INTRODUCTION

At El Corte Inglés Group Companies, we are committed to safeguarding your personal information and protecting it from any security breaches. 

This document explains who is responsible for processing your data, what your personal information will be used for, the legal grounds for its treatment, how and why we collect it, how we use it, your rights and also the processes put in place to guarantee your privacy.

We assume that by providing us with your personal information and using our websites, you have read and understood the terms and conditions set out relating to personal data protection. El Corte Inglés Group Companies undertake to enforce the prevailing national and European legislation regarding data protection. Hence, our main objective is to process your data lawfully, honestly and with transparency.

SCOPE OF APPLICATION

The present document applies to all companies in El Corte Inglés Group.

CONSIDERATIONS TO BE TAKEN INTO ACCOUNT

Who is responsible for processing personal information?

The General Data Protection Regulation defines who is responsible as follows:

“Data Controller” or “Controller”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and practices for personal data treatment. 

In other words, the El Corte Inglés Group Companies are co-responsible for the personal data processing. This means that we establish the objectives or purposes jointly and define the necessary means of the processing of personal data.

If you have any question, comment or concern, or would like to make any suggestion about how we use personal information, you can send an email to the El Corte Inglés Group Data Protection Officer at the following address: delegado.protecaodados@elcorteingles.pt.

INFORMATION ON EL CORTE INGLÉS GROUP COMPANIES:

El Corte Inglés – Grandes Armazéns, S.A.

Website: www.elcorteingles.pt

Registered office: Avenida António Augusto de Aguiar, nº 31, 1069-413 Lisbon

Tax ID: 501 810 285

El Corte Inglés, S.A. – Branch in Portugal

Website: www.sfera.com

Registered Office: Avenida António Augusto de Aguiar, nº 31, 1069-413 Lisbon

Tax ID: 908 315 832

Viagens El Corte Inglés, S.A. - Branch in Portugal

Website: www.viagenselcorteingles.pt

Registered Office: Avenida António Augusto de Aguiar, nº 31, 1069 - 413 Lisbon

Tax ID: 980 099 323

Centro de Seguros y Servicios ECI, Agência de Seguros Vinculada, S.A.

Website: www.seguros.elcorteingles.pt

Registered Office: Avenida António Augusto de Aguiar, nº 31, 1069-413 Lisbon

Tax ID: 980 220 718

El Corte Inglés, S.A.

Website: www.elcorteingles.es

Registered Office: Hermosilla 112. 28009 Madrid

Tax ID: A28017895

Madrid Comercial Registry Office: Volume 677, General. 61, Section 4 del L. de Sociedades, Page 8085, Folio 182.

Supercor, S.A.

Website: www.supercor.es

Registered Office: Hermosilla 112. 28009 Madrid

C.I.F.: A78476397

Madrid Comercial Registry Office: Volume 7729, General 6689 Section 3, F. de S., Page 79966, Folio 39, Entry 1.

Seguros El Corte Inglés, Vida, Pensiones y Reaseguros, S.A.

Website: www. elcorteingles.es/eciseguros

Registered Office: Hermosilla 112. 28009 Madrid

Tax ID: A79346839

Madrid Comercial Registry Office: Volume 3863, Book 0, Folio 69, Section 8, Page 64854, Entry 27.

FOR WHAT PURPOSE DO WE COLLECT YOUR PERSONAL INFORMATION?

The main reason for collecting your personal information is to facilitate and better serve our customers.

We collect your personal information in order to process your purchases, orders or requests, either in any of our shopping centres, wharehouses, agencies, supermarkets or via our websites or applications, by telephone or by filling in a form.

You will find below the main purposes for collecting personal data at the El Corte Inglés Group companies:

- To comply with legal obligations, including but not limited to Law 58/2020 in Portugal, and Law  10/2010 in Spain, on the Prevention of Money Laundering and Terrorist Financing.

- To manage the purchase of products or services supplied by any of the El Corte Inglés Group companies, including distance selling and handling of shipments and returns.

- To manage a personal account with a single file so that it can be used to purchase products and services available in any of the El Corte Inglés Group companies’ websites.

- To direct customer requests for information, suggestions and complaints toward their effective handling and resolution.

- To manage events lists (weddings, communions, birthdays, etc.).

- To manage bookings and ticket sales for events distributed by El Corte Inglés.

- To conduct surveys to improve our services.

- To carry out market research and identify business opportunities, make reports on consumption habits, statistical data and market trends in order to provide products and services that might be of interest to you.

- To create profiles and perform analyses on our customers’ behaviour when using our websites or applications, but only if you give your consent.

- To provide information on our latest products, offers, opportunities, etc. The channels we use most frequently are: email, regular post, telephone, SMS and Push messaging, but only if you give your consent.

- To capture images of persons and vehicles for security reasons and to help with planning for emergencies.

- To manage VAT refunds on purchases by tourists from extra-EU countries.

- To manage staff selection.

- To analyse orders made by users/customers in order to prevent fraud.

HOW DO WE COLLECT INFORMATION ABOUT YOU?

We receive personal information about you via different means: in some cases, you contact us to share your personal data and in other cases we request your personal data through other means. We explain below the different ways we collect your personal information as well as a few examples on how the information is used.

INFORMATION PROVIDED BY YOU

We collect the personal information that you provide us through one of the El Corte Inglés Group websites, email, mobile phone, when you purchase a service, when you fill in a form or others. In any case, when we collect your information, you will be informed about who is responsible for the process, the purpose for collection, the recipients of the data, as well as how you can exercise your rights, granted by the prevailing law on data protection.

For instance, you are likely to provide us with information when you contact our customer service, place a purchase order, register on our websites, update your preferences and account details, fill in a questionnaire, take part in a competition, etc.

Usually, the personal information you provide us with is: first name and surname(s), address, ID, date of birth, email address, contact telephone number and payment details. In some particular cases, depending on how we anticipate using your data and to what end, data may be requested about your personal characteristics, your education and career, employment details, commercial information, social circumstances, finances and insurance, and transfers of goods and services.

INFORMATION WE COLLECT WHEN YOU VISIT OUR WEBSITES

We collect and store limited personal information and anonymous overall statistics of all users visiting our websites, either because you actively provide us with that information or because you are simply navigating our websites. The information we collect includes the IP address of the device you are using, the browser used, your operating system, the date and time our website was accessed, the web address through which you accessed our websites, and  information about how you use our websites as well.

We use this information to know how long it takes for our websites to load, how they are used, the number of visits to the different sections and the type of information that attracts most visitors. It also helps to make sure that the website is working porperly and, in case we detect malfunctions or errors, it helps us fix them and enhance our websites performance so as to deliver a better service to all users.

This information is received through cookies. For further details, please refer to the cookies policy available on each El Corte Inglés Group companies website.

SOCIAL NETWORKS

The use of social networks is becoming more and more widespread and, as a result, the El Corte Inglés Group has a presence on most of them and can use them to contact you.

The information we collect through social networks sometimes includes personal information that is publicly available online. We always make sure that all information we use acknowledges correctly its source or is made anonymous.

It is likely that these social networks have their own privacy policies detailing how your personal data are handled and shared. We recommend you to carefully read the privacy policies before using social networks to be certain that you agree with how your personal data are obtained and shared.

MOBILE PHONE

The El Corte Inglés Group APPs have a geolocation tool allowing us to track your whereabouts and show you the nearest shop. Activation of the geolocation feature on your mobile device enables you to make the most of all the applications functionalities. If it is not activated, we will remind you to turn on geolocation by sending you a message requesting permission beforehand.

This geolocation service will not be used to inform third parties of your location, except where this is a legal requirement.

Most moblie devices offer users the option of disabling location services, which is likely to be found in the settings menu of your device. If you have difficulty in disabling your device’s location services, you’d better contact your mobile service provider or the manufacturer of your device.

If you wish to disable location services on an Android device, go to Location services in your mobile phone’s Settings menu. Most Android devices allow location services to be disabled for the entire mobile phone, such as GPS services and other companies’ location services. Generally, unless you tap the icon to enable the location services these will remain disabled.

If you wish to disable location services on your iPhone, you can do this for all models from the Settings menu by selecting Location Services. In order to disable location services for the whole device, slide the bar until the Off option appears. In order to disable location services for a certain application, slide the bar next to each application until the Off option appears.

WHAT ARE THE LEGAL GROUNDS FOR PROCESSING PERSONAL INFORMATION?

There are a number of reasons why we are legally entitled to process your personal details:

- In order to fulfill a contract and/or commercial relationship.

- In order to comply with the various legal obligations.

- For legitimate interests as, for instance, for security reasons, fraud prevention, improving our services and products through market research or in order to handle requests, enquiries or  complaints.

- For sending customised offers by El Corte Inglés Group, with your prior consent.

TO WHOM CAN WE DISCLOSE YOUR PERSONAL INFORMATION?

If you have given us your consent, the information you provide will be communicated to the El Corte Inglés, (see URL: https://www.elcorteingles.es/informacioncorporativa) to be treated with the above-mentioned purposes. Not all the purposes referred above imply transfer of data, especially considering that the data are obtained directly by each of the Group companies.

In some cases, we have to communicate the information you have provided us to third-parties.

In order to be able to carry out the requested service, such as travel and hotel bookings, logistics, transport and delivery, isntallation and/or assembly companies, home remodelling, etc.

In addition, there are companies that provide us with other kinds of services, such as information technology (information storage and processing), security services, financial services, audit services, etc.

These third parties may only access personal information required for providing the said services. They are required to keep your personal information confidential and may not use it in any other way than as requested by us.

In all cases, El Corte Inglés Group companies assume responsibility for the personal information provided to us and we request companies with which we share your personal information to protect it to the same extent as we do.

Furthermore, your personal information will be accessible by Public authorities, Judges and Courts for dealing with any liabilities arising from the processing of your personal data.

INTERNATIONAL TRANSFERS

The personal information we obtain is held in Spain. However, some Group companies may  operate in other countries and in, that case, your personal information is collected in that company's country of operation.

For the sake of efficiency, we sometimes work with technological service providers located outside of the European Economic Area occurring, thus, international data transfers take.

place. In these cases, we enforce the appropriate safeguards to protect your information, such as signing Standard Contractual Clauses approved by the European Commission. For additional information about these clauses please write to delegado.protecciondatos@elcorteingles.es.

LINKS TO THIRD-PARTY WEBSITES

Where we provide links to websites not operated or monitored by El Corte Inglés Group companies, you will be timely notified, as the El Corte Inglés Group has no control over the said websites, nor does it assume any responsibility for their content or practices to collect and use your personal data. It is likewise not responsible for third-party websites and makes no claim thereupon.

These websites have their own privacy policies explaining how they use and share your personal data. We recommend you to carefully read the privacy policies before using these websites to be certain that you agree with how your personal information is obtained and shared.

Additionally, we work with eShopWorld to sell and deliver our products in certain international destinations. If you want a delivery to be made to a country where eShopWorld provides this service, you must kow that you will leave our Services and be redirected to a site linked to our brand in order to check out using a system “supported by eShopWorld.” eShopWorld’s privacy policy, not ours, will apply to the information you provide directly on the said site, such as your payment information. Also, when you are redirected to the site to check out using the eShopWorld service, we will share information about you and your order with eShopWorld to facilitate the purchase of our products via eShopWorld.

HOW LONG DO WE STORE YOUR PERSONAL INFORMATION?

We only store your personal information as long as it is needed to be used in accordance with the purpose for which it was collected, and pursuant to the legal basis for its treatment in compliance with the applicable law. We will keep your personal information while there is a contractual and/or commercial relationship with you, or until you don’t exercise your right of erasure and/or limitation of the processing of your data.

In such cases, we will keep your information duly blocked, and we will not use it, unless it may be necessary for lodging or disputing claims, or its processing may result in any type of legal or contractual responsibility issues to be addressed. If this were the case, the data would have to be recovered.

HOW TO EXERCISE YOUR RIGHTS

The General Data Protection Regulation (GDPR) allows you to exercise before the data controller your rights of access, rectification, objection, erasure, restriction of processing of personal data, portability and of not being subject to individual decision-making.

These rights are characterised as follows:

- Their exercise is free of charge

- If the requests are clearly unfounded or excessive (for example, of a repetitive nature) the data controller may:

                 Charge a proportional fee based on the administrative costs incurred.

                 Refuse to act on the request.

- Requests must be answered within one month, although, taking into account the complexity and number of requests, the time limit can be extended by two further months.

- The data controller must inform you of the means by which you can exercise these rights. These means must be accessible and this right cannot be denied for the sole reason of selecting another means.

- If the request is submitted electronically, the information will be provided by these means whenever possible, unless the data subject requests otherwise.

- Should the controller decide not to process the request, you will be informed within one month at the latest of the reasons for its decision of not acting and of your right to lodge a complaint with a Supervisory Authority.

- You may exercise your rights directly or through legal representation.

- The Data Protection Officer might respond to your request on behalf of the data controller, if the two parties have so set out in the contract or legal act binding them.

- You may exercise your rights in any of the following manners:

                    By post to El Corte Inglés Grandes Armazéns, SA, A/C Delegado de Protecção de Dados, Av. António Augusto de Aguiar, Nº 31, 1069-413 Lisbon

                    By email to delegado.protecaodados@elcorteingles.pt

                    You may lodge a complaint with the National Committee for Data Protection, namely if you are not satisfied with the way your request to exercise your rights was handled. For furtehr information, please visit the related sites:  www.cnpd.pt

SHOW DO WE PROTECT YOUR PERSONAL INFORMATIIN?

We undertake to protect your personal information. We use appropriate technical and organizational measures for protecting your personal information and your privacy, and those measures are reviewed regularly.  We protect your personal information using a combination of security checks, both physical and computer-based or logical, including access checks restricting and managing the way your personal information and data are treated, managed and handled.  We also ensure that our staff is properly trained to protect your personal information. According to our procedures,we may request proof of your identity before sharing  your personal data with you.

In accordance with our guarantee of security and confidentiality, we are especially interested in offering you the highest security level and protecting the confidentiality of the personal information you make available to us.  Therefore, commercial transactions are carried out in a secure server environment using SSL (Secure Socket Layer).

If, at some point, you have trouble accessing any part of our website, it could be due either to the model or version of your browser or its configuration. Should you need assistance in finding a solution or if you have any doubt regarding how our purchasing system operates, please write to servico_clientes@elcorteingles.pt or customer_support@elcorteingles.com. We will be more than happy to help.

The Internet is a means of communication which allows business transactions to be carried out online, and that is why one of the main concerns of internet users is the online security of their data.

An E-commerce transaction is defined as the whole process of reaching a commercial agreement, including the contact between both parties: customer and company.

The aspects that all commercial transactions must include are:

              Authentication, which guarantees the legal or physical personality with whom we are communicating.

              Integrity, i.e. the content of the communication between the two parties cannot be altered.

              Confidentiality, which means guaranteeing that no unauthorized person may be privy to the content of the communication.

DO WE PROCESS PERSONAL DATA OF MINORS?

The websites of El Corte Inglés Group, the applications and the products are not ususally intended for minors. There are occasions, though, when we may run a campaign as, for example, the launching of consoles or video games, which may be appealing to minors. However, we never request any personal information on minors without authorization from their parent(s) or guardian(s).

If you are a minor, please do not register as a user of our website, applications or products. If we happen to find out that we have by mistake collected personal information from a minor, we will delete the said information as soon as possible.

WHAT PRECAUTIONS MUST BE TAKEN ?

These are some of the precautions we recommend our clientes to take:

- Do not give anyone your username and password.

- Do not write it down in an easy-to-find location: computer, agenda. etc.

- Always use our SSL security system.

- Always close your browser session after having accessed a secure area or having introduced your username or password into the system.

AMENDMENTS TO THIS DATA PROTECTION INFORMATION

We will review and update data protection information when changes are made to the law or to any procedures for treating your personal data.

This data protection information was last reviewed and updated in June 2022. The reason for revision was the updating of the El Corte Inglés Group companies.