Privacy Policy

1. Identity of the Data Controller and Scope of this Policy

MECANODUL, S.L.U. (hereinafter, the Controller), with registered office at Avda. d’Alacant, 134, Gandía (46702), Valencia, is the data controller for the personal data collected through the website vickyfoods.es (hereinafter, the Website). The purpose of this Privacy Policy is to provide users with concise, transparent, intelligible, and easily accessible information regarding the processing of personal data that may occur through the use of the Website and, in particular, through the submission of communications via forms, corporate email addresses, or published contact channels. The Website is managed within the marketing and communication activity of the Vicky Foods Group, to which brands identified on the Website may belong, without prejudice to the fact that the Controller determines the purposes and means of the processing described in this Policy.

2. Data Protection Officer and Direct Contact

The Controller has appointed a Data Protection Officer in accordance with Article 37 of Regulation (EU) 2016/679 and Article 34 of Organic Law 3/2018, and has published their contact details to ensure that data subjects and supervisory authorities can contact the officer easily and directly, without needing to contact other areas of the organization. For communications with the Data Protection Officer regarding matters related to personal data processing or the exercise of rights, the data subject may contact the email address protección.datos@vickyfoods.es, which is the published contact detail for this purpose, without the need to include the officer’s name in this Policy.

3. Categories of Data Processed, Origin, and Collection Channels

The Controller may process identification and contact data such as name and surname, email address, telephone number, company or organization, and, in general, any data voluntarily included by the user in the body of their message or in the fields of a Website form. Data is obtained directly from the data subject when they complete forms, send an email to the published addresses, or submit communications addressed to specific areas such as quality, customer service, or general information. As a general rule, the Controller does not request or require special categories of data, and users are therefore asked to avoid including such data in their communications.

4. Purposes of Processing

The personal data provided will be processed to manage and respond to queries, requests for information, or communications submitted by the user to the Controller through the Website or published channels, including the internal organization of such requests, their referral to the responsible teams, and, where appropriate, follow‑up strictly linked to the initial query. Data may also be processed for security and service‑continuity purposes, including the prevention of abusive use, incident management, and preservation of the integrity of the systems supporting the Website, all within fair and transparent processing limited to specific, explicit, and legitimate purposes.

5. Legal Basis and Lawfulness of Processing

The processing of data provided by the user to channel their query or request is primarily based on the consent derived from the voluntary submission of the communication by the data subject. Additionally, certain processing activities related to the proper management and traceability of communications, internal organization, and Website security may be based on the Controller’s legitimate interests, provided that proportionate measures are applied and such interests do not override the rights and fundamental freedoms of data subjects.

6. Recipients, Processors, and Technology Providers

As a general rule, personal data will not be disclosed to third parties unless there is a legal obligation or it is necessary to properly manage the user’s request as described. The Controller may rely on service providers that process data on its behalf, such as hosting, maintenance, technical support, cybersecurity, or corporate tools, which will act as processors under a contract or other legal act in accordance with Article 28 of Regulation (EU) 2016/679.

7. International Transfers and General Criteria

The Controller will seek to ensure that data processing takes place within the European Economic Area. If international transfers are required due to the provision of technological services, such transfers will be carried out in accordance with the applicable regime and with appropriate safeguards, providing data subjects with the information required under the transparency obligation.

8. Retention Periods and Applicable Criteria

Personal data will be retained for the time necessary to process and respond to the query or communication received and, once its management is completed, for the periods required to comply with applicable legal obligations or to address and resolve potential liabilities arising from the processing, in accordance with the storage‑limitation principle. After these periods, data will be deleted or, where appropriate, subjected to measures preventing its use for other purposes, in line with internal secure‑deletion procedures.

9. Rights of Data Subjects and Contact Channels

Users may exercise the rights recognized in Articles 15 to 22 of Regulation (EU) 2016/679, including the rights of access, rectification, erasure, restriction of processing, objection, and portability where applicable, as well as the right to withdraw consent at any time when consent is the legal basis, without affecting the lawfulness of processing based on prior consent. To exercise their rights, data subjects may submit their request by email to protección.datos@vickyfoods.es, indicating “Data Protection. Exercise of Rights” in the subject line and providing the information necessary for its processing. Data subjects may also contact the Data Protection Officer at protección.datos@vickyfoods.es for any matters related to the processing of their personal data and the exercise of their rights. They are also informed of their right to lodge a complaint with the Spanish Data Protection Agency.

10. Security Measures

The Controller will apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk, aimed at preserving the confidentiality, integrity, and availability of personal data and preventing its alteration, loss, unauthorized processing, or access, taking into account the state of the art and the nature of the data processed.

11. Links to Third‑Party Sites

The Website may contain links to third‑party websites. The Controller assumes no responsibility for the content, availability, or privacy practices of such sites, and it is the user’s responsibility to review the information published by each third party and, where applicable, accept their terms.

12. Updating of the Privacy Policy

The Controller may update this Privacy Policy when necessary to reflect changes to the Website, the processing activities carried out, the providers used, or the interpretative criteria of competent authorities. The applicable version will be the one published on the Website, and periodic review is recommended.

Last update: 08/05/2026