Data Protection Act
In accordance with the entry into force of the General Data Protection Regulation (hereinafter RGPD), enforceable since May 25, 2018, we inform you that we have updated our data protection policies to adapt to the RGPD. Our objective is first of all to protect your personal and professional data by applying organizational and technical measures to guarantee the confidentiality, availability and integrity of your information, as well as to comply with the obligations of the GDPR.
We appreciate your trust,
|BASIC INFORMATION ON DATA PROTECTION|
|Responsable||VIAJES Y REPRESENTACIONES S.L.|
|Purpose||Management of the contractual relationship and correct development of the requested services, and resolution of your queries, attention to complaints and suggestions, sending commercial information related to our services, keeping you informed about offers, promotions, news and events in the sector.|
|Legitimation||Execution of a contract; legitimate interest.|
|Recipients||We do not plan to transfer your data to third parties, except for those assignments that must be made by legal imperative or that are necessary for the correct execution and development of the requested services.|
|Rights||You can exercise your right of access, rectification, deletion, portability and opposition, as explained in the additional information.|
|Additional info||You can consult the additional and detailed information on Data Protection in the text that follows|
Additional information on data protection
1. Data of the Data Controller
In compliance with the provisions of the General Data Protection Regulation 679/2016, (hereinafter “RGPD”), and Law 34/2002 of July 11, Services of the Information Society and Electronic Commerce, we inform you that the person in charge of the personal and professional data processed is:
Company name: VIAJES Y REPRESENTACIONES S.L (Hereinafter The Responsible),
Address: C / FRANCISCO SILVELA 36, 1º OFIC 7, CP: 28028, MADRID, SPAIN
Telephone: +34 910274369/910266690
We promise to keep the information you provide us in the strictest confidentiality avoiding unauthorized access, manipulation of information, loss or destruction. To do this, we will apply the security measures established by the applicable regulations and all those that our resources and modern technology allow us. Keep in mind that, in many cases, it is essential that you provide the information that we request in order to enjoy the benefits of our website.
2. Scope of application
3. Data that we process about our Clients
The categories of personal and professional data that we process are the following:
- Identification data: name, surname, identity documents, address and telephone number.
- Postal and electronic mail addresses.
Specially protected data is not processed.
4. Purposes of the treatment
The purposes for which we treat your personal and professional data are the following:
- Properly provide the contracted services.
- Manage the contractual relationship, prepare offers or requested budgets.
- Carry out the invoicing, accounting and fiscal management corresponding to the contracted services.
- Send you commercial information through newsletter, news, information about events, offers, promotions and launch of new services.
- Check the veracity of your information.
- Answer your questions, requests, complaints, suggestions.
- Communicate with you for organizational matters related to the services.
- Compliance with legal obligations applicable to the Responsible, and collaborate with the authorities that require information from us.
We will communicate with you through electronic means such as SMS, WhatsApp, email, ordinary mail. You can always object to the receipt of information by all or some of these channels. In each communication we will inform you about the cancellation procedures.
5. Data transfers to third parties and international transfers
For the management of the purposes inherent to the development and fulfillment of the object of the contract and to adequately provide the services that you request, it may be necessary and mandatory for the provision of the service that your data have to be communicated to the different providers, such as companies. airlines, shipping companies, hotels, local car rental agencies, and other service providers related to your request, who will be obliged to use the data, solely and exclusively, to comply with the object of the contract.
These providers, depending on the country of destination of your trip, may be located in third countries for which an international data transfer is necessary. The Company asks those companies with whom we share your personal information to apply the same degree of information protection as we do.
Your data will be transferred to public administrations and bodies of the judicial system or security forces or bodies when the Company is required to present information.
We will not communicate your data to third parties except those indicated above, without your authorization, unless said transfer must be produced by legal imperative or because it is essential to comply with the contractual relationship.
6. Data retention criteria
Personal and professional data will be kept during the provision of contracted services, and as long as the right of deletion is not exercised. Once the contractual relationship is concluded or the right of deletion has been exercised, we will keep the information in security conditions, as long as you do not request your withdrawal or express your desire not to receive advertising. The information that for legal reasons we must keep in accordance with Law 10/2010, of April 28, on the prevention of money laundering and terrorist financing, will be stored for a maximum period of 10 years from the end of the contractual relationship , mandatory conservation period established by said rule.
If the information is necessary for the exercise of legal or contractual actions, it could be exceptionally kept for a period longer than that indicated. After the deadline, the data will be destroyed.
The Client expressly authorizes the Responsible Party to contract the services totally or partially with third parties whose intervention he deems appropriate for the proper development of the services. In this case, the Responsible Party undertakes to sign a contract with the subcontracted third party that stipulates the obligations that it must comply with in relation to the protection of personal data, especially it will be required to comply with the same protection obligations. of data to which the Responsible with its clients has committed, as well as the sufficient guarantees of application of appropriate technical and organizational measures so that the treatment is in accordance with the applicable regulations.
The Responsible will be diligent in the selection of suppliers by applying mechanisms to verify the level of compliance with the data protection regulations, with the aim of mitigating the risks that may affect the security of the information.
8. User Rights
The RGPD includes a series of rights in favor of the people whose data is processed. This section provides information on how to exercise your rights as a Client regarding your personal data. All the rights mentioned below, you can exercise them by sending your request to the email: firstname.lastname@example.org, accompanying a copy of your identity document. Please note that we may ask you for additional information to verify your identity before proceeding with your request. The interested party, without prejudice to any other administrative remedy or legal action, will have the right to file a claim with the Spanish Agency for Data Protection through the electronic headquarters at: www.agpd.es.
- Right of access:
The right of access allows the interested party to know and obtain free information about their personal data subjected to treatment. You can ask us to tell you what information we keep about you.
- Right of rectification:
This right is characterized because it allows correcting errors, modifying the data that turn out to be inaccurate or incomplete and guaranteeing the certainty of the information being processed. You must inform us of any changes to your data and will be responsible for updating your information.
- Right of cancellation / deletion / oblivion:
The right of deletion allows data that turns out to be inappropriate or excessive to be deleted, unless the data must be kept by legal imperative or or be subject to legal or judicial action.
- Right of objection:
The right of opposition is the right of the interested party not to carry out the processing of their personal data or to cease it for certain purposes. You can oppose the processing of your data indicating the specific purposes object of opposition.
- Right of Portability:
The right to portability will allow you to request a copy in a structured format, commonly used and mechanical reading of your personal data..
- Right of Limitation:
The right to data limitation allows you to limit the use and request restrictions on the processing of your personal data.
9. Medidas de seguridad
In the treatment of your information we apply adequate security measures according to the type of data. Our goal is to prevent unauthorized third party access, theft, loss or unauthorized disclosure of your information. However, even if we apply all possible security measures, the risk of a technical or human failure with respect to the information will never completely disappear, for this reason we ask that if you detect any incident or have indications that your information may be in risk, please contact us so we can investigate and provide solutions. The measures we apply to protect your information are mainly the following:
- We keep a record of processing activities referred to in article 30 of Regulation (EU) 2016/679.
- We have implemented identification and authentication systems to prevent unauthorized access;
- When possible and resources permit, we implement pseudonymisation.
- We encrypt personal data and confidential information for those sensitive data that we access due to the service provided;
- We implement measures to guarantee the confidentiality, integrity, availability and permanent resilience of treatment systems and services such as antivirus, firewalls;
- We implement a backup and recovery system to be able to restore the availability and access to personal data quickly in the event of a physical or technical incident.;
- We maintain a control of the accesses made to the information that may be processed during the services;
- We implement an effective incident management procedure, which allows detecting incidents related to the confidentiality of the information, and their immediate resolution;
- We adequately inform and train employees and managers in confidentiality obligations and in maintaining the technical and organizational measures implemented, collecting their confidentiality and compliance commitments in writing.
- We have approved a Policy on Data Protection and Management of Business Resources, known and accepted by all members of the organization.
- Applicable law and jurisdiction.
This Policy will be governed by Spanish and European legislation, especially by the RGPD. Any controversy will be resolved before the courts corresponding to the Madrid domicile.