Privacy Policy


In compliance with data protection regulations, GDPR (EU) 2016/679 of 27 April 2016 (GDPR) and Organic Law 3/2018 of 5 December 2018, on Personal Data Protection and Guarantee of Digital Rights (LOPDYGDD), you are hereby informed in a clear and simple way about the most relevant aspects of our privacy policy. However, if you have any questions after reading this information, please do not hesitate to contact us.

The Data Controller, VIVANCO ENOTURISMO Y EXPERIENCIAS S.L., with VAT no.: B26308007, postal address at Ctra. Nacional 232, Km. 442, 26330 – Briones (La Rioja), e-mail: protecciondatos@vivancoculturadevino.eshereby notifies you that the personal data that you provide through this website will be processed in accordance with regulations in effect on personal data protection in Spain.

The data provided by the user must be accurate and truthfully reflect the current situation. The user who enters the data solely and ultimately liable for the veracity of the information provided in our website.

When the data is collected, its voluntary or required nature will be indicated. A refusal to provide data determined as required will result in the non-provision of or inability to access the service for which such data was requested. Data may also be provided on a voluntary basis in order to ensure the services and/or products offered can be optimally provided.

What personal data is collected on this website?

For the purposes set out in this Data Protection Policy, the Data Controller collects and processes the Personal Data detailed below, which will depend on the different products or services requested on this Website:

  • Identification data: name and surname, ID number.
  • Contact details: postal address, e-mail address, telephone number.
  • Contractual data: contractual transaction data, VAT number, products purchased, financial transactions, payment data.
  • Browsing data: IP address, device type and identification, browser type, domain through which you access the Website, browsing data, activity on the Website.

Purpose and licitness of processing

  1. Web contact form: we process the data you provide in order to deal with your query. The legal basis is the consent of the data subject, Article 6(1)(a) GDPR.
  2. Purchase and sale of products and/or services: the purpose of the data processing is the provision of the products and/or services contracted. The legal basis is the performance of a contract to which the data subject is a party or for the implementation at the data subject’s request of pre-contractual measures, Article 6(1)(b) GDPR.
  3. Purchases made through our website: The data are processed for the management of online sales. The legal basis is the performance of a contract, Article 6(1)(b) GDPR.
  4. Commercial communications: the data are processed for commercial and promotional purposes. The legal basis is the explicit consent of the data subject for commercial communications by electronic means article 6(1)(a) GDPR, and the legitimate interest when art. 21 of Law 34/2002, article 6(1)(f) of the GDPR is applicable .
  5. Analysis of browsing on the website: analysis of analytical cookies to be able to compile statistics on the traffic and volume of visits to the website. The legal basis of processing is the consent of the data subject, Article 6(1)(a) GDPR.

Automated decision-making and profiling are not being considered.

How long will we store personal data?

The data will be stored for the time necessary for the purpose for which they were provided or collected, without prejudice, as the case may be, to the exercise of your right to erasure, which will entail the blocking of the data for as long as legal obligations persist, or, where appropriate, until you withdraw your consent to receive commercial information.

In order to comply with legal obligations, we may retain data subjects’ personal data once our relationship has concluded to comply with legal obligations.


The Data Controller does not disclose personal data to third parties except as required by Law or where the data subject has given their consent after having been duly informed.

How we protect your data?

The Data Controller adopts the necessary security measures to ensure the confidentiality, integrity and availability of your data, adopting the necessary technical, organisational and legal measures to protect them from third parties.

Personal data will only be processed by parties strictly necessary for the processing of the data and will be stored on physical servers located in the European Union using an SSL certificate. The SSL certificate is a security protocol that makes data travel in an integral and secure manner, i.e. the transmission of data between a server and user is fully encrypted both ways.

What are your rights?

In accordance with the provisions of Articles 15 to 22 of the GDPR 2016/679, you may exercise, the following rights with the Data Controller, through the postal and/or e-mail addresses indicated in the contact details:

  • Right of access. The right to request access to your data to check what personal data is being processed, for what purpose and how long it will be stored, among other information.
  • Right to rectification. The right to have your data corrected if it is no longer accurate.
  • Right to erasure or removal. The right to request that your data no longer be processed and be deleted.
  • Right to restrict processing. The right to request the restriction of processing.
  • Right to object. The right to object to the Data Controller’s continuing to process your data, in which case the Data Controller may only keep your data for legitimate interests or for the exercise or defence against potential complaints.
  • Right of portability. The right to receive personal data concerning you that you have provided to the Controller and to transmit it to another Controller.

Option to withdraw consent: where consent has been given for a specific purpose, the data subject can opt to withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

Complaint to the Supervisory Authority: If you consider that the processing of your data infringes applicable personal data protection regulations, you can lodge a complaint with the competent Supervisory Authority, in Spain, the Agencia Española de Protección de Datos (Spanish Data Protection Agency).

Currency and modification of this Privacy Policy

The information in this website was accurate on the date it was last updated.
The Data Controller reserves the right to modify this policy to adapt it to future legislative developments, as well as to future uses it may intend to make of your personal data. In the event that such a change affects you with regard to the processing of your data, e.g. because additional processing is to be carried out which you have not previously been informed of, we will notify you of this change.