Privacy policy

1.- Processing of personal data

In processing personal data, the CONSEJO REGULADOR D.O.Ca RIOJA guarantees compliance with the applicable laws and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or GDPR). The aforesaid legislation purports to guarantee and safeguard, as far as the processing of personal data is concerned, the public freedoms and fundamental rights of natural persons.

Through its websites or by other means (e.g., social media), the CONSEJO REGULADOR D.O.Ca RIOJA occasionally collects personal data. In any case, such data will be adequate and relevant to, and will not exceed, the specific, explicit and legitimate scope and purposes for which it has been obtained.

The User is free to provide or not the data required when requesting information or applying or registering for any of the services offered by the CONSEJO REGULADOR D.O.Ca RIOJA, whether on this website or any other platform.

The CONSEJO REGULADOR D.O.Ca RIOJA reserves the right to modify this Privacy Policy at any time, in order to adapt it to any regulatory development or change in its activities.

You may contact the entity by phone on 941.500.400, or by e-mail to info@riojawine.com, or at its head office, located at C/Estambrera, 52, 26006 Logroño (La Rioja).

The Data Protection Officer of the entity is Mr José Luis Lapuente Sánchez, who is its Director General. His e-mail address for contact is secretariageneral@riojawine.com.

2. Quality and purpose

The User providing personal data is responsible for the truthfulness of such information. For this purpose, the User vouches for the truthfulness of all the data that he/she communicates and shall keep the information provided properly updated, in such a way that it corresponds to his/her real situation. The User shall be responsible for any false or incorrect information that he/she provides and for the damage that this causes the CONSEJO REGULADOR D.O.Ca RIOJA or third parties.

Personal data will be processed by the CONSEJO REGULADOR D.O.Ca RIOJA with the purpose of managing the courses offered through this platform and issuing the corresponding certificates, if requested by the User.

3. Communications and international transfers of data

In order to issue the appropriate certificates, data will be communicated to the company EdInvent Inc., which manages the course certificate issuance service through the platform Accredible.com. This company is based in USA, at 800 West El Camino Real, Suite 180, Accredible, Mountain View, CA, 94040. Consequently, if you request issuance of a certificate for completion of a course, your personal data will be transferred to the United States of America. Said international transfer of data is based on your explicit consent. Therefore, by requesting issuance of a certificate you are giving your consent for your data to be transferred to the aforesaid company in the USA.

Please note that some programmes and regulations in force in the USA allow the US public authorities to access personal data transferred from the EU for national security purposes. This poses certain limitations to the protection of personal data in such a way that it does not offer substantially equivalent guarantees to those required under the EU law. Furthermore, the US laws do not accord any legal remedy to data subjects against the US authorities.

If, being aware of the risks described above, you do not wish for such transfer of personal data to take place, you should not request issuance of the certificate after completion of the course.

On the other hand, we let you know that, in order to offer additional guarantees to data subjects, the Consejo Regulador de la Denominación de Origen Ca. Rioja and the data importer in the USA have entered into the standard contractual clauses approved by the EU, although this does not completely eliminate the aforesaid risks in relation to the transfer of personal data to the USA.

In addition to the above, data will be also used to conduct statistical studies on the Users to help design improvements in the services rendered, and to handle basic administrative tasks on the website. Lastly, when the data collection form is also intended for this purpose, and is so expressly authorised by the data subject, data may be used to send, even by electronic means, communications on the activities of this entity and promotional information on wines by D.O.Ca. Rioja. The User may revoke his/her consent at any time.

That same information may be also offered or sent to those who start following the CONSEJO REGULADOR D.O.Ca RIOJA on social media. Becoming a friend or follower implies authorisation to process data for that purpose. If you no longer want to receive such information or you want to cancel your data, you can stop following our profile. Furthermore, social media followers may exercise the rights accorded by law, as specified in section 4 of this Privacy Policy. However, as these platforms belong to third parties, the answers by the CONSEJO REGULADOR D.O.Ca RIOJA to any exercise of rights will be restricted to the functionalities available on the platform concerned.

The data will be processed on the legal basis of the consent of the person who provides it. This consent may be withdrawn at any time, without affecting the validity of any processing performed prior to such withdrawal. Although disclosing your data is voluntary, in the event of non-disclosure, we will not be able to provide the requested services or answer your request, suggestion or question. Therefore, disclosure of your personal data for these purposes is an essential requirement for us to be able to answer any request submitted by these means.

The data will be kept for the time needed to deliver the service or respond to your request, application, question or complaint and consider it permanently closed. Subsequently, it will be kept as a record of communication, unless you request its cancellation.

Should the User disclose data belonging to third parties, the User will be responsible for previously informing them about the full content of Article 14 of the General Data Protection Regulation.

4. Security measures

With a view to guaranteeing the security and confidentiality of any personal data disclosed, the CONSEJO REGULADOR D.O.Ca RIOJA has implemented the technical and organisational security measures required to prevent it from being altered, lost, processed or accessed without authorisation. Nevertheless, the User should be aware that security measures on the Internet, because of their nature and global scope, are not invulnerable.

5. Data subject’s rights

The data subject has the right to request access to it, request it to be rectified or cancelled, as well as its processing to be limited, and to oppose the aforementioned and the portability of his/her data, in the cases stipulated in the General Data Protection Regulation. In the event of any incident that you consider to be a violation of your rights, you may lodge a complaint with the Spanish Data Protection Agency.

With the aim of guaranteeing adherence to the personal data protection regulations, the CONSEJO REGULADOR D.O.Ca RIOJA has received legal advice from the specialised firm Picón & Asociados Abogados.