loader image

Privacy Policy

IDENTIFYING INFORMATION OF THE DATA CONTROLLER

Data Controller: RIA FERNÁNDEZ (hereinafter “the controller”)
Tax ID: 78541192X
Telephone: +34 697 777 578
Email: info@elcaminotours.com
Activity: Tour Guide

INFORMATION FOR WEBSITE USERS AND CONSENT
In accordance with the provisions of the European General Data Protection Regulation (EU) 2016/679 and Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights, by accepting this privacy policy, the user expresses their explicit, free, informed, and unequivocal consent for the personal data they may provide through the contact methods and forms available on the website to be incorporated into the files of the website owner. The data controller informs interested parties that, As required by applicable regulations, the corresponding technical and organizational security measures have been applied to the personal data processing activities carried out, following a thorough risk analysis.

WHAT PERSONAL DATA IS COLLECTED ON THIS WEBSITE?
Through this website, we collect user identification data in order to contact and manage inquiries and/or requests for information related to the services provided by the data controller.

The personal data collected will be processed based on the following legal grounds:
The user’s consent regarding contact and the management of appointment requests made through the web form and the provided contact information, the storage of received CVs, and the sending of commercial or advertising communications via email, cookies, or messaging systems.

The performance of a contract or service agreement and compliance with legal obligations regarding processing based on these legal grounds.

WHAT IS THE PURPOSE FOR WHICH WE PROCESS THE COLLECTED PERSONAL DATA?
The personal data collected by the data controller through the contact methods provided on the website will be processed for specific purposes in each case and in accordance with the provisions below.

Forms and contact information: The website includes forms and contact information for inquiries, suggestions, blog comments, requests for information or appointments, and for professional contact. In this case, email will be used to respond to requests, schedule appointments, reply to user comments on blog posts, and send information requested by users through the website.

HOW LONG WILL WE RETAIN THE PERSONAL DATA COLLECTED?
The personal data provided to the data controller will be retained at least, and generally, for as long as the service provision relationship is maintained and/or the data is needed for the development of the data controller’s activities and the execution of the requested therapeutic services, and until the data subjects request its deletion or revoke their consent.

With respect to the personal data provided by the data subjects, the specific limitation periods established in each case will apply, with a general period of 5 years for personal actions without a special limitation period, 6 years for invoices and company accounting records, and 10 years in relation to the provisions of the Law on the Prevention of Money Laundering and Terrorist Financing (Art. 25). A limitation period of 5 years will apply to the health data provided, in accordance with the provisions of the Patient Autonomy Law.

WHAT IS THE LEGAL BASIS THAT ALLOWS US TO PROCESS THE COLLECTED DATA? The legal basis for processing personal data collected through this website, specifically regarding the submission of contact forms requesting information or appointments, comments on blog posts, or the sending of any document related to appointment confirmations and/or inquiries, and once the reading and acceptance of the company’s privacy policy has been confirmed, is the express and informed consent of the data subject or their representative, obtained and granted in accordance with the conditions set forth in Article 7 of the European General Data Protection Regulation (GDPR), which allows data subjects to withdraw their consent at any time. The data controller informs you that the data requested through the web forms will be strictly necessary to address the specific inquiry or request submitted by the data subject.

WHAT RIGHTS CAN THOSE WHO PROVIDE US WITH THEIR DATA EXERCISE?
In accordance with the provisions of the European General Data Protection Regulation (EU) 2016/679 and Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights, data subjects have the right to obtain confirmation as to whether or not we are processing personal data concerning them, as well as to exercise their recognized rights regarding their data.

Specifically, data subjects have the right to:
Request access to their personal data
Request rectification or erasure of their data
Request cancellation of their data
Request restriction of processing of their data
Object to the processing of their data
Request data portability
If the data subject has given their consent for a specific purpose, they have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

If you believe that we have not processed your personal data in accordance with the aforementioned regulations, and if you believe that we have not fulfilled your request to exercise your rights, you may file a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos), the national supervisory authority, at the organization’s address: Calle Jorge Juan, 6 – 28001 – Madrid, or through the contact methods indicated on the agency’s website (www.agpd.es), including its online portal.

To exercise all the aforementioned rights, you may contact the addresses indicated above to request the application form provided by the data controller for this purpose, in compliance with its legal obligations. When submitting or sending this form, you must include a copy of your national identity document (DNI) or equivalent document proving your identity and, if applicable, the identity of your representative.

Exercising these rights is free of charge. Applications may be submitted in person, by mail, or by email to the contact addresses provided.

The data controller informs interested parties that it has established and implemented specific protocols and measures to comply with the data protection regulations of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation) and Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights.

WHO MIGHT YOUR DATA BE DISCLOSED TO?
The personal data provided by users will generally only be processed by the data controller and its own employees and any authorized self-employed contractors.

Some of the tools used by the website to manage data have been contracted from third parties for the provision of services developed by them, which are necessary for the data controller’s activity. The website development or maintenance company, or the hosting company, may occasionally have access to the website, and in any case, they are obligated to maintain an appropriate level of privacy.

In any case, data will only be transferred to third parties when legally required, such as transfers to Public Authorities and Administrations, or when necessary to enable the development of the data controller’s services and/or services contracted with external providers, including banks, financial institutions, mutual insurance companies, and insurers, and data processors. In all cases, such transfers will be within the framework established in the data processing agreement formalized between the data controller and the contracted processors, and access will be limited to basic data. The data controller undertakes to inform data subjects of the need to make extraordinary data transfers to third parties to manage the provision of services, so that data subjects can give their consent for the data transfer as a prerequisite for it to take place.

In the case of international data transfers resulting from the use of tools or service providers, they will be carried out under the protection of the international conventions and agreements in force at any given time, which guarantee that North American software companies and those from countries outside the EU comply with European data protection policies regarding privacy, secrecy and data security.

DATA PRIVACY AND SECURITY
The data controller is committed to the proper use and processing of users’ personal data, respecting its confidentiality, and to using it only for the purpose of said processing. The controller is also committed to fulfilling its obligation to safeguard the data and to implement all necessary measures to prevent alteration, loss, unauthorized processing, or access, in accordance with current data protection regulations.

This website includes an SSL certificate, a security protocol that ensures your data travels securely and intact. This means that the transmission of data between a server and a website user, and vice versa, is fully encrypted.

The data controller cannot guarantee the absolute security of the Internet network and therefore cannot prevent data breaches through fraudulent access by third parties. Regarding the confidentiality of data processing, the data controller will ensure that any person authorized to process the data of interested parties and/or users, including staff, collaborators, and suppliers, is subject to the corresponding obligation of confidentiality, whether legal or contractual.

In the event of a security incident, the data controller will notify the interested party without undue delay and provide timely information related to the security incident, and in any case, will provide such information whenever reasonably requested by the client.

ACCURACY AND TRUTHFULNESS OF DATA
The user is solely responsible for the truthfulness and accuracy of the personal data they submit or send through the website, releasing the data controller from any liability in this regard. Users guarantee and are responsible, in any case, for the accuracy, validity, and authenticity of the personal data provided, and undertake to keep it duly updated. The user agrees to provide complete and accurate information in the contact form.

CHANGES TO THE PRIVACY POLICY
The data controller reserves the right to modify this privacy policy to adapt it to new legislation or case law, as well as industry practices. In these cases, the changes will be announced on the website well in advance of their implementation.

Resumen de privacidad

Esta web utiliza cookies para que podamos ofrecerte la mejor experiencia de usuario posible. La información de las cookies se almacena en tu navegador y realiza funciones tales como reconocerte cuando vuelves a nuestra web o ayudar a nuestro equipo a comprender qué secciones de la web encuentras más interesantes y útiles.

Puedes revisar tus consentimientos siempre que quieras en esta mismo banner y/o consultar en los siguientes enlaces nuestra Política de Privacidad y Política de cookies