Privacy Policy
Below we provide you with detailed information on the processing of your data in compliance with article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons in regarding the processing of personal data and the free circulation of these data and by which Directive 95/46/EC (General Data Protection Regulation) is repealed.
Data of the person in charge of the treatment and contact of RPO
- Identity: VIAJES ANDROMEDA, S.A. ESA58325275
- Address: Av. Diagonal 618, 4ª 08021 Barcelona
- Telephone: +34 932 402 900
- E-mail: responsableprotecciondedatos@viajesandromeda.es
- Complaint channel: https://www.corporate-ethicline.com/andromeda/
Purposes of treatment
VIAJES ANDROMEDA, S.A. (hereinafter, the Entity), will process the information provided by interested persons for the following purposes:
- Manage any type of request, suggestion or request about our professional services as a travel agency that interested people make us.
- Commercial communications: Processing of your data in order to inform you about our services and activities, articles of interest and general information about our services via email.
- Manage data provided by candidates for a job through any of the contact forms made available on this website for selection and recruitment purposes. You expressly authorize the Entity to proceed with the processing of your data for the indicated purpose.
- Manage your registration in the subscription service of our newsletter.
- Management of services to our clients: Includes the processing of personal data necessary for the management of the trips contracted by our clients.
- Guarantee the security of offices, facilities and people through access controls, video surveillance systems and other access control/identification systems.
- Comply with the legal provisions that apply to the Entity and its activities in health matters and occupational risk prevention.
- Manage and control the operation of the internal mechanisms, policies and protocols established by the Entity for the purposes of regulatory compliance and management of the reporting channels for this purpose.
- All those treatments that are applicable to us for due compliance with the regulations and official / sectoral requirements to which our activity is subject.
For the proper purpose and development of your attention and management of the above purposes, the owner consents to the processing of their data for the above purposes, all under the strictest compliance with the Data Protection regulations and the policy that we are detailing. . You can exercise your rights at any time (see specific section).
Data retention criteria
- Travel management: the personal data provided in the contracts, offers and/or service proposals, as well as that of the rest of the people whose intervention is necessary, will be kept for as long as the contracted services are in force. At the end of the provision of the contracted service/s, the personal data will be kept in the cases that could derive responsibilities with the Entity and/or in compliance with other regulatory frameworks that are applicable to the Entity or to a norm with the rank of law that requires the conservation of these. The personal data will be kept in a way that allows the identification and exercise of the Rights of those affected and, under the technical, legal and organizational measures that are necessary to guarantee the confidentiality and integrity of these.
- Curriculum Vitae Management: the Entity, as a rule, keeps its Curriculum Vitae for a maximum period of one year; After this period, it will be automatically destroyed, in compliance with the principle of data quality.
- Management of Employment Contracts: the personal data will be kept, in any case, during the time that the employment relationship is in force and, at the end of it, in the cases that could derive responsibilities between the parties and when required by a standard with the force of law.
- Others: the rest of the data and information provided by the user by any means, will be kept for as long as necessary to fulfill the purpose for which they were collected.
Legitimation
The legal basis that enables the Entity to be able to process the personal data of users, clients, potential clients under the following headings:
- The consent of the interested persons for the processing and management of any request for information or query about our services and products.
- The consent given by Job Candidates for selection and recruitment purposes.
- The framework for the provision and/or contracting of services/products with the Entity.
- The legitimate interest to send you informative, commercial communications and/or promotional offers related to the Entity’s activity and the contracted services/products via email or any other means.
- Compliance with legal obligations and internal regulatory compliance procedures.
- The legitimate interest to guarantee the security of the offices, facilities and people.
Recipients
No personal data is transferred to third parties, except legal provision. There are also no international data transfers to third countries, unless expressly authorized.
Origin
Personal data is obtained directly from interested persons and from our collaborators. The categories of personal data provided by our collaborators are the following:
Identification data
Postal or electronic addresses.
Rights
Right of Access, Rectification and Deletion: Interested persons have the right to obtain confirmation on whether or not the Entity is processing personal data that concerns them. Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
Right to Limitation and Opposition: In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. In certain circumstances and, for reasons related to their particular situation, the interested parties may oppose the processing of their data. The Entity will stop processing the data in this case, except for compelling legitimate reasons, or for the exercise or defense of possible claims.
Right to revoke the consent given: the interested parties have the right to withdraw their consent at any time, except in the case of personal data processing provided for in the Data Protection regulations or necessary for the provision of the contracted service, which do not require said consent. . However, this withdrawal does not have retroactive effects, so it will not affect the legality of the treatment based on previously granted consent.
These rights may be exercised on our Channel https://www.corporate-ethicline.com/andromeda/
Said rights may be exercised through the following channel: https://www.corporate-ethicline.com/andromeda/
Updates and modifications
The Entity reserves the right to modify and/or update the information on data protection, when necessary for proper compliance with the Data Protection Regulation. If any changes are made, the new text will be published on this page, where you can access the current policy. In each case, the relationship with users will be governed by the rules established at the precise moment in which the website is accessed.
Cookies
The Entity may use cookies during the provision of the Portal service.
Cookies are automatic procedures for collecting information regarding the preferences determined by a user during their visit to a certain web page.
You can consult all the details in our Cookies Policy.
Commercial communications by email
Taking into account that the main means of communication between The Entity and the USER is through the email address provided, we inform you that we will use this means for all communications with USERS, including commercial information or informative notes related to the purpose of our portal, and consequently, in compliance with article 21 of the Law on Services of the Information Society and Electronic Commerce, which prohibits the sending of commercial communications through email that have not previously been expressly authorized by the recipients of the same, we inform you that the acceptance of these conditions of use implies your express authorization to send you our commercial, advertising and promotional mailings. However, if you do not wish to receive our commercial communications by email, you can oppose them at the address indicated above, or in each mailing that we send you.
The Entity is not responsible for the privacy policy regarding personal data that may be provided to third parties through the links available on our website.
The Entity can modify these privacy policies to adapt them to the modifications that occur on our website, as well as legislative or jurisprudential modifications on personal data that appear, for which it requires its reading, each time you provide us with your data through of this website.
Security and Control Measures
General
In compliance with data protection regulations, the Entity will process personal data applying the appropriate technical, legal, organizational and security measures, in order to guarantee the confidentiality and integrity of the information it manages in accordance with the provisions of current regulations.
We appreciate that you inform the Data Protection Officer / Delegate through the contact details / Channel established in this Privacy Policy, of any security risk, of which you have evidence or knowledge, that may compromise integrity and confidentiality. of personal data and/or confidential information, in order to be able to take the necessary measures to prevent unauthorized processing, loss, destruction or accidental damage.
Cybersecurity
As a specific and complementary concept to the above, the Entity applies cybersecurity measures to prevent and manage possible attacks and fraud by cybercriminals who violate the privacy and protection of the data that our Entity processes and accesses in the scope of its activities. and operations.
In this sense, we want to warn that in the event of possible situations of risk due to communications whose content and/or format generate doubts of authenticity, we recommend omitting them and contacting the Data Protection Officer/Delegate through the contact information indicated herein. Privacy Policy.
Likewise, any request that you receive from our Entity about changes in payment methods, request for data or contact persons or confidential (non-public) information, bank details and/or credit cards and/or other official data, It should not be attended to without the direct confirmation of our Entity by another alternative means. We appreciate and need your collaboration for your communication and complaint about any notification about this type of request and other possible situations of risk of cyber attacks in which our Entity may be used, as well as for any possible security risk that you may be aware of.
International Data Transfer
International data transfers refer to the process of transferring personal data outside the European Union to countries that do not provide an adequate level of data protection. In the context of data protection, the European Union establishes certain standards and safeguards to ensure that the personal data of European citizens is protected when transferred outside the EU.
In the case you mentioned, it seems that the entity conducts international transfers of personal data due to its international activities and operations. These transfers may be necessary to comply with regulatory requirements or to provide the products and services of the entity. However, to ensure the protection of personal data, it is important for the entity to comply with applicable data protection regulations.
If you are an individual whose personal data is being internationally transferred, you have the right to request information about such transfer. You can exercise your rights of access and communicate with the Data Controller or Data Protection Officer (DPO) of the entity through the specific contact mechanisms established by the entity for this purpose.
It is important to note that the entity must comply with applicable laws and regulations regarding data protection, such as the General Data Protection Regulation (GDPR) of the European Union, and must implement appropriate measures to ensure the security and protection of internationally transferred personal data. These measures may include the use of standard contractual clauses, binding corporate rules, or adherence to recognized certification schemes.
If you have any specific concerns regarding the international transfer of your personal data, I would recommend contacting the Data Controller or Data Protection Officer (DPO) of the entity directly to obtain more information and clarification on how your personal data is handled in the context of international transfers.
Channel
The Entity has implemented a Channel, contemplating the highest commitment, rigor and professionalism in terms of security, experience, independence and knowledge in the treatment of received communications.
The Channel, which includes use in the field of Data Protection, has been implemented through a web platform, developed and managed by an independent external expert, to provide and guarantee our previous commitments.
Through the Channel, you can communicate and process the exercise of your Rights (see previous section) and communicate any indication or knowledge you have of possible security violations (breaches), cyber attacks and/or possible breaches or irregularities regarding the Protection regulations. of Data, the present policy of the Entity and all the aspects mentioned above on confidentiality and company secrets.
The access data to the Channel are detailed at the beginning of this Policy.
Control authority
In case of divergences with the Entity in relation to the processing of your data, you have the right to file a claim with the corresponding Data Protection Control Authority. In Spain, said Authority is the Spanish Data Protection Agency (www.aepd.es).
Attention and support
Interested persons may communicate to the Entity any doubt about the processing of their personal data or interpretation of our Policy, by contacting the Data Protection Officer / Delegate (RPD / DPD) at the address indicated at the beginning of this Policy.