1.- Processing of personal data

In processing personal data, the CONSEJO REGULADOR D.O.Ca RIOJA guarantees compliance with the applicable laws and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR). The aforesaid legislation purports to guarantee and safeguard, as far as the processing of personal data is concerned, the public freedoms and fundamental rights of natural persons.

Through its websites or by other means (e.g., social media), the CONSEJO REGULADOR D.O.Ca RIOJA occasionally collects personal data. In any case, such data will be adequate and relevant to, and will not exceed, the specific, explicit and legitimate scope and purposes for which it has been obtained.

The User is free to provide or not the data required when requesting information or applying or registering for any of the services offered by the CONSEJO REGULADOR D.O.Ca RIOJA, whether on this website or any other platform.

The CONSEJO REGULADOR D.O.Ca RIOJA reserves the right to modify this Privacy Policy at any time, in order to adapt it to any regulatory development or change in its activities.

You may contact the entity by phone on 941.500.400, or by e-mail to correo@riojawine.com, or at its head office, located at C/Estambrera, 52, 26006 Logroño (La Rioja).

The Data Protection Officer of the entity is Mr José Luis Lapuente Sánchez, who is its Director General. His e-mail address for contact is secretariageneral@riojawine.com.

2.- Quality and purpose

The User providing personal data is responsible for the truthfulness of such information. For this purpose, the User vouches for the truthfulness of all the data that he/she communicates and shall keep the information provided properly updated, in such a way that it corresponds to his/her real situation. The User shall be responsible for any false or incorrect information that he/she provides and for the damage that this causes the CONSEJO REGULADOR D.O.Ca RIOJA or third parties.

If you subscribe on this website to take courses or access webinars, your personal data will be processed by the CONSEJO REGULADOR D.O.Ca RIOJA for the purpose of managing these activities and issuing the corresponding certificates.

In the event that you wish to subscribe to our Official Rioja Wine Educator Course, your data (including your curriculum vitae) will initially be processed in order to carry out a selection process of the students who will take this course, since the number of places is limited. This process will include a subsequent on-line interview with the applicant.

In addition to the above, data will be also used to conduct statistical studies on the Users to help design improvements in the services rendered, and to handle basic administrative tasks on the website. Finally, when the data subject expressly authorises so by ticking the box on the registration form, data may be used to send, even by electronic means, communications on the activities of this entity and promotional information on wines by D.O.Ca. Rioja. The User may revoke his/her consent at any time.

That same information may be also offered or sent to those who start following the CONSEJO REGULADOR D.O.Ca RIOJA on social media. Becoming a friend or follower implies authorisation to process data for that purpose. If you no longer want to receive such information or you want to cancel your data, you can stop following our profile. Furthermore, social media followers may exercise the rights accorded by law, as specified in section 4 of this Privacy Policy. However, as these platforms belong to third parties, the answers by the CONSEJO REGULADOR D.O.Ca RIOJA to any exercise of rights will be restricted to the functionalities available on the platform concerned.

Finally, Users are informed that their authorisation to send communications on the activities of the REGULATORY BOARD D.O.Ca RIOJA and promotional information on wine with D.O.Ca. Rioja, as well as the fact of becoming a friend or follower of ours on social networks will imply the generation of an identifier that will allow us to follow the user's browsing profile and interactions through each of our online platforms and social networks, which, in turn, will allow us to know or infer your preferences, in order to be able to send you more personalised information. If you do not want these activities to be carried out, you should refrain from ticking the box on the registration form whereby you authorise the sending of commercial information.

3.- Communications and international transfers of data

In order to issue the appropriate certificates, data will be communicated to the company EdInvent Inc., which manages the course certificate issuance service through the platform Accredible.com. This company is based in USA, at 800 West El Camino Real, Suite 180, Accredible, Mountain View, CA, 94040. The certificate will be issued automatically when you take and pass the exam at the end of the course, so if you take the exam, your personal data will be transferred to the United States of America. Said international transfer of data is based on your explicit consent. Therefore, by taking the final exam you are giving your consent for your data to be transferred to the aforesaid company in the USA.

Please note that some programmes and regulations in force in the USA allow the US public authorities to access personal data transferred from the EU for national security purposes. This poses certain limitations to the protection of personal data in such a way that it does not offer substantially equivalent guarantees to those required under the EU law. Furthermore, the US laws do not accord any legal remedy to data subjects against the US authorities.

If, being aware of the risks described above, you do not wish for such transfer of personal data to take place, you should not take the final exam of the course.

On the other hand, we let you know that, in order to offer additional guarantees to data subjects, the Consejo Regulador de la Denominación de Origen Ca. Rioja and the data importer in the USA have entered into the standard contractual clauses approved by the EU, although this does not completely eliminate the aforesaid risks in relation to the transfer of personal data to the USA.

The details of students taking the Official Rioja Wine Educator Course may be communicated to entities collaborating with the D.O.Ca RIOJA REGULATORY BOARD (e.g. hotels), when this is necessary to manage the student's accommodation in Rioja in order to carry out the corresponding on-site practical part of the study program. Likewise, the name and contact details of those who pass the course will be communicated to the wineries participating in the Programme. If the student does not wish this data to be communicated, he/she must expressly inform the D.O.Ca RIOJA REGULATORY BOARD before the end of the course.

Furthermore, the details of students who complete the Official Rioja Wine Educator Course and fulfil the required commitments will be included in the database of the D.O.Ca RIOJA D.O.Ca REGULATORY BOARD's Official Educators Network, so that anyone interested in contracting their services may contact them. The name and contact e-mail address of the Educators will be published in this link, together with their image, if they have decided to include it in their profile. In the event that a Educator does not wish this information to be published, he/she must expressly inform the CONSEJO REGULADOR D.O.Ca RIOJA, before the end of the Course, by any of the means of contact indicated above.

4.- Legal basis and data retention

The data will be processed on the legal basis of the consent of the person who provides it. This consent may be withdrawn at any time, without affecting the validity of any processing performed prior to such withdrawal. Although disclosing your data is voluntary, in the event of non-disclosure, we will not be able to provide the requested services or answer your request, suggestion or question. Therefore, disclosure of your personal data for these purposes is an essential requirement for us to be able to answer any request submitted by these means.

The students' data will be kept for the time necessary to complete the course and, subsequently, indefinitely, as a record of the persons who have completed the D.O.Ca RIOJA REGULATORY BOARD courses and to whom, where appropriate, a certificate has been issued to justify their completion, as well as, in the case of Educators, for the activities described above.

Should the User disclose data belonging to third parties, the User will be responsible for previously informing them about the full content of Article 14 of the General Data Protection Regulation.

5.- Security measures

With a view to guaranteeing the security and confidentiality of any personal data disclosed, the CONSEJO REGULADOR D.O.Ca RIOJA has implemented the technical and organisational security measures required to prevent it from being altered, lost, processed or accessed without authorisation. Nevertheless, the User should be aware that security measures on the Internet, because of their nature and global scope, are not invulnerable.

6.- Data subject’s rights

The data subject has the right to request access to it, request it to be rectified or cancelled, as well as its processing to be limited, and to oppose the aforementioned and the portability of his/her data, in the cases stipulated in the General Data Protection Regulation. In the event of any incident that you consider to be a violation of your rights, you may lodge a complaint with the Spanish Data Protection Agency.

With the aim of guaranteeing adherence to the personal data protection regulations, the CONSEJO REGULADOR D.O.Ca RIOJA has received legal advice from the specialised firm Picón & Asociados Abogados.