Get a Quote

Privacy Policy

1. Data Controller

In accordance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR), Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), and Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE), the Data Controller is:

  • Company name: KFM AgroExport S.L
  • Tax ID- CIF — ESB26666040: 
  • Registered address: Calle Carlos Senti, 9 Esc. 1, Planta Baja 03700 Dénia (Alicante) Spain
  • Email: info@kfmagroexport.com
  • Country of establishment: Spain

 

2. Applicable Legislation

This Privacy Policy is governed by and complies with the following regulations:

  • Regulation (EU) 2016/679 (GDPR)
  • Organic Law 3/2018 of 5 December (LOPDGDD, Spain)
  • Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE, Spain)

3. Personal Data We Process

Depending on how users interact with this website and our business, we may process the following categories of personal data:

  • Identification data (name, surname)
  • Contact data (email address, phone number, WhatsApp contact)
  • Professional and company-related data (company name, position, VAT number, business details)
  • Communications sent via contact forms, email or messaging services
  • Technical data (IP address, browser type, device data, cookies and similar technologies)

We do not intentionally collect special categories of personal data as defined under Article 9 GDPR.

4. Purposes of Data Processing

Personal data are processed for the following purposes:

  • Responding to enquiries and requests for information
  • Managing commercial and professional communications
  • Preparing quotations, offers and business proposals
  • Managing pre-contractual and contractual relationships
  • Managing contact via WhatsApp or other communication channels initiated by the user
  • Managing international trade activities, including communication with suppliers, producers, logistics partners and commercial counterparties worldwide
  • Measuring website performance and improving user experience
  • Measuring marketing and advertising effectiveness
  • Ensuring website security and preventing fraud or abuse
  • Complying with applicable legal and regulatory obligations

5. Legal Basis for Processing

The legal basis for processing personal data includes:

  • Consent (Article 6(1)(a) GDPR), particularly for contact forms and non-essential cookies
  • Pre-contractual measures or performance of a contract (Article 6(1)(b) GDPR)
  • Compliance with legal obligations (Article 6(1)(c) GDPR)
  • Legitimate interests (Article 6(1)(f) GDPR), such as website security, fraud prevention and protection against misuse, provided such interests do not override the rights and freedoms of data subjects

6. Use of Third-Party Services

This website may use the following third-party services, depending on configuration and user consent:

  • Google Analytics – website analytics and performance measurement
  • Google Tag Manager – management of website tags (may load other services)
  • Meta (Facebook) Pixel – marketing and advertising performance measurement
  • YouTube – embedded video content
  • Google reCAPTCHA – protection against spam and automated abuse

These services may process technical data such as IP address, device information and usage data. Where required by law, such services are activated only after obtaining user consent via the cookie consent mechanism.

7. Cookies and Consent Management

This website uses cookies and similar technologies in accordance with GDPR and LSSI-CE.

Users may accept, reject or configure cookies at any time via the cookie consent banner or settings. Detailed information about the use of cookies is provided in the Cookie Policy.

8. Data Recipients

Personal data may be disclosed to:

  • IT, hosting and cloud service providers
  • Analytics, marketing and communication technology providers
  • Professional advisors (legal, accounting or tax), where necessary
  • Public authorities, where legally required
  • International suppliers, producers, logistics operators and commercial partners, strictly for purposes related to international trade operations and business communications

All service providers act under appropriate data processing agreements in accordance with Article 28 GDPR.

9. International Data Transfers

Due to the international nature of our business activities, personal data may be transferred to, accessed from, or processed in countries outside the European Economic Area, including countries in Asia and other regions worldwide.

Where such international transfers occur, they are carried out in accordance with Articles 44–49 of the GDPR and are subject to appropriate safeguards, including:

  • Adequacy decisions adopted by the European Commission, where applicable
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other lawful transfer mechanisms recognised under GDPR

These safeguards are implemented to ensure an adequate level of protection of personal data regardless of the country in which processing takes place.

10. Data Retention

Personal data are retained only for as long as necessary to fulfil the purposes for which they were collected:

  • Enquiries and business communications: up to [12–24] months
  • Contractual and commercial documentation: for the period required by applicable law
  • Technical and security data: for a limited period necessary for security and operational purposes

After the applicable retention period, personal data are securely deleted or anonymised.

11. Data Subject Rights

Data subjects have the right to:

  • Access their personal data
  • Request rectification of inaccurate data
  • Request erasure of their data
  • Request restriction of processing
  • Object to processing
  • Request data portability, where applicable
  • Withdraw consent at any time, where processing is based on consent

Requests may be submitted to: [privacy@yourdomain.com]

12. Supervisory Authority

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the competent supervisory authority.

In Spain, this is the:

Agencia Española de Protección de Datos (AEPD)

https://www.aepd.es

13. Security Measures

We implement appropriate technical and organisational measures to ensure the confidentiality, integrity and availability of personal data, in accordance with Article 32 GDPR.

14. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy to reflect changes in legislation, regulatory guidance or our data processing practices. The latest version will always be published on this website.

Last updated: 17.04.2026