Privacy Policy
1. USER INFORMATION
Who is responsible for processing your personal data?
CLICK ON LINE RESERVATIONS SYSTEM, S.A. is the CONTROLLER of the processing of the USER’s personal data and informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of April 27 (GDPR) and Organic Law 3/2018 of December 5 (LOPDGDD).
For what purpose do we process your personal data and why do we do it?
Depending on the form where we have obtained your personal data, we will process them confidentially to achieve the following purposes:
In the Contact form:
To respond to inquiries or any type of request made by the user through any of the contact forms made available on the website of the controller.
(for the legitimate interest of the controller, art. 6.1.f GDPR)
To carry out statistical analyses and market studies.
(for the legitimate interest of the controller, art. 6.1.f GDPR)
How long will we keep your personal data?
They will be kept for no longer than necessary to maintain the purpose of the processing or there are legal prescriptions that dictate their custody and when it is no longer necessary for this, they will be deleted with appropriate security measures to ensure the anonymization of the data or the total destruction of the same.
To whom do we provide your personal data?
No communication of personal data to third parties is foreseen except, if necessary for the development and execution of the purposes of the processing, to our service providers related to communications, with whom the CONTROLLER has signed the confidentiality and data processor contracts required by the current privacy regulations.
What are your rights?
The rights that assist the USER are:
The right to withdraw consent at any time.
The right of access, rectification, portability, and deletion of your data, and the limitation or opposition to its processing.
The right to file a complaint with the supervisory authority (www.aepd.es) if you consider that the processing does not comply with current regulations.
Contact details to exercise your rights:
CLICK ON LINE RESERVATIONS SYSTEM, S.A., AV DE LA VICTORIA, 126 – 28023 MADRID (Madrid). E-mail: click@clickonline.es
2. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER
Users, by marking the corresponding boxes and entering data in the fields, marked with an asterisk (*) in the contact form or presented in download forms, expressly and freely and unequivocally accept that their data are necessary to attend to their request, by the provider, being voluntary the inclusion of data in the remaining fields. The USER guarantees that the personal data provided to the CONTROLLER are true and is responsible for communicating any modification of the same.
The CONTROLLER informs that all the data requested through the website are mandatory, as they are necessary for the provision of an optimal service to the USER. In case all the data are not provided, it is not guaranteed that the information and services provided will be completely adjusted to your needs.
3. SECURITY MEASURES
In accordance with the provisions of the current regulations on personal data protection, the CONTROLLER is complying with all the provisions of the GDPR and LOPDGDD regulations for the processing of personal data under its responsibility, and manifestly with the principles described in Article 5 of the GDPR, by which they are processed in a lawful, fair, and transparent manner in relation to the data subject and adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The CONTROLLER guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD to protect the rights and freedoms of the USERS and has communicated the appropriate information to them so that they can exercise them.
For more information on privacy guarantees, you can contact the CONTROLLER through CLICK ON LINE RESERVATIONS SYSTEM, S.A., AV DE LA VICTORIA, 126 – 28023 MADRID (Madrid). E-mail: click@clickonline.es
4. ACCESS TO DATA ON BEHALF OF THE AGENCY/TRAVEL AGENTS
If the travel agent or agency (hereinafter, the CLIENT) provides personal data of a personal nature to request our services, CLICK ON LINE will act as data processor of the CLIENT in accordance with art. 28 of the General Data Protection Regulation, with the CLIENT being responsible for the treatment. In such case, the following stipulations regulate the access that CLICK ON LINE makes to the personal data under the responsibility of the CLIENT:
Access and processing of data by CLICK ON LINE will be carried out in accordance with the instructions provided by the CLIENT, without being able to use the data for a purpose related to the contracted services. Only the data and categories of interested parties whose processing is essential for the provision of services will be affected by this assignment.
CLICK ON LINE will maintain the duty of secrecy regarding the data provided in the provision of the service, even after the completion of the order. It also expressly assumes the obligation to have a commitment to confidentiality, expressly and in writing, by the personnel who carry out the treatments, and this obligation must be documented and available to the CLIENT.
The CLIENT authorizes CLICK ON LINE to subcontract services related to the service provided with third parties, which will be subject to complying with the same security measures expressed here. CLICK ON LINE expressly assumes the obligation to implement the necessary security measures established in article 32 of the RGPD, in accordance with the purposes of the treatment, applying the appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.
CLICK ON LINE will carry out an analysis of the possible risks derived from the treatment to determine the appropriate security measures to guarantee the security of the information processed and the rights of the interested parties. Specifically, it guarantees that the necessary data protection measures will be implemented, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing. Among other measures, the following will be applied: i) pseudonymization and encryption of personal data (when applicable); ii) ensure the ongoing confidentiality, integrity, availability and resilience of treatment systems and services; iii) restore availability and access to data quickly in the event of a physical or technical incident; iv) regular verification, evaluation and assessment procedures of the effectiveness of technical and organizational measures to ensure the security of processing.
CLICK ON LINE must notify the security violations of which it is aware, without undue delay and within a maximum of 24 hours, to the contracting entity for its knowledge and application of measures to remedy and mitigate the effects caused.
CLICK ON LINE will make available to the contracting entity all the information necessary to demonstrate its compliance with data protection regulations, including inspections or audits by it, or another auditor authorized by it.
CLICK ON LINE has the obligation, immediately, to communicate to the contracting entity the information it has received from any affected person in relation to the exercise of the rights of access, rectification, deletion and opposition, limitation of processing, data portability and not to be subject to individualized automated decisions.
Once the provision of services has been completed, CLICK ON LINE will delete the personal data communicated, although it may keep them, duly blocked, as long as responsibilities may arise from the execution of the provision. The order will remain in force as long as the commercial relationship for the provision of services is maintained.