Privacy Policy
- Purpose
The purpose of this Privacy Policy is to inform individuals (hereinafter, users or data subjects) who visit our website (hereinafter, website, site or web) about how we collect, process and protect the personal data that they decide to provide to us by any means (forms, emails, telephone, contracts, etc.) so that, after reading it, they may freely decide whether they wish us to process their data. Additionally, it serves to expand on the information we have previously provided to data subjects in the information clauses included in the different processes where their personal data are collected.
Likewise, this policy is intended to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, GDPR), and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights (hereinafter, LOPDGDD).
- Who is the controller of your personal data?
| Entity: | VEGANIC NATURE, S.L. |
| Tax ID (CIF/NIF): | B56868268 |
| Postal address: | Carrer de la Verge del Remei, 1, 46185 La Pobla de Vallbona, Valencia |
| Telephone: | +34 614 28 03 90 |
| Email: | info@veganic.bio |
| Corporate purpose: | Manufacturing and sale of products for agriculture |
| Website: | https://veganic.bio/ |
| Registry details: | Registered in the Commercial Registry of Valencia: Volume 11492, Book 8770, Page 141, Section 8, Sheet V 215330 |
- On what legal basis will we process your data?
The processing of your personal data by our entity will be carried out on one or several of the following legal bases:
Article 6.1 a) GDPR:
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Article 6.1 b) GDPR:
For the performance of a contract to which you are party or in order to take pre-contractual steps at your request.
Article 6.1 c) GDPR:
Where processing is necessary for compliance with a legal obligation to which our entity is subject.
Article 6.1 f) GDPR:
Where processing is necessary for the purposes of the legitimate interests pursued by our entity or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. In this regard, we inform you that our entity has carried out an analysis balancing our legitimate interests against the rights and freedoms of the data subject, always respecting his or her fundamental rights. This shall not apply to processing carried out by public authorities in the performance of their tasks.
Where the user is under 14 years of age, the consent of the parents, guardians or legal representative will be required in order to process his or her data. The user is solely responsible for the truthfulness of the data submitted to us.
- What personal data will we process and how do we obtain them?
In order to carry out our business activity, it is essential to process personal data. Such data may be collected by digital means, by paper documents or as a result of face-to-face or telephone conversations. In all cases, the data will be processed fairly, lawfully and transparently.
The categories of data that our entity will process about data subjects are:
- Identification data: first name and surname, ID card or equivalent document, image, voice and signature.
- Contact details: telephone number, email address, postal address.
- Commercial data: quotations, purchasing terms, management and history of services and/or purchases, outcome of contacts (telephone, email, messaging and other communication channels).
- Accounting data: control of income and expenses, billing data.
- Banking data: bank accounts and cards.
- Curriculum data: academic data, professional experience, personal characteristics, etc.
- Transaction of goods and services: bank transfers and direct debits, amounts and concepts.
- Browsing data: analysis of time spent on our website, pages visited, demographic data (e.g. age, gender, language).
Our entity will not collect special categories of data (e.g. health data, ethnic origin, political opinions or religious beliefs). Should it be necessary to process them, you will be informed and we will ask for your prior and explicit consent.
Consequently, the data requested will be adequate, relevant, limited to what is strictly necessary and essential, and will be processed only by staff and/or collaborators authorised by our entity, who will have signed a confidentiality commitment and undertake to comply with the necessary security rules that guarantee the confidentiality, integrity and availability of the data processed and the other requirements legally established in the GDPR. Therefore, the data will be processed in accordance with the law.
The data to be processed are provided by the data subject him/herself or by his/her legal representative; however, it may happen that we delegate certain functions to some collaborators and they may be responsible for collecting your data, but such data will always be processed with your prior and explicit consent.
If a data subject does not provide the data requested or provides incomplete or incorrect data, it will not be possible to establish or maintain a relationship with them.
The categories of data that we may process about a person will depend on the relationship he or she maintains with our entity, as shown below:
4.1. Clients:
We will process identification, contact, commercial, accounting and banking data, as well as data relating to the transaction of goods and services. These data may be collected only if the client provides them at the time of purchasing goods, requesting pre-contractual measures or during the maintenance of the relationship between the parties.
The data may be collected in person, by telephone, by email or through the forms provided on our website, online chat, instant messaging, etc.
Legal basis: Article 6.1 a); 6.1 b); 6.1 c); 6.1 f) GDPR
4.2. Information requesters:
Whether the information requested is made in person, by telephone or in writing (e.g. by email or web forms), we will request and process identification, contact and commercial data.
Legal basis: Article 6.1 a); 6.1 f) GDPR
4.3. Suppliers:
We will process identification, contact, commercial, accounting, banking, transaction of goods and services and financial data.
These data may be processed throughout all stages of the commercial relationship and only if the supplier provides them in order to start such relationship.
Legal basis: Article 6.1 a); 6.1 b); 6.1 c); 6.1 f) GDPR
4.4. Job applicants:
For this category of data subjects, we will process curriculum, identification and contact data and other data relating to their professional or personal characteristics, which will be provided by the applicant when submitting his or her application.
Data may be collected in person, by email, via web forms, during recruitment interviews (face-to-face or online) and may even reach us through a collaborator to whom we have delegated certain functions. For more information, please see our Job Applicants Policy.
Legal basis: Article 6.1 a); 6.1 b); 6.1 f) GDPR
4.5. Social media users:
We are present on different social networks and may process identification, contact and commercial data and other data that the user enables to be viewed or shared with other users of the social network, including curriculum data (e.g. LinkedIn). For more information, please see our Social Media Policy.
Legal basis: Article 6.1 f) GDPR
4.6. Subscribers:
Our newsletter/marketing subscription forms request an email address, which may be voluntarily provided by the interested person.
Legal basis: Article 6.1 a) GDPR
4.7. Complainants:
We will process identification and contact data, as well as personal information about the complainant and/or third parties that the complainant may provide to us. Legal basis: Article 6.1 a); 6.1 c); 6.1 f) GDPR
4.8. Visitors:
We will process identification and contact data, the company for which they work and the reason for the visit. These data will be collected when the visitor provides them when requesting access to our premises or when his/her contact person within our entity gives us this information in order to allow access.
Legal basis: Article 6.1 c); 6.1 f) GDPR
4.9. Website users:
When visiting our website and only if the user expressly authorises it, analytical data (e.g. time of visit or pages visited) and even demographic data (e.g. gender, age, country or language) may be collected. For more information, please see our Cookies Policy.
Legal basis: Article 6.1 a) GDPR
4.10. Further information for data subjects:
The information legally required will be made available to data subjects in the corresponding information clauses included in the various means of data collection so that the interested person may freely and expressly decide whether he or she wishes his or her personal data to be processed by our entity. In order to provide extended information, these clauses will indicate how to access this policy.
All categories and types of personal data processed will be duly identified in the corresponding records of processing activities owned by our entity.
- For what purposes will your data be processed?
As a general rule, the processing of personal data carried out by our entity aims to establish, fulfil and maintain the relationship with the different groups of people with whom we interact.
Depending on this relationship, the processing of your data will pursue different purposes which, by way of example and without limitation, are detailed below:
5.1. Clients:
Your personal data will be processed to identify you, to establish, fulfil and maintain the pre-contractual and contractual relationship, including sending commercial communications by different means, handling enquiries, carrying out quality controls and commercial statistics, selling and delivering goods, managing accounting and billing, processing the transaction of goods and services, managing collections, dealing with incidents, complaints and the exercise of rights, as well as for other purposes we are obliged to fulfil in order to comply with such relationship, the laws to which we are subject or our legitimate interests.
5.2. Information requesters:
We will process your personal data in order to handle your information requests of any kind, to identify you, to send or deliver quotations and information relating to the goods and/or services you are interested in, including in our response (verbal or written) commercial information related to your request. We will also carry out follow-up contacts by different means to learn about the decisions you have taken regarding the commercial proposals we have sent you.
5.3. Job applicants:
Your data will be processed so that we can include you in our recruitment processes and talent pool, identify you, contact you and inform you about vacancies, interview arrangements and other matters related to your application. For more information, please see our Job Applicants Policy.
5.4. Suppliers:
Your personal data will be processed for the purpose of maintaining the pre-contractual and contractual relationship, fulfilling the commercial relationship, whether for requesting quotations, purchasing goods or contracting services, for making enquiries and identifying you, for accounting management and the transaction of goods and services, as well as for other purposes necessary to comply with this relationship, our legal obligations and legitimate interests.
5.5. Social media users:
We will process your personal data to maintain the relationship as users of the same social network, to identify you, to contact you, to share news or advertising and to process other personal data that you, as a user of the social network, allow to be shared with the rest of the community. For more information, please see our Social Media Policy.
5.6. Subscribers:
Your data will be processed to send you our newsletters or advertising by email, to identify you and to process your subscription or unsubscription whenever you request it.
5.7. Complainants:
Personal data will be processed to identify you, manage your complaint and contact you regarding its status, as well as to comply with our legal obligations and legitimate interests.
5.8. Visitors:
The data of persons visiting our premises will be processed in order to identify them, to comply with our obligations regarding occupational risk prevention and for security and access-control purposes.
5.9. Website users:
By accepting the installation of cookies when visiting our website, data may be processed for different purposes (e.g. analysis of visits). For more information, please see our Cookies Policy.
5.10. Further information for data subjects:
The information legally required will be made available to data subjects in the corresponding information clauses included in the various means of data collection (e.g. forms, recorded messages, contracts, etc.) so that you may freely and expressly decide whether you want the personal data requested to be processed by our entity. Likewise, such information will be recalled in the different documents or communications that we share with data subjects (e.g. signs, invoices, legal notices, etc.).
If the data subject does not provide the data requested or provides incomplete or incorrect data, we may not be able to process his or her information request or maintain a relationship with them.
Data will not be further processed or used for purposes other than those accepted by data subjects.
The purposes that motivate the processing of personal data will be duly identified in the corresponding records of processing activities owned by our entity.
- Data retention
Personal data provided will be retained as long as we maintain the relationship with the data subject and for as long as is necessary to fulfil the purpose for which the data were collected.
Once that relationship has ended, we will keep the data blocked in those cases where it is necessary to retain them, either until the limitation period for liabilities has expired, for the sole purpose of possible claims or legal actions, or to comply with our legal obligations, for example:
| Data subjects | Area | Legal basis | Retention period |
· Clients · Suppliers | Accounting | Art. 30.1 Spanish Commercial Code | · 6 years from the last entry |
· Clients · Suppliers | Tax | Art. 66 General Tax Law 58/2003 | · General period: 4 years · In case of losses during the financial year: 10 years · Invoices: 5 years |
| · Any person | General | Art. 1964.2 Spanish Civil Code | · 5 years: Personal actions for which no special limitation period is provided shall expire five years from the date on which performance of the obligation may be demanded. In continuing obligations to do or not to do, the period shall start anew each time they are breached. |
| · Job applicants | Labour | AEPD Labour Relations Guide | · 1 year |
| · Visitors | Access control to premises | AEPD Instruction 1/1996 | · 1 month |
| · Website users | Use of cookies | AEPD Guide on the use of cookies | · Maximum 24 months |
| · Information requesters | Commercial Legal | Art. 20.1 a) and d) Spanish Constitution | · The shortest possible time or the period indicated by law. |
When data are no longer necessary, our entity will proceed to erase and destroy them securely and confidentially.
- Profiling
We do not create profiles nor do we make automated decisions using your personal data. Should we do so in the future, you will be informed and your prior authorisation will be requested.
Likewise, you have the right to object to this type of processing at any time by contacting our entity in writing at: info@veganic.bio.
- Data disclosures
As a general rule, our entity does not disclose personal data to third parties without prior consent. However, it may be necessary to disclose data in the following cases:
In the case of our clients or suppliers, their personal data may be disclosed to third-party entities due to legal obligations (e.g. Tax Authority), or to those entities necessary to provide our services or pay invoices (e.g. banking institutions) or, in the case of delivery of goods, their data may be disclosed to transport companies collaborating with our entity.
Likewise, personal data of clients or suppliers may be processed by third parties to whom we delegate some of our obligations (e.g. accounting advisors). All of them have undertaken, by means of a data-processor agreement, to comply with the same security measures implemented by our entity, as well as to observe the duty of secrecy and confidentiality in relation to the personal data processed, among other obligations in data-protection matters.
In the case of job applicants, their data will not be disclosed to third-party entities unless we are legally obliged to do so.
With regard to information requesters or users of our website, their data will not be disclosed to third-party entities, except in the cases described above and notified at the time of collection, and only with their explicit consent, unless our legitimate interest prevails or we are legally obliged to do so, in which case their consent will not be required.
In general, we may disclose your personal data to Judges, Courts, the Public Prosecutor’s Office and/or the competent Public Administrations in the event of possible claims where we are obliged to do so.
- International data transfers
In the event of disclosures to third-party entities located in countries outside the European Economic Area, we will inform you and request the prior and explicit consent of the data subjects.
- Security measures
Our entity has implemented all the technical and organisational measures necessary to protect the personal data processed, preventing their loss, theft or unauthorised use.
Such measures have been designed according to the type of data processed and the purposes that justify such processing. They are periodically checked in our internal controls to ensure compliance with data-protection regulations and also by external audits.
- Your rights
You, as the holder of your personal data and acting in your own name or through your representative, may contact our entity at any time and request to exercise your rights in the field of personal data protection.
Below we explain what these rights are:
11.1. Right of access:
You have the right to know and request at any time the following information:
- Whether or not we are processing your personal data.
- The purposes of the processing, as well as the categories of personal data concerned.
- The source of your data, if they were not provided by you.
- The recipients or categories of recipients to whom your personal data have been or will be disclosed, including, where appropriate, recipients in third countries or international organisations.
- Information on the appropriate safeguards relating to the transfer of your data to a third country or an international organisation, where applicable.
- The envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
- The existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing.
- A copy of your personal data undergoing processing.
11.2. Right to rectification:
To request that we rectify your personal data where they are inaccurate, as well as to complete them where they are incomplete.
11.3. Right to object:
You may object to our processing your data where they are incorrect or where the processing is no longer necessary.
If you act as a reported person or as a person affected by a report under Law 2/2023, you may not exercise your right to object, as it is presumed (subject to proof to the contrary) that there are grounds legitimising the processing of your personal data in accordance with the provisions of Article 31.4 of that Law.
11.4. Right to erasure:
To request that your data be deleted for any of the following reasons:
- Your data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You have not given your consent for the processing of your data.
- When you have exercised your right to object.
- When the data have been unlawfully processed.
- When the data must be erased in order to comply with a legal obligation.
11.5. Right to restriction of processing:
You may request us to exercise this right where one or more of the following circumstances apply:
- Where you contest the accuracy of your data, for a period enabling the controller to verify the accuracy of the data.
- Where the processing is unlawful and you oppose the erasure of your data and request the restriction of their use instead.
- Where the data are no longer needed for the purposes of the processing, but are required by you for the establishment, exercise or defence of legal claims.
- Where you have objected to processing pursuant to Article 21(1) while it is verified whether the controller’s legitimate grounds override those of the data subject.
11.6. Right to data portability:
This is the right to receive the data concerning you in a structured, commonly used and machine-readable format and to transmit them to another controller for further processing.
11.7. Right not to be subject to automated individual decisions:
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
11.8. How to exercise your rights
To exercise any of your rights, you must contact VEGANIC NATURE, S.L. in writing, either by post at Carrer de la Verge del Remei, 1, 46185 La Pobla de Vallbona, Valencia, or by email at info@veganic.bio, stating which rights you wish to exercise. If you act on behalf of another person, you must provide proof of your representation. If there are reasonable doubts as to the identity of the person submitting the request, we may ask you to provide additional information necessary to confirm your identity.
If you wish to make any suggestion or enquiry regarding the processing of your personal data, you may contact our data-protection consultants:
BUSINESS ADAPTER, S.L.
Ronda Guglielmo Marconi, 11, 26, (Parque Tecnológico) 46980 Paterna (Valencia), Spain.
Data Subject Contact Form
We inform you that you have the right to lodge a complaint with the Spanish Data Protection Agency at C/ Jorge Juan, 6, 28001 Madrid, or via www.aepd.es.
- Commitment to personal data protection
Purpose and scope of application
This commitment is intended to comply with the European and Spanish regulations on data protection and the guarantee of digital rights (GDPR and LOPDGDD) and will be binding on all departments and employees of our entity, as well as on third parties acting on our behalf.
Principles governing the processing of personal data
We will process personal data in accordance with the principles of lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability. The processing of special categories of data is prohibited, as provided in Article 9 of the GDPR and the LOPDGDD.
Record of processing activities
Our entity will maintain a record of processing activities in order to assess the risks of processing and implement the necessary security measures to guarantee the confidentiality, integrity, availability and retention period of the data.
Data protection impact assessment
For each processing activity, we will analyse whether it is necessary to carry out a Data Protection Impact Assessment and whether there is a risk to the rights and freedoms of data subjects, in order to determine whether additional technical and organisational measures must be applied to guarantee their fundamental rights.
Security measures and security breaches
All technical and organisational measures necessary for the personal data processed will be applied. In the event of a security breach, the Security Breach Response Protocol designed for this purpose will be followed.
Data-protection rights
Our entity will handle and respond as quickly and diligently as possible to requests for the exercise of rights or to any information about their possible infringement.
Guarantee of digital rights in the workplace
Policies will be adopted to guarantee the digital rights of employees and they will be duly informed thereof. These policies will promote the right to a work-life balance, and to personal and family life; likewise, the right to information and privacy will be guaranteed. Our entity may monitor the performance of job duties within the limits established in Article 20.3 of the Spanish Workers’ Statute.
Training
All employees for whom it is necessary will receive training both in data protection and in their digital rights in the workplace.
Monitoring
We work with external consultants who advise and audit us in order to ensure compliance with the GDPR and the LOPDGDD.
- Updates to this Policy
Our entity reserves the right to modify this Policy without prior notice. Therefore, we recommend that you review it each time you visit our website.
Text updated on 4 December 2025.
