Privacy Policy

For all those companies in the Correos Group, respecting your privacy and complying with data protection regulations is of vital importance.  

We want you to be aware of why we are using or want to use your data at all times, as well as knowing what your rights are. With this in mind, we have prepared the following Data Protection terms (“Website Privacy Policy”) which regulates the processing of user data each time a User visits the website, any of its subdomains, or any other Correos website that shows this Privacy Policy in its footer.

This Website Privacy Policy may be subject to change due to any future new legislative or caselaw amendments, as well as changes in industry practices. In any case, the processing of user data will be regulated by the Data Protection Policy which is in force at the time of user browsing.

1. Who will process your data?

“Sociedad Estatal Correos y Telégrafos, S.A., S.M.E” (hereafter, “Correos”), with CIF [Taxpayer ID] A-83052407 and corporate address at Vía Dublín nº 7 (Campo de las Naciones) 28070 Madrid (Spain) will be responsible for processing your data.  

To guarantee the suitable management of said processing, Correos has appointed a Data Protection Officer (DPO) who can be contacted via the following email address:

2. What will your data be processed for and why?

The User’s personal data will be used for the following purposes:

  1. To enable users to navigate our website. 
  1. If accepting our Cookies Policy: To analyse their navigation to optimise the structure and design of the website (e.g. to see which sections of the website are most commonly visited, see the average time users spend on the website…) and to carry out behavioural and/or custom advertising.

Finally, our website has a range of different forms available to request information on some of our products and/or services so as to contract them or to contact us for other purposes. In the case of using these forms, the data included in these will be processed to address your request.  Regardless, prior to using any of the website forms, users will be notified of the processing of their data in the case that it is different from the processing foreseen in the Website Privacy Policy, and their consent will be requested, which will always be required.

3. What data will be processed?

We will process your personal data which will be obtained while you are browsing our site, including:

  1. Data directly provided by the User:

Browsing our website will not require any prior registration. Nevertheless, when you visit our website, our web servers will store, as standard, information such as the IP address and domain used to access the site, as well as the date and time of the visit, etc.  

On the other hand, certain functions on our website will require that additional information be provided through the corresponding forms (e.g. Your name and surname, postal address, email address, telephone number…). 

Unless expressly specified otherwise, all those fields included in the forms will be mandatory, meaning that any missing information may prevent your request from being processed. 

  1. Data indirectly provided by the User:

When navigating the website, different cookies may be installed on to the device in accordance with what is established in our Cookies Policy.

4. Will your data be sent to third parties?

In general, it is not foreseen that your data will be passed to third parties other than Correos.  Nevertheless, the following exceptions may arise:

  • In compliance with the law, we may be obliged to pass on your data to other third parties such as Public Administrations (e.g. FCSE [Law Enforcement in Spain]) or the courts. 
  • To provide you with the best possible service while browsing our website and processing your request we may pass your data on to other companies within the Correos Group who work in parcel delivery, additional postal service value, logistics, marketing, or telecommunications. Likewise, for example, if you request information regarding multiplatform marketing solutions, your data will be passed to NEXEA Gestión Documental S.A, S.M.E. in order to provide you with a response.

5. How long will your data be processed for?

Personal data will be exclusively stored for a reasonable amount of time in order to allow you to browse the website, to analyse your navigation (if you accept the Cookies Policy), or to process your service requests via the website. When no longer required, your data will be removed in compliance with the data protection provisions which means that it will be blocked and may only be made available at the request of the Judges and Courts, the Public Prosecution Service, or the competent Public Administrations for the prescribed term of any actions that may arise, and once said data blocking term has ended, it will be completely removed. For example, in most cases, the data storage time will be for three years, in accordance with the data protection regulations.   

In any case, if at the end of the contractual relationship there are any pending litigations, the data may be kept while these proceedings take place, solely for evidential purposes, until a final ruling is reached, at which time the data shall be blocked and subsequently deleted.

6. What are your rights?

If acknowledged in the applicable data protection regulations, the User may, at any time, exercise the following rights in relation to the processing of their data:

  1. Right of access: if this right is exercised, the User will be able to see the type of data that we are processing and the characteristics of the data processing that we are carrying out. 
  2. Right to rectification: If this right is exercised, the User may request that their data be amended as it is inaccurate or untrue. 
  3. Right to data portability: If this right is exercised, the User may obtain an interoperable copy of the data being processed.  
  4. Right to restrict the processing of data: If this right is exercised, the User may restrict the processing of their data, in accordance with the cases stated by Law. 
  5. Right to object: If this right is exercised, the User may object to the processing of their data and request that they are no longer sent commercial communications. 
  6. Right to erasure: If this right is exercise, the User may request the erasure of their data when the processing is no longer deemed necessary.  
  7. Right to withdraw consent.

You can exercise your rights through any of the following means, specifying the right you would like to exercise and attaching a copy of your National Identification Documentation or its equivalent, as well as any other documentation that you deem necessary. 

  1. Postal Address: Vía Dublín nº 7 (Campo de las Naciones) 28070 Madrid (Spain)
  2. Email:

On the Spanish Data Protection Agency (AEPD, in Spanish) website you can find a series of models to help you exercise your rights. We also hereby inform you that you have the right to file a claim with any controlling authority (the AEPD in Spain) in the case that you feel your rights have been infringed.