Privacy Policy

  1. Data Controller
    Any data provided by Users shall be included in a file owned by THE GRAND WINES S.L.U.
    Holder: The Grand Wines Premium, S.L.U. (hereinafter, “The Grand Wines or TGW”)
    Registered office: C/ General Alava, 10-3, Oficina 7, 01005 Vitoria
    Tax ID No.: B01513001
    Email: info@thegrandwines.com
    Telephone: (+34) 654682296
    Registry data: Commercial Register of Álava. Volume 1541, Folio 59, Book 0, Sheet VI-16601, 1st entry

  2. User
    The express acceptance of the corresponding Policies, Terms and Conditions shall authorise The Grand Wines Premium, S.L.U. (hereinafter TGW) to process the User’s personal data.
    To use the Website services, Users must register through the registration form/s provided for this purpose and grant their free, voluntary and express consent to the processing of their data.

  3. Data processing
    This Privacy Policy is applicable to all the information TGW collects, stores and processes in the provision of the service and while browsing and using the Website.

    TGW shall process and store all the data that Users provide and manage in their profile.

    TGW may establish mechanisms that facilitate the registration process on the Website through different channels. Specifically, TGW may establish, with the IBERIA PLUS customer’s prior consent, a process that allows obtaining from IBERIA information belonging to the User in their IBERIA PLUS account and that is necessary to register as a TGW customer. In this case, the customer shall be duly informed via the website.

    TGW shall be the owner of a file containing the following personal data, and the User expressly accepts that these are incorporated into the file for the stated purposes: (I) any data provided or authorised to incorporate by the User when registering on the Website; (ii) data arising from the business relationship with CDV, (i.e. data arising from using different Services); (iii) data arising from computer processes in which CDV and the user are participants (cookies, browsing habits or use of the Website); and (iv) any data that TGW can infer from lawfully-obtained data, among others, georeferenced data. If the Member provides a different address through the Billing/shipping details form than the one appearing in their customer profile, this data shall be processed exclusively for managing and delivering the order. Once the purpose has concluded, it shall be kept for future use by the customer in subsequent visits.

    As an exception to the above, TGW shall collect on behalf of Iberia and Avios Group Ltd. (the latter as the issuing entity of the IBERIA PLUS programme’s “Avios” currency and as the company managing Avios balance accounts belonging to IBERIA PLUS customers) and shall communicate to these entities either the price amount of the purchases made by the IBERIA PLUS customer in the TGW website or establishment/s or the number of Avios obtained/consumed by the IBERIA PLUS customer as a result of such purchases, or both for the purpose of correctly debiting/crediting the Avios obtained/consumed by said customer in their Avios account. TGW must also communicate the product returns made by IBERIA PLUS customers so IBERIA and Avios Group Ltd. can apply the corresponding corrections to the Avios balance.

    All this data shall be processed generally for the purpose of managing and providing the services offered by the Website, their maintenance, improvement and delivery, via electronic or non-electronic means, of information and/or advertising and offers related to own or third-party products and services from the following sectors: loyalty, food, home, textiles, insurance, loans, optics, real estate, telecommunications, technology, IT, consumption, sport, leisure, free time, tourism, beauty, perfume, payment methods and jewellery, in which the User may be interested and where TGW or the companies comprising the Araex Grands Group carry out their activity, always according to the Programme’s criteria and/or to the User’s profile and offering their participation in different promotions.

    In any case, by registering, Users accept that TGW process their data for commercial purposes, advertising activities and commercial research via electronic means of communication.

  4. Opposing the reception of marketing communications
    Users can exercise their right of opposition when processing their data for promotional purposes and receiving this type of deliveries by contacting us via the form provided for this purpose or by calling (+34) 654682296 at any given time.

  5. Exercising the rights of access, cancellation and rectification
    Users may exercise their rights of access, rectification, cancellation and opposition (ARCO Rights) at any time by writing to TGW, FAO Legal department via the form provided for this purpose or by calling (+34) 654682296.

  6. Security Measures and Confidentiality of Information
    The personal data of Users are stored in a file owned by TGW that guarantees the appropriate technical and organisational measures that ensure the integrity, confidentiality and security of the personal data provided in accordance with the current state-of-the-art. TGW maintains security levels for the protection of your data in accordance with the following regulations:

    • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
    • LOPDGDD: Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights for personal data protection has established all the technical means at its reach to avoid the loss, misuse, alteration, unauthorised access and theft of the data provided by Users. However, Users are informed that security measures on the internet are not invulnerable
  7. Minors
    Minors cannot register on IBERIA PLUS. An authentication mechanism does not allow the registration of (a) those who do not enter their year of birth with using characters, which must show that they are of legal age, and (b) those who do not expressly accept their majority of age.

  8. Personal data protection policy for customers and passengers
    Our Privacy Commitment

    TGW is committed to respecting your privacy and protecting your personal data.

    • We shall be transparent about the data we collect and what we do with it.
    • We shall use the information you give us for the purposes described in our Privacy Policy, which include providing you with services you have requested and enhancing your experience with TGW.
    • We shall also use the information to help us understand you better and so that we can provide you relevant offers.
    • If you tell us you do not want to receive marketing messages, we shall stop sending them. We shall, of course, continue to send important information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary.
    • We shall send you relevant important information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary.
    • We shall put in place measures to protect your information and keep it secure.
    • We shall respect your data protection rights and aim to give you control over your own information.

    The Privacy Policy detailed below shall help you understand better how we use your personal data. In it, we explain in more detail the types of personal data we collect, how we collect it, what we may use it for and whom we may share it with.

    Within our full Privacy Policy, you can find some specific examples of why and how we use your personal data. If you have further questions please get in touch with us at our Data Protection Office by email at thegrand@thegrandwines.com.

    Without prejudice of your rights under the relevant applicable laws, this Privacy Policy and the information above have no contractual nature and are not a part of your contract with us.

  9. Data Controller
    Any personal data processed by CDV in connection with this Privacy Policy is controlled by The Grand Wines Premium, S.L.U. (hereinafter, “The Grand Wines or TGW”)
    Registered office: C/ General Alava, 10-3, Oficina 7, 01005 Vitoria
    Tax ID No.: B01513001
    (hereinafter, “TGW”), which is considered the “data controller” under applicable regulation on data protection. Our contact address for this purpose is Ramón y Cajal nº 7 1º A 01007 or by the aforementioned email

    Any third-party service provider that can be accessed through our website, such as a hotel or a car rental company, shall also be individually a data controller. You shall be able to access the services offered by these third companies through our website, which shall redirect you to their websites. There you will find these provider’s data protection policies.

    What do we mean by personal data?
    Personal data means details which identify you or could be used to identify you, such as your name and contact details and purchase history. It may also include information about how you use our websites and mobile applications.

  10. When does this policy apply?
    This Privacy Policy applies to personal data about you that we collect, use and otherwise process in connection with your relationship with us as a customer or as a potential customer or as a member of our Loyalty Schemes, including when you travel with us or use our other services -such as our gastronomy, wine tourism and training offer-, use our websites, contact our service agents or call centres and when you purchase our products.

    When we refer to other entities being data controllers within the sections “Data Controller” or “With whom do we share your personal data?”, you should consult their own privacy policies for further information.

  11. How can you protect your personal data?
    We make serious efforts to care for and protect your personal data when you share it with us. Below you can find some recommendations on how to keep your personal data safe.

    Do not share your CDV personal area login data
    To make sure that access to your personal area in our webpage and mobile application is safe please do not share your login data with anyone. When you finish using our website, online services or mobile applications please make sure to end your session if someone else may access your computer or device. This is particularly relevant if you are using a public access computer or device.

    Be cautious and protect yourself from internet fraud and “Phishing”
    There is a broadly spread type of internet fraud practice known as “Phishing” aimed to illegally obtaining your personal data by deception. Unsolicited emails are sent to individuals from a list that has been illegally obtained, and recipients are requested to insert or confirm their passwords or bank details in a false or cloned website.

  12. When do we collect personal data?
    We collect personal data about you every time you use our services (whether provided by us or by other companies or agents acting on our behalf), including when you travel with us, when you use our website and when you interact with us through electronic means or our customer service centres.
    Some examples of when and how we collect information are as follows:

    • When you book or search for a wine or other products or services on our website or mobile app
    • When you register with our loyalty programmes
    • When you fill in a satisfaction survey and include complaints, compliments, recommendations and suggestions
    • When you take part in our competitions or you register for one of our promotions, and when you decide to interact with us through your social media profile on Facebook or Twitter, for example
    • When you click on any of our emails or browse our website. We may also receive information about how you found us on the internet or about the sites you have visited previously

    For further information, please refer to the section below “What types of personal data do we collect and retain?”

    We may also receive personal data about you from third parties such as:

    • Companies to which we have outsourced the provision of specific services for you
    • Companies involved in our loyalty programmes and other customer programmes (such as, car rental companies and restaurants)
    • Companies that provide us with data in accordance with privacy policies that include information that may be shared with TGW
  13. What types of personal data do we collect and retain?
    When you use our services, you will need to provide us with your personal details or the details of those individual(s) who have purchased or browsed on our website.
    We collect the following categories of personal data:

    • Information you provide in order for TGW to complete and manage an order you have made with us or a service you have requested from us.

      Examples: Your name, address, email, date of birth, gender, passport or other national ID number, your account details and payment information.
      If you buy for another address, we may collect the data to show it directly when you buy again on the website.

    • Data about your gastronomy or wine tourism programme.

      Examples: Details of your booking, travel itinerary, details of any additional assistance you require and other information related to your “experience” with us, such as meal preferences or dietary requirements.

    • Information about your online logins and other interactions.

      Examples: We shall retain your data to guarantee our correct interaction with you when you have registered with us TGW or joined our loyalty scheme Iberia Plus.

      We shall retain your data when you have taken part in any of our contests or promotional initiatives, or when you have interacted with us through social networks such as Facebook or Twitter.

    • Information about your use of our websites and mobile applications.

      Examples: To help us customise your personal data and to improve our website we use “cookies” and other similar technologies and collect information about your searches and the contents you have visited on our website, such as what website you are surfing from, or the banner advertisements or links appearing in our marketing partners’ websites.

      We shall use the information gathered in the cookie to better understand you as our customer.

    From your use data we may learn that you have visited clubdelvino.iberia.com and searched for a product, but you have not made your reservation yet.
    We might use this information to contact you and offer you further information on this wine or the one you might be interested in.

  14. What do we use your personal data for and under what legal basis do we use it?
    The main purposes for which we use your personal data are:

    • Based on our contractual relationship with you, to fulfil your purchase arrangements and deliver the services you have asked for.
      Examples: We will need to use your name, address, email, contact details, date of birth, gender passport or national ID information, and payment data and information so that we can process your purchases and bookings, process your delivery arrangements, collect consideration for our services, provide information required by relevant authorities -such as tax, custom or immigration authorities- and so that TGW knows who has purchased or booked.
    • Based on our contractual relationship with you, to send status update and operational and servicing communications to you about the service contracted, no matter the channel you may have booked our services through –whether direct sales or through an agency/ or other company that sells travel or experiences, online or face to face, etc.

      We may also use the contact data you to notify you of other type or operational communications about delivery, transportation, bookings in…

    • Based on our legitimate business interest, to provide services tailored to your requirements and to treat you in a more personal way.
      Examples: We may personalise the experience you have while travelling with us. For example, a member of our team or host may welcome you back on your arrival to the reception for the experience.
    • Based on our legitimate business interest, to carry out analysis and market research.
      Examples: We shall analyse the way in which our sales channels, products and services are being used by customers so that we can understand how to improve the service we offer.
    • Based on our legitimate business interest, to carry out direct marketing and keep you informed of TGW’s products and services that better suit your needs and preferences, in our understanding.
      Examples: We may send you information on our products and services by email, push messages from our app or text messages.
      We may adapt our apps, websites, emails and other communications to guarantee they are of your highest interest –including, for example, offers and/or services related to your tastes or similar ones.

      To better understand your purchase preferences and your needs when you book “experiences” with us and to offer information on special offers such as the selection of a specific type of grape, gastronomic offers or wine tourism class upgrades.

    • If you are a CDV member, and based on your consent previously granted for such a purpose to carry out direct marketing by electronic means and to keep you informed on the products and services that better suit your needs and preferences, in our understanding, as well as to send to you tailored electronic marketing communications on products and services from other Araex Grands Group companies.
    • Based on your consent previously granted for such a purpose we may record telematic communications and instructions whenever you are using any customer centre or sales service, and in such cases we will process your personal data, including your voice when you address us through these channels, to provide evidence of the transactions performed for any relevant legal purposes.
    • Based on your consent previously granted for such a purpose by explicitly consenting on hiring such services, to transmit your data to other Araex Grands Group companies or to third companies the group works with -such as, for example, third party companies whose products and services are offered and/or may be contracted through our website-, in the cases where you are contracting such products or services. The information we transmit in these cases will be exclusively limited to that personal data you have made available to us and is strictly required to contract the product or service in question.
    • Based on our contractual relationship with you, to send updated information and operational communications to you.
    • Based on our legitimate business interest, to improve our website, products and services.
      Examples: We may monitor how you and other customers browse our website so that we may identify ways to improve your browsing experience with us.
      We may also invite you to take part in surveys to learn more about your level of satisfaction with our service, the provisions received when purchasing at TGW and the use of our services.

    • Based on our contractual relationship with you, to manage transactions, operations, contracting products and services by any means, or to solve any type of query, complaint, claim or recommendation you may have posed.
    • Based on the fulfilment of our legal obligations, as applicable, we may use your personal data for management and administrative purposes.
      Examples: We may use and retain your personal data, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches, crosschecking information with financial entities and other electronic payment entities, and payment card validation checks) and systems testing, maintenance and development.

    • Based on the fulfilment of our legal obligations, to properly manage emergency, wreck or force majeure situations we may need to transmit your personal data to different kind of people, companies or entities whose help is essential for CDV in such cases.
  15. When will we send marketing communications to you?
    When we collect information directly from you, we will ask you if you are happy to receive our marketing communications or to join CDV. Please note that these marketing communications may refer to our own products and services and, sometimes, they may refer to products and services from other members of our group companies or from third party entities.

    Should our intention not be based on your consent previously granted for such a purpose, but on our legitimate business interest, we shall inform you on this in a clear way and you shall be granted the right to opt-out from receiving such communications.

    How can you change what marketing communications you receive and how you receive them?
    If you decide you would no longer like to receive marketing communications, you can change your mind at any time. The ways to withdraw your consent are described below:

    • If you are a CDV MEMBER, you can change your privacy preferences at any time by amending your communication preferences on your profile online at www.clubdelvino.iberia.com, accessing your CDV private area, section “My Account”; or by using online application form for individual rights processing available at our website via this path in contact.

    In addition, each marketing communication we send by email shall also have an “unsubscribe” or an “amend my contact preferences” option which will allow you to customise the marketing emails you receive from CDV or stop receiving them completely.

    We shall respect your decision on what communications you want to receive and the means or channels you prefer that we use for such purposes, as long as we are able to provide options for you to personalise your delivery preferences.

    You may also stop any further SMS/MMS messages by replying with the word “STOP”.

    We shall do our best to manage your unsubscribe requests as soon as feasible within a maximum term of 30 calendar days.

    Please note that if you tell us that you do not wish to receive further marketing communications, you shall still receive operational communications related to the products and services that you contracted, for example, to confirm your purchase or to provide you with an update on its status.

  16. How long do we keep personal data?
    We will keep your personal data for as long as we need it for the purpose it was collected, unless you request us to delete it and in such a case provided that CDV has no longer the need to keep your information for other reasons.

    For example, where you make a purchase with us we shall keep the information related to it so we can fulfil the specific services arrangements of the purchase you have made and after that, we shall keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking.

    The information may also be retained so that we can continue to improve your experience with CDV and to ensure that you receive any benefits from our programmes.

    We shall actively review the information we hold and either delete it securely when there is no longer a legal, business or customer need for it to be retained; or in some cases anonymise it in order to keep using it for administrative or statistic purposes or to develop generic profiles and segmentations that help us learn more about our types of customers in general and their relevant needs and preferences.

    Please note that when you withdraw such consent, or in the cases where you exercise your right to supress your personal data, we may still have to keep the information blocked and available to courts, tribunals and other relevant authorities for the term established by law in order for CDV to meet its responsibilities arising from processing your data.

    With whom do we share your personal data?
    We may share your personal data with the companies in the Araex Grands Group.

    We may share information with these companies so that they can help us to provide services to you and get to know you better.

    We may also disclose your personal data to the following third parties for the purposes specified below:

    • Customs authorities in any country in your purchase itinerary. CDV is obliged by the laws of the EU, USA and other countries to provide the border and customs authorities with access to information about purchases when the purchase originates in or is destined to those countries.
      For example, if your purchase involves delivery to the USA, we shall supply this information to the relevant US authorities.

    • Other service providers that are necessary to provide you with the services you request: for example, if part of the delivery includes the service operated by a different airline and includes specific services related to the booking that you have decided to book. These companies and service providers shall be identified when you make your booking and we shall inform you of the data communication we will need to disclose to them, either in advance or when we disclose your data. Your interest in contracting these services with third parties shall be understood as your express consent to disclose your data.

      CDV follows strict criteria when selecting service providers in order to comply with data protection obligations. It also undertakes to sign a data protection agreement with them imposing a set of obligations, including the following: use appropriate technical and organisational methods; process personal data for the agreed purposes and strictly in accordance with the written instructions from Iberia; and erase or return the data to CDV once the services have been provided.

    • Credit and debit card companies, credit reporting agencies and fraud control service providers, to process payments and, where necessary, carry out fraud controls.
    • In response to legal and valid requests from governments and law enforcement agencies, such as customs and immigration authorities and fraud and organised crime agencies. Please note that it may also be carried out for reasons of control and public safety.
    • External providers to which we outsource services, such as carrying out marketing initiatives or conducting customer surveys on our behalf.
    • Third parties such as law firms and courts, to demand compliance with or the execution of an agreement with you.
    • Third parties such as the police and regulatory authorities, to protect our rights and properties or the safety of our customers, employees and assets.
    • If required to comply with a legal obligation in any jurisdiction, even if the obligation is derived from an action or omission by CDV (for example, our decision to operate in a specific country or a decision related to that).

    We shall not sell your personal data to third parties, and we shall only allow third parties to send you commercial communications if you have given your consent.

  17. To which countries shall your personal data be sent?
    Your personal data may be sent to third parties outside the country in which you are located and in particular outside the European Economic Area.

    Likewise, we may have to transfer your personal data to third parties located outside your country in order to allow such third parties to provide services and products you have requested.

    • For example, we will need to provide the data to manage the delivery of the order or manage the booking and invoicing to our purchase agents that provide these services to us outside Spain.
  18. What are your rights when you supply your details to us?
    You may exercise, at your convenience, the rights to access, rectify and delete your personal data; to limit processing carried out with your data or to oppose to such processing; to request portability of your personal data; and to request not to be affected by automated decisions by any of the following means:

    • If you are a CDV MEMBER, then you may exercise most of the aforementioned rights in your own online profile at www.clubdelvino.iberia.com, accessing your personal Iberia Plus area, section “My Account”.
    • To exercise any other right or if you are NOT A CDV MEMBER, then you may exercise your rights through our online webform for personal data rights request available at https://www.clubdelvino.iberia.com/contacto/.

    In order to answer your request we shall ask you to provide the personal information and documentation requested as mandatory:

    • Full name of the requestor
    • ID card
    • Contact details (at least, contact email)
    • Details of your request
    • Any information that may help us locate the data you are requesting for, such as order numbers and dates
    • A copy of your ID card or passport, so that we may verify your identity
    • If you are requesting information on behalf of someone else, then we shall ask you to provide a signed authorisation from such individual and a copy of their ID card or passport
  19. What Data Protection Authority should I address in order to exercise my rights?
    You may always address the Spanish Data Protection Authority (“Agencia Española de Protección de Datos”) and submit a claim, especially in the cases where you deem that we have not satisfied your individual rights, at www.agpd.es.
    Incorporating personal data of CDV registrations to the files of The Grand Wines Premium, S.L.U.
    In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and Council of 27 April consistent with the application as of 25 May 2018 of the EU’s General Regulation of Data Protection, it is informed that all personal data provided by the User via the website accessible through the domain named www.thegrandwines.com and its subdomains (hereinafter, “the Website”) shall be incorporated and treated in the files owned by The Grand Wines Premium, S.L.U. (hereinafter, “The Grand Wines or TGW”) that has modified its Privacy Policies, which govern the processing of your personal data in relation to The Grand Wines Premium, S.L.U.
    Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

    Please, read carefully the basic information about data protection below. If you need further information about it, please follow the links that you will find in each one of the informative sections.

    Data Controller
    Identity: The Grand Wines Premium, S.L.U.
    Contact details of the Data Protection Officer: thegrand@thegrandwines.com or by telephone (+34) 6546882296.
    Purpose of data processing: Commercial management, service improvement, purchase management and request management.
    Legal basis for processing data: the execution of a contract or by customer consent.
    Recipients: no data shall be transferred, unless expressly authorised by the same and due to legal requirement.
    Right of access, rectification or deletion of personal data, limitation or objection of processing thereof, withdraw consent and/or portability.
    Source: If not obtained from the interested party, their source and category must be reported.
    Data Controller
    Identity: The Grand Wines Premium, S.L.U.
    Tax ID No.: B01513001
    Address: General Alava, 10-3, Oficina 7, 01005 Vitoria
    Telephone: (+34) 945150589
    Email: thegrand@thegrandwines.com
    DPO contact: thegrand@thegrandwines.com

  20. PURPOSE
    The main purposes for which we use your personal data are for the following: provide marketing and promotional communications services; manage the contractual relationship with you; sale of The Grand Wines products; profile development; enable services provision requested by the User; and keep the User informed, even by electronic and non-electronic means, about the products and services provided by TGW, which may send the User information regarding the products and services of third parties belonging to the following sectors: textile, fashion, leisure and entertainment, sports, food and beverages, aesthetics and personal care, telecommunications, financial, insurance, travel, real estate, construction, training, consumer goods, automotive, security, energy, water and NGOs. If you do not wish to receive this type of communications, you can specify so by sending an email to info@thegrandwines.com.

    All data provided via e-forms and/or by email and/or telephone required for the correct identification of the sender and which enable us to manage our business shall be processed with strict confidentiality in accordance with current law and shall only be used by The Grand Wines Premium, S.L.U. for the purpose indicated and never transferred to third parties.

    The main reason we collect your personal data is to facilitate and improve the service customers and users expect from us. We collect your personal data to manage your purchases, requests you make to us, either through our website, by telephone or on paper format.

  21. LEGITIMACY
    We process your personal data based on your consent to send marketing communications and the need for processing in order to execute the agreement entered with you, which is the sale of The Grand Wines products.

  22. RECIPIENTS
    Our service providers, located within the European Economic Area, may have access to your personal data.

  23. ADDITIONAL INFORMATION

    THESE ARE THE PURPOSES WE HAVE IDENTIFIED:

    • Management of the contracting of products or services we offer related to distance selling and management of shipments and returns
    • Channel requests for information, suggestions and claims from customers for management and resolution
    • Surveys to improve our services
    • Keep our customers and users informed about our latest products, offers and opportunities, among others, via email, but only if you provide your consent
    • Compliance with legal obligations, including, but not limited to, Act 10/2010 on the Prevention of Money Laundering

    However, the User is informed that the security measures taken by The Grand Wines Premium, S.L.U. are not invulnerable.

    You can see the additional and detailed information on Data Protection in our Privacy Policy. If you have any questions or concerns about the way we process and use personal data or wish to exercise any of your rights, please contact Magda Sierra by email at m.sierra@araex.com or by postal mail for her attention at Calle Ramón y Cajal 7, 1a, 01007 , Vitoria – Gasteiz, indicating your Full name, contact telephone number and a copy of your ID card or official document proving your identity. You may also contact our Data Protection Officer, Magda Sierra, at m.sierra@araex.com.

    Publishing of personal data on the website
    Unless otherwise specifically stated, all data requested from the user in the registration process and the forms available at www.thegrandwines.com are mandatory. The omission of any of them could lead to the impossibility of providing the services requested and/or addressing your requests. Please inform about any change to your data so that the information contained in TGW‘s files is up-to-date and correct at all times. In this regard, you state that the information and data provided are accurate, current and true.

    Personal data shall be kept in the database for an unlimited period.

    Exercise of rights
    You may exercise the right of access, rectification, cancellation and opposition as well as revoke your consent for the commercial processing of your data. For this purpose, you may contact Magda Sierra by email m.sierra@araex.com or by postal mail for her attention at Calle Ramón y Cajal 7, 1a, 01007 , Vitoria – Gasteiz, indicating your Full name, contact telephone number and a copy of your ID card or official document proving your identity.

    Security measures
    Your personal data shall be processed by TGW with full confidentiality keeping the mandatory duty of secrecy in respect thereof and in accordance with the provisions of the applicable regulations, adopting all the necessary technical and organisational measures to ensure the safety of your data and to avoid its alteration, loss, processing or unauthorised access, given the state of technology, the nature of the data stored and the risks to which it is exposed.

    LEGAL BASIS
    The legal basis for data processing can be the execution of a contract, compliance with a legal obligation, public or legitimate interest, protection of vital interests and interested party’s consent. In the latter case, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
    The communication of personal data is a prerequisite to enter a contract, and should therefore be provided. If not provided, the contract shall not be formalised and we cannot complete any transaction.

    TIME YOUR DATA IS STORED
    We only store your personal data for as long that we need it to be able to use it in accordance with the purpose for which it was collected and according to the legal basis for the processing thereof, in accordance with applicable law. We shall keep your personal data while there is a contractual and/or commercial relationship with you, or so long as you do not exercise your right to erase, cancel and/or limit the processing of your data. In these cases, we shall keep the information duly blocked, without giving any use to it, as may be necessary for the exercise or defence of claims or may be caused by some kind of judicial, legal or contractual accountability that need to be addressed and for which recovery is necessary.

    LEGITIMACY FOR PROCESSING YOUR PERSONAL DATA
    The legal basis or legitimacy for the processing of personal data provided through our website and/or through the different Customer Service channels is the express consent requested from the User by means of agreement and acceptance as a result of checking the “Privacy Policy” box in the following sections:

    • Subscription to the monthly newsletter
    • Contact form
    • Order
    • Quote acceptance

    The User can withdraw at any given time their consent to the processing of the provided personal data, for which they granted conformity, without affecting the lawfulness of processing based on consent before its withdrawal.

    The personal data requested are appropriate and necessary for the fulfilment of a contract and/or commercial relationship, the compliance with different legal obligations, purposes of legitimate interest -e.g. fraud prevention or managing requests-, queries or possible claims that may arise, and the delivery of special offers, with your consent. The user is not forced to provide them, but their refusal may limit the ability to respond to their queries and to formalise sales agreements.

    DISCLOSURE OF YOUR PERSONAL DATA
    There are cases where we have to disclose the data you have provided us to third parties in order to carry out the requested service. These include logistics, transport and delivery companies services, installation and/or assembly companies, etc. In addition, there are companies that provide us with other kinds of services, such as information technology (information storage and processing), financial services, audit services, etc. These third parties may only access personal data required for providing said services. They are required to keep your personal data confidential and may not use it in any way other than as requested by us. In any case, The Grand Wines Premium, S.L.U. accepts liability for personal data provided to us. We request that companies with which we share your personal data protect it to the same extent as we do. In addition, your personal data shall be accessible by Public authorities, Judges and Courts for addressing any liabilities arising as a result of processing your personal data.

    Prohibition for minors
    All children under 18 shall not provide personal data to TGW even with the prior consent from their parents or guardians. Please, if you are a minor, ask your parents or guardian to contact us.

    Communication of third parties’ personal data to TGW
    Prior to the provision of third parties’ personal data on the Website, the User must obtain their prior express consent, having informed them about the terms contained in this Privacy Policy. The User undertakes to hold TGW harmless against any possible claim, fine, penalty or sanction that may be required to be borne as a result of the User’s failure to comply with the responsibility described in this paragraph.