DATA CONTROLLER
In compliance with the provisions of the General Data Protection Regulation (EU) 2016/679 and Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter “LOPDGDD”), as well as Law 34/2002 of July 11, on Information Society Services and Electronic Commerce, and other applicable regulations, we inform you that the Data Controller of the personal data processed on the Website is:
At the Company, we are committed to keeping the information you provide us with the strictest confidentiality, preventing unauthorized access, information manipulation, and loss, destruction, or theft of information. To this end, we will apply the security measures established by the applicable regulations and all those permitted by our resources and modern technology. Please note that, in many cases, it is essential to provide the requested information to benefit from our website’s services.
PURPOSE
This Privacy Policy aims to inform you about how we process your personal data. If you do not agree with the terms contained in this Policy and do not accept them during your consultation or request process, you will not be able to continue using the website. If you have any questions regarding the content, you may contact us via the email address provided above.
SCOPE OF THE PRIVACY POLICY
This Policy applies to all Users who use the services of our website, regardless of the place and time of access.
DATA WE COLLECT
On the website, we may request basic information through our contact form, such as your name, email address, phone number, country, and subject. In any case, at the time of data collection, we will inform you about the data controller, the purpose of processing, the recipients of the information, and how to exercise your rights under current data protection legislation.
The categories of data we may process include:
Contact Data: When you contact us, we collect your contact details, which may include your name, postal addresses, phone numbers, and email addresses, as well as details of your social media profiles (for example, we obtain your Facebook ID if you contact us via Facebook).
Purchase Data: When you make a booking, we collect purchase or booking details, which may include:
Payment Data: We offer common online payment methods, such as credit cards, and others that may be developed.
Website Usage Data: When you interact with our website, we collect information about your interests, additional information downloads, access via links, detected usability issues, and, if authorized, your location. The use of this information is regulated in our Cookie Policy.
Geolocation Data: We collect location data derived from your device’s IP address, only at the locality level. This address cannot be used to identify your internet connection or device. We use this geolocation system to detect fraud and/or suspicious bookings.
Our services may include social media plugins that allow sharing content or recommending products. By enabling these plugins, your browser establishes a direct connection with the social network’s web servers. Currently, we use Facebook’s messaging service (WhatsApp Business Enterprise) and plugins from Facebook and Instagram, but others may be included.
These social networks have their own privacy policies explaining how they use and share your personal information. We recommend reviewing their privacy policies before using them.
MINORS
The services offered on this website are intended for the general public. Data processing of minors under 14 years old is only lawful with authorization from the holder of parental authority or guardianship. The Company may request additional identification documents before, during, and after registration.
PURPOSE OF DATA PROCESSING
The purposes for which we collect or automatically process data, depending on the channel through which users have provided personal data, are as follows:
| Purpose | Legal Basis | Retention Period |
|---|---|---|
| Proper management of the website and user security | Legitimate interest | Indefinite |
| Verification of data accuracy in certain cases | Legitimate interest | While a contractual relationship exists |
| Cookies for proper navigation and, if authorized, preferences-based orientation (see Cookie Policy) | Legitimate interest (functional), Consent (marketing & statistics) | Preference cookies remain until settings change |
| Responding to inquiries and requests through the contact form | Consent | Until consent is withdrawn |
| Exercising data protection rights | Contract execution | As long as legally required |
| Fraud prevention in case of inconsistencies in contracts | Contract execution | As long as legally required |
| Marketing activities, promotions, and events | Consent | Until unsubscribed |
| Managing service payments, billing, and documentation | Contract execution | As long as legally required |
| Managing complementary travel services such as insurance and visas | Contract execution | As long as legally required |
| Collaboration with public entities (e.g., tax authorities, courts) | Legal obligations | As long as legally required |
DATA SHARING
In some cases, we may need to share your information with third parties, such as partner companies (hotels, transport companies, financial services, etc.), when you contract services requiring such communication. These companies only access the necessary information to provide the contracted services, and we require them to maintain confidentiality.
Additionally, we have service providers offering IT, security, financial, and auditing services. They only access the necessary information for their services and are obligated to confidentiality.
We ensure that data shared with providers and authorities comply with data protection regulations.
INTERNATIONAL DATA TRANSFER
For service efficiency, we may share data with service providers outside the European Economic Area. Specifically, we conduct international data transfers to Cuba, a country without EU-recognized data protection. In such cases, we implement adequate contractual safeguards.
For more information, you may contact legal@umbraconsulting.es.
USER RIGHTS
You can exercise your rights by sending a request via email, accompanied by identification. The response period is one month from the request date. Your rights include:
SECURITY MEASURES
We apply appropriate technical and organizational security measures to protect your personal data. However, since the internet is not a completely secure environment, we encourage you to report any security concerns to us.
POLICY MODIFICATIONS
We may update this Privacy Policy. Users should review it periodically.
APPLICABLE LAW AND JURISDICTION
This Policy and website use are governed by Spanish law. Any disputes will be resolved in the courts of the user’s jurisdiction.
Register and receive our offers, discounts and promotions at every time of the year.
