Privacy policy
1. DATA CONTROLLER
In compliance with the provisions of the General Data Protection Regulation (EU) 2016/679 and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter ‘LOPDGDD’), as well as Law 34/2002 of 11 July on Information Society Services and Electronic Commerce, and other applicable regulations, we inform you that the Data Controller responsible for the personal data processed on the Website www.viajesyrepresentaciones.com is:
Company name:: VIAJES Y REPRESENTACIONES, S.L. (hereinafter referred to as the Company)
Address: 36 Francisco Silvela Street, 1st Floor, Office 7
N.I.F: B85172948
email: presidente@viajesyrepresentaciones.com
At the Company, we are committed to keeping the information you provide us strictly confidential, preventing unauthorised access, manipulation of information, and the loss, destruction, or theft of information. To this end, we will apply the security measures established by applicable regulations and all those that our resources and modern technology allow us to implement. Please note that, in many cases, it is essential that you provide the information we request in order to enjoy the benefits of our website.
2. PURPOSE
The purpose of this Privacy Policy is to inform you about how we process your Personal Data. If you do not agree with the terms contained in this Policy and do not accept them during your consultation or request process, you will not be able to continue using the website. If you have any questions regarding the content, you can contact us at the email address indicated in the header.
3. APPLICATION OF THE PRIVACY POLICY
This Policy applies to all Users who use the services of our website, regardless of where and when they operate.
4. DATA WE REQUEST
On the website, we may request basic information from you through our contact form, such as your name and surname, email address, telephone number, country, subject, etc. In any case, at the time of collection, you will be informed of the data controller, the purpose of the processing, the recipients of the information, and how to exercise your rights under current data protection legislation.
We inform you that the categories of data we may process are those defined below:
Contact details: When you contact us, we collect your contact details. These details may include your name, postal addresses, telephone numbers, and email addresses, as well as details of your social media profiles (for example, we obtain your Facebook ID if you contact us via Facebook).
Purchase data: When you make a booking, we collect information about your purchase or booking. Purchase data may include the following information, depending on the type of sale and the status of the process:
- Channel
- Reservation locator
- Reservation itinerary
- Details of the payment method used
- Billing address
- Messages and direct communications related to the reservation and performance of the service
- Reservation status
- Details of the service providers involved in the performance of the contract
Payment Details: We offer the usual payment methods used in e-commerce, such as credit cards, and others that may be developed in the future.
Payment details include, for example:
- Billing addresses
- Credit card details
- In order to process the payment, we collect the payment details you have provided, transferring only the data necessary for processing to our payment service providers.
Data relating to website use: When you interact with our website, we collect information that tells us what content interests you, additional information downloads, access via links, problems we detect in the use of tools, and your location if you have specifically authorised this. The use of this information is regulated in our Cookies Policy.
Geolocation data: we collect location data derived from your device’s IP address, only up to the level of location. This address cannot be used to identify your internet connection or device. We use this geolocation system to detect fraud and/or suspicious bookings.
Our services may include social plugins from social networks. With the help of these plugins, we can, for example, share content or recommend products. Plugins are disabled by default and therefore do not send any data. You can activate the plugins by clicking the corresponding button (e.g., “Activate social networks”). Plugins can be deactivated with a single click. When plugins are enabled, your web browser establishes a direct connection to the web servers of the specific social network. The plugin content is transmitted from the social network directly to your web browser and embedded on our website. By integrating the plugins, the social network receives information that you have accessed the corresponding page on our website and can register your device and access data.
Currently, we use Facebook’s messaging service (WhatsApp Business Enterprise) and plugins from the following social networks: Facebook and Instagram, but we may include others.
These social networks have their own privacy policies, which explain how they use and share your personal information. We recommend that you carefully review these privacy policies before using these social networks to ensure you are comfortable with how your personal information is collected and shared.
5.MINORS
The services offered on this website are intended for the general public. Regarding the processing of data of children under 14 years of age, it will only be lawful with the authorization of their parent or legal guardian. The Company may request, as a condition for validating any registration application, additional information before, during, and after the registration process, such as identification documents.
6. PURPOSE OF PROCESSING YOUR DATA
The purposes for which we request or automatically collect information, in accordance with the different channels through which users have provided their personal data, are as follows:
PURPOSE | LEGITIMATION | STORAGE PERIOD |
Properly manage the website and ensure the security of our users | Legitimate interest | Indefinite |
| In certain cases, verify the accuracy of your data. | Legitimate interest | As long as there is a contractual relationship to manage the purchase of products or services |
Cookies that allow proper navigation and, if authorized, tailor them to your preferences, based on the cookie policy | Legitimate interest (functional) and consent (marketing and statistics cookies) | Your preference cookies will be retained until you change your settings. See our cookie policy for more information. |
To answer your questions, requests or inquiries through the contact form, as well as to manage the service | Consent | Until you withdraw your consent. |
Exercising your data protection rights, including verifying and updating all your personal data | Contract execution. | For the time necessary to provide the requested services and for the legally required periods |
Fraud prevention during the purchase process, in case we notice inconsistencies in the contracts in your name. | Contract execution. | For the time necessary to provide the requested services and for the legally required periods |
Marketing actions, to notify you about promotions, events, news and activities that may interest you | Consent | Until I request to be removed from the contract. |
Management of payment for services and billing, issuance of invoices and documentation related to the reservation or services requested. | Contract execution. | For the time necessary to provide the requested services and for the legally required periods |
Management of complementary services to travel bookings such as insurance, visas | Contract Execution | For the time necessary to provide the requested services and for the legally required periods. |
Collaboration with public entities, such as:
| Compliance with legal obligations. | For the time necessary to provide the requested services and for the legally required periods |
7. DATA COMMUNICATION
Occasionally, it is necessary to share the information you provide with third parties, such as partner companies like hotels, transportation companies, financial services providers, etc., when you contract services that require this communication. These companies only access the personal information necessary to perform the contracted services, and we require them to maintain the confidentiality of your personal information.
In addition, we have suppliers who provide us with other types of services, such as information technology (data storage and processing), security services, financial services, auditing services, and others. These third parties only access the personal information necessary to perform the services we have entrusted to them and are obligated to keep it confidential and not use it for any other purpose.
In all cases, our company assumes the responsibility of protecting the personal information you provide to us, and we require the suppliers with whom we share your information to apply the same level of data protection as we do.
Furthermore, your personal information may be made available to public authorities, judges and courts, to fulfill any potential liabilities arising from data processing, as well as to provide legally required cooperation.
8. INTERNATIONAL DATA TRANSFER:
For the proper provision of our services and, in certain cases, for service efficiency, we use service providers located outside the European Economic Area. Specifically, we transfer data internationally to Cuba, a country whose data protection laws are not recognized by the European Union. In these cases, we have implemented appropriate contractual safeguards to protect your information.
You can obtain further information about these safeguards and data processing practices by writing to us at legal@umbraconsulting.es.
We will ensure that any transfer of your personal information by us or by third parties with whom we share that information, as well as the way in which it is managed, complies with applicable law. In any case, the transfer, storage, and management of your personal information by us will always be governed by this Privacy Policy.
9. USER RIGHTS
The LOPDGDD and the GDPR establish a series of rights for individuals whose personal data is processed. You may exercise all the rights mentioned below by sending your request via email as indicated in section 1, attaching a copy of your identity document. The maximum processing time is one month from the date we receive your request. Please note that we may request additional information to verify your identity before processing your request.
- Right of access:
The right of access allows the User to know and obtain free information about their personal data being processed. You may request that we provide you with the information we hold about you.
- Right of rectification:
This right allows you to correct errors, modify inaccurate or incomplete data, and ensure the accuracy of the information being processed. You must inform us of any changes to your data and are responsible for keeping your information up to date.
- Right of cancellation/deletion/to be forgotten:
The right to erasure allows for the deletion of data that is inadequate or excessive, without prejudice to the duty to block, as set out in the LOPDGDD.
- Right to object:
The right to object is the User’s right to prevent the processing of their personal data or to have such processing stopped for specific purposes. You may object to the processing of your data by specifying the particular purposes to which you object.
- Right to Portability:
The right to portability will allow you to request a copy of your personal data in a structured, commonly used and machine-readable format.
- Right to Limit Processing:
When exercising this right, your data may only be processed, with the exception of its storage, for the formulation, exercise or defense of claims.
- Right to lodge a complaint with the supervisory authority:
You may file a complaint with the Spanish Data Protection Agency (www.aepd.es)
when you believe that your rights have not been properly addressed.
Likewise, you have the right not to be subject to decisions based solely on the automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you. You have the right to withdraw your consent at any time.
11. SECURITY MEASURES
In processing your personal information, we apply appropriate technical and organizational security measures, taking into account the type of data, technological advancements, and our physical and legal resources. Our goal is to prevent unauthorized access, theft, loss, or disclosure of your information. However, the internet is not a completely secure environment. Therefore, even with all possible security measures in place, the risk of a data breach can never be entirely eliminated. For this reason, if you detect any incident or have reason to believe your information may be at risk, please contact us so we can investigate and offer solutions.
- MODIFICATION OF THE PRIVACY POLICY
The Company may modify this Privacy Policy in the future. If a modification is made and an updated version is published, users are advised to periodically review the Privacy Policy section when using the website’s services. You should read these modifications before continuing to use the website.
- APPLICABLE LAW AND JURISDICTION
This Policy, as well as the use of the Website, shall be governed by Spanish law. Any dispute shall be resolved in the courts of the user’s domicile.
If any provision is deemed unenforceable or invalid under applicable law or as a result of a judicial or administrative ruling, such unenforceability or invalidity shall not render this Policy unenforceable or invalid in its entirety. In such cases, the Company shall modify or replace the provision with another that is valid and enforceable and that, to the extent possible, achieves the objective and intent reflected in the original provision.