Las Afortunadas - Privacy
Las Afortunadas - Privacy
The management of Comunidad de Explotación Las Afortunadas (hereinafter referred to as the “data controller”) assumes full responsibility for and provides its full commitment to drafting, implementing and maintaining this Data Protection Policy, ensuring continuous improvement on the part of the data controller with a view to achieving excellence in compliance with Regulation (EU)2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016) and with Spanish legislation on the protection of personal data (Spanish Organic Law, specific sector legislation and the implementing regulations).
The Data Protection Policy of Comunidad de Explotacion Las Afortunadas is based on the principle of proactive responsibility, according to which the data controller is responsible for ensuring compliance with the regulatory framework and case law that governs the Policy, and is able to prove this before the competent supervisoryauthorities.
The data controller is governed by the following principles that should serve as a guide and frame of reference for all of its staff, with regard to the protection personal data:
Data Protection by design: when determining the means of processing and during processing itself, the data controller shall apply appropriate technical and organizational measures, such as pseudonymisation, designed to effectively implement the principles of data protection, such as processing the minimum amount of data required and incorporating the necessary guarantees into the processing.
Data protection by default: the data controller shall apply appropriate technical and organizational measures with a view to ensuring that, by default, only personal data necessary for each specific purpose of processing isprocessed.
Data protection in the data life cycle: measures to ensure that personal data is protected must be applied during the complete life cycle of thedata.
Lawfulness, fairness and transparency: thepersonaldatamustbeprocessedinalawful,fair and transparent manner in relation to the datasubject.
Purpose limitation: personal data must be collected for specific, explicit and legitimate purposes only, and must not be subsequently processed in any way that is incompatible with those purposes.
Data minimization: personal data must be adequate, relevant and restricted to what is necessary for the purposes for which it isprocessed.
Accuracy: personal data must be accurate and updated where necessary; all reasonable steps must be taken to ensure that personal data which is inaccurate with regard to the purposes for which it is processed is rectified or erased withoutdelay.
Limiting the retention period: personal data must not be stored in any way that allows the data subject to be identified for any no longer than is necessary for the purposes of the processing of personaldata.
Integrity and confidentiality: personal data must be processed in such a way as to ensure adequate security of the personal data, including protection against unauthorized or unlawful processing, loss, destruction and accidental damage, by applying appropriate technical and organizationalmeasures.
Information and training: one of the keys to ensuring the protection of personal data is providing training and information to staff involved in processing the data. During the life cycle of the data, all staff with access to the data must be properly trained on and informed about their obligations in terms of compliance with data protection legislation.
The Data Protection Policy of Comunidad de Explotación Las Afortunadas is distributed to all staff under the authority of the data controller and made available to anyone interested.
Consequently, the present Data Protection Policy involves all staff under the authority of the data controller, who must be familiar with the policy and take ownership of it; every single one of them is responsible for applying and verifying data protection regulations in their course of their work, as well as identifying and creating opportunities for improvement as appropriate with a view to achieving excellence in compliance.
This policy will be reviewed by the management of Comunidad de Explotación Las Afortunadas as often as necessary to ensure compliance with the provisions inforced on the protection of personal data.
Information in compliance with personal data protection legislation
In Spain and the rest of Europe, there are data protection regulations in place designed to protect your personal data that, as a company, we need to be compliant with.
That is why it’s important to us that you clearly understand what we do with the data we request.
We will be transparent and ensure you have control over your data, using plain language and clear options that will allow you to decide what we are allowed to do with your personal data.
If anything is unclear after reading this information, please don’t hesitate to contact us. Thank you for your cooperation.
Company name: Comunidad de Explotación Las Afortunadas
Our tax identification code/tax ID: G-35070390
Our primary activity: Tourist exploitation.
Our address: AVDA. DE Bonn 8, CP 35100, SAN BARTOLOME DE TIRAJANA (Las Palmas)
Our telephone number: +34 928.76.29.06
Our email address: firstname.lastname@example.org
Why do we use yourdata?
Generally, your personal data will be used to maintain a relationship with us in order to deliver our services to you.
Your data may also be used for other purposes, such as sending you marketing communications or promoting our services.
We do you need to use yourdata?
Your personal data is required for us to maintain a relationship with us in order to deliver our services to you. We will provide a series of tick-boxes that will allow you to makea clear and simple decision on how you want us to use yourdata.
Who will we share the data you provide with?
Generally, only our members of staff who have been duly authorized may access the data that you have provided.
Equally, we may pass your personal data on to other entities where this is required in order to provide our services to you. For instance, we will need to share your data with our bank if you pay for our services by credit card or banktransfer.
We will also need to pass your data on to public or private entities when we are obliged to do so by law. For example, Spanish tax law requires us to provide the tax authorities with information on financial transactions that exceed a certain amount.
Nevertheless, if we otherwise need to disclose your personal data to other entities, we will ask your permission beforehand, providing you with clear options that will allow you to make a decision.
How do we protect yourdata?
We protect your data using effective security measures in proportion to the risks involved in using your data.
We have adopted a Data Protection Policy, and we carry out checks and annual audits to verify that your personal data is secure at all times.
Will we transmit your data to other countries?
Many countries across the world offer secure protection for your data, while others not so much. The European Union, for example, is a secure environment for your data. Our policy is not to send your personal data to any country that does not offer secure protection for your data.
In the event that we need to send your data to a country that is not as secure as Spain, in order to deliver our services to you, we will always ask your permission beforehand and apply effective security measures to reduce the risk of sending your personal data to another country.
How long do we retain your datafor?
We will store your data for the duration of our customer relationship, in compliance with the legislation. Once the statutory retention period has lapsed, we will then destroy your data in a secure and environmentally-friendly manner.
What are your rights when it comes to dataprotection?
You may contact us at any time to find out what personal data we hold about you, to have it rectified where it is incorrect and to have it erased once our customer relationship comes to an end, provided that it is lawful to doso.
You are also entitled to have your data transferred to other entities in certain situations, under your right to data portability.
If you wish to exercise any of these rights, please send us a written request, accompanied by a copy of your ID, so that we can confirm your identity.
We have specific forms that you can use to exercise these rights, which we would be happy to help you fill in.
For more information about your data protection rights, please visit the Spanish Data Protection Agency website at www.agpd.es.
Can you withdraw your consent if you change your mindlater?
Yes, you can withdraw your consent at any time if you change your mind about how your data may be used.
For example, if you were previously interested in receiving marketing communications about our products or services, but you no longer wish to receive these, you can let us know by using the consent withdrawal form available from us.
How can you submit a complaint if you feel your rights have not beenhonored?
If you are not satisfied with how we have handled your request, you may submit a complaint to the Spanish Data Protection Agency, the Agencia Española de Protección de Datos. The agency can be contacted asfollows:
Agencia Española de Protección de Datos C/ Jorge Juan, 6
28001 Madrid Spain
+34 901 100 099
+34 91 266 35 17
You can submit a complaint to the Spanish Data Protection Agency free of charge and you do not need the assistance of a solicitor or lawyer.
Do we build profiles aboutyou?
Our policy is not to build any profiles about the users of our services.
However, there may be situations when we need to develop information profiles about you in order to provide a service, commercial or otherwise. An example would be where we use your purchase or service history to offer products or services tailored to your tastes or needs.
In such cases, we will apply effective security measures to protect your data at all times against unauthorized persons intending to use it for their own benefit.
Do you use your data for other purposes?
Our policy is not to use your data for any purposes other than those that we have explained. However, if we need to use your data for another purpose, we will always ask your permission beforehand, providing you with clear options that will allow you to make a decision.