Introduction
We have a high level of commitment to individuals’ privacy, and therefore, the protection of personal data is important to us.
We process data in accordance with the provisions of the EU General Data Protection Regulation 2016/679, the Organic Law 3/2018 on Personal Data Protection and Digital Rights Guarantee, and other applicable regulations.
This Privacy Policy was revised in November 2022 to comply with the information and transparency obligations of the website and the general responsibilities, making the general terms of the data controller accessible to any type of interested party, not just the website users. There may be variations until the next review.
Who is responsible for processing your data?
Responsible Party: JUICY&FRESH SPAIN S.L.
NIF/CIF: B30896286
Address: 624544 – Dubai – Emiratos Árabes Unidos
Email: vladys@juicy-fresh.com
What is the origin and type of data we process?
The origin of the information we process may fall into the following categories:
- Paper, electronic, or digital forms.
- Communication and messaging systems: email and messaging applications, phone, etc.
- Other lawful sources and origins of information.
The different categories of data we may process depending on the type of interested party (user, client, supplier, employee, etc.) and the nature of the controller’s activity include:
- Identifying data, such as name and surname, image.
- Identification codes or keys, such as username, employee code.
- Postal or electronic contact addresses, such as phone, email, social media profiles.
- Personal and professional characteristics, such as age, date of birth, qualifications, professional experience, curriculum vitae.
- Economic, financial, and insurance data, such as bank details, credit card information, etc.
- Economic and non-economic payroll data and other labor-related information, such as job position, payroll document, etc.
- Transaction data, such as goods and services supplied and received.
- Special category data, such as union membership, racial origin.
- Other necessary or implicit data and information for the development of our activities, services, and purpose.
For what purpose do we process your personal data?
In general, data is processed to successfully carry out the actions implicit in the normal development and management of the controller’s activities. However, we can specify different processing purposes depending on the possible existing categories of interested parties:
- Clients and potential clients: management and maintenance of commercial, pre-contractual, and contractual relationships; internal administration; economic management; advertising and marketing; customer service.
- Collaborators, creditors, and suppliers: management and maintenance of commercial relationships, internal administration, and economic management.
- Employees: management, development, and maintenance of the employment relationship, human resources management, communications, training activities, occupational risk prevention, workday registration, and other purposes derived from legal obligations and development of employment relationships.
- Candidates: management of received curricula, management of job offers, and personnel selection.
- Website and social media users: user support and communication management between parties.
- Visitors: visitor support and access control to facilities.
The information of any other category of interested parties processed by the controller will be handled within the framework of its activity, in strict compliance with applicable regulations, and under the general criteria of this Privacy Policy.
Other general purposes that the controller may implement are:
- Creating a commercial profile to improve your experience by personalizing offers and communications. Individual decisions will not be made based on this profile and will be acted upon with legitimate interest.
- Video surveillance for the security of goods and people, as well as the corresponding labor control based on legitimate interest.
- Telephone switchboard to record communications for security, warranty, and quality of service, based on legitimate interest.
- Financial risk analysis and control of monetary obligations. In the case of debtors with certain, due, and payable outstanding payments, the controller may communicate this circumstance to credit solvency files, debtor files, and debt management or collection services, among others, based on legitimate interest.
- Communications: development and execution of communications through the available contact data and means (email, instant messaging, etc.) with internal (employees) and external (clients, potential clients, collaborators, suppliers, etc.) categories of interested parties. The purposes of such communications may be informative, organizational, commercial, and advertising, as appropriate based on informed consent and the controller’s legitimate interest.
- Other purposes derived from the nature of the controller, motivated by the normal development and exercise of its activity from a valid legitimate basis.
How long will we keep your data?
In general, personal data will be retained at least as long as there is a relationship with the interested party, unless deletion is requested, liabilities may arise, or there is a legal retention provision.
Regarding data from candidates and job seekers, it will be deleted immediately when they are not of interest to the controller.
The data controller has an inventory of retention periods in its data protection plan, which it observes to manage the different applicable retention periods.
Data deletion will be carried out in any case ensuring their confidentiality.
What is the legal basis for processing your data?
The controller observes and applies the various existing legal bases that apply to each processing purpose. These are:
- Informed consent of the interested party.
- Pre-contractual or contractual commitments.
- Legitimate interest of the controller.
- Applicable legal obligations.
- Other legally prescribed legal bases.
To whom will your data be communicated?
The data of the interested parties will not be communicated to any third party by default, except for: a) auxiliary services, authorized data processors, or other implicit third parties necessary for the proper provision of goods and services; b) competent public authorities and administrations in the exercise of their functions; c) other legitimate interested parties and legally provided third parties.
What are your rights when you provide us with and/or we process your data?
As an interested party, you may at any time request us to exercise any of the following rights that assist you in data protection matters:
- Access to the personal data of the interested party to confirm whether or not data concerning you are being processed and to obtain more information about this processing.
- Rectification or Deletion of personal data concerning the interested party when, among other reasons, they are inaccurate or no longer necessary for the purposes for which they were collected.
- Limitation of the processing of personal data of the interested party in certain circumstances, in which case they will only be kept for the purpose of exercising or defending claims, protecting the rights of another person, or for reasons of public interest.
- Receive the personal data concerning you, which you have previously provided to us, in a structured format whenever possible (Data Portability).
- Object to the processing of your data in certain circumstances and for reasons related to your particular situation. The company will cease processing your data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
- Revoke consent, which may entail the cancellation or termination of the existing business or contractual relationship if any. Without prejudice to the processing carried out prior to the withdrawal of consent.
To do this, you only need to contact us through the email or postal address indicated at the beginning.
Optionally, you can also contact our designated data protection officer or the Data Protection Agency to learn more about your rights or request their protection from the supervisory authority.
Data Security
We adopt the necessary technical and organizational measures in our information system to ensure an adequate level of confidentiality, integrity, availability, and resilience of the data.
However, to the extent permitted by law, we do not assume any responsibility for damages and losses caused by third-party alterations to our information system. Any security breach will be promptly and appropriately communicated to the competent authority and/or law enforcement agencies.
Sending Communications or Information
Our policy regarding sending information through telematic means (email, instant messaging, etc.) is limited to sending only communications that we consider of interest to our users and interested parties, in relation to the company’s functions and activities, or that you have consented to receive.
If you prefer not to receive these messages, we will offer you the opportunity to exercise your right to cancel and opt-out of receiving these messages, in accordance with the provisions of Title III, Article 22 of Law 34/2002 on Information Society Services and Electronic Commerce.
Social Media
The controller may have a presence on social media through the corresponding profiles, applying this section and any legal and privacy terms present on the website for the processing of user data who follow or somehow connect to these profiles.
The purposes of using these profiles by the controller are communication, commercial development, marketing, and advertising.
Users who follow and/or participate in our profiles will refrain from:
- Publishing content or information contrary to the law, morality, and good faith. No illicit, annoying, inappropriate use or behavior that may generate negative opinions on the profile or infringe on individuals’ rights is allowed.
- Behaving contrary to the principles of legality, honesty, responsibility, protection of human dignity, protection of minors, protection of public order, protection of privacy, consumer protection, and intellectual and industrial property rights.
The controller reserves the right to remove any content considered inappropriate without prior notice. Additionally, it disclaims any responsibility regarding the security measures corresponding to each platform, and the user must be aware of them along with the legal terms and conditions of use of the platform itself.
Ethical Channel and Anti-Harassment Protocol
Data provided by any interested party through the available procedures in our Ethical Channel will be processed based on informed consent, the legitimate interest of the controller, and compliance with legal obligations.
The processing purpose will be the management and control of possible communications and complaints under the conditions established in our Ethical Channel.
The data of any interested party or affected person, who makes the communication or complaint, employees, and third parties will be retained only for the necessary time to decide whether any investigative action is warranted. In any case, the provided information will be deleted ensuring its confidentiality when the legal retention or custody periods of the evidence expire.
No automated decisions or profiling will be conducted concerning the collected information and data.
The data may be communicated to third parties when necessary for disciplinary measures or legal proceedings that may follow.
Any interested party may exercise their data protection rights under the terms set forth in this privacy policy.
Users should be aware that the provided information and data are confidential and reserved.
In general, these same terms apply to the anti-harassment protocol implemented by the controller, with data processing conducted according to these terms and privacy rights.