Politica de privacidad | Sa Carta
Privacy

Privacy policy

Information about the processing of personal data under the GDPR and the LOPDGDD.

1. Data controller

2. Purposes of processing

  • Manage user access to the backoffice and keep the authenticated session active.
  • Handle queries, incidents or requests received through the platform.
  • Provide the digital menu management service and associated features.
  • Ensure the security, integrity and basic traceability of the platform.
  • Send communications strictly linked to the service when needed for its provision or maintenance.

3. Legal basis

  • Performance of the contractual relationship or pre-contractual measures when processing is necessary to provide the service.
  • Compliance with legal obligations when required by applicable law.
  • Legitimate interest for security, abuse prevention and service maintenance purposes.
  • Consent when required for non-essential cookies or processing activities that require it.

4. Data retention

Data will be kept for as long as necessary to fulfil the purpose for which it was collected and, afterwards, for the periods required by applicable law or while legal liabilities may arise.

5. Recipients

In general, data will not be disclosed to third parties except where legally required, operationally necessary to provide the service, or where a legitimate legal basis allows it. If technology providers are used, they will act as processors under Article 28 of the GDPR.

6. User rights

You may exercise your rights of access, rectification, erasure, objection, restriction of processing and portability, and withdraw consent where processing is based on consent.

To exercise them, you can write to info@carta.es. You also have the right to lodge a complaint with the Spanish Data Protection Agency if you believe that processing does not comply with the applicable rules.

7. Layered information

Forms that collect personal data will provide a first summarized information layer and a link to this policy to consult the additional information, following the criterion recommended by the AEPD.

8. Security

Reasonable technical and organizational measures have been adopted to protect personal data against unauthorized access, alteration, loss or destruction, considering the nature of the data and the state of the art.