SECTION 1 - INTRODUCTION
Premium Plans SL takes the protection of your privacy and personal data very seriously. Therefore, your personal information is kept secure and treated with the utmost care.
This data protection policy regulates the access and use of the service of the website www.excursionribeirasacra.com (hereinafter, the "Website"), as well as the rest of products and / or services that Premium Plans SL (hereinafter “Verdant Experiences” or “VE”) makes available to people interested (hereinafter "Users" or "User") in them.
Our data protection policy is subject to Spanish and European legislation, being adapted to the requirements of:
- The GDPR or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Regulations of the European Union that unify the regulation of the treatment of personal data in the different countries of the EU
- The LOPD or Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal y Real Decreto 1720/2007, de 21 de diciembre. Spanish regulation that regulates the treatment of personal data and the obligations that should be assumed by the persons responsible for a website when managing personal data.
- The LSSI or Ley 34/2002, de 11 de julio, de Servicios de la Sociedad de la Información y Comercio Electrónico, and the Ley 9/2014, de 9 de mayo, de Telecomunicaciones. Spanish regulation that regulates economic transactions through electronic means.
SECTION 2 - RESPONSIBLE FOR DATA PROCESSING
Premium Plans S.L. (Verdant Experiences)
Rua Bedoya 27 Bajo - 32004 Ourense (España)
+34 689 139 381
There is no officer
SECTION 3 - PURPOSES OF DATA PROCESSING AND DURATION
The information provided by the User can be used for one or more of the following purposes:
- Management of clients, administration, accounting and taxation. It includes the collection and payment procedures, billing, as well as consultants and advisors. It also includes the management of suppliers: for the contracting of products or in claims to it, so that we can transfer your necessary data for accommodation, flights, transportation and contracted services, to the relevant recipients (wholesalers, reservation centers, airlines and shipping companies, or similar) and, if necessary, depending on the service or trip to be made, to any country in the world, including, in your case, to those who do not offer a level of protection comparable to that required by the GDPR. It is necessary for contracting services.
- E-commerce. It refers to the transmissions of data necessary to process the transactions of payments of the services and / or products required, always in a secure environment (your information will not be sold, exchanged, transferred or delivered to any other company for any reason, without your consent, other than for the express purpose of providing the requested service). It is necessary for contracting services.
- Advertising and commercial research. Sending newsletters about our services and news. We use software to send and manage these newsletters. The use for our own promotion, of images or videos where the User can be recognized. To receive this type of information or to authorize its use, you must expressly request it.
- Statistical purposes. Own elaboration of sales statistics of products and / or services.
Conservation criteria: the personal data provided will be kept for the mandatory time according to applicable legal provisions. Once said period has elapsed, as long as the deletion is not requested by the interested party, we shall keep the same for legitimate purposes of a statistical, historical or scientific nature.
Any of the pieces of information that we collect from you anonymously during navigation may be used for one or more of the following purposes:
- To improve our Website, its navigation and usability. For this we use software that evaluates anonymously the interaction of users with our websites.
- Statistical purposes. It has the purpose both of the analysis and the realization of statistics to know the traffic and use of the Website by the Users, as well as to evaluate the web structure, the origin of the visits (never individually and / or identifiable) and the effectiveness of marketing and promotion campaigns.
Conservation criteria: the usability data is eliminated once evaluated and the rest of the data will be kept for legitimate purposes of a statistical, historical or scientific nature.
SECTION 4 - LEGITIMATION
The legal basis for the treatment of your data is the execution and fulfillment of a package travel contract according to the general terms and conditions of sale that appear on our website, and the particular conditions of each product and / or service; or for the execution of pre-contractual obligations.
The communication of personal data is a legal or contractual requirement necessary to subscribe the aforementioned contract, the interested party is informed that he/she is obliged to provide personal data, and also that the consequences of not doing so may mean the non-provision of the requested service / product.
Certain treatment activities need your unequivocal consent.
- The sending of "advertising and commercial research" is based on the consent that is requested before finalizing the contracting of our services, without under any circumstances the withdrawal of this consent will condition the execution of the subscribed contract. You can also request the sending of this type of information through our website.
- The use of "images or videos in which the User appears and can be recognized" for own commercial and / or advertising purposes is based on the consent that is requested before finalizing the contracting of our services, without under any circumstances the withdrawal of this consent will condition the execution of the subscribed contract.
SECTION 5 - RECIPIENTS
VE does not sell, exchange or transfer personal data to third parties. This does not include third parties or reliable subcontractors that help us manage our Website, conduct our business or provide service.
Such trusted third parties may have access to personal data for information needs, and shall be contractually bound to maintain the confidentiality of the information.
SECTION 5.1 - COMMUNICATION OF DATA
- Tax Office. In compliance with tax regulations.
- Banks. For the procedures and collections.
- Consultants and Advisors. Support for the management of tax and legal obligations.
- Providers of contracted services and / or products. Necessary for making reservations and the execution of the product and / or service contracted.
SECTION 5.2 - TRUSTED SUBCONTRACTORS / THIRD PARTIES
VE contracts its virtual infrastructure of servers that allows us to promote and sell our products and services to the User. We use the services of Linode LLC, based in the USA, which complies with the GDPR, the HIPAA and PCI DSS security standards and is under the EU-US Privacy Shield agreement. More information here.
Our websites are stored in secure servers located in USA, but our customers and providers databases are stored in servers located in Europe, to comply with RGPD regulations regarding data protection.
Our online store payments are processed through Stripe, that complies with the GDPR and is under the EU-US Privacy Shield agreement. More information here.
Nos proporcionan la plataforma de comercio electrónico en línea que nos permite vender nuestros productos y servicios a usted.
If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card details. It is encrypted through the Standard Payment Card Industry Data Security (PCI-DSS). Your purchase transaction data is stored only to the extent necessary to complete the purchase transaction. After it is completed, the information on your purchase transaction is deleted.
All direct payment gateways adhere to PCI-DSS standards as indicated by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard, American Express and Discover.
The PCI-DSS requirements help ensure the safe handling of credit card information from stores and their service providers.
We also use the services of Google, Google LLC and affiliates under the EU-US Privacy Shield agreement. - Check here more information about their management of the privacy. As well as services from Zoho Corporation also under the EU-US Privacy Shield agreement, check here more information about their management of the privacy. And the ones from The Rocket Science Group LLC d/b/a MailChimp also under the EU-US Privacy Shield agreement, check here more information about their management of the privacy.
SECTION 5.3 - REVELATION
We may disclose your personal information if required by law, to enforce the policies of our site, or to protect our (or others') rights, our property or our security.
SECTION 5.4 - OTHER INFORMATION ON THIRD PARTY SERVICES
In general, third-party providers used by us will only collect, use and disclose your information when it's necessary to enable them to perform the services provided to us.
However, some third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide them for transactions related to purchases.
For these providers, we encourage you to read the privacy policies (section 5.2) so that you can understand how your personal information will be handled.
In particular, remember that some providers may be located or have facilities that are in a jurisdiction other than yours or ours. So if you want to proceed with a transaction that involves the services of a supplier to third parties, your information may be subject to the laws of the jurisdiction (jurisdictions) in which the service provider or its facilities are located.
As an example, if you are in Canada and your transaction is processed by a payment gateway based in the United States, then your personal information used to complete the transaction may be subject to disclosure under US law, including The Patriot Act.
SECTION 6 - RIGHTS
The interested party may exercise the following rights:
- Right to request access to your personal data, and obtain information about whether we are treating personal data that concerns you or not. Being able to request a full copy of the data at any time
- Right to request the Rectification of your inaccurate data, or in its case, request its Suppression when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
- Right to request the Limitation of the Processing of your Data, in which case we will only keep it for the execution or defense of claims.
- Right to request the Opposition to the Processing of your Data, in certain circumstances and based on reasons related to your particular situation.
- Right to the Portability of your Data.
- Right to Withdraw the Consent Rendered, without this withdrawal affecting the legality of the previous treatments based on such consent.
- Right to Claim to the Competent Data Protection Control Authority through its website: www.agpd.es.
You can direct your communications and exercise your rights at the email address firstname.lastname@example.org, or by ordinary mail addressed to:
- Premium Plans SL (Verdant Experiences) - Ref. GDPR - C / Bedoya 27 Bajo - 32004 Ourense (Spain).
To exercise these rights you must prove your identity by sending a photocopy of your National Identity Document / Passport or any other document legally valid in the Law.
SECTION 7 - ORIGIN OF THE DATA
The personal data we treat in VE come directly from the User, obtained through any of the following means: registration forms located on our website, web chat, email, telephone, business whatsapp or printed forms.
The categories of data that are treated are:
- Identification data (name and surname, ID / passport)
- Postal and / or email
Specially protected data is not processed.
The rest of the data comes from the user's browsing when the cookies are accepted, in the case of anonymous data for statistical purposes.
SECTION 8 - SAFETY MEASURES
VE maintains the levels of security of personal data protection in accordance with the GDPR and has established all the technical means at its disposal to prevent loss, misuse, alteration, unauthorized access and theft of the data that the User provides through the website, without prejudice to inform him that the security measures on the Internet are not impregnable.
VE undertakes to comply with the duty of secrecy and confidentiality with respect to the personal data contained in the automated file in accordance with the applicable law, as well as to confer a safe treatment on the assignments that may occur.
If you provide us with your credit card information that information is processed directly by Stripe, our payment gateway provider, which follows all the industry standard of PCI-DSS requirements. Stripe only provides us with confirmation of the payment authorization, the card model and the last 4 digits of the card to allow you to identify with which card you made the payment.
Personal data is not stored permanently outside the VE cloud platforms. Physical security is maintained by VE subcontractors (review section 5). Linode data centers comply with industry standards such as ISO 27001 for physical security and availability; for example, using 24-hour security personnel, two-factor access control through card readers and biometrics, barriers, fences, security cameras and other measures.
To ensure integrity, all data transits are encrypted to align with best practices to protect the confidentiality and integrity of data.
All staff is subject to full confidentiality and any subcontractor and subprocessor must sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.
Each time authorized personnel access personal data, access is only possible through an encrypted connection.
Personal data is never stored on mobile devices such as USB and DVD drives.
VE will keep you informed at all times about changes in processes to protect the privacy and security of your data, including practices and policies. At any time you can request information about where and how data is stored, protected and used.
All access to personal data is blocked by default, using a "zero privileges" policy. Access to personal data is restricted to individually authorized personnel
Ability to intervene
VE enables your rights of access, rectification, deletion, blocking by informing and offer the client the opportunity to object when VE plans to implement changes in relevant practices and policies.
VE uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including access to the system, are recorded to provide an audit trail if unauthorized or accidental changes are made.
Location of personal data
All data is stored in databases and repositories of files hosted in data centers of Linode, the provider of VE servers, located in the United States, the United Kingdom and Germany.
Periodic backups are made to the databases to allow the restoration of the data in case of loss.
SECTION 8.1 - NOTICE OF PERSONAL DATA VIOLATION
In the event that your data is compromised, VE will notify you and the competent supervisory authorities within 72 hours by email with information about the extent of the violation, the affected data, any impact on the service and the VE action plan with the measures to protect the data and limit any possible negative effect on the interested parties.
The "breach of personal data" refers to a security breach that leads to the destruction, loss, alteration, unauthorized disclosure or access, accidental or illegal, to the personal data transmitted, stored or processed related to the provision of the Service .
SECTION 9 - AGE OF CONSENT
By using this site, you declare that you are at least the legal majority in your state or province of residence, or that you are the legal majority in your state or province of residence and that you have given us your consent to allow any of your dependents Minors use this site.
SECTION 10 - COMPULSORY OR OPTIONAL CHARACTER OF INFORMATION PROVIDED BY THE USER AND DATA ACCURACY
The User guarantees that the personal data provided is truthful and is responsible for communicating to VE any modification of the same. The User will be responsible, in any case, for the veracity of the data provided, and VE reserves the right to exclude from the registered services any User who provided false information, without prejudice to other actions that proceed in Law. It is recommended to have the maximum diligence in Data Protection through the use of security tools, and VE can not be held responsible for subtractions, modifications or loss of illegal data.
SECTION 11 - CHANGES
SECTION 12 - ACCEPTANCE AND CONSENT
SECTION 13 - LAST REVIEW AND VALIDITY PERIOD
Cookies policy for the Premium Plans SL Sole Proprietorship website.
1. What are cookies?
Cookies are small data files that are downloaded and stored in the terminal (computer / smartphone / tablet or any other device) of the user when accessing a particular Website. This allows the Website to remember browsing preferences and navigate efficiently, making the interaction between the user and the website faster and easier.
The information collected by cookies is anonymous and does not contain any sensitive information (such as name, address and banking details).
2. What are cookies used for?
3. Type of cookies
Below we offer information about the types of cookies we use and their purpose:
According to the timeframe we can classify cookies as:
- Session cookies: These are a type of cookies designed to gather and store data while the user accesses a webpage. These cookies are stored on the terminal until the user’s browsing session finalises.
- Temporary cookies: These type of cookies store data even after the User has left the site. These type of cookies are used, for example, to store and remember the preferences of the user’s navigation. The temporary cookies expire once their get their objective or when they are disabled manually.
- Persistent cookies: These are a type of cookies in which data continue to be stored on the terminal and can be accessed and treated for a definite period by the entity responsible for the cookie, and this can last from some minutes to several years.
According to their aim we can classify cookies as:
- Own cookies: These are the ones that are sent to the user’s terminal from www.verdantexperiences.com.
- Third party cookies: These are cookies which are sent to the user’s terminal from equipment or a domain which is not managed by Premium Plans SL, but by another entity which treats the data obtained through the cookies. As these are third parties which proceed with implementing the cookies, blocking and uninstalling the cookies is regulated by the third party’s specific conditions and mechanisms.
- Analytical cookies: These cookies allow us to quantify the number of users and also perform measurements and statistical analyses on our users’ use of our website. To do so, the browsing on our website is analysed with the goal of improving it.
- Behavioural publicity cookies: These cookies store information of the users’ behaviour obtained through continued observation. Thanks to these, we can know the internet browsing habits and show you publicity related with your browsing profile.
4. Cookie Management
You can allow, block or disable cookies installed on your computer through the options settings of your internet browser. In case you block them, it is possible that certain services that need their usage are not available for you on www.verdantexperiences.com
On the following links you have all the information available to configure or deactivate your cookies on your browser:
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: https://support.apple.com/kb/PH19214
Premium Plans SL can modify this Cookies Policy according to the regulatory or legislative requirements, or with the aim to adapt this policy to the instructions issued from the Spanish Data Protection Agency.
In case significant changes are made on this cookies Privacy, we will communicate it to the users through a message on the websites managed by Premium Plans SL.
ACCEPTANCE OF COOKIES
We inform you that in the case of blocking or not accepting the installation of cookies, it is possible that certain services are not available without the use of these or that you can not access certain services nor take full advantage of everything this Website offers you .