This Privacy Policy applies to the processing of personal data of customers and/or users of https://lasiiglut.com, hereinafter referred to as the WEBSITE, whose data controller is María del Mar Martín Fernández, hereinafter referred to as the DATA CONTROLLER.
Applicable Regulations
Our Privacy Policy has been designed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR (EU) 2016/679, and, insofar as it does not contradict the aforementioned Regulation, in accordance with Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights, hereinafter referred to as LOPDGDD 3/2018.
By providing us with their data, the customer and/or user declares that they have read and understood this Privacy Policy and gives their explicit and unequivocal consent to the processing of their personal data in accordance with the purposes and terms set out herein.
Basic Information on Data Protection
Data Controller
María del Mar Martín Fernández
Purpose
To respond to information requests received, as well as to manage subscription to the newsletter in order to send electronic commercial communications about travel guides, plans, news, offers and promotions from our partners with whom we maintain affiliate programmes.
Legal Basis
Performance of a contract to which the data subject is a party or for the implementation, at the data subject’s request, of pre-contractual measures. Legitimate interest. Consent of the data subject.
Recipients
No data will be transferred to third parties, except where required by law.
Rights
You have the right to access, rectify and erase your data, as well as other rights indicated in the additional information, which you may exercise by contacting the Data Controller at info@lasiiglut.com.
Additional Information
You may consult the additional and detailed information on Data Protection in the annexed clauses available at:
https://lasiiglut.com/privacy-policy
Additional Information on Data Protection
The data controller is:
Identity: María del Mar Martín Fernández
Tax Identification Number (N.I.F.): 74832336L
Address: C/ Eduardo de Palacios, 14, 6, 29004 Málaga (Spain)
Telephone: +34 690 114 001
Email: info@lasiiglut.com
Data Protection Officer
The DATA CONTROLLER does not have a Data Protection Officer.
Purposes and Legal Basis for Data Processing
a) General purposes:
The DATA CONTROLLER processes the personal data provided by its customers and/or users for the following purposes:
Purpose:
To respond to information requests received, as well as to manage subscription to the newsletter in order to send electronic commercial communications about travel guides, plans, news, offers and promotions from our partners, provided that the data subject has consented to the processing of their personal data for this purpose.
Legal basis legitimising this processing:
Legitimate interest of the data controller. Consent of the data subject.
b) WEBSITE electronic forms:
The DATA CONTROLLER processes the personal data provided by customers and/or users through the electronic forms existing on the WEBSITE for the purposes identified below:
In relation to the contact form “Contact” and to other enquiries (those that may be submitted through the email accounts listed on the WEBSITE):
Purpose: To contact the data subject, handle the information requests received and respond to the enquiries made.
Legal basis legitimising this processing: The consent of the data subject, which may be withdrawn at any time.
In relation to the form “Subscribe to our Newsletter”:
Purpose: To carry out subscription to the newsletter in order to receive electronic commercial communications about travel guides, plans, news, offers and promotions from our partners with whom we maintain affiliate programmes.
Legal basis legitimising this processing: The consent of the data subject, which may be withdrawn at any time.
Record of processing activities
We inform you that the personal data obtained from the customer and/or user as a result of completing the electronic forms existing on the WEBSITE form part of the Record of Processing Activities (RAT) of the DATA CONTROLLER, which will be updated periodically in accordance with the provisions of GDPR (EU) 2016/679 and LOPDGDD 3/2018.
Recipients
The personal data of the data subjects will be disclosed to the recipients indicated below:
a) In general:
The providers of the DATA CONTROLLER acting as data processors, within the framework of the corresponding provision of services (lawyers, accounting and tax advisors, consultants and information technology service providers — e.g. WEBSITE hosting and email service).
The competent authorities and bodies, to the extent necessary for compliance with legal obligations.
b) In relation to the contact form “Contact” and other enquiries
(those that may be submitted through the email accounts listed on the WEBSITE) and the form “Subscribe to our Newsletter”:
No data will be transferred to third parties, except where required by law.
Transfers to third countries
No transfers of data to third countries are envisaged.
Retention periods
Personal data shall be retained as follows:
a) In general:
Data shall be retained for as long as their erasure is not requested and, in any case, for the years necessary to comply with legal obligations.
b) In relation to the contact form “Contact” and other enquiries
(those that may be submitted through the email accounts listed on the WEBSITE) and the form “Subscribe to our Newsletter”:
Personal data shall be retained until the end of the relationship between the DATA CONTROLLER and the customer and/or user, unless the latter requests their erasure earlier, or until the data subject withdraws the consent granted at any time, without affecting the lawfulness of the processing based on consent prior to its withdrawal.
For these purposes, the data subject is reminded that they must inform the DATA CONTROLLER, as the recipient to whom personal data are communicated, of any rectification or erasure of the data of their representatives, authorised persons and other contact persons.
Once the relationship has ended, insofar as the personal data of the data subjects are relevant for the purposes of the DATA CONTROLLER’s liability towards customers and/or users, such data shall be retained, duly blocked, at the disposal of the judicial authorities or competent public administrations, for the enforcement of liabilities arising from the processing, for the applicable statutory limitation period.
Rights of the data subjects
Customers and/or users of the WEBSITE may exercise, before the DATA CONTROLLER, insofar as applicable, the following rights: access to personal data, rectification, erasure (right to be forgotten), restriction of processing, data portability, objection to processing and not to be subject to automated individual decision-making, and, where processing is based on consent, the right to withdraw it at any time.
Customers and/or users may exercise these rights by means of a written and signed request sent to the postal address of the DATA CONTROLLER, C/ Eduardo de Palacios, 14, 6, 29004 Málaga (Spain), or via the email address info@lasiiglut.com, enclosing, in both cases, valid proof of identity under the law, such as a copy of the NIF/NIE or an equivalent document, and clearly indicating the right they wish to exercise.
Users shall also have the right to lodge a complaint with the competent Supervisory Authority (Spanish Data Protection Agency) if they observe that the processing does not comply with current regulations or consider that their rights regarding the protection of their personal data have been infringed, especially where they have not obtained satisfaction in the exercise of their rights, through the website https://www.aepd.es.
These rights shall be addressed by the DATA CONTROLLER within a period of one month, which may be extended to two months if the complexity of the request or the number of requests received so requires. All of the above is without prejudice to the obligation to retain certain data in accordance with legal requirements and until any possible liabilities arising from a possible processing operation or, where applicable, from a contractual relationship have expired.
In addition to the above, and in relation to data protection regulations, Users who so request have the possibility of organising the destination of their data after their death.
Sending of commercial communications
Unless the customer and/or user objects, they authorise and give their express consent to the sending of commercial communications, by electronic means, related to the products and/or services offered by the DATA CONTROLLER.
In accordance with the provisions of Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), the user is informed that if they do not wish to receive commercial communications, by electronic means, about our articles and/or products, they may object at any time to the processing of their data for promotional purposes, in a simple and free manner, by sending an email to info@lasiiglut.com indicating UNSUBSCRIBE in the subject line.
The data provided will be retained for as long as the commercial relationship is maintained or for the years necessary to comply with legal obligations.
Accuracy of the data provided by the data subjects
The customer and/or user is responsible for ensuring that the information provided through the completion of the electronic forms made available on the WEBSITE, or through sending emails to the various accounts existing under the Internet domain lasiiglut.com, is truthful. The customer and/or user shall be responsible for the accuracy of all data communicated and shall keep such data duly updated so that it reflects a real situation, being responsible for any false or inaccurate information provided and for any damages, inconvenience or problems that such information may cause to the DATA CONTROLLER or to third parties.
Security measures
The DATA CONTROLLER guarantees that it has implemented appropriate technical and organisational policies on the WEBSITE in order to apply the security measures established by GDPR (EU) 2016/679 and LOPDGDD 3/2018, with the aim of protecting the rights and freedoms of customers and/or users, and has provided them with the appropriate information so that they may exercise those rights.
In order to protect individual rights, especially in relation to automated processing, and with the intention of being transparent with customers and/or users, the DATA CONTROLLER has established a policy that includes the set of such processing operations, the purposes pursued by them, their legitimacy, and also the instruments available to customers and/or users so that they may exercise their rights.
The WEBSITE is developed using the WordPress content management system and has an SSL encryption certificate enabled for the entire domain, which allows users to securely send their personal data through the existing electronic forms, developed using the WordPress plugins Gravity Forms and Astra Pro.
The WEBSITE is hosted in the data centre provided to the DATA CONTROLLER by Raiola Networks S.L., with Tax Identification Number (N.I.F.) B27453489, located at Avenida de Magoi, 66, Semisótano Derecha, 27002 Lugo (Spain).
All information will be stored and managed with due confidentiality, applying the necessary IT security measures to prevent unauthorised access or misuse of data, as well as its alteration, deterioration or loss.
However, the customer and/or user should be aware that the security of computer systems is never absolute. When personal data is provided over the Internet, such information may be collected without their consent and processed by unauthorised third parties. The DATA CONTROLLER declines any type of responsibility for the consequences that such acts may have for the User if the information was published voluntarily.
Acceptance and consent
The customer and/or user declares that they have been informed of the conditions regarding the protection of personal data, accepting and consenting to the automated processing of such data by the DATA CONTROLLER in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may contain specific conditions with particular provisions regarding the protection of personal data.
Changes to this Privacy Policy
The DATA CONTROLLER reserves the right to modify this Privacy Policy in order to adapt it to legislative, case-law or interpretative developments issued by the Spanish Data Protection Agency, as well as to industry practices.
In such cases, the DATA CONTROLLER will announce the changes introduced on the website with reasonable notice prior to their implementation.
This Privacy Policy may be supplemented by the Legal Notice, Cookie Policy and the Booking Terms and Conditions which, where applicable, may be established for certain services, if such access involves any specific aspects regarding the protection of personal data.