Flores de azafrán, cultivos ecológicos frisafran

Privacy Policy

In order to guarantee and protect the privacy and confidentiality of the personal data of the Users of our website and in order to protect their privacy, we have drafted, in accordance with current legislation, this Privacy Policy.

The terms set out below, and especially the duty of confidentiality, will be mandatory for all internal or external personnel who work or may work with us and who have access to the data you provide us, whether during browsing on our website, through the use of our forms, or during the contracting or provision of services.

We reserve the right to modify the content of this Privacy Policy in order to adapt it to new legislation or case law, as well as to reports or opinions issued by the Spanish Data Protection Agency or the Article 29 Working Party.

If we intend to use the personal data of Users, Potential Clients, or Clients in a manner different from that established in the Privacy Policy in effect at the time you provided the data; or if we intend to process it for purposes other than those indicated when you provided your data, we will make every effort to contact you as the data subject to inform you and obtain your consent again. Otherwise, we will not use the data for any other purpose.

We advise Users to review this text each time they access our website to ensure they understand the purposes and uses we may make of their data.

This Privacy Policy will form part of and be permanently linked to the provisions of our Terms and Conditions in the Legal Conditions of the contracted service and in our Cookies Policy , these texts are available to users on our website and we advise you to read them.

At all times we will indicate the date of the last update of the Privacy Policy so that Users are aware of the effective content that applies to them and the date of the last revision.

FRISAFRAN SL, hereinafter FRISAFRAN, states that this Privacy Policy is adapted to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter GDPR).

Our Policies

1. Data Controller.

The data controller for the data collected, processed, and stored through this website and in connection with the services provided and contracted through it is FRISAFRAN, with Tax Identification Number (NIF) B71421580, and registered address at C/ Monasterio de Irache, 4 bajo, 31591, Corella (Navarra), Spain. Email: info@frisafran.com. FRISAFRAN is registered in the Mercantile Registry of Navarra, Volume 2009, Book 0, Folio 31, Page NA-40067, Entry 1, dated February 10, 2021.

2. Data processing.

The personal data that may be requested will consist of those that are essential to identify and attend to the request of the data subject, resolve issues raised and provide the contracted services, said data being collected for specific explicit and legitimate purposes and not being processed in a manner incompatible with the indicated purposes.

The data subject will be informed by FRISAFRAN, before the collection of their data, of the points established in this Privacy Policy, so that they can give express, precise and unequivocal consent for the processing of their data.

This acceptance extends to third parties who may need to access the files for the proper execution of the contract.

3. Data origin.

First, it is important for Users to be aware that when personal information is provided online (for example, via email or the internet), it can be collected and used by others. Therefore, FRISAFRAN is not responsible for such information being collected, stored, and/or processed by an unauthorized third party, as it has adopted all available security measures to prevent this from happening.

The origin of the data that we process and store at FRISAFRAN may come from
different places:

  • Through our website we collect personal data from those Users who voluntarily choose to complete the mandatory fields that we have included in each of the forms.
    our website.

With these forms, Users can register on our website, submit an inquiry or suggestion, request a quote for a specific product offered on our website, order a product from our website, or receive advertising and newsletters from FRISAFRAN, if they expressly authorize it. Through these forms, Users provide us with their data and consent to its processing for the purposes indicated at the time of completing the form.

Users are responsible for the truthfulness and authenticity of the data they provide through our forms, and it is their obligation to keep this data updated at all times to avoid errors on our part. Any
Any false or inaccurate statement that occurs as a result of the information and data provided through these forms will be the responsibility of the User.

  • Information may also be sent via email to www.frisafran.com. Since we provide our website to users through the domain www.frisafran.com, we inform you that it is hosted on Google Cloud Platform servers located in Europe, which implement the corresponding security measures and guarantee compliance with the GDPR.
  • Users should be informed that, if desired, a meeting can be arranged via telephone. The user must provide their name and telephone number.
  • Finally, we also offer Users the opportunity to submit inquiries and comments on topics and products that FRISAFRAN may publish (these may be moderated based on legal and moral compliance criteria, as well as best practices and ethics). Participation will be through the comment form available once the user has registered on the website. It is essential to read the website policies on this page before posting a comment.

The purpose of processing all this data will be as indicated at the time of collection and detailed in the section “Purposes of processing and retention periods” of this Privacy Policy.

Since we make the website available to our users through the domain www.frisafran.com We inform you that it uses the services detailed below. These providers establish the corresponding security measures and guarantee compliance with the GDPR.

4. Legal basis for processing the data.

The legal basis for processing User data will depend on when the personal data of the User, Potential Client or Client is collected or processed:

  • The legal basis for processing the data collected through the participation form for inquiries/comments to be published on the website is consent. By completing the form, the participant agrees to the terms of this Privacy Policy or any specific clause.
  • The legal basis for responding to inquiries or requests is as follows: These requests do not imply any contractual relationship. The processing of data collected through the inquiry and information form, as well as the CHAT service, will be for the purpose of responding to inquiries or requests.
  • The legal basis for processing the data collected through the newsletter subscription form is consent. By completing the form, the user agrees to the terms of this Privacy Policy or any specific clause.
  • The legal basis for processing the data collected through the registration form for the purchase of products is the existing contractual relationship. By completing the aforementioned form, the interested party will accept the provisions of this Privacy Policy or specific clause.

5. Purposes of the processing and data retention periods.

The purposes for which each of the treatments will be carried out by FRISAFRAN are established in the different information clauses incorporated in each of the data collection methods - web forms, etc.

Notwithstanding the above, we detail them in full below, along with the data retention period, carried out by FRISAFRAN:

  • Contact form/form for posting queries and/or comments and Chat service: To be able to contact the User to resolve the query, doubt or suggestion, as well as to send them, if they have requested it, username and password to access their private area.

This data will be stored on the email provider's server indefinitely, unless the data subject objects. However, if the stored emails relate to the provision of services, they will be kept for as long as obligations may arise from the contractual relationship (5 years – Article 1964 of the Civil Code).

  • Information request form: This data will be used by FRISAFRAN to provide you with information and contact you regarding your expressed interest in our organization or our services.
    products/services.
  • Registration Form: This data will be used by FRISAFRAN for the purpose of providing the contracted service/contractual purpose of selling the products you have purchased and for internal organizational, accounting, tax, and administrative management. This data will be kept by FRISAFRAN for the period during which any liability may arise from the application of the pre-contractual/contractual measures requested by the interested party (5 years – Article 1964 of the Civil Code) or for a period of 6 years (Article 30 of the Commercial Code).
  • Newsletter and advertising submission form: This data will be used by FRISAFRAN to provide you with information and contact you regarding your expressed interest in receiving newsletters and advertising.
  • Data collected through Cookies: Through the Cookies described in our Cookie Policy, which we recommend you read, we collect data to personalize your experience and better meet your individual needs, improve our website, allow you to share comments on social media, etc. This data will be stored as set out in our Cookie Policy, which we refer you to.
  • Private Area: The User may access their private area with username and password and may modify or rectify their data whenever they wish, and may exercise their right to object to processing or to have their data deleted, where applicable.
    our system by contacting us through info@frisafran.com . This data will be kept by FRISAFRAN for the time during which any type of liability may be demanded arising from the fulfillment of the contract and the provision of services (5 years – article 1964 of the Civil Code).

6. Obligation to provide the requested data.

In order to provide the services optimally, Users must provide the information and personal data requested in our forms. If all the information requested and marked as mandatory is not provided, FRISAFRAN will be unable to offer its services/products or send the requested information, and therefore the services/products in which the User is interested cannot be provided.

7. Minors.

At FRISAFRAN, we strictly comply with the GDPR requirements regarding the protection of minors' data, and therefore do not intentionally collect any information from children under 14 years of age. Furthermore, we inform users that this website is intended solely for individuals over 18 years of age.

8. How we protect the information of users, potential customers or customers .

FRISAFRAN implements physical, technical, and organizational measures to maintain the security of personal data and to minimize the possibility of accidental or unlawful destruction, accidental loss, unauthorized use, alteration, unauthorized modification, disclosure and/or access, as well as any other unlawful form of processing
of your data, in accordance with the provisions of Article 32 of the GDPR.

In this regard, and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of likelihood and severity that may affect the rights and freedoms of natural persons, appropriate measures have been established to ensure a level of security appropriate to the existing risk.

In any case, FRISAFRAN has implemented sufficient mechanisms to:

  • Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services. Restore the availability of and access to personal data quickly in the event of an incident.
    physical or technical.
  • Regularly verify, evaluate and assess the effectiveness of the technical and organizational measures implemented to ensure the security of the treatment.
  • Pseudonymize and encrypt personal data, where applicable.

Notwithstanding the foregoing, as a User you acknowledge and accept that Internet security measures are not impenetrable and that the networks used on the Internet are not 100% secure, so any communication sent through this medium may be intercepted and/or modified by unauthorized persons, and therefore as a User you must also exercise extreme caution.

9. Notice of personal data breach or security breach.

A personal data breach constitutes a security breach of FRISAFRAN's information systems that results in, or may result in, the accidental or unintentional destruction, alteration, loss, unauthorized disclosure of, or access to, personal data transmitted, stored, or processed in connection with the provision of our services. In the event that the personal data we store and/or process at FRISAFRAN is compromised in any way, we will promptly notify the affected parties, in accordance with Article 33 of the GDPR.

10. Communication of data to third parties.

Personal data that users or potential clients may have provided to us through our website, or during the provision of services, will not be sold, transferred and/or exchanged with unauthorized third parties, except for legal obligation, or in the cases established below in relation to the international data transfers that we carry out from FRISAFRAN.

On the other hand, Customer data may be transferred to the Tax Administration and other Public Administration bodies, if required to do so.

11. International data transfers.

At FRISAFRAN, we use Twitter . This social network is based in the United States. Therefore, any information we upload to this social network involves an international data transfer to the US, as the data uploaded to our profiles is stored on the company's servers, also located in the US. However, FRISAFRAN does not upload or process users' personal data through this platform; users voluntarily choose to follow our page.

We inform our users that Twitter adheres to the Privacy Shield and states in its Privacy Policy, linked above, that it complies with this European Union-United States data protection framework. The list can be found here and here . You can find more information about how Twitter transfers data hosted on its platform. For complaints or claims regarding data protection, please contact us at the following address:

Twitter, Inc. 1355 Market Street #900 San Francisco, California 94103 Phone: (415)222-9670

At FRISAFRAN, we use Facebook . This social network is based in the United States. Therefore, any information we upload to this social network involves an international data transfer to the US, as the data uploaded to our profiles is stored on the company's servers, also located in the US. Facebook, Inc. has obtained certification under the EU-US and Swiss-US Privacy Shield frameworks. FRISAFRAN also installs Facebook pixels on its website to link it to user profiles and track conversions.

As mentioned, Facebook adheres to the Privacy Shield and states in its Privacy Policy, linked above, that it complies with this European Union-United States data protection framework. More information on how Facebook transfers data hosted on its platform can be found here . For complaints or claims regarding data protection, please contact us at the following address:

Facebook, Inc. 1 Hacker Way 94025 Menlo Park California 94025, USA Phone: (1)-(650)-543-4800

At FRISAFRAN, we use Google Inc. This social network is based in the United States. Therefore, any information we upload to this social network involves an international data transfer to the US, as the data uploaded to our profiles is stored on the company's servers, also located in the US. Google Inc. and its US subsidiaries comply with the EU-US and Swiss-US Privacy Shield frameworks. FRISAFRAN also uses Google Analytics and Google AdWords on its website to track user visits and to generate advertisements and improve sales through advertising.

As mentioned, Google Inc. adheres to the Privacy Shield and states in its Privacy Policy, linked above, that it complies with this European Union-United States data protection framework. More information can be found here.
Information here about how Google+ transfers data hosted on its platform. For complaints or claims
Regarding data protection, we provide the following information: Google Headquarters 1600 Amphitheatre Parkway.

Google Headquarters 1600 Amphitheater Parkway Mountain View, CA 94043 United States

At FRISAFRAN, we use YouTube . This social network is based in the United States. Therefore, any information we upload to this social network involves an international data transfer to the US, as the data uploaded to our profiles is stored on the company's servers, also located in the US. YouTube LLC and its US subsidiaries comply with the EU-US and Swiss-US Privacy Shield frameworks. However, FRISAFRAN does not upload or process users' personal data through this platform; users voluntarily choose to follow our page.

As mentioned, YouTube adheres to the Privacy Shield framework and states in its Privacy Policy, linked above, that it complies with this framework for data protection between the European Union and the United States. More information can be found here.
Information here about how YouTube transfers data hosted on its platform. For complaints or claims regarding data protection, please contact us at the following address:

San Bruno 901 Cherry Avenue San Bruno, CA 94066 United States

At FRISAFRAN, we use Instagram. This social network is based in the United States. Therefore, any information we upload to this social network involves an international data transfer to the US, as the data uploaded to our profiles is stored on the company's servers, also located in the US. Instagram complies with the EU-US and Swiss-US Privacy Shield frameworks. However, FRISAFRAN does not upload or process users' personal data through this platform; users voluntarily choose to follow our page.

As mentioned, Instagram adheres to the Privacy Shield and states in its Privacy Policy, linked above, that it complies with this European Union-United States data protection framework. More information can be found here.
Information here on how Instagram transfers data hosted on its platform. For complaints or claims regarding data protection, please contact us at the following address:

Attn: Law Enforcement Response Team 1601 Willow Road Menlo Park, CA 94025 United States

12. Data protection rights.

Any person may exercise their rights of access, rectification, erasure, restriction of processing, data portability, the right not to be subject to automated processing, including profiling, and the right to object to the processing of their personal data held in any of the files for which FRISAFRAN is the Data Controller. This can be done by submitting a request through any means that provides proof of sending and receipt, clearly stating their request and attaching a photocopy of their national identity document (DNI) and any other documents necessary to verify their identity. The reasons justifying the exercise of the right must be indicated. This request can be sent in writing to the email address info@frisafran.com or to the address C/ Monasterio de Irache 4, bajo, 31591, Corella (Navarra), Spain. Forms for exercising these rights are available to users and can be requested through our contact form.

  • Right of access: You may request information about whether FRISAFRAN is processing your personal data.
  • Right of rectification: You may request the rectification of the data, in case it is incorrect, as well as its deletion.
  • Right of cancellation: You may request the cancellation of the data; and in case there is any limitation, FRISAFRAN will keep the data duly blocked, only for the exercise or defense of claims.
  • Right to object: You may request that we stop processing your data in the manner stated, unless we have legitimate reasons to continue processing it, which we will expressly state.
  • Right to request restriction of processing: You may request at any time that we restrict the processing of your data when any of the following cases apply:
    • When you dispute the accuracy of the data processed and for a period that allows FRISAFRAN to verify its accuracy.
    • When the processing of data is unlawful under current legislation and the data subject chooses to restrict its use instead of deleting it.
    • When the affected party requires their data for the establishment, exercise or defense of legal claims.
  • Right
    to data portability: So that, in the event that the data is processed
    in an automated manner, they are returned or transferred to another company indicated by the User in a structured, automated and commonly used format.
  • Right
    Deletion: You may request the deletion of your personal data and FRISAFRAN
    must delete them without undue delay when:
    • The data are no longer needed in relation to the purposes for which they were collected or processed.
    • The affected party withdraws the consent on which the processing of the data is based, and there is no other legal basis for doing so.
    • The affected party opposes the treatment because its purpose is the direct marketing of products.
    • The data has been processed illegally.
    • The data must be deleted to comply with a legal obligation at community and/or national level.

In addition, Users have other rights, namely:

    • Right to withdraw consent: The User may withdraw the consent given for the processing of personal data for any specific purpose, whenever they wish, they only need to contact us exercising this right.
    • Right to lodge a complaint with the Supervisory Authority: Any User may contact the Supervisory Authority if they believe that FRISAFRAN is processing their data incorrectly. In the case of Spain, the supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos) , located at C/ Jorge Juan, 6, 28001-Madrid, and can be contacted by telephone at 901 100 099 / 91 266 35 17.

13. Blog.

Our website has a Blog section where users can post comments. Users can also share our articles through the social media platforms where we are present, so users should be cautious and read the Terms and Privacy Policies of the respective social network beforehand.

14. Social networks.

FRISAFRAN is present on Twitter, Facebook, LinkedIn, Google+, and YouTube, and may use other platforms in the future. Therefore, through this Privacy Policy, FRISAFRAN acknowledges its responsibility for the processing of data published by FRISAFRAN on these platforms, as well as data that Users send privately to FRISAFRAN for extraction—for example, communications requesting that FRISAFRAN address an inquiry.

Notwithstanding the foregoing, FRISAFRAN does not share or communicate any personal information of Users or "followers" on Twitter, Facebook, etc., through its profiles. We take this opportunity in our Privacy Policy to inform Users that FRISAFRAN's profile on these social networks is open to the general public, without access restrictions for other users, so that our brand, services, contests, competitions, etc., can be seen by as many people as possible. Therefore, if Users or followers of our profiles post personal information on our wall, it will be their sole responsibility.

Anyone who does not wish to "follow" FRISAFRAN on the social media platforms where it is present simply needs to unfollow the profile, following the instructions in the Privacy Policy and Terms and Conditions of the relevant social network. User data uploaded to our profiles will remain there from the moment the user gives their consent until they withdraw it by requesting its removal from the platform. FRISAFRAN's data processing within social media will be limited to what the social network allows for corporate profiles. Therefore, FRISAFRAN may inform its followers, when not prohibited by law, through any means permitted by the social network, about its activities, contests, competitions, services, etc., as well as provide personalized customer service through the social network.

Any user may exercise their data protection rights by contacting FRISAFRAN at the address and email indicated in the corresponding section. FRISAFRAN will not, under any circumstances, extract data from social media without the user's explicit consent. We strongly recommend that users read the Privacy Policies and Terms and Conditions of the social media platforms where we are present.

15. Conditions.

We strongly recommend that Users also visit the Legal Conditions, Legal Notice and Cookies Policy sections which regulate, among many other aspects, the use, disclaimers and limitations of liability that govern this website.

Last modified July 21, 2021