PRIVACY POLICY

1. Who is the data controller of the personal data?

The data controller of your personal data is Distribuidora Internacional de Alimentación, S.A. (“Dia“), with Tax Identification Number (NIF) A-28164754, and registered office at Las Rozas de Madrid, TRIPARK Building, Las Rozas Business Park, C/ Jacinto Benavente 2A, 28232.

Dia has appointed a Data Protection Officer (“DPO“), whom you may contact for further information on any point included in our Privacy Policy, or to submit questions, queries, or complaints regarding the processing of your personal data. You can contact the DPO via email at dpo.es@diagroup.com.

Below, we provide detailed information about the processing of your personal data carried out by Dia as the data controller.

2. What categories of data do we process and from where are they obtained?

The personal data of the data subjects who contact Dia through email addresses and other channels enabled on the Website will generally be those provided by the data subject, including (i) Identifying data, such as name, surname, email address, and phone number, and (ii) Employment details, such as the entity for which the individual works.

3. For what purposes do we process the data, and on what legal basis?

Your personal data will be processed based on your consent given through the affirmative action of submitting your query, solely for the purpose of enabling such communication and processing and responding to your request.

4. How long will we retain the data?

Personal data will be retained until you request its deletion or cancellation and for as long as it is necessary for the purposes for which it is processed. When the data is no longer needed for this purpose, it will be blocked for the period during which it may be required for the exercise or defense of administrative or legal actions, and it may only be unlocked and processed for that reason. After this period, the data will be permanently deleted.

5. Who are the recipients of the data?

Personal data may be disclosed to Public Administrations, Authorities, and Public Bodies, including Courts, when required by applicable regulations.

Occasionally, to provide the best possible service, Dia may seek support from various contractors and suppliers, such as information systems services, technical support, call centers, etc. These suppliers may only access personal data as necessary for the provision of services and will not process the data for their own purposes that have not been previously informed by Dia.

6. Will there be international transfers of your personal data?

Personal data may be communicated to service providers located in countries outside the European Economic Area, including countries that do not provide an equivalent level of data protection as the European Union. However, in such cases, personal data will be processed in strict compliance with European and Spanish regulations, and necessary safeguards will be implemented to ensure an optimal level of protection for the rights and freedoms of data subjects

For more information on the appropriate safeguards related to international data transfers or to obtain a copy thereof, you may contact our DPO via email at dpo@diagroup.com.

7. What are your rights when you provide us with your personal data?

Data subjects may exercise their rights of access, rectification, erasure, objection, restriction of processing, and data portability, or any other rights recognized by applicable data protection regulations, as legally provided, by email to proteccion.datos@diagroup.com.

Furthermore, you may contact dpo.es@diagroup.com to inquire about any aspect regarding the processing of personal data carried out by Dia.

Data subjects may lodge a complaint with the Spanish Data Protection Agency. For more information, please visit www.aepd.es.