Privacy policy

Yes. Grekkom group has a Data Protection Officer to guarantee compliance with the current data protection norm.

You can contact our Data Protection Officer sending an email to protecciondedatos@grekkom.com.

Every time that we collect any personal information, we will inform you which one of our companies is the Data Controller and provide you all of the information regarding how we process your data.

You can find the full list of Grekkom group companies, their location, and different activities at www.informeanual.grekkom.com.

We process personal information about you that we collect either directly, through forms or data entry fields on our website, or through passive collection by cookies and other data collection technologies. The following is a non-exhaustive list of the data we process:

• any data you provide us including your image or voice in those cases where the service requires it (i.e. a promo for videos or photographs…)
• information collected from the access and use of our services, or your relationship with Grekkom,
• data resulting from contact forms and subsequent communications,
• your phone and any information you provide to us during your conversation with us – including your voice; we may record phone calls for internal purposes quality audits or as a proof for any claim or legal action, in or out of court, should the need arise,
• your image in video-surveillance at our facilities mostly for fraud prevention and management purposes or events we organize; though we shall always and clearly display enough information to let you know of such recording,
• any information that can be legally inferred from the data we process,
• any personal information collected either directly, through forms or data entry fields on our website, or through passive collection by cookies, browsing history and other data collection technologies (you can find more detail in our Cookies Policy),
• data from public sources, or that is part of your profile on a social network and that you have made available to us,
• those related to financial solvency and creditworthiness which may be checked at public credit worthiness registers with outstanding obligations, prior to or during a contract with us,
• data publicly available and displayed at accessible sources,
• third-party data along with prior consent from those,

information we receive from third parties, based on either your consent or legitimate basis

1. To manage your contract requests with Grekkom For certain contract request with Grekkom you will have to fill out a contract application beforehand. For cards which are commercialized by Grekkom, or for LPG or fuel supply, for example, we will process the data you provide us for the management of your contract request; and we will also process the data obtained from common data files related to the compliance or non-compliance of financial obligations in order to analyze the contract and to make a decision on whether to move forward or not with the application process. The legal basis that enables us to process your data is the execution of a contract request, together with our legitimate interest related to the common data files consultation.
2. To manage our relationship We process your personal data in order to manage the relationship you may have with us, whether as a client, user or data subject in any way linked to Grekkom. We will also process your data to issue the corresponding invoices and, where applicable, the debts management, as well as to answer and attend any complaints, incidents, questions or suggestions you may have. In the event that we have to call you, we will inform you that the conversation may be recorded, with the aim to internally audit the quality of our services, and, if required, to use the conversation as an evidence, in and out of court. The legal basis that enables us to process your data is the execution of the relationship we have. Furthermore, our legitimate interest enables us to record the conversations for the aforementioned purposes, thus, to ensure there is evidence of these calls and, additionally, to continuously improve the quality of our customer service.
3. To check at public credit worthiness registers related to the compliance or non-compliance of financial obligations In the event you want to contract any services with us, we will process your data to analyze your credit score by consulting the common data files related to the compliance or non-compliance of financial obligations. This consultation can be performed before or during the contractual relation. Likewise, and in accordance with applicable regulations, the data subject is hereby informed that his/her failure to comply with financial obligations undertaken by virtue of any contracts entered into with Grekkom may lead to the inclusion of her/his personal data in a public credit worthiness registers related to the compliance or non-compliance of financial obligations. The legal basis that enables us to process your data is our legitimate interest to make a risk assessment of our contractual activities.
4. Statistical analysis and satisfaction surveys We want to process your personal data in order to improve our products and/or services for your own benefit. We are constantly working on improving our products and services, but we cannot achieve this goal without our clients’ feedback. The legal basis that enables us to process your personal data is our legitimate interest in evolving our products and services according the general public’s needs.
5. Compliance with the accounting, legal, tax, and administrative obligations Grekkom is obliged to comply with applicable accounting, legal, tax, and administrative regulations. We will process your data to the extent necessary to comply with our legal obligations. The legal basis that enables us to process your personal data is the legal compliance.
6. Managing customer/user service Each time we get in touch with you we will provide our contact details – including postal address, telephone and/or email address, should you wish to address any suggestions, complaints or questions to us. If you contact our customer service by any of the available means and channels, your data will be processes to attend to your petitions. Customer service is centralized to ensure the highest quality service; therefore, it is possible that we need to share your personal data to other Grekkom group companies exclusively to access to information necessary to adequately respond to your queries.
7. To create “Your Account” For the Online Services, we process your data in order to create and manage your access credentials (username and password), your Account, and to provide you with the Online Services you joined. Remember that Your Account is the same for all Grekkom Online Services. This means Grekkom, S.A., as the entity responsible for its data processing, has the knowledge of all the Online Services you have joined. The legal basis that enables us to process your personal data is the execution of your application to create Your Account.
8. To analyze your browsing activity According the terms and conditions of our Cookies Policy and with the purpose of analyzing your browser activity, customizing your offers, and improving our Online Services and online contents, we will process the data obtained through your browsing activity in our online environments. The legal basis that enables us to process your data is your consent.
9. Your social network profile Grekkom processes the information you share with us through your social media profile. For more information please check “How do we process your data on social networks?”.
10. To organize and manage raffles, drawings, competitions, and promotional events In these cases, any data subject who wishes to participate on such events will have to voluntarily register by filling out any Grekkom forms. We will process your data in order to manage your participation, the prize delivery, if applicable, and the advertisements related to these activities. Grekkom will only process your personal data if it has obtained your consent. By participating in the event you provide your consent.
11. To perform data cross-checking with that of other Grekkom group companies for commercial purposes When you sign up for a service and/or execute an agreement with us, you will be able to provide us your consent for additional data processing. Do not worry, we will then provide you with detailed information concerning the additional data processing purpose in order to allow you to make an informed decision. These additional purposes allow us to get to know you better and to enrich your experience with us by creating a more personalized relationship which can be adapted to your individual profile and needs. We are mainly looking for to combine all the information we know about you related to your relations with the different Grekkom group companies. In order to do this, and always with your consent, your personal identification data and contact details – name, identity number and/or email address – will be shared with other Grekkom group companies to determine whether you have any relation with any of them. The remaining Grekkom group companies will inform on whether they have your data, and if so, the data will be combined in order to allow the company that has a relation with you to have a single view of your profile related to your relations with the Grekkom group. This combined information will be used by Grekkom to improve our relation with you, to create segmentations and profiles, and to send you information, by electronic or other means, and product and/or service offers related to energy solutions, transportation, mobility, automotive vehicle, insurances, finance, leisure, trips, home, sports, gastronomy, loyalty programs, payment methods and services, or telecommunications specifically customized for you. The legal basis that enables us to process your data is your consent. Unless you have granted us your consent, no automatized decisions will be taken based on your profile.
12. Send you commercial notifications  In the previous section we already informed you that we may send advertisements or commercial notifications regarding different products and/or services if you provide us with your consent. We may contact you at any time to send you information on commercial products and/or services of companies you have already established commercial relations with. For example, if you are already a client of Grekkom Butano, S.A., we will be able to send you information on gas products and services. Our legitimate interest is the legal basis to process your data as described.
13. To share your data with other Grekkom group companies We want to ensure that your experience with the Grekkom group is as unique and enriching as possible. Therefore, and only if you grant us your consent, we will transfer all your data to the rest of the Grekkom group companies in order to enable these companies to process your data as described in section 10. You can find the detailed information of the Grekkom group companies at informeanual.grekkom.com. The legal basis that enables us to process your data is your consent. If you do not provide us your consent, we will not process any data.
14. To manage contact details within the context of our contractual relations, or to send non-commercial information or events invitations With the sole purpose of managing its contractual relationships, Grekkom can process contact details and third-parties’ representatives’ data with whom it maintains contractual relations. The legal basis that enables us to process your data is the contract execution. Additionally, Grekkom can process contact details of potential legal entities clients, institutional representatives, government body representatives, journalists, analysis or investors who freely have provided us their data, with the purpose of providing said persons with Grekkom non-commercial information and Grekkom group events invitations. The legal basis that enables us to process your data is your consent, which has been granted when you provided us your contact details.
15. To avoid any liabilities with the Spanish Labor Authorities and to ensure the services quality of our suppliers Grekkom might process personal data of suppliers’ employees submitted either by such suppliers acting as employer or by the employee him/herself. The purpose of this data processing is to ensure the supplier services ‘quality, to grant the suppliers´ employees access to Grekkom group facilities, and to avoid any liabilities with the Spanish Labor Authorities as a result of provider overdrafts. The legal basis that enables us to process your data is our legitimate interest in controlling our relations with our providers and all their associated liabilities.
16. Grekkom group Ethics & Compliance Channel 
There is a communications channel, the “Grekkom Ethics and Compliance Channel”, that allows Company employees and any third party to make consultations or to communicate, possible breaches of the Code of Ethics and Conduct and Crime Prevention Model, confidentially and without fear of reprisal. The channel is managed by an independent company and is available 24 hours a day, 7 days a week, by phone and online at grekkom.com. The legal basis to process the data in this case are the Subject data’s consent – provided by means of the report form – and the Grekkom’s legitimate interest in prosecuting offences on which it may be affected.
17. Security at Grekkom group facilities  Grekkom installs video surveillance cameras to increase security in Grekkom group facilities. The lawful basis for processing is Grekkom’s lawful interest in preventing or investigating, where appropriate, incidents that occur at their facilities.
18. Visits and events  Grekkom may also process personal data resulting from its facilities visitor’s records, or from any Grekkom’s event guests. Photographs may be taken for these event’s advertising; Assistants will be previously informed in case they are not interested in attending to such event as well as to allow them to exercise their rights.  Consent is the legal basis that permits us to process your data.
19. Fraud management  During these past years, we have experienced a sharp increase in fuel theft at our gas stations, where drivers leaving without paying for the goods and services. As a result, we have adopted mechanisms to allow us to recover those debts. In those cases, we will process your license plates’ data by filing a claim with the aim of recovering the pending debt as well as for prevention purposes. The legal basis is Grekkom’s legitimate interest in preventing future fraudulent activity in our Gas Stations.
20. Training Grekkom organizes training activities not only for its employees, but also for third parties carefully chosen by Grekkom due to a particular relationship. In case you are a trainee in those activities, we may process your data for purposes such as manage your participation, assess your level of satisfaction with the training received.
21. Candidates  Grekkom assiduously post job offers some of them posted through its candidates’ section where those interested may send us its Curriculum Vitae. If you contact us or send your data, we will process it to assess your profile and consider you for any vacancy in the Grekkom group. For that purpose, we may share your information with any company of the Grekkom group which holds some interest in such vacancy.

We commit to processing your data in accordance with the applicable regulations and, in particular, using the appropriate organizational and technical measures to guarantee an appropriate level of security, ensuring the confidentiality integrity, availability, and resilience of processing services and systems at all times.

In case we intend to lawfully transfer or share your personal data, when collecting your information, we will inform you of the identity or category of recipient, such as:

• Third parties to which we are legally bounded to provide your data, for example social security or administrative and tax authorities.
• Third parties to which we need to provide your data to confirm that you belong to a certain group, if you wish to avail of an offer available to said group.
• Entities that subsidize training activities.
• Third parties which require to process your data for the fulfillment of the relationship you have with us.
• Other Grekkom group companies, where appropriate.
• Other third parties, in the case that you have provided your consent.
• Financial solvency and creditworthiness Registries for the compliance of financial obligations.

When providing certain services, we may give access to your personal data to providers that may or may not be group companies. They shall process those data as Data Processors and are bound to processing your data in accordance with the applicable regulations and, in particular, the Data Controller imposed appropriate organizational and technical measures, which guarantee an appropriate level of security. You can find the company categories that provide these services here.

We also inform you that some of these companies are located in territories outside the European Union and which may not provide an equivalent level of data protection comparable to that of the European Economic Space (EES). However, we will transfer your data, always under an adequate and lawful guarantee mechanisms established for that purpose in the European Regulations. Below, you can find more information about the international data transfers actually performed:

In each case, we will inform you which is the retaining period. Your data will be process during your relationship with Grekkom. Once our relationship is finalized, we shall keep your data duly blocked for the time-barring of the civil, criminal, commercial and/or administrative proceedings.

In the case of Online Services, Grekkom will process your personal data for the time you remain subscribe and using the Service. However, in case you do not actively use your account or any of our online services for a 2-year period, we shall cancel Your Account and thus, block your data. If at a later date you wish to start using any of the Online Services again, you will have to sign up as a new user.

At any time, you may execute several rights concerning the processing of your personal data. Every person has these rights and, consequently, they cannot be waived. Below, we will describe and explain each of these rights:

• Right of access. By exercising this right, you can find out information about how we process your personal data.
• Right to rectification. You may correct or modify your data if they are inexact or incomplete, in order to ensure that we have your correct details.
• Right to erasure (or the right to be forgotten). You may request that your data be deleted in one of the established cases under the applicable regulation. For example, in the event of illegal data processing or when the initial purpose for processing or collection no longer exists. However, the said regulation includes a series of exceptions where this right does not apply. For example, when the right of freedom of expression and information must prevail.
• Right to object. By having recourse to this right, you may oppose the processing of your personal data: (i) when, for reasons regarding your personal circumstances, your data must no longer be processed, exception made of any situation under which we can demonstrate compelling legitimate grounds or when the processing is necessary for the establishment, exercise or defense of legal claims, and/or (ii) when processing is carried out for direct marketing purposes.
• Right to restriction of processing. You may request that we restrict the processing of your personal data (i) while we are investigating the accuracy of data, when this accuracy has been refuted (ii) when this processing is unlawful but you oppose to your data being deleted and, instead, request this limitation (iii) when you need your data in the case of a claim (iv) and even when you have opposed the processing of your personal data to fulfill a mission of public interest or to satisfy a lawful interest, which must be checked. In these cases, we will only conserve data to make or defend ourselves against claims.
• Right to data portability. You can request the portability of your data in electronic format, as well as request they be transferred to another entity.

To exercise these rights, you can contact Grekkom at the address given when your data was collected, attaching a copy of your DNI or equivalent national identity document and indicating the corresponding processing.

Furthermore, you can withdraw your consent at any time, without this affecting the lawfulness of any processing already carried out. The request to this effect should be sent to the address indicated in the previous paragraph. In this case it is also necessary that you attach a copy of your DNI or equivalent national identity document.

Should you believe that your data has been processed improperly and not in compliance with personal data protection regulations in force, or should you believe that we have not acted accordingly with respect to the exercising of your rights, you may contact our Data Protection Officer in addition to any other such authority, in Spain being the Spanish Data Protection Agency (www.agpd.es).

Concerning Your Account, you can look up and manage your rights in your Private User Area.

We do not knowingly solicit or collect personal data from children below the age of 14; mostly, Grekkom deals with 18th year old people. Nevertheless, there may be some exceptional cases where, in the course of a promo or a contest, we may collect 14th year old data though always subject to prior parent and/or guardian’s written and explicit consent and/or authorization.

If you’re under the age of 14 we kindly ask you to wait to be a bit older to interact with us or ask a parent or guardian to contact us. We can’t collect and use your Personal Data without their agreement. If we discover that we have unintentionally collected personal data from a child below 14, we will remove that child’s personal data from our records promptly.

Regarding social networks, we recommend parents and/or guardians regularly check and supervise the internet activity of their children. Please make sure that your children do not give out their personal data without your authorization and consent.

You can exercise the rights of persons under 14 years of age at any time by certifying your legitimate right to do so.

In the event that, as a result of your relationship with us, you provide us with a third party’s personal data, we remind you that you are solely responsible for (i) having obtained his or her prior consent to communicate their personal data to Grekkom in connection with the purpose about which you are informed by us each time, and (ii)for having informed said third party of the terms established in this Policy.

You are responsible for holding Grekkom harmless for any liability derived from the lack of information and/or consent to or from the said third party.

Grekkom offers to you the Grekkom Single Registration to facilitate your access to all our Online Services. The One Log Register permits you the access to our Online Services by filling out exclusively the data necessary for the service which you had not provided us previously. This means that you don’t need to give us your data again each time you sign up to a new Online Service; you need only provide those data we do not already have and are necessary to provide or improve the service.

Remember, Your Account is one single account for all the Grekkom’s Online Services in which you are registered, which means that Grekkom S.A., as the responsible of this information, acknowledges all the Online Services in which you are registered.

We recommend you to not provide personal data — be it yours or that of third parties — when interacting with our social networks profiles. Should you decide to include personal information, be aware that it will be processed under the rulings of this Policy.

Specifically, personal data provided though any of our social network profiles will be collected by Grekkom, S.A, with registered offices in Madrid, Calle Méndez Álvaro 44, 28045, with the purpose of engaging and interacting with you on our social network profiles with the sole aim to communicate and share our values, business and activities. This is not the proper channel to send us your complaint, suggestion and/or claim related to any of our companies; but in case you decide it to do it, we inform you that we will share the strictly minimum data to process your petition and enable our customer service department to contact you.

The legal basis for this data process is your user status as a friend or follower of our social network profile, or the need to give a response should you make mention thereof in comments, despite not being a follower. In such a case, the minimum personal data will be used to provide you with a response. Your data will be processed for a 2-year period. Additionally, be aware that, any social network has its own terms of use which are beyond our control and therefore not covered by this Policy. We recommend that you read and know those terms as well as its own privacy policy before continuing with its use or providing any kind of personal data.

Some of our Online Services may give you the option of forwarding/sharing some content with another individual, although you should be aware that it is you who is performing this action through your own means. Grekkom does not send or use any information or data of these third parties to/with whom you wish to forward or share any data.

Registration and/or an Online Service?

You can cancel Your Account by sending an e-mail to sacportal@grekkom.com.

However, be aware that if you cancel Your Account, you will no longer be a Grekkom User and you will no longer have access to any of the Online Services you were registered at. It is necessary for the using of any of the Online Services to previously sign up as a Grekkom User (meaning creating Your Account).

You may cancel your subscription to any Online Service by following the instructions included in such Online Service specific conditions and in case you do it you will no longer have access to that specific Online Service. Your Account will remain active as long as you have any active Online Service.

We can modify this Policy at any time, and we will always inform you of any significant change through its corresponding message. Whenever we make minor changes to our Privacy Policy, we will update the same with a new effective date stated at the beginning of it. Our processing of your information will be governed by the practices set out in that new version of the Privacy Policy from its effective date onwards. We recommend you to check our Policy periodically.

You are responsible for each piece of data that you provide us with, as well as both for its veracity, inaccuracy, updates, validity, and authenticity and for your consent regarding the use and processing of such data. You are likewise responsible for any third-party data that you facilitate to us and for which communication you are obliged to obtain consent. Do not forget that you are responsible for periodically consulting this Policy as well as any future updates thereto.