Privacy Policy

 

This document regulates the rules relating to the Privacy Policy under which Combi-Tours, S.L. as Data Controller (hereinafter, "the Controller") will process the personal data of its clients (whether or not they have purchased its services) and suppliers or third parties, provided by them during their access to the website https://www.natturuwilderness.com, during their registration process or provided by any other legally valid means. If you expressly agree to the transfer of your data to the Controller, regardless of the means by which you do so, provided that your consent is express, you will freely, fully, specifically, and unequivocally give your consent for the Controller to process your personal data, in accordance with the General Data Protection Regulation (GDPR) of the European Parliament and of the Council 679/2016 of April 27 (hereinafter "GDPR") and Organic Law 3/2018 of December 5 on Data Protection and Guarantee of Digital Rights.
Website content

Data collection

The Controller may collect data from its clients, suppliers, and other third parties (hereinafter collectively referred to as "the data subject" or "the data subjects") on its website when they access the website and register or request its services through the contact link.

The data subject must enter all the data requested by the Platform at any time (especially those marked with an asterisk). Failure to do so will prevent the user registration or the use of certain features or services available through the Platform.

Data from data subjects will also be collected when the data subject has provided it to the Controller by other means, within the normal course of a commercial or professional activity.

Furthermore, the data subject shall guarantee that the Personal Data provided is true and accurate and shall notify any changes or modifications thereto through the appropriate channel.

If the data subject provides data from third parties, they shall assume the responsibility of having previously informed them and having obtained their consent to do so, in accordance with Article 14 of the GDPR.

Category of data collected

The Controller may process the following personal data of the user:

Identification data: name and surname, NIF (Tax Identification Number).
Contact information: telephone number, email address, and postal address.
Company you work for
Curriculum vitae
Data recipients

Your data will be accessed by those suppliers who provide services to the Controller related to the service it provides to the data subject, or vice versa. The Controller will maintain the corresponding data processing contracts with each of the suppliers that provide services to it in order to ensure that said suppliers process your data in accordance with current legislation.

Personal data may also be transferred to the competent authorities whenever there is a legal obligation.

Likewise, they may be communicated to financial institutions through which collection and payment management is carried out.

They may also be transferred to third-party companies related to the Controller's activity, for the purpose of sending the user commercial information that may be of interest to them, always connected with the Controller's business and provided the user has expressly agreed to it.

Purpose of processing

The Controller will process personal data for the purposes set out below, depending on the reason for which it was provided:

To provide the contracted services, maintain the contractual relationship, and monitor it.
To contact, process, manage, and respond to the user's request, application, incident, or query (whether via email, contact form, or telephone).
To manage, where applicable, the user's participation in the private customer area.
To manage, where applicable, the sending of commercial communications about products and services marketed by the Controller by electronic and/or conventional means.
To create, where applicable, a user profile to offer the user products and services related to the Controller according to their interests.
To assess and manage, where applicable, the resume provided by the user for selection processes that suit their professional profile and carry out the necessary actions for the selection and hiring of personnel.
Manage the user's membership, and/or the company to which they belong, in order to provide the Association's services.
Based on the above and depending on the user category, the Controller may use the data for the following purposes:

Clients

Preparation of quotes

Billing

Sending commercial communications

Updates

Service Terms Updates

Regular communication within the contracted service provision

Creating a professional profile for the service offering

Suppliers

Billing

Sending commercial communications

Service Terms Updates

Regular communication within the contracted service provision

Social Media Contacts

Creating a community of followers

Managing friend requests

Sending commercial information

Creating a professional profile for the service offering

Service Terms Updates

Job Seekers

Assessment of the data included in the resume to analyze its suitability for the Controller's needs

Sending relevant information related to the job sought within the organization

If the user expressly agrees, the data may be transferred to collaborating or related companies for the purpose of helping the user find employment.

Creating a professional profile

Legitimacy for Data Collection and Processing

The legal basis for the collection and processing of user data is, on the one hand, the imperative obligation to be able to provide the contracted services and, on the other, the express consent granted by the user for their collection and processing.

Duration of Data Processing and Retention

Data for managing the customer relationship and billing and collection of payments for services will be retained for the duration of the contract. Once this relationship has ended, if applicable, the data may be retained for the period required by applicable law and until any liabilities arising from the contract expire.

Data for managing inquiries and requests will be retained for the time necessary to respond to them, with a maximum period of one year.

Data for sending commercial communications and creating commercial profiles of our products or services will be retained as long as the commercial relationship with the user is maintained and they do not withdraw their consent.

Curriculum vitae data for selection processes will be retained for two years.

For information purposes, the legal retention periods for information related to various matters are listed below:

TYPE OF DOCUMENT TERM REF. LEGAL
Employment-related or social security documentation 4 years Article 21 of Royal Legislative Decree 5/2000, of August 4, approving the revised text of the Law on Infractions and Sanctions in the Social Order
Accounting and tax documentation for commercial purposes 6 years Art. 30 of the Commercial Code
Accounting and tax documentation for tax purposes 4 years Articles 66 to 70 of the General Tax Law
Access control to buildings 1 month Instruction 1/1996 of the AEPD
Video surveillance 1 month Guide of November 26, 2018 of the AEPD Organic Law 4/1997. Law 5/2014 of April 4, on Private Security
User Rights

Any user who provides their personal data to the Controller may exercise the following rights:

Access, rectification, objection, erasure, portability, and restriction of processing, as well as the right to reject the automated processing of personal data collected by the Controller.

In addition, every user has the right to withdraw any consent they may have granted at any time.

These rights may be exercised free of charge by the user by referring to the request specified in the application through the contact information provided in the Legal Notice link.

The user has the right to revoke their consent at any time for the sending of commercial communications by simply notifying the Controller and informing them that they no longer wish to receive commercial communications. To do so, the user may revoke their consent by referring to their request through the contact information provided in the Legal Notice or by clicking the "No more commercial communications" link.

The user has the right to file a complaint with the Spanish Data Protection Agency if they believe that the Controller has committed any type of violation in the processing of their data.

Minors

The Controller will not, under any circumstances, collect data from minors except in cases where permitted by law. Given the difficulty of verifying the age of users, the holders of parental authority or guardianship of minors under 14 years of age must establish control measures on the devices to which minors may have access, to prevent them from improperly sharing their data.

If the Controller becomes aware at any time that a minor has accessed its platform and their data is being processed without the authorization of their legal representatives, it will immediately terminate said user.

Social Media

The Controller has corporate profiles on certain social media platforms such as Instagram, Facebook, Google, or LinkedIn, and may have other profiles in the future on other social media platforms, whether currently existing or yet to be created.

In this way, the User may be linked to the Controller not only through the direct and explicit transfer of their data, but also by following the Controller or by the Controller following the User. The User's "like" or "like" of the Controller's post, etc., will imply acceptance of the Website's Terms and Conditions.

The Controller may post news and information about its services in accordance with the terms of the platforms used. Therefore, the User may receive communications about them through the means activated on the platform (whether on the wall, through pop-up ads, etc.). The Controller shall not be liable for the User's social media settings.

If the Controller uses WhatsApp Business at any time, it may respond to questions the User may have.

Security Measures

The Controller undertakes to comply with its commitment to the confidentiality of personal data and its duty to store them, treating the user's personal data confidentially, adopting the necessary technical and organizational measures to guarantee data security and prevent its alteration, loss, unauthorized processing, or access, taking into account the state of technology, the nature of the data stored, and the risks to which it is exposed.

Data Protection Officer

The Data Protection Officer is Elies Colomer. You can contact him with any questions or complaints by emailing info@natturuwilderness.com.

Changes to the Privacy Policy

The Controller may modify its Privacy Policy in accordance with applicable law at any time. In any case, any modification to the Privacy Policy will be duly notified to the user so that they are informed of the changes made to the processing of their personal data and, if required by applicable regulations, they can give their consent.

 

 

Necesitamos su consentimiento para cargar las traducciones

Utilizamos un servicio de terceros para traducir el contenido del sitio web que puede recopilar datos sobre su actividad. Por favor revise los detalles en la política de privacidad y acepte el servicio para ver las traducciones.