Privacy policy - Fandicosta

LEGAL INFORMATION

Privacy Policy
At FANDICOSTA, S.A.U., we understand that maintaining a transparent relationship with you is essential; therefore, below we present our Privacy Policy so that you are always properly informed about how we collect and securely process any data you provide to us.
Your data will be processed in accordance with the applicable legislation and, in particular, in accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
A careful reading of our Privacy Policy will give you the information needed to understand how we handle the data you provide.

1.- WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
If you, or an authorised person, have provided us with your data, we inform you that FANDICOSTA, S.A.U., with NIF: A36226645, and registered office at Lugar Verdeal, S/N, 36957 Domaio, 36957 – Moaña, province of Pontevedra (Spain), is the controller responsible for processing your data. The data controller is the legal entity that determines the purposes and means of processing personal data. In other words, the controller decides how and for what purposes personal data are processed.
Our contact details are:
• Email: rgpd@fandicosta.es
• Telephone: +34 986 326 800

Your data will be processed in accordance with the applicable regulations on the protection of personal data.
We inform you that there are joint controllers for the processing of your data, as we form part of a corporate group. You can consult all data controllers at the end of this policy.

Link Policy:
The Website may include hyperlinks or links that allow access to third-party websites different from https://www.fandicosta.es/politica-privacidad/ and therefore not operated by FANDICOSTA, S.A.U. The owners of these websites will have their own data protection policies, being themselves in each case responsible for their own data processing and privacy practices.
At FANDICOSTA, S.A.U., we are committed to complying with the obligation of confidentiality of personal data and the duty to safeguard them. To this end, we adopt the necessary measures to prevent alteration, loss, processing, or unauthorised access, as established by the Regulation.

What personal data do we process and how do we protect them?
Personal data is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one whose identity can be determined, directly or indirectly, in particular by means of an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

For the purposes established in this Privacy Policy, the controller collects and processes the personal data indicated in each processing category, depending on the services requested or the contractual relationship maintained with our entity.
Our organisation is committed to processing these data with total confidentiality and applying appropriate physical, technical, and organisational security measures to protect personal data.
You guarantee and are responsible, in any case, for the accuracy, validity, and authenticity of the personal data provided and commit to keeping them duly updated.

Below, we indicate which data processing activities we carry out:

Processing of data from “Customers and Suppliers”

1. What types of personal data do we process?
• Identifying data: name and surname, ID number (DNI), address, telephone, email address.
• Financial data: bank account.
• Academic and professional data: profession, position, experience, qualifications.
• Transaction-related data: products and services provided.

2. For what purpose do we process your personal data?
We process the personal data you provide for the management of our commercial relationship, accounting, administrative and billing management, as well as compliance with tax obligations.
The personal data provided will be retained as long as the commercial relationship is maintained. If you decide to delete your personal data, they may be kept in our databases for the periods established by law to comply with tax and accounting obligations and will be deleted once such legal periods have expired.
In accordance with Article 1964 of the Civil Code, actions arising from a contractual obligation expire after 5 years; therefore, this will be the general retention period of your data.

3. What is the legal basis for the processing of your data?
The legal basis for processing your data is the performance of a contract and compliance with a legal obligation by the controller.

4. To whom will your data be communicated?
Your personal data will not be disclosed to any entity, except those necessary for public bodies due to legal obligation.
There are processors who may carry out processing on our behalf and in our name.
There are joint controllers in data processing.
No international data transfers are foreseen.

Processing of data from “Contacts and potential clients”

1. What types of personal data do we process?
• Identifying data: email address, telephone.
• Information related to your browsing in the case of Online Services (IP address or information derived from cookies or similar devices — you can review our Cookie Policy on the website).

2. For what purpose do we process your personal data?
We process the personal data provided through the contact form for the management of commercial contacts and potential clients.
Personal data will be retained unless you object to the processing. If you choose to delete your data, they will be removed from our contact database.
If you expressly authorise us, we may also process your data for promotional or advertising purposes.

3. What is the legal basis for the processing of your data?
The legal basis for processing your data is the express consent requested.

4. To whom will your data be communicated?
Your personal data will not be disclosed to any entity.
There are processors who may carry out processing on our behalf and in our name.
There are joint controllers in data processing.
No international data transfers are foreseen.

What are your rights when you provide us with your data?
In accordance with the applicable data protection regulations, you have a series of rights regarding the processing of your personal data. Exercising these rights will be free of charge for you, except in cases where requests are manifestly unfounded or excessive, particularly if repetitive.
These rights are as follows:

a. Right to information: You have the right to be informed in a concise, transparent, intelligible, and easily accessible manner, using clear and simple language, about the use and processing of your personal data.

b. Right of access: You have the right to request at any time confirmation as to whether we are processing your personal data, to access such data, to obtain information about their processing, and to receive a copy of the data. The copy we provide will be free of charge; however, requests for additional copies may be subject to a reasonable fee based on administrative costs. We may ask you to verify your identity or request further information needed to process your request.

c. Right to rectification: You have the right to request the rectification of inaccurate, outdated, or incomplete personal data concerning you. You may also request that incomplete personal data be completed, including by means of an additional statement.

d. Right to erasure: You have the right to request the deletion of your personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected. However, this right is not absolute, meaning our organisation may continue to retain them duly blocked in the cases provided for by applicable law.

e. Right to restriction of processing: You have the right to request that we restrict the processing of your personal data. This means that we may store them but not continue processing them if any of the following conditions apply:
• you contest the accuracy of the data, for a period allowing the controller to verify their accuracy;
• the processing is unlawful and you oppose the deletion of the data, requesting instead the restriction of their use;
• our entity no longer needs the data for processing purposes, but you require them for the establishment, exercise, or defence of legal claims;
• you have objected to processing, while verifying whether our entity’s legitimate grounds override yours.

f. Right to data portability: You have the right to have your data transmitted to another controller in a structured, commonly used, and machine-readable format. This right applies when the processing is based on consent or on a contract and is carried out by automated means.

g. Right to object: This right allows you to object to the processing of your personal data, including profiling. We may only refuse your objection when we demonstrate compelling legitimate grounds for the processing or for the establishment, exercise, or defence of legal claims.

h. Right not to be subject to automated decision-making, including profiling: This right allows you not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar way, unless such a decision is necessary for entering into or performing a contract, is authorised by law, or is based on your consent.

i. Right to withdraw consent: In cases where we have obtained your consent for the processing of your personal data for specific activities (for example, sending commercial communications), you may withdraw your consent at any time. In doing so, we will stop performing the activity for which you had previously given consent, unless there is another legal reason that justifies continuing to process your data for these purposes, in which case you will be informed.

j. Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with the Spanish Data Protection Agency, C/ Jorge Juan, 6, 28001 Madrid, 901 100 099 – 912 663 517 (www.agpd.es), or electronically at:
https://sedeagpd.gob.es/sede-electronica-web/vistas/formQuejasSugerencias/seleccionarQuejaSugerencia.jsf

You may exercise the above-mentioned rights by sending us a communication to the physical or electronic address indicated at the beginning of this document, attaching proof of your identity and providing the details necessary to process your request.
Data subjects may obtain additional information about their rights on the website of the Spanish Data Protection Agency: www.agpd.es

In accordance with Article 23 of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we inform you that you can limit unwanted advertising by voluntarily registering your data free of charge in an advertising exclusion list. Currently, there are two:
• The Robinson List, managed by the Spanish Association of Digital Economy (ADIGITAL): https://www.listarobinson.es/
• The “Stop Advertising List”, managed by the Asociación Española Para La Privacidad Digital, headquartered at Calle Médico Temístocles Almagro, nº 18, local 2, C.P. 03300 Orihuela (Alicante)

The exclusion lists are regulated by the provisions of Organic Law 3/2018. All companies are obliged to consult whether a user is registered in such lists in order to allow them to exercise their right not to receive unwanted advertising. Companies may be sanctioned for sending advertising to individuals included in these exclusion lists through any communication channel. However, even if registered in the Robinson List, traders may still send advertising about their products or services if you are a customer or have given them your consent.

You can consult the advertising exclusion systems on the website of the Spanish Data Protection Agency: https://www.aepd.es/areas/publicidad/index.html

Our organisation reserves the right to modify its Privacy Policy at its sole discretion or due to legislative, jurisprudential, or doctrinal changes from the Spanish Data Protection Agency. Changes or updates to this Privacy Policy will not be explicitly notified to the User. It is therefore recommended that the User periodically consult this page to stay informed of the latest changes or updates.

This policy was last revised on 29 December 2025

Group WOFCO companies for the purposes of joint responsibility in the protection of personal data:

WORLDWIDE FISHING COMPANY, S.L. (WOFCO)
• NIF: ESB94135779
• Address: Lugar Verdeal, S/N, 36957 Domaio, 36957 – Moaña, province of Pontevedra
• Contact phone: +34 986 122 549
• Activity: Wholesale trade of fish, seafood and other food products.
• Email: rgpd@wofco-ltd.com

FANDICOSTA, S.A.U
• NIF: A36226645
• Address: Lugar Verdeal, S/N, 36957 Domaio, 36957 – Moaña, province of Pontevedra
• Contact phone: +34 986 326 800
• Activity: Processing and marketing of frozen seafood products.
• Email: rgpd@fandicosta.es

SAN MARCO PESCA, S.L.
• NIF: B27855477
• Address: Camiño do Laranxo, 17, interior, 36216 Vigo, Pontevedra
• Contact phone: +34 986 616 066
• Activity: Processing, production and classification of fish, crustaceans and molluscs, and related cold-storage activity.
• Email: rgpd@marinasanmarco.com

BONFRIG FDC ULTRACONGELADOS, S.A.
• NIF: A36911246
• Address: C/ Valle Inclán, 28 – Muelle Comboa, 36600, Vilagarcía de Arousa (Pontevedra)
• Contact phone: +34 986 326 800
• Activity: Processing and marketing of frozen seafood products.
• Email: info@bonfrig.es

ILULIAQ, S.L.U
• NIF: B94135779
• Address: Lugar Verdeal, S/N, 36957 Domaio, 36957 – Moaña, province of Pontevedra
• Activity: Wholesale trade of fish and other fishing and aquaculture products.
• Email: rgpd@iluliaqseafood.com