Legal notice and privacy policy

MENTIONS LÉGALES ET POLITIQUE DE CONFIDENTIALITÉ

Privacy Policy

This Privacy Policy is part of the Legal Notice governing the use of the website www.cafesgranell.es (hereinafter, the “Website”), owned by Comercial Granell, S.L. (hereinafter, “Cafés Granell”). It is also linked to our Cookie Policy.

This Website complies with the requirements of:

Law 34/2002 of July 11, on Information Society Services and Electronic Commerce (LSSI).
Regulation (EU) 2016/679 on Data Protection (GDPR).
Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).

Cafés Granell reserves the right to modify or adapt this Privacy Policy at any time and recommends reviewing it periodically. If the user is registered and logs into their account or profile, they will be notified of any substantial changes in the processing of their personal data.

1. DATA CONTROLLER

Company Name: Comercial Granell, S.L.
CIF (Tax ID): B46122131
Postal Address: Avda. del Mar, 5, 46410 Sueca, Valencia (Spain)
Phone: +34 961 70 14 79
Email: cgranell@cafesgranell.es
Website: www.cafesgranell.es
Commercial Register: Volume 4343, Book 1655, Folio 46, Section 16 M3, Page V-22487

For any doubts or questions related to data protection, you may contact us using the information above.

2. USER RIGHTS

Users may exercise the following rights regarding their personal data, at any time and free of charge:

Access: Know whether Cafés Granell is processing personal data concerning them and, if so, access it.
Rectification: Request modification of inaccurate or incomplete data.
Erasure (Right to Be Forgotten): Request deletion of data when it is no longer necessary or consent is withdrawn.
Restriction of Processing: Request limitation of data processing under certain circumstances (e.g., while data accuracy is being verified).
Portability: Receive data in a structured, commonly used, and machine-readable format and transmit it to another controller.
Objection: Object to processing based on Cafés Granell's legitimate interests or for direct marketing purposes.
Withdrawal of Consent: Withdraw previously granted consent at any time, without retroactive effect.

To exercise these rights, users may send a request to cgranell@cafesgranell.es, with the subject line "Data Protection" and attach a copy of their ID or equivalent document. Specific forms are available for this purpose (users may also use forms from the Spanish Data Protection Agency - AEPD - or third parties). These forms must be electronically signed or accompanied by a copy of an ID.

The maximum response time is 1 month from the effective receipt of the request, extendable by 2 more months in complex cases or high request volumes.

If dissatisfied with the processing of your data, you also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).

3. DATA COLLECTED THROUGH THE WEBSITE

3.1. Browsing Data

Just by browsing the Website, the following information may be automatically collected:

IP address
Browser version
Operating system
Duration of visit

This data may be processed using:

Google Analytics (for statistical analysis) – Google’s Privacy Policy
Google Maps (which may request location access, with prior user consent, to provide directions or information)

This data is not linked to identified users and is used for statistical purposes, website improvements, service optimization, and marketing strategy enhancement. It will not be shared with third parties beyond the purposes stated here.

3.2. Website Registration

To access certain services, users may need to register on the Website. Required fields marked with an asterisk (*) are mandatory. Without them, registration cannot be completed.

Username and Password: Personal and non-transferable; the user is responsible for keeping them confidential. Password recovery is available if needed.
Data Processed:
- Information provided during registration
- Purchase and transaction history
- Browsing data linked to the account
Purposes:
- Manage account creation and access
- Personalize offers and product/service recommendations
- Process orders and returns; provide updates on order status
- Send necessary notifications about issues or account updates
Legal Basis: Performance of a contract between the user and Cafés Granell
Data Retention:
- As long as the user account is active
- After account deletion, transaction-related data is stored for 10 years for legal and fiscal purposes
- Other data not linked to transactions will be retained for up to 10 years unless prior consent is withdrawn
Third-Party Sharing: May be shared with essential service providers such as:
- Shipping or delivery companies
- Payment platforms, banks, or payment gateways
- Hosting or website maintenance providers
- Intermediaries required to complete an order

3.3. Contact Form

Users can submit inquiries via form, email, or phone. Personal data such as name and email (*) are required; without them, the request cannot be processed.

Purposes:
- Respond to the user’s query
- Send marketing communications if the user gives explicit consent
Legal Basis: User consent when contacting Cafés Granell voluntarily
Retention Period: 10 years after the last interaction or until deletion is requested
Third-Party Sharing: None. Cafés Granell is the sole recipient of this data.

3.4. Job Applications

If a user submits a CV via email, the Website, or in person, the data will be stored for present or future hiring processes.

Legal Basis: Express consent by submitting the CV
Retention Period: 1 year; after this, if no selection or hiring occurs, the data will be deleted
Hiring: If hired, the data will be incorporated into employment records

3.5. Newsletter Subscription

Users may subscribe by entering their email address.

Legal Basis: Consent from the subscribing user
Tools Used:
- Connectif (Spain) – May involve international data transfers under Standard Contractual Clauses (SCC)
- Occasionally, Mailchimp (USA) or GetResponse (EU) may be used, with appropriate safeguards (e.g., SCC)
Retention Period: Until the user unsubscribes or the newsletter is discontinued
Each email includes an option to unsubscribe or manage communication preferences.

4. LEGAL BASIS FOR DATA PROCESSING

Data processing by Cafés Granell is based on one or more of the following:

Contract performance: Managing purchases, user accounts, and requested services
Consent: For subscriptions, marketing, job applications, or voluntarily provided data
Legal obligations: For data transfer to public authorities, courts, or as required by law
Legitimate interest: For statistics, user experience improvement, or direct marketing (where legally permissible)

5. INTERNATIONAL DATA TRANSFERS

Using third-party tools like Google Analytics, Mailchimp, GetResponse, or Connectif may involve data transfers outside the European Economic Area (e.g., to the U.S.).

Standard Contractual Clauses (SCC) or other legally recognized safeguards are applied to ensure adequate protection.
Email marketing with Mailchimp (USA) is protected under these legal safeguards. Although the Privacy Shield framework was invalidated, other valid mechanisms like SCCs are used.

6. DATA RETENTION SUMMARY

Browsing data: Stored until consent is revoked or deletion is requested
User account data: Stored while the account is active, and for up to 10 years after deletion
Contact forms: 10 years after last interaction or until deleted
CVs: 1 year unless hired
Newsletter: Until the user unsubscribes

7. DATA SECURITY

Cafés Granell implements necessary technical and organizational measures to ensure the security and confidentiality of personal data, preventing alteration, loss, unauthorized access, or processing, in line with current regulations.

8. ONLINE DISPUTE RESOLUTION (ODR)

In accordance with Art. 14(1) of Regulation (EU) 524/2013, the European Commission provides a platform for Online Dispute Resolution (ODR) for consumers, which can be used to resolve disputes arising from online purchases of goods or services without going to court:

http://ec.europa.eu/consumers/odr

9. ACCEPTANCE & CONTACT

Browsing the Website and/or using its services implies reading, understanding, and accepting this Privacy Policy. For any questions or concerns, you may contact us at:

Email: cgranell@cafesgranell.es
Postal Address: Avda. del Mar, 5, 46410 Sueca, Valencia (Spain)

Last updated: February 1, 2025

Cookie name	Provider	Purpose	Expiry
cookiesplus	https://cafesgranell.es	Stores your cookie preferences.	1 year
PrestaShop-#	https://cafesgranell.es	This cookie helps keep user sessions open while they are visiting a website, and help them make orders and many more operations such as: cookie add date, selected language, used currency, last product category visited, last seen products, client identification, name, first name, encrypted password, email linked to the account, shopping cart identification.	480 hours