCampaign, Llc., a company that acts also as a processor and that, despite being outside the European Union and the European Economic Space, the international transfer of data that implies its use also has the appropriate guarantees contemplated in the article 46.2 c) of the General Regulation of Data Protection (standard contractual clauses adopted by the European Commission).

Privacy Policy of ActiveCampaign

Typical ActiveCampaign Contractual clauses


We inform you that the use of this platform implies the installation by the provider of the mentioned service in the mentioned mailings of tracking devices of the activity of the recipients, in order to control the opening of the mails and the click of the links contained in the mails, and to be able to elaborate with the information obtained reports of tracking of the campaigns.


How long will we keep your personal data?

  • Client and supplier data: their personal data will be stored for the duration of the corresponding contractual relationship and, once this has terminated, for the period of the limitation of liabilities established by the applicable legal provisions.

Regarding the sending of commercial information to customers, we will keep their identification and contact information until they express their refusal to continue receiving it.

  • Staff data: employees' personal data will be stored for the duration of the employment contract and, once this has terminated, for the period of the limitation of liabilities established by the applicable legal provisions.
  • Candidate data: the personal data of candidates will be stored for a maximum period of two years.
  • Data collected through the contact section: the personal data provided by users who contact us will only be stored while their request is being dealt with so that, once their request has been processed, their details will be deleted.
  • Details of members of the Club Amigos Riscal: we will store your personal details so long as you remain a member of the Club Amigos Riscal and, afterwards, for the time necessary to meet legal requirements.

    Nevertheless, with respect to receiving commercial information, your personal identifcation and contact details will be kept so long as you do not ask to stop receiving information. In this regard,  in each communication which we send, we will offer you the possibility of cancelling the subscription and ceasing to receive them.

  • Data collected through the Asador Torrea table booking form: the personal data will be kept only during the management of the reservation request in such a way that, once it has been completed, it will be deleted.
  • Data collected through the bodega tour booking form: the personal data will be kept until the bodega visit has taken place and, subsequently, during the time necessary to meet legal obligations. In the case of sending marketing material, personal data will be stored for as long as the interested parties do not withdraw their consent. 

    In this regard, in each communication we send, we will offer you the possibility of cancelling the subscription and ceasing to receive them.

  • Data from users of our social media profiles: the periods of storage for personal data from our followers on social media depend on the policies of each social network, although we will only process it while they follow us.


What rights do you have when you provide us with your personal data?

  • Right to request access to your personal data: to learn and verify the legality of the processing, you may request confirmation as to whether MARQUÉS DE RISCAL are processing your personal data at any time and if this is the case, we will inform you, among other matters, of the data we are processing, its purpose, source, expected data storage period and where appropriate, recipients or categories of recipients.
  • Right to request amendment of data: you can request the amendment of any personal data that is inaccurate or ask us to complete any incomplete data through an additional declaration. In such a case you must indicate in your request which data you are referring to and the correction that should be made, attaching, where appropriate, supporting documentation of the inaccuracy or incomplete nature of the data being processed.
  • Right to request data deletion (“right to be forgotten”): you can request that your personal data be deleted and no longer processed if it is no longer necessary for the purposes for which it was collected or if processed in another way, withdraw consent, or it has been processed illegally or must be deleted to comply with a legal obligation.
  • Right to request limitation of personal data processing: in this case MARQUÉS DE RISCAL will only hold your personal data for the formulation, exercise or defence of claims, or with a view to protecting the rights of another legal entity or individual or for overriding public interest.
  • Right to the portability of your personal data: you can request that we hand over your personal data, to you or another person as indicated by you, in a structured, usable and readable format.
  • Right to oppose the processing of your data: MARQUÉS DE RISCAL will stop processing your personal data as you indicate, unless we have to continue processing it for compelling legitimate grounds or for the formulation, exercise or defence of potential claims.

How to exercise your data protection rights: to exercise your rights please send a written request to MARQUÉS DE RISCAL, indicating the company before which you exercise your right, Calle Torrea, 1, 01340, Elciego, Álava, Spain or send an email to dpo@marquesderiscal.com, attaching in any case a photocopy of your national identity document.

MARQUÉS DE RISCAL will respond to the requests within the periods and under the conditions required by prevailing personal data protection legislation.

How to lodge a complaint with the Spanish Data Protection Agency: if you consider that we have not properly processed your personal data or that we have not duly assisted you in exercising your data protection rights, you can lodge a complaint with the Spanish Data Protection Agency, either via its website or its address, at 6, Calle Jorge Juan, 28001, Madrid. Further information on data protection rights and complaints to the supervisory authorities is available on www.agpd.es.


Security

In accordance with that provided in article 32 of the GDPR, MARQUÉS DE RISCAL have adopted the appropriate technical and organisational measures to ensure a level of security that is appropriate to the risk presented. 

Data processing risks have been taken into account in order to assess the appropriate security level, in particular as a result of the destruction, loss or accidental or illegal alteration of the personal data transferred, stored or processed in a different way, or the communication or unauthorised access to such data. 


Obligation to secrecy

MARQUÉS DE RISCAL have adopted measures to ensure that any person acting under their respective authority with access to personal data provided by users, can only process them by following the company's instructions, as well as maintaining their professional confidentiality, which will be of an indefinite duration. 

To this effect, our employees have signed a confidentiality and obligation to secrecy document regarding the information and personal data that they process in the course of their existing employment relationship with the company.


Website use by minors

We ask our users to read the policies on the use of the website by minors that we have published on the "Legal advice" section of our website.


Social media

  • Social media profiles: MARQUÉS DE RISCAL has profiles on some of the main social networks that currently exist, and it may process the personal data of our followers, people that appear in the posts that we publish (for example photographs) and people who send us private messages. 
  • Data processing and purpose: the data processing that MARQUÉS DE RISCAL will perform will be limited and conditioned by the policies and functions of each social network.  

When a user becomes one of our followers on a social network they consent to us using their personal data solely in the environment of the corresponding social network to manage our page or profile and to the two-way communication that we may have with our followers via chat, messages or other means of communication provided by the social network both at the present time and in the future. This means that we will have access to their profile information that appears in the comment, for example and without limitation, to their username, image (in the event that the user has a profile picture), and any comments made. 

We would also like to inform you that when a user becomes one of our followers, the news that we publish will also appear on their wall and, should they make comments on ours, both their comment and their profile name and, where appropriate, their profile picture, will be visible to other followers. In any case, users are responsible for their own use of social media. We will not use users' personal data for any purposes other than those indicated in the previous paragraphs or to send them information in any other way other than through the social network in question. Unless the interested party gives their consent or asks us to fulfil a request, we will not extract personal data from the social media environment.

  • Data protection rights: with regard to the rights of access, amendment, deletion, processing limitation, opposition and portability of their personal data we can act in accordance with the possibilities allowed by each social network. MARQUÉS DE RISCAL will provide all the assistance it can so that the interested party can exercise their aforementioned rights. Any of our followers can cease to follow our page or profile at any time and we would no longer have any access to their personal data, although the social media in question will save the comments that have previously been posted on our wall.  In any case, users are responsible for their own use of social media, and therefore, MARQUÉS DE RISCAL does not accept any liability for this.


 Cookies

Cookies are small text files which are stored on the hard-drive or memory of the computer used to access or visit the pages of certain websites, storing user preferences for when they next connect. The cookies stored on the hard-drive cannot read the data stored on the hard-drive, access personal information or read cookies created by other providers. For further information on the cookies used on this website, read the "Cookies policy" section.


Text dated: 28 June 2021