Privacy Policy

WE ARE ESSENCE, as Data Controller and this website, in accordance with the provisions of Regulation (EU) 2016/679, General Data Protection and Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights, makes this privacy policy available to you in detail in order to inform you, in detail, about how we process your personal data and protect your privacy and the information you provide us.

In this privacy policy, we explain what your rights are with regard to your personal information and how to exercise them. Additionally, if you need to contact the competent data protection authority, we provide you with the contact details.

We, those responsible for the processing of your data:

Identity: WE ARE ESSENCE*

Registered office: Via Augusta 48-54, 6 4, 08006, Barcelona.

Email: rgpd@somosesencia.es

* COMPANIES RELATED TO SOMOS ESENCIA: TIBRIO SL with Tax ID Number B61143699 and registered office at Paseo Marítimo de la Barceloneta, 30. 08000 Barcelona. Registered in the Barcelona Mercantile Register with Volume 36520, Folio 94, S.8, Sheet B 152077, contact number 932 25 12 72, and email address rgpd@somosesencia.es TIERRA DEL NINOT S.L., with Tax ID Number B66453838 and registered office at C/ Casanova, 133. 08036 Barcelona. Registered in the Barcelona Mercantile Registry under Volume 44,696, Folio 204, H ja B 463858, contact number 931 31 15 50 and contact email rgpd@somosesencia.es BRISA PALAU DE MAR S.L. with CIF B67047910 and registered office at Edifici Palau De Mar, Plaça de Pau Vila, 1, 08039 Barcelona. Registered in the Barcelona Mercantile Registry under Volume 46024, Folio 220, Sheet B 507108, contact number 931 31 15 49 and contact email rgpd@somosesencia.es. ECOBAR SOUTH with CIF B44794931 and registered office at Av. Vilanova 11, Local 3-4, 08018, Barcelona Registered in the Mercantile Registry of Barcelona with Volume 48713, Folio 32, Sheet B593514 telephone 936 099 510 and contact email rgpd@somosesencia.es SUPERSANO SL with CIF B66514134 and registered office at Carrer Roger de Llíria 124, Local 2, 08037, Barcelona. Registered in the Barcelona Mercantile Registry with Volume 44766 Folio 51, Sheet 465847, contact number 932 075 431, and contact email rgpd@somosesencia.es PILBAN ACTUAL SL with CIF B64346182 and registered office in Pg. Marítim de la Barceloneta 1, 08003, Barcelona. Registered in the Barcelona Mercantile Registry with Volume 39003, Folio 33, Sheet B334767, contact number 932 241 253 and contact email rgpd@somosesencia.es, MITFOR BROS, S.L., with CIF B58513896 and registered office at Vía Augusta 48-54 6º4, 08006 Barcelona. Registered in the Barcelona Mercantile Registry with Volume 9212, Folio 62, Sheet B-77217 First Registration, telephone number 937 687 482 and contact email rgpd@somosesencia.es,

1. What type of information could we collect about you?

The personal data collected from users and customers can be grouped according to the following categories:

Basic and contact details: such as your first name, last name(s). Also including your billing address, email address, and phone number.

Financial and economic data: this group would include payment details, as well as commercial transactions made with us. Including data to verify your identity for the acceptance of payments and the relevant financial checks to be able to carry out commercial transactions.

Professional and employment data: this category would include your professional interests and your professional identity published online. For example, your LinkedIn profile.

Technical Data: including the IP address, registration data, browser and version used, the zone and time zone, type of plugins installed in your browser, operating system, and other technology used when accessing our platform.

User data: such as your name, history of preferences, suggestions submitted by you, or any type of survey you have responded to us.

Browsing data: includes information regarding your browsing mode when you visit our platform.

Marketing and Communication Preferences: we collect your preferences to receive commercial communications and news from us, the consents granted for this, and the channel of your choice.

Images captured by video surveillance cameras: Here are the images that could be captured by video surveillance cameras in our restaurants and offices.

We will never collect personal data that is specially protected or considered sensitive.

2. How do we collect your personal data?

As a general rule, most of your personal information is provided directly to us by you, whether in person at restaurants, by phone, mail, web forms, or by responding to surveys. However, we may also obtain information from:

  • From a group company.
  • From third parties linked to us.
  • From a third party that has previously obtained your express consent for this purpose.
  • Of the cookies that we enable on our website — For more information on the use of our cookies, you can visit our cookie policy.
  • From our facility access systems, when available. Such as check-in and reception records, filing systems in the case of employees, video surveillance cameras, communication and instant messaging systems, email, or social networks.

3. What can happen if you do not provide us with your personal information?

When we are required by law to collect your personal data or, when these are essential to conclude a contract with you, if you do not want to provide us with your personal data, it may be impossible for us to serve you. In the event that we find ourselves in the need to cancel our services because of this, we will first notify you when necessary.

4. For what purpose do we process your personal information?

We have attached a detailed table with the purpose for which we collect your data and the legal basis that legitimates us for this.

5. Purpose of the processing What do we collect your information for? What is the legal basis for processing your information?

  • Provide you with our services, accept payments and charges due
    • Contract execution
    • In their own legitimate interest (for example, to manage potential defaults)
  • Register as a web user or new customer
    • Express consent of the interested party
    • Contract execution
  • Managing our relationship with our customers, including: Notifying you of changes to our terms of employment or policies and asking them to respond to a survey or review our products/services
    • Contract execution
    • Compliance with a legal obligation
    • In our own legitimate interest (to update our records and to know the opinion of our customers about our products/services)
  • Send commercial communications, newsletters, and advertising through any communication channel. Send commercial communications related to our products and services to customers who have made previous reservations, in order to inform them about news, promotions, special events, and other offers that may be of interest to them, considering that there is a previous relationship derived from the reservation made in our restaurants.
    • Express consent of the interested party
    • In your own legitimate interest (as long as you have not expressed your desire to stop receiving communication, 'opt-out')
  • Respond to inquiries and/or provide information required by the interested party, including sending quotes
    • Own legitimate interest
    • Contract execution
    • Consent of the interested party
    • Compliance with a legal obligation
  • Gestion des interactions des utilisateurs sur nos réseaux sociaux
    • Compliance with a legal obligation (for example, to remove offensive, racist, profane, or insulting comments; to maintain an environment of respect and integration; to protect the privacy of minors, etc.)
    • Own legitimate interest (when we remove third-party advertising from our networks, for example)
  • Use analytical data to improve the web browsing experience, implement marketing strategies, and optimize hiring processes through the use of cookies.
    • Own legitimate interest
    • Consent of the interested party (by accepting the use of analytical cookies, for example)
  • Administer and protect our business and our website. This includes the detection of navigation problems, data analysis, web testing, etc.
    • Compliance with a legal obligation
    • Own legitimate interest (running our company, providing security for our networks, preventing fraud, etc.)
  • Suggest and recommend services that may be of interest
    • In legitimate interest (to grow our business), with the right to opt out of receiving further communications at any time.
  • Provide personal information to authorities or upon judicial request. Compliance with a legal obligation
  • Provide greater security to our physical facilities (installation of CCTV/video surveillance cameras, access control). In the legitimate interest and in the interest of third parties. For example, to detect the commission of an act harmful to our employees or customers.
  • Updating and improving our customer records
    • In compliance with a legal obligation
    • En exécution d'un contrat
  • In legitimate interest (to verify that we can continue to contact our customers for issues related to their subscriptions, orders, or products purchased).
  • Ensure job security, personnel management, and employability of candidates
    • In compliance with a legal obligation
    • In their own legitimate interest and that of third parties. To improve the experience of our employees in the exercise of their functions.
  • Resolve complaints, incidents, or inquiries through enabled channels (email and telephone).
    • Interested consent
    • In legitimate interest
    • Legal Obligation
  • Provide complaint forms to users who request them through user support (contact form, telephone, or email).
    • Compliance with legal obligations
  • Monitoring of the European Commission's online dispute resolution procedure, in particular under the ODR platform: http://ec.europa.eu/consumers/odr/Follow-up of user complaints and procedures before Consumer Agencies (registration with identification code)
    • Compliance with legal obligations

6. Who might we share your personal data with?

We may need to share your personal information with:

  • Companies of the Group
  • Third parties that we outsource or service providers that we use to provide our services.
  • Third parties that we need to manage our business.
  • The banking institutions we work with.

All the suppliers we work with are contractually bound to us. We can guarantee that they comply with all the necessary security measures to safeguard your personal information, that they will use your personal data solely and exclusively for the specified purposes, in accordance with our instructions.

We will also share personal information with law enforcement agencies when required to do so by law.

7. Where do we store your personal information?

All the information you provide to us, both through this website and through other channels, will be hosted on Microsoft Office servers. These servers are hosted within the European Economic Area.

8. How long will we retain your personal data?

Your data will be kept for the duration of your business relationship with us or until you exercise your right of cancellation or opposition, or limitation of processing.

In addition, if we have not maintained relevant contact with you for a period of two years, we will delete your personal data from our systems, unless the law requires us to keep them (for example at the request of an authority, or in connection with possible litigation).

We inform you that our information conservation policies comply with the deadlines set by the different legal responsibilities for prescription purposes:

  • As a general rule:

Pursuant to the provisions of Article 30 of the Commercial Code, and except for other criteria, all company documents and/or information will be kept for 6 years.

This affects all accounting, tax, labor, or commercial documentation, including correspondence.

  • Specific deadlines:

Our company must also set minimum deadlines depending on the type of data being processed and taking into account the different prescription periods, which each of the departments must know.

This table lists the prescription deadlines that affect or may affect our organization:

Employment, for the purpose of violations: 3 years (Art. 4.1 RD 5/2000)

Social Security, for the purpose of violations: 4 years (Art. 4.2 RD 5/2000)

Occupational Risk Prevention, for the purpose of violations: 5 years (Art. 4.3 RD 5/2000)

Tax, for the purpose of tax debts: 4 years (Article 66, Law 58/2003)

Prosecutor, for the purpose of verifying compensated fees or applied deductions: 10 years (Art. 66 bis Law 58/2003)

Accounting and commercial: 6 years (Article 30 of the Civil Code)

Crimes against Public Finance and Social Security: 10 years (Art. 131 LO 10/1995)

You will not be subject to decisions based on automated processing that have effects on your data.

9. Our Communications

All personal information you provide to us will be incorporated into our information systems. If you accept this privacy policy, it means that you give your express consent to carry out the following activities and/or actions, as long as you do not tell us otherwise:

  • To send you commercial, promotional, and direct marketing communications by any means of communication enabled, to inform you of activities, services, promotions, advertising, news, offers, and other information about services and products related to us and our group.
  • When sending communications electronically, provided that you have subscribed to our NEWSLETTER and have not unsubscribed.
  • The retention of data for the periods specified in the applicable provisions.

10. How to stop receiving marketing communications (opt out)?

At any time, you may revoke any express consent you have given us to send you commercial information. To do so, you may request to unsubscribe using the option (opt out) when it is enabled in our app/website, or by writing us an email with the subject "unsubscribe" to rgpd@somosesencia.es.

According to the LSSICE, we never engage in SPAM, therefore, we will not send you commercial emails if they have not been requested or authorized by you. However, in all our communications, you will have the possibility to revoke your consent.

We will not process your personal data for any other purpose than those described except for legal obligation or judicial request.

11. User Responsibility - Statement of Truthfulness

By providing us with their personal information through electronic channels, the user declares that they are over 14 years of age and that all the data provided to SOMOS ESENCIA is true, accurate, complete, and up to date. For these purposes, the user confirms that they are responsible for the veracity of the data provided and that they will keep this information properly updated so that it responds to their real situation, being responsible for any false and inaccurate data they may provide, as well as for any direct or indirect damages that may arise.

12. If you send us your resume

If you wish to send us your CV through our website, we inform you that the data provided will be processed to enable you to participate in any selection processes that may exist, carrying out an analysis of your professional profile with the objective of selecting the most suitable application for the possible vacancy.

We do not accept resumes submitted through other channels (for example, delivered by hand on paper). If there are any changes to the data, please let us know in writing as soon as possible, in order to keep your data duly updated.

Curricula will be kept for a maximum period of one year, after which they will be securely destroyed and all the data included will be deleted. We guarantee total respect for confidentiality. In this regard, after the above-mentioned deadline, if you wish to continue participating in possible selection processes, you must submit your CV again.

The data may be processed and/or communicated to the companies that are members of our group for as long as your resume is kept and for the same purposes reported above.

13. How do we keep your information secure?

We take the protection of your data very seriously. For this reason, we guarantee the implementation of appropriate physical, organizational, and technological security measures, controls, and procedures to prevent your information from being accidentally lost, used, or accessed maliciously.

We limit access to your data to individuals and entities entitled to do so and we make sure to train all our staff properly. All those involved in the processing of your personal data are subject to the duty of confidentiality.

In addition, we apply technical procedures to react to any suspicion that may be a data security breach. If necessary, we will notify you of this as well as the supervisory authority (the AEPD in Spain), in accordance with current regulations.

14. How to exercise your ARCO-POL rights?

Both the GDPR and its transposition into Spanish law (the LOPDGDD) guarantee you the exercise of the following rights. You can exercise them at any time and always free of charge:

Right of access: The right to receive a copy of your personal information.

Right of rectification: The right to request the correction of errors in personal information.

Right of cancellation/deletion (right to be forgotten): The right to request that we delete your personal information in some situations

Right of limitation: The right to request the restriction of the processing of your data.

Right of opposition: The right to object to:

-to the processing of your data for direct marketing (including the creation of profiles).

-in certain circumstances so that we continue to process your data. For example, processing carried out on the basis of our legitimate interest.

Right of portability: The right to receive your personal information in a structured form, in a readable format, and/or to transmit this data to a third party — in specific situations.

Automated individual decisions: Right not to be the subject of a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects.

To exercise any of the above-mentioned rights, you can write to us with your request to the email address specifically provided for this purpose: rgpd@somosesencia.es

You must attach to your request information about exactly what you need and, in any case, proof of your identity, valid in law.

15. The supervisory authority for data protection

We look forward to resolving any questions or concerns you may have regarding your personal information. But if you want to file a complaint with the competent authority, you have the right to do so.

In Spain, the highest authority in matters of data protection is the Spanish Data Protection Agency (AEPD).

https://www.aepd.es/es - Tel: 91 266 35 17.

16. Changes to this privacy policy

SOMOS ESENCIA reserves the right to modify this policy to adapt it to new legislation or case law.

Somo Essence Isotype - White

Reserve a table