Data Protection Policy
Accessing and using this website you are agreeing explicitly to the collection and handling of your data regarding this policy, albeit in a revocable way, without retroactive effects. Your access to this websites is, consequently, subordinated to this policy, as well as all the regulations applicable that are referred in this document and in the Legal Disclaimer.
As a law generally applicable throughout the European Union, providing personal data of minors under 16 without their parents or legal tutors consent is strictly forbidden.
DATA HANDLING RESPONSIBLE.
Identity: Viajes In Out Travel S.L. (In-Out Travel hereafter)
Address: 53 Cristobal Bordiú Street, 28003, Madrid
Phone number: 913263120
WHY ARE WE COLLECTING YOUR PERSONAL DATA?
In agreement to what’s prescribed in the current regulations, “Reglamento (UE) 2016/679”, of the European Parliament and Council, of April 27th 2016, related to the protection of physical persons regarding the collection and handling of their personal data and the free circulation of such data (“RGPD” hereafter), In-Out Travel informs you that all the personal data that you provide during our business and contractual relationship, will be collected and handled with the following purposes: (i) adequately managing the relationship, both administrative, economic and commercial; (ii) taking care of queries and requests; (iii) quality control of our products and services; (iv) sending personal messages and presents to our clients; (v) opinion polling with statistic purposes, to inform periodically about novelties, products and services by both electronic and traditional media; (vi) complying with regulations regarding money laundering prevention and terrorism funding.
¿How do we collect your data?
We always collect your personal data with your explicit consent through different means as:
- When you contact directly with In-Out Travel, for example thorough its website or through different costumer service phone lines, in order to request information about our products and services.
- When you request information or buy through In-Out Travel a product or service.
- When you participate in our marketing campaigns, online or offline, events, showcases, promotions, draws.
The different data collection forms in our website may have different purposes that we explain here:
- Phone Requests: your contact information will be handled in order to manage the information requested by yourself.
- Handling of the information provided by you while web browsing: we use it to adequate our offers to your particular profile, preferences and needs, based on the personal and commercial information in our records, gathered throughout your usage of our website, allowing a personalised browsing.
- Commercial purposes: in case you explicitly authorize us, your data will be handled to send you information and ads, even through online media, about offers, products, tips, services, promos, gifts and affinity campaigns, regarding In-Out Travel products and services.
- Exercising your rights: we handle your data in order to manage your requests to exercise your data protection rights.
You will be able to retire your consent at any time. However, even if you retire your consent it is still possible that we maintain the right or obligation under the law applicable, to collect, use, transfer or communicate your personal information. Additionally, we inform you of our possible keeping of certain information with record maintenance purposes and/or to complete any transaction started before your request for a change or deletion.
We inform you that consent given by you have a completely revocable character. Such revocation can be done at any time, by sending an email, as stated at the beginning of the present document, or directly revoking it in the following communications that we will send you. Additionally we inform you that such revocation has no retroactive effects, being implemented from the moment of its issue.
DATA KEEPING PERIOD:
We inform you that we will keep your personal information for the necessary period of time in order to comply with the purposes described in the present document, unless a longer period is allowed or required.
The personal data provided during the business relationship will be kept for two years after the date of your last consent, as long you don’t retire such consent, or you oppose the handling of your data or request its deletion.
The personal data provided during the contractual relationship will be kept for five years, in order to attend possible queries or claims, in the period stablished by binding regulations, as well as warranty and tax regulations, for duration of it, or as long as you don’t oppose the handling or request the deletion.
The handling of your data regarding the purposes formerly described is allowed by the RGPD (General Regulations for Data Protection) in agreement with the following legal principles:
The legal base to attend the business relationship is the legitimation through explicit consent by the user; you have authorized, through an automatic data collection from and/or paper, your explicit consent to the treatment of your data for certain purposes. You can revoke such consent at any moment.
The legal base to attend the contractual relationship is the legitimacy by execution of a contract signed by yourself.
Additionally, in some cases will be necessary the handling in order to comply with the corresponding legal obligations.
In both cases, in order to be able to answer and correctly manage your application, the applicant is legally bound to provide his information, and his application left unanswered otherwise.
The further handling with commercial purposes is allowed with the consent requested in each personal data collection procedure, in which case the retirement of the consent won’t affect the execution of the relationship with In-Out Travel.
Your data won’t be transferred to third parties unless such entities needed and essential to answer your request, such as retail travel agencies, wholesale travel agents, hospitality services, transport services, airport management, vehicle rental, insurance companies (travel insurance).
During the data collection process, and in each place of the website where such data are requested, you will be informed, through the inclusion of the relevant mentions in the data collection form itself, of whether the collection of such data is obligatory or not, to inform you about the product or service selected, as well as the consequences of refusing to provide them, except when making an order, in which case In-Out Travel informs you hereafter that it will not be considered of voluntary nature, making its inclusion necessary to formalize the provision of the services, providing data related to the identity and contact information, being this data necessary for the formalization and provision of the service requested by yourself.
You assure that the personal data provided through the different data request and sign up forms are truthful, and commit to inform about any change or update. Additionally, you assure that all the information provided corresponds to you real status, is updated and accurate.
We inform you that your data will not be transferred to entities outside the European Economic Space without your explicit consent, except in cases in which a mandatory norm allow such communication, in which cases we will inform you, as long as it is possible, of the purposes of such communication.
What are your rights when providing your data?
- You have the right to access your personal data, as well as request the correction of inaccurate data, or the deletion when, among other motives, the data is not necessary anymore for the purposes which they were collected for.
- In certain circumstances, you can request the limitation in the handling of your data, in which case we will keep them for the exercise or defence of claims.
- In certain circumstances and for reasons related to your particular status, you will be able to oppose the handling of your data. In-Out Travel will stop handling your data, except for legitimate, imperative motives, or the exercise or defence of possible claims.
- The right to make a claim to the Regulatory Authority (AEPD, Spanish Agency for Data Protection) if you consider that the handling of your data does not comply with the RGPD.
- The right to the portability of your personal data.
- The right to make a claim to the Regulatory Authority (AEPD, Spanish Agency for Data Protection) for the eventual breach of regulations related to data protection, information can be found in this link: http://www.agpd.es/portalwebAGPD/index-ides-idphp.php.
- The form can be submitted by email to the In-Out Travel’s Delegate in Data Protection, at firstname.lastname@example.org
- In order to exert your rights, you need to proof your identity by sending a copy of your ID Card or other document legally accepted as proof of identity as a Passport.
The exercise of your rights is limited by certain exceptions due to public interest, for instance crime prevention and detection. Also by our own interests, such as maintaining the confidentiality of your legal advice. If you exercise any of these rights, we will make sure you are qualified, and we will answer you in a month (as established by the RGPD), or in the longest term allowed by the Spanish regulations, in case this were shorter.
PERSONAL DATA CONFIDENTIALITY AND SECURITY
With the goal of safeguarding the security of your personal data, we inform your that we have adopted all technical and organizational measures necessary to guarantee the security of your provided personal data, in order to prevent its alteration, lose, undue use, disclosure and unauthorized access or handling, as required by the regulations in personal data protection. In this sense, In-Out Travel guarantees the custody of handled data, to which end will adopt the necessary measures, always in accord with the latest technical advances.
Our security measures are continuously updated in accordance with the technical development and the data protection regulations.
Even though it is impossible to fully guarantee absolute protection against intrusion during data transmission through the internet or from a website, we, as well as our subcontractors and partners devote the maximum energy to maintain physical, electronic and procedural protection measures, to ensure data protection in accordance to the legal requirements applicable in this matter. Among the measures that we apply are:
- Limiting the access to your data to those member of the staff who need to handle them to carry out their tasks.
- As a general rule transmitting all data gathered in cyphered format.
- Sensitive data (such as credit card numbers) is stored in cyphered format only.
- Installing perimeter protection systems in IT systems (firewalls) to bar unauthorized access, such as hackers, and
- Regularly monitoring the access to the IT systems to detect and stop any misuse of personal data.
In those cases in which we facilitate (or you choose) a password in order to access certain areas of our websites or any other portal, application or service under our control, you are held responsible to keep it secret and follow all the necessary security guidelines that we will provide you. You must never share your password with anyone.
In-Our travel uses the so called Social Plugins of social networks such as Facebook, Twitter and Google+.
Social Plugins in our Website are always de-activated by default, this is, they are not active and will not send data to our social networks unless activated by the user. In order to use the Social Plugins you have to activate them by clicking on them. The purpose and goal of the data collection in social networks, your rights and options available for the protection of your personal data, are described in the corresponding data protection disclaimers each social network has.
IP ADDRESS HANDLING.
With technical security and system diagnosis purposes, in an anonymous or aggregated way, In-Out Travel will be able to record the IP address (Internet acces id. number for the device, which allows devices, systems and servers acknowledge and interact among them). Such information may also be used with web performance analytic purposes.
ANONYMOUS WEB BROWSING.
In-Out Travel obtains anonymous information about their visitors, which means that such information can not be linked to a particular, identified user. The data that is recorded is:
- The name of the provider domain (ISP) that provides web access. For example, a user of XXX provider will only be identified by the dominion xxx.es. in this way we will be able to produce statistics about countries and servers that visit the Website.
- Access date and time to the website. This allows us to learn the access peak times preventing access issues.
- Web address of departure of the link directed to our website. With this information, we will be able to know the effectiveness of certain buttons and links directed to our website, in order to promote those which offer the best results.
- Number of daily visitors of each section. This allows us to know the areas of greatest interest increasing and enhancing its content, to achieve a better user experience.
GOOGLE ANALYTICS LEGAL DISCLAIMER.
If you want to get more information about cookies, what they are, what they store, how to remove them, deactivate them, etc., you can click on the link “cookies usage”.
Nowadays every web browser allow to prevent the storage of cookies in your hard drive using the option “don’t accept cookies”. You can also remove cookies stored in your computer at any time. The fact of refusing to accept cookies can affect your web browsing though.
In-Out Travel can modify the present privacy policies to adapt them to regulation or legal changes regarding personal data that might take place, and will require you to read any updates, each time you provide your data through this website.