Privacy Policy

URGEL GANADERA SA (hereinafter the Entity) is committed to due diligence and compliance with data protection regulations.
Detailed information on the confidentiality and personal data protection policy is provided below, in compliance with the provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) and Article 11 of Organic Law 3/2018 of December 5, 2018, on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD).
Data Controller and contact information for the Data Controller/Data Protection Officer (DPO/DPO):

  • Identity: URGEL GANADERA SA
  • Address/Postal Code: Carretera Lleida 75 N-240
    25430 Juneda, Lleida
  • Telephone: +34 973 150 150
  • Email: info@urgasa.com
  • Contact information for the DPO/DPO:
  • Channel:

Purposes of processing

The Entity will process the information provided to us by interested parties for the following purposes:

  • To manage your service, visit, and meeting at our facilities.
  • To manage the provision and execution of the contracted services and products.
  • To manage any type of request, suggestion, or petition regarding our professional services submitted by interested parties.
  • Informative and commercial communications: processing of your data for the purpose of informing you about activities, articles of interest, and general information related to our business and the contracted services/products.
  • Managing data provided by job candidates through their Curriculum Vitae (CV) or other means for the purposes of the selection and recruitment process.
  • Ensuring the security of offices, facilities, and personnel through access controls, video surveillance systems, and other access control/identification systems.
  • Complying with the legal provisions applicable to the Entity and its activities in the areas of healthcare, equality, and occupational risk prevention.
  • Managing and monitoring the operation of the internal mechanisms, policies, and protocols established by the Entity for regulatory compliance purposes and for managing reporting channels for this purpose.
  • All processing operations that are applicable to us for due compliance with the official/sectoral regulations and requirements to which our activity is subject.

For the proper performance and development of your service and management of the aforementioned purposes, the processing of your data for the purposes corresponding to those mentioned above will be carried out in strict compliance with the Data Protection regulations and the Policy detailed below. You may exercise your rights at any time (see specific section).

Data retention criteria

  • Management of services/products contracted with the Entity: the personal data provided in the contracts, offers, and/or service proposals, as well as those of other persons whose intervention is necessary, will be retained for the duration of the contracted services. Upon completion of the provision of the contracted service(s), personal data will be retained in cases where liability may arise with the Entity and/or in compliance with other regulatory frameworks applicable to the Entity or a law requiring its retention. Personal data will be kept in a manner that allows for the identification and exercise of the rights of those affected, and under the necessary technical, legal, and organizational measures to guarantee their confidentiality and integrity.
  • Curriculum Vitae Management: The Entity, as a rule, retains your Curriculum Vitae for a maximum period of one year. After this period, it will be automatically destroyed, in compliance with the data quality principle.
  • Employment Contract Management: Personal data will be kept, in all cases, for the duration of the employment relationship and, upon termination, in cases that may give rise to liability between the parties and when required by law.
  • Other: All other data and information provided by the user by any means will be kept for as long as necessary to fulfill the purpose for which it was collected.

Legitimation

The legal basis that authorizes the Entity to process the personal data of users, clients, and/or potential clients is based on the following:

The consent of the interested parties for the processing and management of any request for information or inquiries about our services and products.
The consent given by job candidates for selection and recruitment purposes.
The framework for the provision and/or contracting of services/products with the Entity.
The legitimate interest to send you informative, commercial, and/or promotional offers related to the Entity’s activities and the contracted services/products via email or any other means.
Compliance with legal obligations and internal regulatory compliance procedures.
The legitimate interest to ensure the security of offices, facilities, and personnel.
Recipients

Personal data is not transferred to third parties, except as required by law.

Source

Personal data is obtained directly from the interested parties and our collaborators. The categories of personal data you provide us with are:

Identification data.
Postal or email addresses.
Data provided and/or consented to by the data subjects themselves, related to and necessary for the management and delivery of the requested service/product.

Rights

Right of Access, Rectification, and Deletion: Data subjects have the right to obtain confirmation as to whether or not the Entity is processing personal data concerning them. Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

Right to Restriction and Objection: In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain it for the exercise or defense of legal claims. In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. The Entity will cease processing the data in this case, except for compelling legitimate reasons, or to exercise or defend potential claims.

Right to revoke consent: Data subjects have the right to withdraw their consent at any time, except in the case of personal data processing provided for in the Data Protection regulations or necessary for the provision of the contracted service, which do not require such consent. However, this withdrawal has no retroactive effect and therefore will not affect the lawfulness of processing based on previously granted consent.

These rights may be exercised on our Channel (see specific section).

Security and Control Measures

General

In compliance with data protection regulations, the Entity will process personal data by applying appropriate technical, legal, organizational, and security measures to ensure the confidentiality and integrity of the information it manages in accordance with current regulations.

We appreciate you informing the Data Controller/Data Protection Officer, using the contact information/Channel established in this Privacy Policy, of any security risk you suspect or are aware of that could compromise the integrity and confidentiality of personal data and/or confidential information. This will enable us to take the necessary measures to prevent unauthorized processing, loss, destruction, or accidental damage.

Cybersecurity

As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage potential attacks and fraud by cybercriminals that threaten the privacy and protection of the data that our Entity processes and accesses within the scope of its activities and operations.

In this regard, we would like to warn that in the event of potential risk situations due to communications whose content and/or format raise doubts about their authenticity, we recommend disregarding them and contacting the Data Controller/Data Protection Officer through the contact information indicated in this Privacy Policy.

Likewise, any request you receive from our entity regarding changes to payment methods, requests for data or contact persons, or confidential (non-public) information, bank and/or credit card details, and/or other official data, should not be addressed without direct confirmation from our entity through an alternative means. We appreciate and need your cooperation.

CONTACTO