Respecting your privacy and complying with data protection regulations are vitally important to all the companies in Correos Group.
1. Who will process your data?
The processing manager is “Sociedad Estatal Correos y Telégrafos, S.A., S.M.E” (hereinafter, “Correos”), with Corporate Tax ID No. A-83052407 and registered address at Vía Dublín no. 7 (Campo de las Naciones) 28070 Madrid (Spain).
To ensure this processing is managed correctly, Correos has appointed a Data Protection Officer (DPD or DPO) who you can write to at the following email address: firstname.lastname@example.org
2. What are your data processed for and why?
Users’ personal data will be used for the following purposes:
- Allowing browsing through our website.
- If you accept our Cookies Policy: Analysing your browsing to optimise the structure and design of the website (e.g. which spaces on the website receive the most visits, the average time spent on the site, etc.) and for behavioural and/or personalised advertising.
3. What data will be processed?
We will process the personal data that we obtain from you when you browse our website, including:
a. Data that Users provide directly:
Browsing our website does not require prior registration. However, when you visit our website, it is standard for our web servers to store information like the IP address and domain from which you are accessing it, the date and time of the visit, etc.
On the other hand, certain features of our website require you to provide additional information through forms (e.g. your name and surname, postal or email address, telephone number, etc.).
Unless specifically stated otherwise, all form fields are required, so if information is missing your request may not be processed.
a. Data that Users provide indirectly:
As you browse, different cookies may be installed on your device in accordance with the provisions of our Cookies Policy.
4. Are your data communicated to third parties?
In general, we do not intend to communicate your data to people outside Correos. However, the following exceptions may occur:
- To comply with the law we may be required to communicate your data to third parties like public administrations (e.g. law enforcement) or courts.
- To provide you the best service for browsing our website and process your request we may have to communicate your data to other companies in the Correos Group engaged in parcel services, added-value postal services, logistics, marketing and telecommunication. So, for example, if you request information about multi-channel direct marketing services, your data will be communicated to NEXEA Gestión Documental S.A., S.M.E to process the response.
5. How long will your data be processed?
Personal data will be held only for the time necessary to enable your browsing of the website, analyse your browsing (if you accept our cookies policy) or process your service requests through the website. When they are no longer necessary, the data will be deleted in accordance with data protection regulations, meaning that they will be blocked, and only available at the request of judges and courts, the Office of the Public Prosecutor or relevant Public Administrations during the statute of limitations for any related legal actions. Following the block period, they will be fully erased. As an example, the statute of limitations will be 3 years in most cases derived from the data protection regulations.
In any event, if there are any outstanding legal disputes after the contractual relationship has terminated, the data may be held while the legal proceedings are under way, for evidential purposes only, until the final decision has been made; at that point the data will be blocked and subsequently erased.
6. What are your rights?
Users may exercise the following rights related to the processing of their data to the extent they are recognised in the data protection regulations applicable at any time:
- Right of access: if you exercise this right you will find out what type of data we are processing and the characteristics of the processing we are carrying out.
- Right to rectification: if you exercise this right you can request your data to be changed because they are inaccurate or untruthful.
- Right to portability: if you exercise this right you can obtain a copy of the data being processed in an interoperable format.
- Right to limitation of data processing: if you exercise this right you can limit the processing of your data in the cases defined by law.
- Right to oppose: if you exercise this right you can oppose the processing of your data and request to no longer be sent commercial communications.
- Right to erasure: if you exercise this right you can request the deletion of your data when the processing is no longer necessary.
- Right to revoke consent granted.
You may exercise your rights through any of the following channels, indicating the right being exercised and attaching a copy of your Spanish Identification Document or similar document as well as any other documentation you deem to be necessary:
a. Postal address: Vía Dublín no. 7 (Campo de las Naciones) 28070 Madrid (Spain))
You can find a set of forms that will help you exercise your rights on the website of the Spanish Data Protection Agency (AEPD). Moreover, we inform you that you have the right to file a claim with the control authority (in Spain, the AEPD) if you feel that your rights have been breached.