PRIVACY POLICY

In accordance with the stipulations of the applicable regulations for the protection of personal data, the User is informed of the following:

1. Responsible for data:

COMPAÑÍA ESPAÑOLA DE PETRÓLEOS, S.A.U. (from here onwards Cepsa).
NIF: A28003119

Registered Office Address: Paseo de la Castellana, 259 A, CP 28046 Madrid (Spain).

Contact Data Protection Officer: dpo@cepsa.com

2. Purpose of the processing of personal data

The personal data provided through the website will be incorporated into records of processing activities owned by Cepsa or Cepsa Group Companies, referenced on www.cepsa.com with the following purposes:

    • Manage Users of the Website and, if applicable, the activation and administration of the registration as a User in the reserved area of the Website.
    • Provide the services included in the Website and / or provide the information requested, either via the web, by email or by telephone. Telephone calls can be recorded in order to guarantee the quality of the service. Emails may report confirmation of receipt and reading.
    • Manage the contractual or commercial relationship established between Cepsa and the Users.
    • Manage and maintain a unique registry of Clients of Cepsa Group Companies, in the promotional program ‘Porque TÚ Vuelves’. (More information under promotional system conditions).
    • Provide Users with customized products and services or content through the acquisition of profiles and segmentation or CRM work, expanding and improving those with which the Client currently has.
    • In cases where the User expressly consents to it, send advertising communications and commercial information, by different means (emails, SMS, sales tickets...), about Cepsa, Cepsa Group entities or third parties (provided through Cepsa itself, as a result of its collaboration agreements with them), its activities, products, services, offers, competitions, special promotions, as well as documentation of various nature that may be of interest or utility to the User, related to the sectors of energy, leisure, travel, culture, cards and other means of payment, automotive, insurance, distribution and financing, gifts, fashion, home or technology.

Equally, in each process where the User provides their personal data they will be informed of the mandatory or optional nature of their completion, and the consequences of not providing them.

3. Personal data of third parties

In the event that the personal data provided belong to a third party, the User guarantees that he has informed the third party of this Privacy Policy and has obtained his authorization to provide his data to Cepsa for the purposes indicated. It also guarantees that the data provided are accurate and up to date, being responsible for any damages, direct or indirect, that could be caused as a result of breach of such obligation.

4. Deadlines for the preservation of personal data

The personal data provided will be stored as long as the contractual relationship is maintained, it is not requested to be deleted by the User and should not be deleted as it is necessary for the fulfillment of a legal obligation or for legal exercise of rights.

 If the User revokes his consent or exercises the restriction of processing or cancellation rights, his personal data will be kept available to the Administration of Justice during the legally established deadlines to attend to the possible responsibilities arising from the treatment of the same. 

5. Lawfulness of processing of personal data

Cepsa is entitled to carry out the processing of personal data on the basis that:  

    • The client has provided their personal data for pre-contractual or contractual relations.
    • The user or client has provided informed consent for the sending of commercial communications, for the installation of tracking systems that inform about navigation habits according to the Cookies Policy, or for the sending of the required information through contact forms.
    • There are legal obligations that require the processing of personal data, according to the services provided.

6. Transfers and recipients of personal data

All the transfers indicated below are necessary for the fulfillment of the aforementioned purposes, or are carried out in compliance with a legal obligation. Personal data may be transferred to:

    • The companies of the Cepsa Group, available at www.cepsa.com
    • Public Administrations and the Administration of Justice.
    • IT service providers, including computer-based cloud computing services.

7. Rights of the data subject

Users / clients may exercise their rights of access, rectification or cancellation, restriction of processing, objection, portability, and object to automated individual decision-making to Cepsa. Likewise, they may revoke their consent in case they have granted it for a specific purpose, being able to modify their preferences at all times.

They can be exercised through the email: derechos.arco@cepsa.com, or at the following address: (Ref.: DPO-Legal Advice), Paseo de la Castellana, 259 A, 28046-Madrid (Spain).

The User is informed that he/she can address any type of complaint regarding personal data protection to the Spanish Agency for Data Protection www.agpd.esthe Spanish State Supervisory Authority.  

Madrid (Spain), November 2017.

Continue reading  min