Privacy policy

In compliance with data protection regulations, RGPD (EU) 2016/679 of 27 April (RGPD) and L.O. 3/2018 of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDYGDD), we inform you in a clear and simple way about the most relevant aspects of our privacy policy. However, if once you have read this information you have any questions, please do not hesitate to contact us.

The Data Controller, BODEGAS MARQUÉS DE TERÁN S.L., with N.I.F. Nº: B26365312, Postal address at Carretera de Nájera s/n, Ollauri (La Rioja), Telephone: 941338373 and contact email:; informs you that the personal data you provide through this website will be treated in accordance with current legislation on the protection of personal data in Spain and the European Union.
The data provided by the user must be accurate and respond truthfully to the current situation of the person concerned. The user is solely and ultimately responsible for the accuracy of the information provided on our website.
What personal data is collected on this website?
For the purposes established in this Data Protection Policy, Bodegas Marqués de Terán S.L., collects and treats the Personal Data detailed below, which will depend on the different products or services requested in this Web:
– Identification data: name and surname, ID card number.
– Contact data: postal address, e-mail, telephone number, user name.
– Contractual data: data of contractual operations, NIF, products purchased, financial operations, payment data.
– Navigation data: IP address, type and identification of the device, type of browser, domain through which you access the website, navigation data, activity on the Website.
Purpose and lawfulness of processing
I. Web contact email: we process the data you provide us with to answer the requested query. The legitimacy is the consent of the data subject, Article 6.1.a) RGPD.
II. Sales of products and/or services: the purpose of the data processing is the provision of the products and/or services contracted. The legitimacy is the performance of a contract to which the data subject is a party or for the implementation at the request of the data subject of pre-contractual measures, article 6.1.b) RGPD.
III. Creation of a membership account: the data are processed to manage the creation of your membership account so that you can access it. The legitimacy is the consent of the data subject, article 6.1.a) RGPD.

IV. Sales made through our website: The data are processed for the management of the online sale. The legitimacy is to execute a contract, article 6.1.b) RGPD.

V. Commercial communications: the data are processed for commercial and promotional purposes. The legitimacy is the explicit consent of the data subject for commercial communications by electronic means article 6.1.a) RGPD, and legitimate interest when applicable art. 21 of Law 34/2002, article 6.1. f) of the RGPD.
No automated decision making or profiling is foreseen.
How long do we keep personal data?
The data will be kept for the time necessary depending on the purpose for which they were provided or collected, without prejudice, where appropriate, the exercise of your right of deletion, which will entail the blocking of data for as long as legal obligations persist, or, where appropriate, until you withdraw your consent to send commercial information.
We may retain personal data after the end of any relationship with the person concerned in order to comply with legal obligations. In any case, they will be kept for the minimum necessary period, and may be kept until:
Accounting and tax documentation for commercial purposes may be kept for a period of 6 years (article 1964 Code of Commerce) and for tax purposes for a period of 4 years (arts. 66 et seq. General Tax Law). And for the purposes of article 25 of the Law for the Prevention of Money Laundering and Financing of Terrorism, for a period of 10 years.
The Data Controller does not communicate personal data to third parties except by legal obligation or in cases for which the interested party consents after having been duly informed.
How do we protect your data?
The Data Controller adopts the necessary security measures to guarantee the confidentiality, integrity and availability of your data, adopting the necessary technical, organizational and legal measures to protect them against third parties.

Your data will only be processed by the parties strictly necessary for the processing of your data and will be stored on physical servers located in the European Union using an SSL certificate. The SSL certificate is a security protocol that makes the data travel in an integral and secure way, that is to say, the transmission of data between a server and a user, and in feedback, is totally encrypted or encrypted.
What are your rights?
You can exercise, in accordance with the provisions of Articles 15 to 22 of the GDPR 2016/679, before the Data Controller, through the postal and/or email addresses indicated in the contact details, the following rights:
– Right of access. Right to request access to your data to check what personal data is being processed, for what purpose and the retention period, among other information.
– Right of rectification. The right to request that your data be rectified when it is no longer accurate.
– Right of deletion or elimination. The right to request that your data cease to be processed and be deleted.
– Right of restriction. The right to request the limitation of data processing.
– Right of opposition. The right to oppose the Data Controller to continue processing your data, in which case it may only keep your data for legitimate interest or the exercise or defense of possible claims.
– Right of portability. The right to receive the personal data concerning you that you have provided to the Data Controller and to transmit it to another Data Controller.
Possibility of withdrawing consent: in the event that consent has been given for a specific purpose, the data subject has the right to withdraw consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
Claim before the Control Authority: If you consider that the processing of your data infringes the applicable personal data protection regulations, you may file a claim before the competent Control Authority, in Spain, the Spanish Data Protection Agency.
Updating and modification of this Privacy Policy
The information appearing on this website is current as of the date of its last update.
The Data Controller reserves the right to modify this policy to adapt it to future legislative developments, as well as to future uses it plans to make of your personal data. In the event that such modification would affect you with regard to the processing of your data, for example, because some additional processing of the same, not previously informed, will be carried out, we will proceed to notify you of it.