Hit Enter to search or Esc key to close

GDPR Privacy Policy

GDPR Compliance

Your personal data is of great importance to us. Our Policy sets out the basis on how we collect and processes your personal data that you submit to us.
 
This applies to you in the case where the GDPR applies to such processing. In all your dealings with us, you must ensure that others you may represent are aware of the content and consent to you on their behalf.
 
We encourage you to read this. If you do not wish to be used by us, please do not provide us with your personal data. Please note that in such a case, we may not be able to provide you with our services, and your customer experience may be affected.
1. Personal Data
 
This refers to a combination of your name, address, telephone number, email address and travel preference that you supply us. As well as any information about other persons you represent such as those on your booking.
 
2. Processing of Your Personal Data
 
Data processes
 
We may collect and process your personal data for business purposes. These purposes include:
 
Fulfilling your legal obligations (Articles 6(1)(b) and (c) of the GDPR:
We need to provide your name, passport number, contact details, and other related information to our service providers. If you do not provide us with this personal data, we will not be able to offer our services.
 
Fulfilling your and our legitimate interests (Article 6(1)(f) of the GDPR):
Where it is in both your and our benefit that we further process your personal data as part of our customer service.
 
Consent:
For marketing purposes that may need your authorization for their processing (Article 6(1)(a) of the GDPR). We will inform you before collecting your data if we intend to use for such purposes or to any third party. You can exercise your right to prevent such processing by checking certain boxes on the forms.
 
We will process your data to fulfil our service to you and follow the applicable fiscal, tax, securities and commercial law regulations.
 
Children
Our Tours and services are for adult customers. Yet, we may collect and process the information on children under sixteen (16). On these occasions, we will take account of this event when processing the personal data of children and implementing the legal basis for such processing. We will seek the consent of parents, tutors, or other adults holding parental responsibility for children if required under the GDPR.
 
Data transfers
When we process your personal data, we will store it in our systems located within the European Economic Area (EEA), which comprises the Member States of the EU. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third-party partners.
 
Legal compliance and security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
 
Also if we determine in good faith that disclosure is necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
 
Safeguards to protect your personal data
Where we share your data with a data processor, we will put the appropriate legal framework in place to cover such transfer and processing (Articles 26, 28 and 29). Furthermore, where we transfer your data from EEA to any entity outside the EEA, we will put appropriate legal frameworks in place, Binding Corporate Rules (Article 47 GDPR), controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, to cover such transfers (Articles 44 ff. GDPR), or we will share your data based on rules of the GDPR.
 
3. Our Records of Data Processes
We handle records of all personal data under the obligations established by the GDPR (Article 30), both where act as a controller or as a processor. In these records, we reflect on all the information necessary to follow the GDPR and cooperate with the supervisory authorities as required (Article 31).
 
4. Security Measures
 
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
 
We will keep your personal information for as long as it is necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
 
5. Notification of Data Breaches to the Competent Supervisory Authorities
 
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place to identify it and assess it . Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
 
6. Processing Likely to Result in High Risk to your Rights and Freedoms
 
We have mechanisms and policies in place to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organizational safeguards are in place to proceed with it.
 
In case of doubt, we will contact the competent Data Protection Supervisory Authority to get their advice and recommendations (Article 36 GDPR).
 
7. Your Rights
 
You have the following rights:
 
Access to personal data: You have the right to be provided full information about your personal data that we hold.
Data correction: You have the right to require that we correct any incorrect information we hold about you.
 
Data deletion: You may also have the right to ask that we delete your personal data. Please note that certain conditions may apply to the exercise of this right.
Restriction on the processing of personal data: You may have the right to ask that we restrict the use of your personal data. Please note that certain conditions may apply to the exercise of this right.
 
Object to the processing of personal data: You may have the right to object to the use of your personal data by us. Please note that certain conditions may apply to the exercise of this right.
You may have the right to receive your personal data in a structured format. Please note that certain conditions may apply to the exercise of this right.
 
8. When you want to complain about your information.
 
We have appointed appropriate staff with management support to oversee and ensure compliance with the GDPR.
 
You can bring complaints in writing by contacting us at infoalandalusroutes@gmail.com.
 
After receiving the complaint, the Data Protection Team will send an acknowledgement of receipt within one week to you. The confirmation may include further questions necessary for the clarification of the issues. The Data Protection Team will provide an answer to you as soon as possible, but no later than one month upon receiving the complaint. If due to the complexity of the complaint, a substantive response within one month cannot be provided, you will be notified with a reasonable estimate of the timeframe, but not exceeding two months from the notice.
 
You may also raise the complaint to the relevant Data Protection Authority or lodge a claim with a court of competent jurisdiction.
 
9. Changes to our Privacy Policy
 
We may revise or update this Privacy Policy from time to time. Any changes in the future, we will inform you through the website and seek your consent where applicable.