PRIVACY POLICY

In compliance with the Personal Data Protection Regulations and the Law on Information Society Services and Electronic Commerce, we inform you that the personal data you provide to us through the website www.veroniatours.com, will be treated confidentially and will become part of the data controller VERONIA TOURS S.L. (hereinafter VERONIA TOURS).

Data Controller of this website:

Identity: VERONIA TOURS S.L.

CIF: B37393717

Postal Address: Calle Papín, 22 Bajo, 37007 Salamanca (Spain)

Registered: Salamanca Mercantile Registry, Volume 284, Book 0, Folio 160, Section 8, Sheet SA-8386, as data controller.

Telephone: 923282511

Email: veroniatours@veroniatours.com

Contact with the Data Protection Officer: contacto@delegado-lopd.es

Categories of personal data

In accordance with the aforementioned purposes, the Data Controller will process all or part of the following categories of data:

  • Identifying data: first name, last name, postal address, email address, zip code, telephone.
  • Personal characteristics: marital status, date of birth, place of birth, gender, nationality, mother tongue, physical or anthropometric characteristics.
  • Social circumstances: hobbies and lifestyle, membership in clubs and associations, licenses, permits or authorizations.
  • Traffic and location data.
  • Economic, financial, or banking data.
  • Insurance data.
  • Academic and professional data: education/qualifications, professional experience, in the case of selection processes or for the hiring of technical personnel, such as guides or group coordinators, which require specific qualifications.

The requested personal data are mandatory, so refusal to provide them could result in the inability to meet the purposes for which they are processed. You guarantee that the provided data are true, accurate, complete, and up-to-date, and you are responsible for any direct or indirect damage or harm that may occur as a result of failing to comply with this obligation. If you provide us with third-party data, you must have their consent and commit to passing on this information, releasing the Data Controller from any liability in this regard. However, the Data Controller may carry out verifications to confirm this fact, adopting the necessary due diligence measures in accordance with data protection regulations.

Purpose of processing

a. Organization and management of travel services
Personal data will be used to organize, coordinate, and manage the services offered, such as planning personalized itineraries, managing reservations with providers (airlines, hotels, shipping companies, etc.), and organizing personalized travel packages.
Legal basis: The legal basis that legitimizes this processing is the performance of a contract (art. 6.1.b GDPR) and the fulfillment of legal obligations (art. 6.1.c GDPR).

b. Communication of relevant information
Sending information related to the contracted services, such as updates on reservations, changes in itineraries, last-minute incidents, service availability, or new personalized offers for the agency.
Legal basis: This processing is based on the performance of a contract (art. 6.1.b GDPR) and our legitimate interest in ensuring the quality and continuity of the service (art. 6.1.f GDPR).

c. Handling of inquiries and requests
Managing inquiries, information requests, suggestions, complaints, or claims made by travel agencies through the available channels (email, telephone, or web forms).
Legal basis: This processing is carried out based on pre-contractual measures at the request of the data subject or for the performance of the contract (art. 6.1.b GDPR).

d. Personalization and optimization of services
We use personal data to tailor the travel services offered to the needs and preferences of the data subjects, ensuring a personalized experience.
Legal basis: The legal basis for this processing is the performance of a contract (art. 6.1.b GDPR).

e. Reception of CVs and management of selection processes
We manage the reception and evaluation of CVs submitted by candidates interested in selection processes opened by the company. In cases where interested individuals submit their CV to participate in selection processes, we ask them to include only the essential information to evaluate their candidacy. In accordance with the data minimization principle established by the GDPR, it is important not to provide unnecessary or irrelevant information for the selection process.
Legal basis: Explicit consent of the data subject when submitting their CV (art. 6.1.a GDPR).

f. Sending commercial communications
Only if explicit consent is obtained, the data will be used to send commercial communications related to promotions, destinations, services, and campaigns associated with the services offered by the company.
Legal basis: This processing will be carried out solely based on the explicit consent of the data subject (art. 6.1.a GDPR). The data subject may revoke their consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.

g. Use of WhatsApp as a means of communication
We use WhatsApp in an exceptional and non-routine manner to facilitate communication with providers or data subjects, only in cases where it is not possible to contact them through other channels.
Legal basis: This processing is based on the performance of a contract (art. 6.1.b GDPR), as it is necessary to carry out the contracted activities. In some cases, it may also be based on the explicit consent of the data subject (art. 6.1.a GDPR), which may be revoked at any time without affecting the lawfulness of the previous processing. In cases where the phone number is provided by a third party, we ensure that the data subject is informed of this processing and how their data will be used in accordance with data protection regulations.

h. Compliance with legal obligations
Data processing necessary to comply with applicable legal obligations, such as those arising from tax, accounting, data protection, or consumer and user regulations.
Legal basis: Compliance with legal obligations applicable to the Data Controller in accordance with European Union law and internal regulations (art. 6.1.c GDPR).

i. Obligations of data processors
In cases where we work with data processors, we require that they comply with the necessary technical and organizational measures to ensure the security, integrity, and confidentiality of the personal data they process on our behalf. This processing is supported by our legitimate interest in ensuring the proper functioning of the service (art. 6.1.f GDPR) and compliance with contractual and legal obligations associated with data processing (art. 6.1.c GDPR).

Recipients

Data will not be transferred to third parties, except with explicit authorization or legal obligation. Additionally, to achieve the purposes stated above, it may be necessary—and even mandatory—for your data to be communicated to various providers, such as airlines, shipping companies, hotels, and other service providers, who will be required to use your data solely for fulfilling the obligations assumed by the Data Controller. These providers, depending on the destination country of your trip, may be located in third countries where an international data transfer is necessary. In all cases, the Data Controller assumes responsibility for the personal information you provide. Therefore, we request that the companies with which we share your personal information apply the same level of data protection as we do. Furthermore, your personal information will be available to public administrations, judges, and courts for addressing any potential liabilities arising from the processing of your personal data.

International Data Transfers

Some of the providers/entities to which your data may be transferred for the fulfillment of the indicated purposes may be located in third countries outside the EEA, including those where the legislation does not require an adequate level of security according to the criteria of the Spanish Data Protection Agency Director. The personal information we collect is stored in Spain, even if your personal information has been collected in the country in which you reside and is outside the EEA. Those third parties with which we share your personal information may manage or transfer your personal information outside of Spain and the EEA to other countries where they have facilities. In compliance with the requirements established by the Spanish Data Protection Agency and the European Union, we will ensure that both any transfer of your personal information carried out by us or those third parties with whom we share your personal information, as well as the manner in which we manage your personal information, comply with the applicable legislation. In any case, the transfer, storage, and management of your personal information by us will always be governed by this Privacy Policy.

Retention Period

In compliance with the principles of limitation of retention periods, the collected data will be processed solely for the necessary time and for the purposes for which they were collected. Data retention will be justified when:

  • There is a legal obligation to retain the data for a certain period.
  • They are necessary to respond to the contractual relationship.
  • They are used for historical and/or statistical purposes.
  • There could be harm to the interests of third parties or the legitimate owner of the data.
  • They are necessary to ensure the traceability and monitoring of a service.
  • The data and documentation serve as evidence of an activity or service provided, during the statute of limitations periods for any civil, criminal, administrative, or any other actions that may arise from the activity or service provided. In such cases, the data will be blocked until the retention obligation expires.
  • A longer retention period has been agreed upon by the interested parties.

Exercise of rights

We inform you that you can exercise your rights by sending an email to the address indicated above with the subject “LOPD” accompanied by a copy of your national ID, passport, or other valid identification document. You may also use the forms and templates provided by the Spanish Data Protection Agency’s website for exercising these rights. Your rights are as follows:

  • Any person has the right to obtain confirmation as to whether our company is processing personal data that concerns them or not.
  • Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, if applicable, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • Data subjects may request the restriction of the processing of their data while the challenge to the accuracy of the data is verified; when the processing is lawful but the data subject opposes the deletion of their data; if the data controller does not need to process the data but the user needs it for the exercise or defense of claims, or when the data subject has opposed the processing of their data for the fulfillment of the data controller’s legitimate interest, while it is verified whether the legitimate reasons for processing prevail over theirs; in which case we will only retain the data for the exercise or defense of claims.
  • In certain circumstances, and for reasons related to their particular situation, data subjects may object to the processing of their data. Our company will stop processing the data, except for overriding legitimate reasons or for the exercise of possible claims.
  • Similarly, you have the right to data portability, in cases where the law permits it.
  • We inform you that you may withdraw your consent for one or all purposes at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
  • We inform you that you may file a complaint with the competent Data Protection Authority (e.g., AGPD – Spanish Data Protection Agency).

You may exercise these rights by requesting it at the address indicated above.

Use of cookies

VERONIA TOURS informs its users that it uses cookies on its website. Cookies are small text files that the browser stores on your computer's hard drive. When you browse our website, our server may recognize the cookie and provide us with information about your last visit. Most browsers accept the use of cookies automatically, but you can configure your browser to notify you when cookies are received and to prevent their installation on your hard drive. Under no circumstances can cookie files read information from your hard drive or files created by other sites. To read our Cookie Policy, click on the following link: COOKIE POLICY.

Accuracy of data and its updating

The User guarantees that the Personal Data provided to VERONIA TOURS is accurate and is responsible for communicating any changes. The User will be solely responsible for any direct or indirect damage or harm that may be caused to VERONIA TOURS or any third party as a result of completing the forms with false, inaccurate, incomplete, or outdated data. The User should not include third-party personal data without their prior informed consent as established in this data protection policy, being solely responsible for its inclusion. All data requested through the website is mandatory, as it is necessary for providing optimal service. If not all data is provided, it is not guaranteed that the information and services provided will fully meet your needs. In order to provide us with your personal data, a minimum age of 14 is required.

Confidentiality and security of your data

VERONIA TOURS has adopted the necessary measures to prevent alteration, loss, processing, or unauthorized access to personal data, taking into account the state of technology at all times; however, the User must be aware that security measures on the Internet are not impenetrable.

The data obtained through the website and/or any other means will be processed by the DATA CONTROLLER with absolute confidentiality, committing to keep them secret. In accordance with the current Personal Data Protection regulations, the DATA CONTROLLER is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of the personal data under its responsibility, and explicitly with the principles described in Article 5 of the GDPR and in Title II of the LOPDGDD, whereby they are processed lawfully, fairly, and transparently in relation to the data subject and are adequate, relevant, and limited to what is necessary for the purposes for which they are processed.

The DATA CONTROLLER guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of the Users, and has provided them with the necessary information to exercise those rights.

  • Integrity: Information systems have security directives and password policies that limit and protect the available information through the assignment of access profiles both on local servers and in the cloud used by VERONIA TOURS.
  • Availability: Through resource allocation directives and backup directives that cover all systems, including projects and services provided to users. Systematic data recovery tests are carried out in case of serious incidents that could limit data availability.
  • Implementation of resilience mechanisms that allow monitoring and rapid detection of incidents and ensure the coordination of the planned recovery mechanisms.
  • Application of incident response protocols, both physical and logical, that ensure a quick and effective resolution.
  • Implementation of auditing practices to periodically verify the implementation of the different security measures and their effectiveness.

Data protection legislation may be modified, so we strongly recommend that you regularly check our Data Protection Policy.

We inform you that the VERONIA TOURS website does not support encryption, and we inform you that information sent over the Internet without encryption can be seen by other people; by submitting our forms you accept the transmission of unencrypted information.

Modification of the Data Protection Policy

VERONIA TOURS reserves the right to modify its data protection policy at its discretion, or due to legislative, jurisprudential, or business practice changes. If VERONIA TOURS makes any modifications, the new text will be published on this same website, where the User will be able to review the current data protection policy of VERONIA TOURS. In any case, the relationship with the users will be governed by the rules in effect at the precise time of access to the website.

Other information

For any clarification or comment, you may contact VERONIA TOURS by sending an email to the address indicated above.