PRIVACY POLICY 2025

SOMOS ESENCIA, as Data Controller and of this website, in accordance with the provisions of Regulation (EU) 2016/679, General Data Protection and the Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights, offers you this privacy policy in order to inform you, in detail, about how we treat your personal data and protect your privacy and the information you provide us. 

In this privacy policy we explain your rights regarding your personal information and how to exercise them. Additionally, in case you need to contact the competent data protection authority, we provide you with the contact details. 

We, the data controllers of your data: 

Identity: SOMOS ESENCIA

Registered office: Via Augusta 48-54, 6 4, 08006, Barcelona.

E-mail: rgpd@somosesencia.es

‍

1. What type of information may we collect about you?

The personal data we collect from users and customers can be grouped according to the following categories:

Basic and contact information: such as first name, last name. Including also your billing address, email and phone number. 

Financial and economic data: this group would include payment details, as well as commercial transactions carried out with us. Including data to verify your identity for the acceptance of payments and the pertinent financial verifications in order to carry out commercial transactions.

Professional and employment data: this category would include your professional interests and your professional identity published online. For example, your LinkedIn profile.

Technical data: including IP address, registration data, browser and version used, time zone and usage, type of plugins installed in your browser, operating system and other technology used during access to our platform. 

User data: such as name, preferences history, suggestions submitted by you or any type of survey you have answered.

Navigation data: includes information related to your navigation mode when you visit our platform.

Marketing and communication preferences: we collect your preferences to receive commercial communications and news from us, the consents granted for this purpose and the channel of your choice.

Images captured by video surveillance cameras: images that could be captured by video surveillance cameras in our restaurants and offices are grouped here.

We will never collect personal data that is specially protected or considered sensitive. 

2. How do we collect your personal data?

As a general rule, most of your personal information is provided to us directly by you, either in person at restaurants, by telephone, by mail, on web forms or by responding to surveys. However, we may also obtain information from:

• From a group company.
• From third parties related to us.
• From a third party who has previously obtained your express consent to do so.
• About the cookies we enable on our website - For more information about the use of our cookies, you can visit our cookie policy. 
• Of our access systems to the facilities, if any. Such as, for example, entry and reception registers, employee clocking-in systems, video surveillance cameras, communication and instant messaging systems, email or social networks.

3. What can happen if you do not provide us with your personal information?

If we are obliged by law to collect your personal data or, if it is essential for us to enter into a contract with you, if you do not wish to provide us with your personal data, it may not be possible for us to serve you. In the event that we need to cancel our services because of this, we will notify you first when necessary. 

4. For what purposes do we process your personal information?

Attached is a detailed table with the purpose for which we collect your data and the legal basis that legitimizes us to do so.  

5. Purpose of the treatment

Why do we collect your information? What is the legal legitimacy to process your information?

• To provide you with our services, to accept payments and collections due
  • Contract execution
  • In its own legitimate interest (e.g. to manage possible unpaid debts)
• Register as a web user or new customer
  • Express consent of the person concerned
  • Contract execution
• Manage our relationship with our customers, which includes: Notifying you of changes to our terms and conditions or policies and requesting that you respond to a survey or rate our products/services.
  • Contract execution
  • Fulfillment of a legal obligation
  • In our own legitimate interest (to update our records and to know the opinion of our customers about our products/services).
• Sending commercial communications, newsletters, newsletters and advertising, by any communication channel. Sending commercial communications related to our products and services to customers who have made previous reservations, in order to inform them about news, promotions, special events and other offers that may be of interest to them, considering that there is a previous relationship derived from the reservation made in our restaurants.
  • Express consent of the person concerned
  • In legitimate self-interest (as long as you have not expressed your desire to stop receiving communication, 'opt-out')
• Respond to inquiries and/or provide information requested by the interested party, including the sending of quotations.
  • Legitimate self-interest
  • Contract execution
  • Consent of the person concerned
  • Fulfillment of a legal obligation
• Manage user interactions on our social networks.
  • Compliance with a legal obligation (e.g. to remove offensive, racist, profane or insulting comments; to maintain an atmosphere of respect and integration, to preserve the privacy of minors, etc.). 
  • Legitimate self-interest (when we remove third-party advertising from our networks, for example).
• Use analytical data to improve the web browsing experience, implement marketing strategies and optimize recruitment processes through the use of cookies.
  • Legitimate self-interest
  • Consent of the data subject (by accepting the use of analytical cookies, for example).
• Manage and protect our business and our website. This includes detecting browsing problems, data analysis, web testing, etc.
  • Fulfillment of a legal obligation
  • Legitimate self-interest (running our business, securing our networks, preventing fraud, etc.).
• Suggest and recommend services that may be of interest to you.
  • In legitimate interest (to grow our business), you have the right to opt out of receiving further communications at any time.
• To provide personal information to the authorities or as required by law. Fulfillment of a legal obligation
• To provide our physical facilities with greater security (installation of CCTV cameras / video surveillance, access control). In legitimate interest and in the interest of third parties. For example to detect the commission of an act harmful to our employees or customers.
• Updating and improving our customer records. In compliance with a legal obligation
  • In execution of a contract
  • In legitimate interest (to verify that we can continue to contact our customers for matters related to their subscriptions, orders or products purchased).
• Ensuring job security, personnel administration and employability of candidates
  • In compliance with a legal obligation
  • In our own legitimate interests and those of third parties. To improve the experience of our employees in the performance of their duties.
• Resolve complaints, incidents or queries through authorized channels (email and telephone).
  • Consent of the interested party
  • In legitimate interest
  • Legal obligation
• Provide complaint forms to users who request them through customer service (contact form, telephone or mail).
• Compliance with legal obligation
• Monitoring of the European Commission's online dispute resolution procedure, in particular under the ODR platform: http://ec.europa.eu/consumers/odr/. Follow-up of user complaints and procedures before Consumer Agencies (register with identification code).
  • Compliance with legal obligation

With whom may we share your personal information? 

We may need to share your personal information with: 

• Group companies
• Third party companies that we subcontract or service providers that we use to provide our services. 
• Third parties we need to manage our business. 
• The banks we work with.

All suppliers we work with are contractually bound to us. We can guarantee that they comply with all necessary security measures to safeguard your personal information, that they will use your personal data only and exclusively for the specified purposes, in accordance with our instructions. 

We will also share personal information with law enforcement when we are required by law to do so. 

7. Where do we store your personal information?

All information you provide to us, both through this website and through other channels, will be hosted on Microsoft Office servers. These servers are hosted within the European Economic Area. 

8. How long will we keep your personal data?

Your data will be kept for the duration of the business relationship with us or exercise your right of cancellation or opposition, or limitation to treatment. 

Also, if we have not maintained relevant contact with you for a period of two years, we will delete your personal data from our systems, unless we are required by law to retain it (e.g. at the request of an authority, or in connection with possible litigation).

We inform you that our information retention policies are in accordance with the time periods established by the different legal responsibilities for statute of limitations purposes: 

• As a general rule:

Pursuant to the provisions of Article 30 of the Commercial Code, and except for other criteria, all company documents and/or information shall be kept for 6 years.

This concerns all accounting, tax, labor and commercial documentation, including correspondence.

• Specific deadlines:

Our company must also set minimum deadlines depending on the type of data involved and according to the different statute of limitations, which each department must be aware of. 

This table lists the time periods of requirements that affect or may affect our organization:

Labor, for infringement purposes: 3 years (Art. 4.1 RD 5/2000).

Social Security, for infringement purposes: 4 years (Art. 4.2 RD 5/2000).

Prevention of Labor Risks, for the purpose of infractions: 5 years (Art. 4.3 RD 5/2000).

Tax, for tax debt purposes: 4 years (Art. 66 Law 58/2003).

Tax, for the purpose of verification of compensated quotas or deductions applied: 10 years (Art. 66 bis Law 58/2003).

Accounting and mercantile: 6 years (Art. 30 of the CC)

Crimes against the Public Treasury and Social Security: 10 years (Art. 131 LO 10/1995)

You will not be subject to decisions based on automated processing that produce effects on your data.

9. Our communications

Any personal information you provide to us will be incorporated into our information systems. If you accept this privacy policy, it means that you expressly consent to the following activities and/or actions, unless you tell us otherwise:

• To send you commercial, promotional and direct marketing communications by any means of communication enabled, to inform you of activities, services, promotions, advertising, news, offers and other information about services and products related to us and our group. 

• To the sending of communications by electronic means, provided that you have subscribed to our NEWSLETTER and have not unsubscribed.

• The retention of data for the periods provided for in the applicable provisions.

10. How to stop receiving marketing communications (opt-out)?

At any time you may revoke any express consent you have given us to send you commercial information. To do so, you can request to unsubscribe by using the option (opt-out) when it is enabled in our app/web, or by sending us an email with the subject "unsubscribe" to rgpd@somosesencia.es.

In accordance with the LSSICE, we never carry out SPAM, therefore, we will not send you commercial emails if they have not been requested or authorized by you. However, in all our communications, you will have the possibility to revoke your consent. 

We will not process your personal data for any other purpose than those described above except by legal obligation or court order.

11. User's responsibility - Truthfulness statement

By providing your personal information through electronic channels, the user declares that you are over 14 years old and that all data provided to SOMOS ESENCIA are true, accurate, complete and updated. To this effect, the user confirms that he/she is responsible for the veracity of the data provided and that he/she will keep such information updated so that it corresponds to his/her real situation, being responsible for any false or inaccurate data that he/she may provide, as well as for any damages, direct or indirect, that may arise.

12. If you send us your resume

In the event that you want to send us your CV through our website, we inform you that the data provided will be processed to make you participate in the selection processes that may be carried out, carrying out an analysis of your professional profile in order to select the most suitable candidate for the vacancy. 

We do not accept resumes submitted through other channels (e.g. hand-delivered on paper). In case of any change in the data, please inform us in writing as soon as possible, in order to keep your data updated.

CVs will be kept for a maximum period of one year, after which they will be securely destroyed and all data included will be deleted. We guarantee total respect for confidentiality. In this sense, after this period, if you wish to continue participating in possible selection processes, you must send your resume again.

The data may be processed and/or communicated to the companies of our group during the time your curriculum is kept and for the same purposes as mentioned above.

13. How do we keep your information secure?

We take the protection of your data very seriously. For this reason, we ensure that appropriate physical, organizational and technological security measures, controls and procedures are in place to prevent your information from being accidentally lost, used or accessed maliciously. 

We limit access to your data to persons and entities authorized to do so and we ensure that all our staff is properly trained. All those involved in the processing of your personal data are bound by a duty of confidentiality.

In addition, we apply technical procedures to react to any suspected data security breach. If necessary, we will notify you and the supervisory authority (the AEPD in Spain), in accordance with current regulations.

14. How to exercise your ARCO-POL rights?

Both the RGPD and the standard of transposition into Spanish law (the LOPDGDD), guarantees you the exercise of the following rights. You can exercise them at any time and always free of charge:

Right of access: The right to receive a copy of your personal information.

Right of rectification: The right to request correction of errors in personal information.

Right to erasure/deletion (right to be forgotten): The right to request that we delete your personal information in some situations.

Right of restriction: The right to request the restriction of the processing of your data.

Right of opposition: The right to oppose:

-to the processing of your data for direct marketing (including profiling).

-in certain circumstances to our further processing of your data. For example, processing carried out on the basis of our legitimate interest.

Right of portability: The right to receive your personal information in a structured form, in a readable format and/or to transmit this data to a third party - in specific situations.

Automated individual decisions: The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or significantly affects.

To exercise any of the aforementioned rights, you may write to us with your request to the e-mail address specifically provided for this purpose: rgpd@somosesencia.es.

You must attach to your request information on exactly what you need and, in any case, legally valid proof of your identity. 

The supervisory authority in the field of data protection 

We look forward to resolving any issues or concerns you may have regarding your personal information. But if you wish to file a complaint with the competent authority, you have the right to do so. 

In Spain, the highest authority in data protection matters is the Spanish Data Protection Agency (AEPD).

https://www.aepd.es/es - Tel: 91 266 35 17.

Changes to this privacy policy

SOMOS ESENCIA reserves the right to modify this policy to adapt it to new legislation or case law.