Privacy policy

Previous

This privacy policy defines all the basic principles of the application of personal data protection regulations to the activity carried out by the controller, and is developed with all the necessary procedures defined by the controller. The aim is to safeguard the interests and rights of data subjects in the processing of their personal data. For full and effective compliance, all procedures are designed and implemented from the initial phase of each processing operation (privacy by design) covering all stages of the data processing lifecycle and ensuring that processing is kept to a minimum and is indispensable for the purposes lawfully pursued without the data subject having to act or decide that only the data strictly necessary are processed (privacy by default).

Summary

The processing carried out must be concrete, accurate and appropriate to the stated purpose. To this end, data will be collected and processed only for the specified purposes, data will not be processed in a way that is incompatible with the stated purposes, only data that is adequate and relevant for each purpose will be processed, data will be kept accurate and up to date, and data will be kept only for the time strictly necessary.

Data controller

ViveCórdobaTrip S.L. is responsible for the processing of your personal data.

VAT NUMBER: B14621536

Contact details: Calle Claudio Marcelo, 11 - 4, C.P. 14002, Cordoba  

Phone: 607 511 041 - 607 765 330

E-mail: contacto@vivecordobatrip.com

Treatment activities

1. Contacts 

• Purpose: Exchange of communications in the course of business with customers or suppliers.
• Legitimation: Legitimate interest (Article 6(1)(f) of the GDPR and Article 19 of the LOPD).
• Conservation time: Limitation period for obligations relating to services provided as a result of commercial and/or mercantile relations.
• Target group: No transfer or communication is foreseen.

Categories of personal data

The categories of personal data processed by the Data Controller are:

• Identifying data.
• No specially protected categories of data are processed.

Incognito mode

They can also activate "incognito mode", whereby the browser does not store any browsing history, website passwords, cookies or other information related to websites visited by web users.

Technical and organisational measures

In order to achieve full compliance with the principles and obligations established by the regulations, all appropriate organisational and technical measures shall be put in place. All security measures adopted shall be subject to and the result of exhaustive risk analysis and constant verification processes to assess their effectiveness and suitability. 

Target

The aim is that the processing carried out complies with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, data accuracy and limitation of the storage period. The processing of personal data shall only be carried out if there is consent of the data subject, it is necessary for the performance of a contract to which the data subject is party or pre-contractual measures, it is necessary for compliance with a legal obligation applicable to the controller, for the protection of vital interests of the data subject or of another natural person, for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the fulfilment of legitimate interests pursued by the controller or by a third party. Therefore, the only personal data processed are those strictly and minimally necessary to carry out our activity, being adequate and pertinent to fulfil only the purposes of which the data subject is informed and always covered by one of the bases of legitimacy indicated. Similarly, the data are processed only and exclusively for the time necessary to carry out the activity for which they were collected, being cancelled (kept, but without access to the data) during the periods of limitation in which any action may be taken for legal obligations arising from the processing carried out or from the relationship with the interested party, being deleted (definitively deleted) after the expiry of these periods.

Development of the privacy policy

This privacy policy is developed by the specific procedures for each area of action that delimit the specific objectives to be achieved, which will be made effective with the appropriate organisational and technical measures that are configured. The procedures will guarantee lawful, appropriate, transparent and informed processing, will establish adequate access control, will ensure confidentiality, will detail the cases of transfer or communication of data and will specify when cancellation and deletion of data is carried out. 

Staff in charge of the controller

It shall be guaranteed that any person who has access to the personal data undergoing processing shall follow the necessary instructions to comply with the provisions of the technical and organisational measures implemented for the correct and adequate processing of personal data, and the appropriate training and awareness-raising activities shall be carried out for the correct application of such measures, notifying such users of the responsibility that may be demanded of them in the hypothetical event of possible breaches. Procedures are also defined for personnel not directly related to the processing of personal data, which will result in specific instructions to ensure the prohibition of access to systems and information.

Transfer or communication of personal data

The data will not be communicated or transferred to any third party. However, the data may be disclosed or communicated at the request of the data subject or if required by law, for example, at the request of the Public Administrations or the State Security Forces and Corps.

International transfers 

No personal data is subject to international transfer. All information is processed and stored in the territory of the European Union, of which Spain is a member, applying European (General Data Protection Regulation - GDPR) and Spanish (Organic Law on Data Protection -LOPD-) regulations. 

Information and customer service

All processing of personal data is transparent to the data subject at all times. The information that is provided in concrete and abbreviated form through the corresponding information clausesThe data subject shall be informed of the identity of the controller, the purposes of the processing of personal data, a basic reference to the exercise of the data subject's rights and, where appropriate, whether a profile is to be drawn up and of the right to object to the adoption of automated individual decisions that produce legal effects or significantly affect him/her. Data subjects will also be informed of all matters relating to their data protection rights (access, rectification, deletion, opposition, limitation and portability), and any requests and exercise of rights that they may raise will be dealt with in due time and form, for which purpose a direct, reliable and secure communication channel will be established with them by e-mail at contacto@vivecordobatrip.com.

Confidentiality and duty of secrecy

The data controller and all staff reporting to the data controller shall maintain the secrecy of all personal data processed, during and after the processing of the information, guaranteeing the confidentiality of such data and preventing any third party or unauthorised user from accessing such information. All personnel under the control of the data controller have been informed of the consequences of non-compliance with these obligations and have received training and awareness-raising in this respect.