CORSA > Privacy policy

Privacy policy

Data Controller

The company responsible for processing your data under this Privacy Policy is: CORPORACIÓN DE ORGANIZACIONES Y REPRESENTACIONES, S.A.
NIF: A08811085
Address: C/ Cerdeña, 397, Entlo. 8 – 08025, Barcelona
Email address: info@corsa.es
Website: corsa.es
Phone: 937745240
Registered in the Barcelona Mercantile Registry, in Volume 11,596, Folio 113, Sheet B-142,335

At CORPORACIÓN DE ORGANIZACIONES Y REPRESENTACIONES, S.A., we recognize the importance of protecting your personal information and are committed to handling it responsibly and in compliance with data protection laws.

This Privacy Policy aims to regulate all aspects related to the processing of data from the various users who browse or provide their personal data through the various forms on the website.

Personal Data

Personal data is information that identifies or makes you identifiable. Through the website, in the designated fields, we collect the personal data that you provide to us: name, surname, email, phone number, postal address, city, etc., as well as any data you voluntarily provide through any social media networks you are registered with. In this case, privacy will depend on the settings you have configured and the terms and conditions of the respective social media platform.

The user’s visit to the website does not imply that they must provide any personal data. However, if you provide them, the data will be processed lawfully, in accordance with the principles and rights outlined in GDPR 2016/679 of April 27, 2016, and the LOPDGDD 3/2018 of December 5.

Purpose, Duration, and Legitimacy of Processing:

The data you provide will be processed for the following purposes:

  • Processing requests or inquiries made by the user through the contact form on the website. We collect and process personal data to handle and manage your request, inquiry, or any request made via this form. We will retain this data for as long as necessary to fulfill your request and for the time period established by law, with a minimum duration of 3 years.
    The legal basis for processing the data is your consent when selecting the checkbox to accept our privacy policy before submitting the request. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Improve your experience browsing the website. We will retain this data as long as you do not revoke your consent for the processing of it by deleting the cookies, and for the time period established by law, with a minimum duration of 3 years.
    The legal basis for improving your experience browsing the website is your consent when you accept the cookies. You have the right to revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Manage our social media and send information about our activities and products. We will retain this data as long as you do not revoke your consent for processing it and for the time period established by law, with a minimum duration of 3 years.
    The legal basis for managing our social media and sending you our activities and updates is your consent. You have the right to revoke your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Send newsletters or communications about CORPORACIÓN DE ORGANIZACIONES Y REPRESENTACIONES, S.A. products. Under the user’s consent, we collect and process personal data to send information about our products and services. We will retain this data as long as you do not revoke your consent for processing it and for the time period established by law, with a minimum duration of 3 years.
    The legal basis for processing data is your consent when you select the checkbox to accept our privacy policy before subscribing to the newsletter via the form on the website. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Create and manage a “registered user” account via the registration form on the website, allowing the user to access their private service area and receive information about our activities, including sending commercial communications about our services. We will retain this data as long as the user does not request to unsubscribe and for the time period established by law, with a minimum duration of 3 years.
    The legal basis for processing the data is your consent when registering via the form and selecting the checkbox to accept our privacy policy before submitting the registration request. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Manage customer service chat via WhatsApp offered on our website for any questions about our services/products. To continuously improve the quality of our customer service, we record the chat history for analysis and improvement. These records will be deleted once evaluated and after complying with the time period established by law, with a minimum duration of 3 years.
    The legal basis for processing is your consent for using the service. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Manage appointment bookings via the form on the website. We will retain the data for as long as necessary to address your request and while legal responsibilities could arise from providing the service.
    The legal basis for processing is the consent of the interested party when clicking the checkbox provided for this purpose. The interested party has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Disclosure or Communication of Personal Data
  • Your data will not be shared or transferred to third parties unless required by law or those acting as Data Processors.
  • The recipients of the information will be service providers linked to the Data Controller, acting as Data Processors. In this regard, the Data Controller hires hosting services from providers offering adequate privacy guarantees, with their servers located in the EU.

International Data Transfers

At CORPORACIÓN DE ORGANIZACIONES Y REPRESENTACIONES, S.A., we process your data within the European Economic Area (EEA). Generally, we hire service providers located within the EEA or in countries that have been declared with an adequate level of protection.

If we need to use service providers located outside the EEA or in countries not declared with an adequate level of protection, we will ensure the security and legitimacy of processing your data through adequacy decisions, standard contractual clauses, binding corporate rules, exceptions, or any other instrument approved by the supervisory authority that guarantees adequate safeguards for international data transfers.

In this regard, we inform you that for sending newsletters or informational bulletins, the Data Controller may use Mailchimp services, with servers located in the U.S. However, this provider has standard contractual clauses in place, in accordance with Article 46 of the GDPR, legitimizing the international transfer of personal data.

Similarly, CORPORACIÓN DE ORGANIZACIONES Y REPRESENTACIONES, S.A. provides the WhatsApp application for individuals to contact the Data Controller. While the WhatsApp servers for EU users are located in Ireland, communications with U.S. servers may occur, resulting in an international data transfer that is conducted with full guarantees in accordance with the EU-U.S. Privacy Shield Framework, as decided by the European Commission on July 10, 2023.

Data Updates

It is important that to maintain the accuracy of personal data, the user informs us of any changes. Otherwise, we do not take responsibility for the veracity of the data.

The user guarantees that the personal data provided is truthful, up-to-date, and accurate, and is obligated to notify any changes.

Third-Party Data

If the user provides third-party data for any purpose to CORPORACIÓN DE ORGANIZACIONES Y REPRESENTACIONES, S.A., they guarantee that they have obtained this data lawfully, informed the affected individuals, obtained their consent to communicate it, and that the information provided is accurate and truthful.

Mandatory Nature of Requested Information

All our forms contain an asterisk (*) next to mandatory fields. If the user does not provide these fields or does not check the privacy policy acceptance box, the information will not be sent.

Use of Passwords

To access your account, the user must “Log In” and enter the email address and password created during registration, following the complexity rules established at each time on the website.

Users are responsible for maintaining the confidentiality and security of any identifiers and/or passwords they select during registration and agree not to share them with third parties or allow unauthorized access.
It is also the user’s responsibility to immediately notify the Data Controller of any misuse of identifiers and/or passwords, such as theft, loss, or unauthorized access, so they can be canceled immediately.

Rights of Data Subjects

You have the right to access your data and obtain confirmation about its processing, as well as a copy of the personal data being processed. You also have the right to update and request the correction of inaccurate data, or to request deletion when the data is no longer necessary for the purposes for which it was collected. You may request the restriction of data processing, object to the processing, revoke your consent, or exercise the right to data portability. Additionally, you have the right not to be subject to decisions based solely on automated data processing.
You can exercise your rights by contacting us at info@corsa.es.
If you believe that your rights have not been properly addressed, you have the right to file a complaint with the Supervisory Authority at www.aepd.es.

Processing of Data of Minors

By submitting data through the forms on this website and accepting its processing, the user declares to be over 14 years old. Access and use of the portal is prohibited for minors under this age. If at any time, the Data Controller detects that a minor under 14 has provided personal data, we will proceed to cancel it. Parents or guardians may, in any case, contact CORPORACIÓN DE ORGANIZACIONES Y REPRESENTACIONES, S.A. to block the access account of minors under their care who have registered by falsifying their identity.

Cookie Processing

A cookie is a small file that is downloaded and stored on the user’s computer when they access a website. Cookies allow the website to store and retrieve information about the user’s browsing habits or device. Depending on the information contained and the way the user uses their device, cookies may be used to recognize the user.

The user has the option to prevent the generation of cookies by selecting the corresponding option in their browser settings. For more information, please refer to our Cookie Policy.

Last Update: 25/03/2025