eng
esp
cat
fraPrivacy policy
PROTECTION OF PERSONAL DATA
Privacy and Data Protection Policy
VIATGES ESTIBER, S.A. (hereinafter, the Travel Agency) is committed to due diligence and compliance with Data Protection regulations.
The following provides detailed information about the confidentiality and Personal Data Protection policy in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, regarding the protection of individuals concerning the processing of personal data and the free movement of such data (General Data Protection Regulation or GDPR) and Article 11 of Organic Law 3/2018, on Personal Data Protection and Digital Rights Guarantee (LOPD GDD).
Data Controller and Data Protection Officer (DPO) Contact Information:
Address / ZIP Code: C/ Casanova nº 101, 08011, Barcelona
Phone: 93 454 83 08
Website: www.estiber.com
Email: info@estiber.com
DPO Contact: dpdexterno@bonetconsulting.com
Data Protection Channel: www.corporate-line.com/cnormativo-grupo-estiber
Processing Purposes:
The Travel Agency will process the personal data provided by individuals through this website and/or any other means for the following purposes:
> Manage attention, visits, and meetings at our facilities.
> Handle any type of request, suggestion, and/or information inquiry about our services and tourist packages made by users through any means.
> Sale and Organization of Trips and Tourist Packages, including activities such as:
- Reservation, accommodation, transportation, and other ancillary services.
- Payment management for services and refunds.
- Handling claims and incidents related to contracted services.
Categories of Processed Data: The Travel Agency may incidentally process certain health data and information about food intolerances to correctly provide the services of selling and organizing the contracted trip.
Informational and Commercial Communications: Processing of your data to inform you about activities, articles of interest, and general information related to our activity, promotions, and services/products related to the tourism sector.
Customer Service and Follow-Up: To improve our products and services and enhance customer satisfaction and experience, handle administrative purposes of the entity, ensure network and information security owned by the Travel Agency, comply with legal obligations, and meet all applicable customs and immigration requirements related to your trip, etc.
> Ensure the security of offices, facilities, and individuals through access controls, video surveillance systems, and other access control/identification systems.
> Manage relationships with our Suppliers/Collaborators for the management and execution of services/products contracted by the Travel Agency.
> Manage relationships with our Suppliers/Collaborators for the management and execution of services/products contracted by the Travel Agency.
> Manage data provided by job applicants through their Curriculum Vitae (CV) for the purpose of the selection and recruitment process.
> Comply with legal provisions applicable to the Entity and its activities in health and occupational risk prevention matters.
> Implement any treatments necessary for compliance with official/sectoral regulations and requirements applicable to our activity.
> Manage and control the operation of internal mechanisms, policies, and protocols established by the Travel Agency for compliance and management of reporting channels.
> Comply with legal provisions applicable to the Entity and its activities in health and occupational risk prevention matters.
> Implement any treatments necessary for compliance with official/sectoral regulations and requirements applicable to our activity.
> Manage and control the operation of internal mechanisms, policies, and protocols established by the Travel Agency for compliance and management of reporting channels.
For the proper execution and development of the aforementioned purposes, the processing of your data for the relevant purposes mentioned above will be carried out in strict compliance with Data Protection regulations and the Policy detailed here.
You may exercise your rights at any time (see specific section).
You may exercise your rights at any time (see specific section).
Data Retention Criteria
> Management of Tourist Services/Packages Contracted with the Travel Agency: Personal data provided in contracts, offers, and/or service proposals, as well as those of other individuals involved, will be retained for the duration of the contracted services. After the provision of the contracted service(s), personal data may be retained in cases where responsibilities with the agency arise or to comply with other applicable legal frameworks. Personal data will be maintained to allow for the identification and exercise of the rights of the data subjects, under technical, legal, and organizational measures necessary to ensure confidentiality and integrity.
> CV Management: As a general rule, the Travel Agency retains Curriculum Vitae for a maximum period of one year. After this period, data will be automatically destroyed in compliance with the data quality principle.
> Management of Employment Contracts: Personal data will be retained for the duration of the employment relationship and, after its termination, in cases where responsibilities may arise between the parties and as required by law.
> Management of the legal obligation for documentary registration and information as stipulated in the regulations for the protection of public safety for individuals or legal entities engaged, professionally or otherwise, in accommodation or motor vehicle rental activities without a driver: pursuant to Article 5.3 of Royal Decree 933/2021, dated October 26, which establishes the obligations for documentary registration and information for individuals or legal entities engaged in accommodation and motor vehicle rental activities, the documentary registration data that the Travel Agency must maintain under the terms provided in this regulation will be kept for a period of three years from the completion of the contracted service or provision.
> Management of the legal obligation for documentary registration and information as stipulated in the regulations for the protection of public safety for individuals or legal entities engaged, professionally or otherwise, in accommodation or motor vehicle rental activities without a driver: pursuant to Article 5.3 of Royal Decree 933/2021, dated October 26, which establishes the obligations for documentary registration and information for individuals or legal entities engaged in accommodation and motor vehicle rental activities, the documentary registration data that the Travel Agency must maintain under the terms provided in this regulation will be kept for a period of three years from the completion of the contracted service or provision.
> Others: The rest of the data and information provided by the data subject through any means will be retained for the time necessary to fulfill the purpose for which they were collected.
Legitimation
> The legal basis that authorizes the Travel Agency to process the personal data of users, clients, and potential clients is as follows:
> Consent of the individuals interested: For the processing and management of any request for information or inquiry about our services and products related to the tourism sector.
> Consent provided by job candidates: For the purpose of selection and recruitment.
> Framework of provision and/or contracting of services/products with the Travel Agency.
> Legitimate interest: To send informative, commercial, and/or promotional offers related to the activities of the Travel Agency and the services/products contracted through email or any other means.
> Compliance with legal obligations and internal compliance procedures.
> Legitimate interest: To ensure the security of offices, facilities, and individuals.
Recipients
The Travel Agency may disclose your personal data to other entities in the tourism sector involved when strictly necessary for the proper management and organization of the tourist services contracted by the user. The entities to which the Travel Agency may disclose your personal data include:
[No specific entities were provided in the original text. If available, you should insert the names of specific entities.]
On the other hand, the Travel Agency may share your personal data with competent Authorities and Public Administrations, as well as any other third parties necessary to comply with legal obligations.
Source
Personal data is obtained directly from the individuals concerned and from our collaborators. The categories of personal data provided include:
> Identification and contact information.
> Postal or email addresses.
> Banking, economic, and purchase/order-related data.
> Data provided and/or consented to by the data subjects, related and necessary for the management and delivery of the requested service/product.
> Data provided and/or consented to by the data subjects necessary for compliance with legal obligations applicable to the Travel Agency.
Rights
To ensure transparency in the processing of your personal data, we inform you about the rights granted by the Data Protection regulations. Below are details of each right and how to exercise them regarding the personal data we hold.
> Right of access: You have the right to know whether the Entity is processing your personal data.
> Right to rectification: You have the right to request the correction of inaccurate data.
> Right to erasure: You have the right to request the deletion of your personal data when it is no longer needed for its original purpose.
> Right to restrict processing: You have the right to request that your data usage be limited, keeping it only for claim defense purposes.
> Right to object: You have the right to object to the processing of your personal data unless there are legitimate reasons or it is needed for claim defense.
> Right to data portability: You have the right to receive your data in a structured and readable format to transfer it to another controller, where feasible.
> Right to withdraw consent: You have the right to withdraw consent at any time, except where processing is required by law or necessary for a contracted service, without retroactive effects.
> Right not to be subject to automated decisions: You have the right not to be subject to automated decisions based on personal data that significantly affect you, such as profiling.
You may exercise your rights or report any security breaches, cyberattacks, or possible violations or irregularities regarding Data Protection regulations through the system available at www.corporate-line.com/cnormativo-grupo-estiber or contact the Data Protection Officer at dpdexterno@bonetconsulting.com.
In case of discrepancies with the Entity regarding the processing of your data, you have the right to file a complaint with the corresponding Data Protection Authority. In Spain, this Authority is the Spanish Data Protection Agency (www.aepd.es).
Security and Control Measures:
General
In compliance with data protection regulations, the Travel Agency will process personal data by applying appropriate technical, legal, organizational, and security measures to ensure the confidentiality and integrity of the information it manages, in accordance with current regulations.
We appreciate your notification to the Data Protection Officer through the contact information/Channel established in this Privacy Policy of any security risks you may be aware of that could compromise the integrity and confidentiality of personal data and/or confidential information. This allows us to take necessary measures to prevent unauthorized processing, loss, destruction, or accidental damage.
Cybersecurity
As a specific and complementary concept to the above, the Travel Agency implements cybersecurity measures to prevent and manage potential attacks and fraud by cybercriminals that may threaten the privacy and data protection within the scope of its activities and operations.
In this regard, we want to alert you that in the face of possible risky situations arising from communications whose content and/or format raise authenticity concerns, we recommend disregarding them and contacting the Data Protection Officer using the contact details provided in this Privacy Policy.
Additionally, any request received from our Agency regarding changes in payment methods, requests for data or contact persons, confidential (non-public) information, banking and/or credit card details, and/or other official data should not be acted upon without direct confirmation from our Agency through an alternative means. We appreciate and rely on your collaboration in reporting and denouncing any notifications related to such requests and other potential cybersecurity risks involving our Agency, as well as any possible security risks of which you may be aware.
Channel
The Travel Agency has implemented a Channel, demonstrating the highest commitment, rigor, and professionalism in terms of security, experience, independence, and knowledge in handling received communications.
The Channel, which includes the use in the field of Data Protection, is implemented through a web platform developed and managed by an independent external expert, providing and ensuring our previous commitments.
Through the Channel, you can communicate and process the exercise of your Rights (see previous section) and report any signs or knowledge you may have of potential security breaches, cyberattacks, and/or possible non-compliance or irregularities regarding Data Protection regulations and this Travel Agency Policy.
The access details for the Channel are provided at the beginning of this Policy.
Supervisory Authority
If you have disagreements with the Entity regarding the processing of your data, you have the right to file a complaint with the relevant Data Protection Supervisory Authority. In Spain, this authority is the Spanish Data Protection Agency (www.aepd.es).
Support and Assistance
Individuals may communicate any doubts about the processing of their personal data or the interpretation of our Policy by contacting the Data Protection Officer (DPO) at the address indicated at the beginning of this Policy.
D. RESPONSIBILITIES
By providing the user with this website, we aim to offer a range of quality content and services, using the utmost diligence in their provision and the technological means employed. However, we will not be responsible for the presence of viruses and other elements that may damage the user's computer system.
The USER is prohibited from taking any action on our portal that may cause an excessive overload on our computer systems, as well as the introduction of viruses or the installation of robots or software that may disrupt the normal functioning of our website, or ultimately cause damage to our computer systems.
For any questions regarding the Terms of Use of our website, you can contact us using the above-mentioned contact information or with our advisors at BONET consulting: www.bonetconsulting.com/servicioslssi.html
The Travel Agency has the insolvency guarantee established for package holidays in Art. 252.10 of Law 22/2010, of July 20, of the Consumer Code of Catalonia, formalized through the surety bond number 62709521 with the insurance company AXA Seguros Generales Sociedad Anónima de Seguros y Reaseguros (C/. Monseñor Palmer, 1, 07014 Palma de Mallorca). This coverage, in the event of the Travel Agency's insolvency, covers the effective refund of payments made by travelers who have contracted a package holiday and have not received the corresponding services until the completion of the contracted trip. If transportation is included in the contracted package trip, it also covers repatriation expenses and accommodation expenses prior to repatriation.
Procedure in Case of Request for Provision: The request for provision must always be made through the AXA telephone: Provision at the destination and Refund at the origin: From Spain: 911 119 544. Rest of the World: 0034 911 119 544