Privacy Policy - Granada Sailing

Information in compliance with personal data protection regulations

In Europe and Spain there are data protection regulations designed to protect your personal information that are mandatory for our entity.

Therefore, it is very important to us that you perfectly understand what we are going to do with the personal data we ask from you.

Thus, we will be transparent and give you control of your data, with simple language and clear options that will allow you to decide what we will do with your personal information.

Please, if after reading this information you have any questions, do not hesitate to ask us.

Thank you very much for your cooperation.

Who are we?

Our name: GRANADA SAILING, S.L.

Our CIF / NIF: B10611572

Our main activity: BOAT TRIPS

Our address: C/Paseillo nº18 18014 Granada

Our contact telephone: +34 685 99 88 22

Our contact email address: info@granadasailing.com

Our website: granadasailing.com

For your trust and security, we inform you that we are an entity registered in the following Commercial Registry / Public Registry:

We are at your disposal, do not hesitate to contact us.

What are we going to use your data for?

In general, your personal data will be used to be able to interact with you and provide you with our services.

Likewise, they may also be used for other activities, such as sending you advertising or promoting our activities.

Why do we need to use your data?

Your personal data is necessary to be able to interact with you and provide you with our services. In this regard, we will provide you with a series of checkboxes that will allow you to decide clearly and simply on the use of your personal information.

Who will know the information we ask for?

In general, only the personnel of our entity who are duly authorized may have knowledge of the information we ask for.

Likewise, entities that need to have access to it so that we can provide you with our services may have knowledge of your personal information. For example, our bank will know your data if payment for our services is made by card or bank transfer.

Also, public or private entities to which we are obliged to provide your personal data due to compliance with any law will have knowledge of your information. To give you an example, Tax Law requires providing the Tax Agency with certain information about economic operations that exceed a certain amount.

In the event that, apart from the aforementioned cases, we need to disclose your personal information to other entities, we will previously request your permission through clear options that will allow you to decide in this regard.

How are we going to protect your data?

We will protect your data with effective security measures based on the risks involved in using your information.

To this end, our entity has approved a Data Protection Policy and annual controls and audits are carried out to verify that your personal data is safe at all times.

Will we send your data to other countries?

In the world there are countries that are safe for your data and others that are not so safe. For example, the European Union is a safe environment for your data. Our policy is not to send your personal information to any country that is not safe from the point of view of protecting your data.

In the event that, for the purpose of providing you with the service, it is essential to send your data to a country that is not as safe as Spain, we will always request your permission in advance and apply effective security measures that reduce the risks of sending your personal information to another country.

How long are we going to keep your data?

We will keep your data during our relationship and as long as laws require us to. Once the applicable legal deadlines have ended, we will proceed to delete them in a safe and environmentally friendly manner.

What are your data protection rights?

At any time you can contact us to find out what information we have about you, rectify it if it is incorrect and delete it once our relationship is finished, if this is legally possible.

You also have the right to request the transfer of your information to another entity. This right is called “portability” and can be useful in certain situations.

To request any of these rights, you must make a written request to our address, along with a photocopy of your ID, to be able to identify you.

In the offices of our entity we have specific forms to request said rights and we offer you our help to complete them.

To learn more about your data protection rights, you can consult the website of the Spanish Data Protection Agency (www.agpd.es).

Can you withdraw your consent if you change your mind at a later time?

You can withdraw your consent if you change your mind about the use of your data at any time.

For example, if you were once interested in receiving advertising for our products or services, but no longer wish to receive more advertising, you can let us know through the opposition to processing form available at our entity’s offices.

If you believe that your rights have been ignored, where can you file a complaint?

If you believe that your rights have been ignored by our entity, you can file a complaint with the Spanish Data Protection Agency, through any of the following means:

Electronic site: www.agpd.es

Postal address:

Spanish Data Protection Agency

C/ Jorge Juan, 6

28001-Madrid

By telephone:

Tel. 901 100 099

Tel. 91 266 35 17

Filing a complaint with the Spanish Data Protection Agency does not entail any cost and the assistance of a lawyer or attorney is not necessary.

Will we create profiles about you?

Our policy is not to create profiles about users of our services.

However, there may be situations in which, for the purposes of providing the service, commercial or other purposes, we need to create information profiles about you. An example could be the use of your purchase or service history to be able to offer you products or services adapted to your tastes or needs.

In such a case, we will apply effective security measures that protect your information at all times from unauthorized persons who intend to use it for their own benefit.

Will we use your data for other purposes?

Our policy is not to use your data for purposes other than those we have explained to you. If, however, we need to use your data for different activities, we will always request your permission in advance through clear options that will allow you to decide on the matter.

Privacy Policy

The Management / Governing Body of GRANADA SAILING, S.L. (hereinafter, the data controller), assumes maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the data controller with the objective of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and Spanish personal data protection regulations (Organic Law, specific sectoral legislation and its implementing regulations).

The Data Protection Policy of GRANADA SAILING, S.L. rests on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy, and is able to demonstrate it before the competent control authorities.

In this regard, the data controller will be governed by the following principles that should serve all its personnel as a guide and frame of reference in the processing of personal data:

Data protection by design: the data controller will apply, both at the time of determining the means of processing and at the time of the processing itself, appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and integrate the necessary safeguards in the processing.

Data protection by default: the data controller will apply appropriate technical and organizational measures with a view to ensuring that, by default, only personal data that is necessary for each of the specific purposes of processing is processed.

Data protection in the information life cycle: the measures that guarantee the protection of personal data will be applicable throughout the complete life cycle of the information.

Lawfulness, fairness and transparency: personal data will be processed in a lawful, fair and transparent manner in relation to the data subject.

Purpose limitation: personal data will be collected for specified, explicit and legitimate purposes, and will not be further processed in a manner incompatible with those purposes.

Data minimization: personal data will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy: personal data will be accurate and, if necessary, updated; all reasonable measures will be adopted so that inaccurate personal data with respect to the purposes for which they are processed are deleted or rectified without delay.

Storage limitation: personal data will be kept in a form that allows the identification of data subjects for no longer than is necessary for the purposes of processing the personal data.

Integrity and confidentiality: personal data will be processed in such a way as to ensure appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, through the application of appropriate technical or organizational measures.

Information and training: one of the keys to guaranteeing the protection of personal data is the training and information provided to personnel involved in processing it. During the life cycle of the information, all personnel with access to the data will be appropriately trained and informed about their obligations in relation to compliance with data protection regulations.

The Data Protection Policy of GRANADA SAILING, S.L. is communicated to all personnel of the data controller and made available to all interested parties.

Consequently, this Data Protection Policy involves all personnel of the data controller, who must know and assume it, considering it as their own, each member being responsible for applying it and verifying the data protection standards applicable to their activity, as well as identifying and providing improvement opportunities that they consider appropriate with the objective of achieving excellence in relation to its compliance.

This Policy will be reviewed by the Management / Governing Body of GRANADA SAILING, S.L., as many times as deemed necessary, to adapt, at all times, to the provisions in force regarding the protection of personal data.