Web privacy

Respecting your privacy and complying with data protection regulations are vitally important to all the companies in Correos Group.

We want you to know why we are using, or want to use, your data, and what your rights are, at all times. For that reason, we have drafted the following Data Protection terms and conditions (“Website Privacy Policy”) to regulate the data processing that will be carried out when any User browses our website www.correos.es, any of its sub-domains, or any other Correos website that shows this Privacy Policy in the footer.

This Web Privacy Policy may be subject to change to adapt it to future legislative or jurisprudential developments or industry practices. In any case, the processing of user data will be regulated by the Data Protection Policy in force at the time of the browsing.


1. Who will process your data?

The data controller is “Sociedad Estatal Correos y Telégrafos, S.A., S.M.E” (“Correos”), with Spanish Tax ID No. A-83052407 and registered address atConde de Peñalver, nº 19, 28006 Madrid (Spain).

To ensure this processing is managed correctly, Correos has appointed a Data Protection Officer (DPD or DPO) who you can write to at the following email address: dpdgrupocorreos@correos.com


2. What are your data processed for and why?

Users’ personal data will be used for the following purposes:

     - Allowing browsing through our website.

     - If you accept our Cookies Policy: Analysing your browsing to optimise the structure and design of the website (e.g. which spaces on the website receive the most visits, the average time spent on the site, etc.) and for behavioural and/or personalised advertising.

Finally, our website has different forms that allow you to request information about some of our products and/or services, contract them, or contact us for other reasons (e.g. to send us your CV or bring to our attention a potential breach of our Code of Conduct). If you use these forms, the data provided on them will be processed in order to complete your request. In any case, before you use any of the different web forms you will be informed about how your data will be processed, if different from the processing described in this Web Privacy Policy, and you will be asked for your consent when necessary.


3. What data will be processed?

We will process the personal data that we obtain from you when you browse our website, including:

     a. Data that Users provide directly:

Browsing our website does not require prior registration. However, when you visit our website, it is standard for our web servers to store information like the IP address and domain from which you are accessing it, the date and time of the visit, etc.

On the other hand, certain features of our website require you to provide additional information through forms (e.g. your name and surname, postal or email address, telephone number, etc.).

Unless specifically stated otherwise, all form fields are required, so if information is missing your request may not be processed.

     a. Data that Users provide indirectly:

As you browse, different cookies may be installed on your device in accordance with the provisions of our Cookies Policy.


4. Are your data communicated to third parties?

In general, we do not intend to communicate your data to people outside Correos. However, the following exceptions may occur:

     - To comply with the law we may be required to communicate your data to third parties like public administrations (e.g. law enforcement) or courts.

     - To provide you the best service for browsing our website and process your request we may have to communicate your data to other companies in the Correos Group engaged in parcel services, added-value postal services, logistics, marketing and telecommunication. 

5. How long will your data be processed?

Personal data will be held only for the time necessary to enable your browsing of the website, analyse your browsing (if you accept our cookies policy) or process your service requests through the website. When they are no longer necessary, the data will be deleted in accordance with data protection regulations, meaning that they will be blocked, and only available at the request of judges and courts, the Office of the Public Prosecutor or relevant Public Administrations during the statute of limitations for any related legal actions. Following the block period, they will be fully erased. As an example, the statute of limitations will be 3 years in most cases derived from the data protection regulations.

In any event, if there are any outstanding legal disputes after the contractual relationship has terminated, the data may be held while the legal proceedings are under way, for evidential purposes only, until the final decision has been made; at that point the data will be blocked and subsequently erased.


6. What are your rights?

Users may exercise the following rights related to the processing of their data to the extent they are recognised in the data protection regulations applicable at any time:

     - Right of access: if you exercise this right you will find out what type of data we are processing and the characteristics of the processing we are carrying out.

     - Right to rectification: if you exercise this right you can request your data to be changed because they are inaccurate or untruthful.

     - Right to portability: if you exercise this right you can obtain a copy of the data being processed in an interoperable format.

     - Right to limitation of data processing: if you exercise this right you can limit the processing of your data in the cases defined by law.

     - Right to oppose: if you exercise this right you can oppose the processing of your data and request to no longer be sent commercial communications.

     - Right to erasure: if you exercise this right you can request the deletion of your data when the processing is no longer necessary.

     - Right to revoke consent granted.

You may exercise your rights through any of the following channels, indicating the right being exercised and attaching a copy of your Spanish Identification Document or similar document as well as any other documentation you deem to be necessary:

     a. Postal address: Conde de Peñalver, nº 19, 28006 Madrid (Spain)

     b. Email address: derechos.protecciondatos.correos@correos.com

You can find a set of forms that will help you exercise your rights on the website of the Spanish Data Protection Agency (AEPD). Moreover, we inform you that you have the right to file a claim with the control authority (in Spain, the AEPD) if you feel that your rights have been breached.