23 de Mayo de 2018

HERMANOS GARRIDO ÁVILA (the "Company") is an organisation that processes personal data, which gives it significant responsibility for designing and organising procedures in line with legal compliance in this area.

In the exercise of these responsibilities and in order to establish the general principles that should govern the processing of personal data in the Company, it approves this Personal Data Protection Policy, which it notifies its Employees and makes available to all its Interest Groups.

1. Purpose

The Personal Data Protection Policy is a proactive responsibility measure that aims to ensure compliance with applicable legislation in this area and in relation to it, respect for the right to honour and privacy in the processing of personal data of all persons who are related to The Company.

In development of the provisions of this Personal Data Protection Policy, the Principles governing data processing in the organisation are established and, consequently, the procedures and organisational and security measures that the persons affected by this Policy undertake to implement in their area of responsibility. To this end, the Management will assign responsibilities to the personnel participating in the data processing operations.

2. Scope of application

This Personal Data Protection Policy shall apply to the Company, its administrators, managers and employees, as well as to all persons related to it, expressly including service providers with access to data ("Data Processors").

3. Principles of personal data processing

As a general principle, The Company will scrupulously comply with the legislation on the protection of personal data and must be capable of demonstrating this ("proactive responsibility" principle), paying special attention to those processing operations that may pose a greater risk to the rights of those affected ("risk approach" principle).

In relation to the above, HERMANOS GARRIDO ÁVILA will ensure compliance with the following


➔ Lawfulness, loyalty, transparency and purpose limitation The processing of data must always be informed to the data subject, by means of clauses and other procedures; and it will only be considered legitimate if there is consent to the processing of data (with special attention to that given by minors), or has other valid legitimacy and the purpose of the processing is in accordance with the Regulations.

➔ Data minimization. The data processed must be adequate, relevant and limited to what is necessary in relation to the purposes of the processing.

➔ Accuracy. The data must be accurate and, if necessary, updated. To this The necessary measures shall be taken to ensure that they are removed or rectified without delaying personal data that are inaccurate in relation to the purposes of the processing.

➔ Limitation of the conservation period. The data will be kept in such a way as to allow identification of the data subjects for no longer than is necessary for the purposes of the processing.

➔ Integrity and Confidentiality. The data will be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, through the application of appropriate technical or organisational measures.

➔ Data transfers. It is forbidden to purchase or obtain personal data from illegitimate sources or in cases where such data has been collected or transferred in contravention of the law or where its legitimate origin is not sufficiently guaranteed.

➔ Contracting suppliers with access to data. Only suppliers who offer sufficient guarantees to apply appropriate technical and security measures in the processing of data will be chosen for contracting. The appropriate agreement in this respect shall be documented with these third parties.

➔ International data transfers. Any processing of personal data subject to European Union regulations that involves a transfer of data outside the European Economic Area must be carried out in strict compliance with the requirements established in the applicable law.

➔ Rights of those affected. The Company will facilitate the exercise of the rights of access, rectification, suppression, limitation of processing, opposition and portability to those affected, establishing for this purpose the internal procedures, and in particular the models for their exercise that are necessary and appropriate, which must at least satisfy the legal requirements applicable in each case.

The Company will promote that the principles set out in this Personal Data Protection Policy are taken into account (i) in the design and implementation of all work procedures, (ii) in the products and services offered (iii) in all contracts and obligations that are formalised or assumed and (iv) in the implementation of any systems and platforms that allow access by employees or third parties and/or the collection or processing of personal data.

4. Commitment of the workers

Employees are informed of this Policy and declare that they are aware that information of a personal nature is an asset of the Company, and in this respect they adhere to it, committing themselves to the following:

* Carry out the data protection awareness training that the company makes available to you.

* To apply the security measures at user level that apply to their work station, without prejudice to the responsibilities in its design and implementation that may be attributed to them according to their role within HERMANOS GARRIDO ÁVILA.

* Use the formats established for the exercise of Rights by those affected and inform the Company immediately so that the response can be made effective.

* To inform the Company, as soon as it becomes aware, of deviations from the provisions of this Policy, in particular of "Violations of personal data security", using the format established for this purpose.

5. Monitoring and evaluation

A verification, evaluation and assessment will be made annually, or whenever there are significant changes in the processing of data, of the effectiveness of the technical and organisational measures to guarantee the security of the processing.








Management of your query/request sent through our website


Your consent expressed by the checkbox.

Target group

No data will be passed on to third parties, unless legally obliged to do so


Access, rectify and delete data, as well as other rights, as explained in the additional information

Further information

Additional and detailed information on Data Protection can be found at