The website is owned by Melisterra productos naturales, SLU and complies with the requirements of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce, and current legislation on the protection of personal data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data, the free movement of such data and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.
Who is RESPONSIBLE FOR PROCESSING?
The data collected or provided voluntarily through the Website, either by browsing it, as well as all those that you may provide us with in the contact forms, via email or telephone, will be collected and processed by the File Manager, whose data are indicated below:
|Melisterra productos naturales, SLU
|Co. Tax Code (CIF):
|C/ Charles Robert Darwin, 30 – Parque Tecnológico – 46980 – Paterna (Valencia/València)
|+34 963 918 667
|Valencia, Volume (Tomo) …, Book (Libro) …, Folio (Folio) …, Section (Sección) …, Sheet (Hoja) V-…
If, for any reason, you wish to contact us (through our Data Protection Officer) on any matter relating to the processing of your personal data or privacy, you may do so by any of the means indicated above.
When, why, by whom, how, for what purpose and for how long do we process your personal data?
When and why?
You can browse most of our web pages without providing any personal information, but in some cases this information is necessary to provide you with the electronic services you request from us.
If we need to collect personal data in order to provide the service to you, we will process the information in accordance with the policy set out in this document and in the specific terms and conditions of the particular service in question (if any), which contain specific privacy statements about the use of the data and inform you why, for what purpose, how, for how long we process your personal data and what security measures we implement.
Who collects your data?
The collection and processing of personal data that you may provide to us is carried out by our company or, where appropriate, its data processors. In relation to the latter case, these processors are third parties who are contractually required to ensure that their activity respects the law and implement appropriate security measures to protect such data.
The personal data that we request from you, or that you provide to us as a result of your browsing, is used by us to manage, provide and improve the services you have requested from us.
For example, we will process your personal data in order to manage the enquiries you send us, to manage your participation in personnel selection processes, to send you electronic communications if you request us to do so, and/or to compile statistics.
In this regard, we ask you for an e-mail address when you use our contact forms on the website. We only collect the sender’s personal data necessary to reply to you.
When you subscribe to our newsletters, we also ask you for an e-mail address in order to be able to provide you with the service, in any case you can unsubscribe from the service whenever you wish and we have the means at your disposal to do so.
How do we process your data?
We collect personal information only to the extent necessary to achieve a specific purpose. The information will not be used for a purpose incompatible with that described.
We only disclose information to third parties if it is necessary for the fulfilment of the purpose of the service and only to persons who need to know them. This is so that the service can be provided by treating your personal data with confidentiality and reserve, in accordance with current legislation.
In any case, we take security measures to protect data against misuse or unauthorised access, alteration, or loss.
How long do we keep your data?
We store data only for as long as is necessary to fulfil the purpose of collection or further processing. The period of data retention will depend on the service and each service will indicate the duration of the processing of personal data.
A table with specific retention periods is provided at the end of this document.
For what purposes will we process your personal data?
We process your personal data for the purpose of (i) managing your purchase or service provided; (ii) maintaining the contractual and pre-contractual relationship for invoicing, drawing up estimates and following up the same, as well as sending you information by electronic means relating to your request; (iii) sending you communications on commercial information by electronic means that may be of interest to you, provided that you have express authorisation; (iv) we may draw up a commercial profile based on the information you provide us with in order to offer you products and services in accordance with your interests. No automated decisions will be made based on such a profile.
We process your personal data for the purpose of (i) invoicing and (ii) maintaining commercial contact, (iii) as well as sending you information by electronic means about our products or services.
Web or e-mail contacts:
We process your personal data in order to (i) answer your queries and requests; (ii) manage the service requested or process your order; (iii) send you commercial information by electronic means that may be of interest to you, subject to your express authorisation; (iv) we may draw up a commercial profile based on the information you provide us with in order to offer you products and services in accordance with your interests. No automated decisions will be made on the basis of such a profile.
Social media contacts:
We process your personal data in order to (i) answer your queries and requests, (ii) manage the requested service, answer your request or process your order and (iii) interact with you and create a community of followers.
We process your personal data in order to (i) include you in recruitment selection processes, (ii) summon you for job interviews and evaluate your candidacy, (iii) communicate your curriculum to companies in the group, collaborators or related companies with the sole purpose of involving you in their selection processes, provided that you have given us your consent.
Participants in our competitions
We process your personal data in order to manage your participation in the competitions we organise as well as to publicise the winners of the competition and the prize-giving ceremony.
Winning participants may be photographed or videotaped and broadcast in any of the media, our website, or other media. It is therefore possible that the image of the participants may be captured, recorded and/or reproduced as ancillary to the main activity.
When you browse our website, we collect information about your browser, your device and your use of our website and any information you provide to us when using our website. In an anonymised or aggregated form, we may record the IP address (the device’s Internet access identification number, which allows devices, systems, and servers to recognise and communicate with each other).
The purpose of the processing is (i) to obtain practical knowledge of how users use our website to enable us to improve it; (ii) to perform statistical analysis to help us improve our business strategy; (iii) to perform website performance analysis and (iv) for technical security and system diagnostics.
The data we collect is not related to a specific user and will be stored in our databases.
You can consult the Cookies Policy in the corresponding section.
In order to offer information or services of interest based on the User’s location, we may access data relating to the geolocation of the User’s device in those cases in which the user’s configuration for this purpose so permits.
The Portal may offer functionalities for sharing content through third-party applications, such as Facebook or Twitter. These applications may collect, and process information related to the user’s browsing on these different websites. Any personal information collected through these applications may be used by third-party users of the same. Your interactions are subject to the privacy policies of the companies providing the applications.
The Portal may host blogs, forums, and other social networking applications or services in order to facilitate the exchange of knowledge and content. Any personal information provided by the user may be shared with other users of that service, over which we have no control.
What is the legal basis for processing your data?
The legal basis for processing your data is (i) performance of a contract and maintenance of the contractual relationship and (ii) your consent, which is requested so as to send offers of products and services by electronic means, without the withdrawing of this consent conditioning the performance of the contract in any circumstances.
The legal basis for processing your data is (i) performance of a contract to which the interested party is a party or for implementing pre-contractual measures.
Web or e-mail contacts:
The legal basis for processing your data is (i) the consent of the interested party.
All our forms have a check box that must be ticked to access the services offered.
The purposes of the processing shall be the following:
- To handle queries or requests for information that you send us via the Website, email, or telephone.
- Sending communications, special promotions, news or actions that are of interest to you or that you request from us, including by electronic means. As this is an accessory purpose to the main one, you must tick the box provided for this purpose.
The personal data that you provide us by this means will not be communicated to third parties, and it is Melisterra productos naturales, SLU that answers this type of consultation directly.
Social media contacts:
Work with us:
In the event that you provide us with your curriculum vitae, either by means of the website, email or physically at the address or at any of our offices, Melisterra productos naturales, SLU will incorporate them into its database. The curriculum will be stored for a period of one year, after which, if we have not contacted you, it will be deleted.
The legal basis for processing is founded on the express consent given by the interested party for processing the data contained in the curriculum by submitting it and ticking the box provided for this purpose.
The purpose of the processing is to add you to present and future selection processes by Melisterra productos naturales, SLU or any entity belonging to the business group.
In the event that the interested party finally joins Melisterra productos naturales, SLU or any of the entities belonging to the business group as an employee, their data will be incorporated into a database owned by the same, in order to internally manage the employee/employer relationship.
The website contains the option to subscribe to the Melisterra productos naturales, SLU Newsletter. To do so, you must provide us with an email address to which it will be sent.
Such information will be stored in a database at Melisterra productos naturales, SLU, where it will be stored until the person concerned requests cancellation of the same or, where appropriate, Melisterra productos naturales, SLU stops sending this newsletter.
The legal basis for processing this personal data is the express consent given by all interested parties who subscribe to this service by ticking the box provided for this purpose.
The data from e-mails will only be processed and stored for the purpose of managing the sending of the Newsletter by users who request it.
Participants in our competitions:
The personal data collected will not be passed on to third parties.
To which recipients will your data be sent?
Your data will not be passed on to third parties outside the service we provide, unless we are legally obligated to do so. Specifically, they will be communicated to the Spanish Tax Administration Agency, banks, and financial institutions for collection of the service provided or product purchased.
Your data may also be disclosed to our service providers if this is necessary to fulfil the contract. In these cases, the processor has contractually undertaken to use the data only for the purpose justifying the processing and to maintain appropriate security measures.
What security measures do we apply?
Rest assured, we have taken appropriate technical and organisational measures to ensure the confidentiality, integrity, and availability of our processing of your personal data, in particular those that prevent the loss, misuse, alteration, unauthorised access and theft of personal data.
What are your rights when you provide us with your data?
You may exercise your rights of access, rectification, erasure, portability, restriction, or objection to the processing of your data, including the right to withdraw your consent, as detailed below:
Right of access: You can ask us whether and how we are processing your data.
Right of rectification: You can ask us to update your personal data if it is incorrect, and delete it if you wish.
Right of restriction to processing: In this case, the data will only be kept by us for the purpose of exercising or defending claims.
Right to object: Following your request to object to the processing, we will stop processing the data in the manner you have indicated, unless for compelling legal reasons, to exercise or defend against possible claims, the data must continue to be processed.
Right to data portability: In the event that you want your data to be processed by another company, we will facilitate the portability of your data to the new data controller.
Right of erasure: You can request that we delete your data when it is no longer necessary for processing, you withdraw your consent, the processing is unlawful or there is a legal obligation to do so. We will analyse the case and apply the law.
If you need more information on what rights you have under the Law and how to exercise them, we recommend that you contact the Spanish Data Protection Agency, which is the supervisory authority for data protection.
You may contact the Data Protection Delegate prior to filing a complaint against the data controller with the Spanish Data Protection Agency (AEPD).
In the event that we have not complied with the exercise of your rights, you may file a complaint with the AEPD.
We have forms for the exercise of rights that can be requested at the email address mentioned above; you can also use the forms prepared by the AEPD or third parties. These forms must be signed electronically or accompanied by a photocopy of your ID card. If acting through a representative in the same way, they must be accompanied by a copy of their DNI or with an electronic signature.
The forms must be submitted in person or sent by post or e-mail to the addresses given in the “Responsible party” section.
How long will we keep your data?
Personal data will be kept for as long as you maintain your relationship with us.
At the end of the same, the personal data processed for each of the purposes indicated will be kept for the legally stipulated periods of time. In the absence of such legal period until the interested party requests their deletion or revokes the consent granted, or during the period that a judge or court may require them in accordance with the statute of limitations for legal actions.
For each processing or type of data, we provide you with a specific period, which you can consult in the following table:
|Data relating to
|Customers and suppliers
|Four years, Art. 66 Spanish Law 58/2003, General Tax Law.
Ten years, (Statute of limitations) Spanish Law 34/2015, dated 21 September, partially amending Law 58/2003, General Tax Law (Art. 66bis)
|Tax-relevant documents and records
|General Tax Law, arts. 66 to 70
Four previous financial years
|Parties subject to the Spanish Prevention of Money Laundering Act (PBC), documentation accrediting compliance with PBC obligations
|Law 10/2010, Art. 25
|Payrolls, TC1, TC2, etc.
|Ten years, LO 7/2012
|Until the end of the selection process, and for a further year unless the interested party revokes consent or requests deletion.
|Severance pays docs.
Data on temporary workers.
|Spanish Royal Decree 8/2000 on Offences and Penalties in the Social Order, art. 21.
|Daily record of the working day.
|Spanish Royal Decree 8/2019
|Documentation or computer records accrediting compliance with Occupational Risk Prevention (PRL) regulations.
Documentation required for the obligation to pay social security contributions.
|Spanish Royal Decree Law 5/2000, Art. 4
|Digital tachograph: transfers and copies of data stored in memory.
|Royal Decree 125/2017 of 24 February.
|Databases or web visitors.
|For the duration of treatment.
|Access control and video surveillance
|Instruction 1/1996 AEPD
In the case of a school (placement in school common areas for the protection of minors).
|Art. 22.3, Spanish Organic Law 3/2018, dated 5 December 2018, on Protection of Personal Data and Guarantee of Digital Rights
AEPD Legal Report 475/2014
|Accounting books and documents.
Shareholders’ and boards of directors’ agreements, articles of association, minutes, board of directors’ and delegated committees’ regulations.
Financial statements, audit reports.
Records and documents related to grants.
|Commercial Code art. 30:
|Limitation period for the verification of tax bases and deductions.
|Ten years, Spanish Law 34/2015, dated 21 September 2015, partially modifying Law 58/2003, General Tax Law (Art. 66bis)
|Accounting books and other obligatory registers (Personal Income Tax, VAT, Co. Tax, etc.) as well as the documentary supports that justify the entries recorded in the books.
Managing the company’s administration, rights and obligations relating to the payment of taxes.
Administration of dividend payments and withholding taxes.
|Four years, arts. 66 to 70, General Tax Law.
|Health and Safety
|Workers’ Medical Records.
|Information on chemical or substantially hazardous substances.
|Documents relating to environmental permits while the activity is being carried out.
|Three years after closure of the activity
Ten years (statute of limitations)
|Records on recycling or waste disposal.
|Grants for clean-up operations must keep records of entitlements and obligations, receipts and payments.
|Six years (general rule)
Two years (damage)
Five years (personal)
Ten years (life)
|Registration of all supplies of goods or services, intra-Community acquisitions, imports, and exports for VAT purposes.
|Intellectual and Industrial Property Documents.
Contracts and agreements.
|Permits, licences, certificates
|Six years from the date of expiry of the permit, licence, or certificate.
Ten years (criminal statute of limitations)
|Confidentiality and non-competition agreements.
|Always the duration period of the obligation or confidentiality stated.
|Data protection regulations
|Records and documents proving compliance with the requirements of the data protection regulation (audits, reports, contracts with data protection officers, etc.).
|For the duration of the data processing and thereafter during
|Documentation accrediting that requests for the exercise of interested parties’ rights are dealt with.
Three years after application
|Logs/Registers of access to information systems
|If the processing is based on the interested party’s consent, proof of consent
|For the duration of the data processing and thereafter during
Regulatory compliance programme (corporate criminal liability)
|LOPDGDD 3/2018, Art.24.4
Three months (general rule)
Ten years (criminal statute of limitations)
|Obligated entities shall keep for a minimum period of ten years the documentation formalising compliance with the obligations laid down in this Law.
In any case, the archiving system of the regulated entities must ensure the adequate management and availability of the documentation, both for internal control purposes and to meet the requirements of the authorities in due time and form.
Article 25 of Spanish Law 10/2010 dated 28 April 2010 on the Prevention of Money Laundering and Terrorist Financing.
|Health centres are obliged to keep clinical documentation in conditions that guarantee its correct maintenance and security, although not necessarily on the original support, for the proper care of the patient for the time appropriate to each case, and at least five years from the date of discharge from each care process.
Clinical documentation shall also be kept for judicial purposes in accordance with the legislation in force. It shall also be kept when there are epidemiological, research or organisational and operational reasons for the National Health System. It shall be processed in such a way as to avoid, as far as possible, identification of the persons concerned.
In order to guarantee the future uses of the medical records, especially for healthcare purposes, they shall be kept for the minimum period of time established in the basic national regulations, counted from the date of discharge from each healthcare process or from the death of the patient.
|Five years (minimum)
Article 17 of Law 41/2002 dated 14 November 2002, on patient autonomy and rights and obligations regarding clinical information and documentation.
Valencian Law 10/2014, dated 29 December 2014, of the Valencian Autonomous Region (Health)
|Traffic data relating to internet connections, emails and fixed and mobile telephone calls.
|User identifier, IP address (source/destination), telephone number, IMSI and IMEI (source/destination), date and time of communication (start/end), identification of the type of service or communication used (voice, data, SMS, or MMS, etc.).
Article 5 of Spanish Law 25/2007 dated 18 October 2007 on the retention of data relating to electronic communications and public communications networks.
|Auditing of accounts.
|Statutory auditors and audit firms shall retain and keep for a period of five years from the date of the audit report the documentation relating to each audit of accounts carried out by them, including the auditor’s working papers which constitute the evidence and support for the conclusions contained in the report.
Article 24 of RD Leg. 1/2011 dated 1 July 2011, which approves the revised text of the Spanish Accounts Auditing Act.
|Access control to buildings.
|Data included in automated files created to control access to buildings must be deleted one month after they are obtained.
Rule five of Instruction 1/1996, of 1 March 1996, of the Spanish Data Protection Agency, on automated files established for the purpose of controlling access to buildings.
|Documents in lawyers’ files.
|As the actions that may be brought to demand professional liability from the lawyer are of a personal nature and no special one is indicated, the limitation period for these actions is, as of 7 October 2015, five years, so that during this period as a minimum (unless there is an interruption in the calculation) the completed files must be kept.
Art. 1964.2 Civil Code, in the wording given by Spanish Law 42/2015, of 5 October 2015, reforming the Spanish Law on Civil Procedure (LEC).
|Register books and entry forms in hotel establishments.
|These logbooks shall be kept for three years at the disposal of the law enforcement authorities and then disposed of in a manner that does not allow access to the personal information contained therein.
The registration includes data of minors under 14 years of age. The report is signed by the minor from 14 years of age. If under 14 years of age, the accompanying person signs the report.
The data to be requested include: landline, mobile phone, e-mail, number of travellers, relationship, whether the establishment has an Internet connection.
The data also includes payment data: type (cash, credit card, payment platform, transfer) identification of the means of payment (card type and number, IBAN bank account, mobile payment solution, other), holder of the means of payment, card expiry date, date of payment.
OM INT/1922/2003 dated 3 July 2003, on register-books and entry forms for travellers in hotel and catering establishments and other similar establishments.
The data in the computerised register must be kept for a period of three years from the end of the service or service contracted (hosting on a non-professional basis is exempt from registration and must be communicated).
Royal Spanish Decree 933/2021, “Documentary registration and information obligations of natural or legal persons who carry out accommodation and motor vehicle rental activities”.
It updates Order INT/1922/2003, including the new types of accommodation activities: short-stay tourist dwellings, internet portals.
|Driver recognition centres.
|The institution shall keep for a period of ten years the contents of the reports issued, including the opinions of the medical practitioners and psychologists who took part in the examination, any additional reports submitted and, in the case referred to in Article 3(2), any documents provided by the person concerned.
Article 15.5 of Royal Spanish Decree 170/2010, dated 19 February 2010, approving the Regulations on examination centres for checking the psycho-physical aptitude of drivers.