Skip to page content

Web privacy

Website privacy

For all of the companies of Grupo Correos, respecting your privacy and complying with data protection regulations is an aspect of vital importance.

We wish to ensure at all times that you know for what purpose we use, or want to use, your data and what your rights are. With this aim in mind, we have written the following Data Protection terms (‘Website Privacy Policy’) to regulate the data processing that will be carried out when any User browses our website,, any of its subdomains or other Correos websites in whose footers this Privacy Policy is shown.

This Website Privacy Policy may be subject to amendment in order to adapt to future legislative or jurisprudential developments, as well as industry practices. In all cases, the processing of user data will be regulated by the Data Protection Policy that was in effect at the time of browsing.

1. Who will process your data?

The data controller is Sociedad Estatal Correos y Telégrafos, S.A., S.M.E. (hereinafter ‘Correos’), holder of Tax ID No. CIF A-83052407, with registered office at Conde de Peñalver, 19 28006 Madrid (Spain).

To ensure the proper management of such processing, Correos has appointed a Data Protection Officer (DPO) who you can contact through the following email address:

2. What will your data be processed for and why?

The User’s personal data will be used for the following purposes:

– Allow browsing through our website.

– In case you accept our Cookies Policy: Analyse browsing to optimise the structure and design of the website (e.g. to see which spaces of the website are most visited, what is the average length of stay, etc.) and carry out behavioural and/or individualised advertising.

Finally, our website has different forms that allow you to request information about any of our products and/or services, sign up to them or contact us for other reasons (e.g. sending us your CV or reporting a possible breach of our Code of Conduct). If you use these forms, the data incorporated into them will be processed to deal with your request. Prior to using the various website forms, you will always be informed about how your data will be processed – if it differs from the processing envisaged in this Website Privacy Policy – and you will be asked for the necessary consent in each case.

3. What data will be processed

We will process personal data obtained through your browsing of our website, including:

  • Data provided directly by the User:

Browsing through our website does not require prior registration. When you visit our website, however, our web servers store as standard information such as the IP address and domain from which access is obtained, the date and time of the visit, etc.

In addition, certain features of our website require you to provide us with additional information through the corresponding form (e.g. name and surname, postal or email address, telephone number, etc.).

Unless expressly stated otherwise, all fields included in the form will be required, so incomplete information will prevent the processing of your enquiry.

  • Data provided indirectly by the User:

When you browse our website, different cookies may be installed on your device in accordance with the provisions of our Cookies Policy.

4. Will your data be communicated to third parties?

In general, your data is not expected to be communicated to people other than Correos. The following exceptions, however, may occur:

– In order to comply with the law, we may have to communicate your data to third parties such as Public Authorities (e.g. the police) or the courts.

– In order to provide you with the best browsing service through our website and process your enquiry, we may have to communicate your data to other companies in Grupo Correos in sectors such as parcels, logistics, marketing and telecommunications, and services that provide added value to the postal service. For example, if your enquiry is about multichannel direct marketing solutions, your data will be communicated to NEXEA Gestión Documental S.A., S.M.E in order for them to deal with the response.

5. For how long will your data be processed?

Personal data will only be kept for the period necessary to allow your website browsing, analyse your browsing (in case of acceptance of the cookies policy) or process your service enquiries through the website. When the data is no longer necessary, it will be deleted in accordance with the provisions of data protection regulations, meaning that it will be firstly blocked and only available at the request of Judges and the courts, the Prosecution Service and competent Public Authorities during the limitation period for actions that may arise, and then, after the blocking period, completely deleted. For illustrative purposes, in the most common cases, the limitation period under the data protection regulations is three years.

If at the end of the contractual relationship, however, there are lawsuits pending, the data may be kept for the duration of the proceedings exclusively for evidentiary purposes until a final ruling has been made, at which time it will be blocked and subsequently deleted.

6. What are your rights

To the extent that they are recognised in the applicable data protection regulations at the time, you may exercise the following rights in relation to the processing of your data:

– Right of access: you will be able to know what kind of data we are processing and the characteristics of the processing we are carrying out.

– Right of rectification: you can request the correction of any of your data that is inaccurate or untrue.

– Right of portability: you can obtain a copy of the data being processed in an interoperable format.

– Right to restrict the processing of data: you can restrict the processing of your data in the cases included in the Law.

– Right to object: you can object to the processing of your data and decline receipt of commercial communications.

– Right of deletion: you can request the deletion of your data when the processing is no longer necessary.

– Right of withdrawal of consent.

You can exercise your rights through any of the following channels, indicating the right you wish to exercise and including a copy of your National Identity Document or equivalent document in addition to any other documents that you consider appropriate:

  1. Postal address: Conde de Peñalver, 19 28006 Madrid (Spain)
  2. Email:

On the website of the Spanish Agency for Data Protection (AEPD), you can find a series of forms that will help you to exercise your rights. You also have the right to lodge a complaint with the supervisory authority (in Spain, the AEPD) if you believe your rights have been infringed.