UPDATES OF THE DATA PROTECTION POLICY ACCORDING TO THE RGPD

By the entry into force of the General Data Protection Regulation (after this from now on RGPD), required since May 25, 2018, we inform you that we have updated our data protection policies to adapt to the RGPD. Our goal is to protect your personal and professional data by applying organizational and technical measures to guarantee the confidentiality, availability, and integrity of your information, as well as comply with the obligations of the RGPD.

We appreciate your trust,

BASIC INFORMATION ON DATA PROTECTION

1- Data of the Treatment Responsible

 In compliance with the provisions of the General Data Protection Regulation 679/2016, (hereinafter "RGPD"), and Law 34/2002 of July 11, Services of the Information Society and Electronic Commerce, we inform you that the person in charge of the personal and professional data treated is:

 Business name: TRAVEL AND REPRESENTATIONS S.L (Hereinafter Responsible),

 Address: C / FRANCISCO SILVELA 36, 1st OFIC 7, ZIP: 28028, MADRID, SPAIN

 C.I.F: B85172948

 Phone: +34 677 32 38 36

 Email: directorcomercial@flyforvacations.com 

We promise to keep the information you provide us in the strictest confidentiality avoiding unauthorized access, manipulation of information, loss or destruction. For this, we will apply the security measures established by the applicable regulations and all those that our resources and modern technology allow us. Keep in mind that in many cases, it is essential that you provide the information we request to be able to enjoy the benefits of our website.

2- Scope of application

This Policy applies to all Clients that the Responsible Party provides services that involve the processing of personal and professional data.

3- Data that we deal with our Clients

The categories of personal and professional data that we deal with are the following:

• Identifying data: name, surnames, identity documents, address and telephone number.
• Postal and electronic mail addresses.

 Specially protected data is not processed.

4- Purpose of the treatment

The purposes with which we treat your personal and professional data are the following:

• Properly provide the contracted services.
• Manage the contractual relationship, prepare offers or requested budgets.
• Perform billing, accounting and tax management corresponding to the contracted services.
• Send you commercial information through newsletter, news, information about events, promotions offers and launch of new services.
• Check the accuracy of your information.
• Answer your questions, requests, complaints, suggestions.
• Communicate with you for organizational issues related to services.
• Compliance with legal obligations applicable to the Responsible, and collaborate with the authorities that require us information.

We will communicate with you through electronic means such as SMS, WhatsApp, email, ordinary mail. You can always object to receiving information on all or some of these routes. In each communication, we will inform you about the cancellation procedures.

5- Transfer of data to third parties and international transfers

 For the management of the purposes inherent to the development and fulfillment of the object of the contract and to properly provide the services you request, it may be necessary and mandatory for the provision of the service, that your data have to be communicated to the different suppliers, such as companies airlines, shipping companies, hotels, local car rental agencies, and other service providers related to your.

These providers, depending on the destination country of your trip, may be located in third countries for which an international data transfer is necessary. The Company requests those companies with whom we share your personal information to apply the same degree of protection of information as we do.

Your data will be transferred to public administrations and judicial system agencies or security forces or bodies when the Company is required to present information.

We will not communicate your data to third companies except those indicated above, without your authorization, unless such assignment must be produced by legal imperative or because it is essential to comply with the contractual relationship.

6- Data conservation criteria

Personal and professional data will be kept during the provision of services contracted, and while the right of withdrawal is not exercised. Once the contractual relationship is terminated or exercised the right to delete, we will keep the information in safe conditions, as long as you do not request your cancellation or you express your desire not to receive publicity. The information that for legal reasons we should keep in accordance with Law 10/2010, of April 28, on the prevention of money laundering and the financing of terrorism, will be stored for a maximum period of 10 years from the end of the contractual relationship, mandatory conservation term established by said norm.

If the information is necessary for the exercise of legal or contractual actions, it may be conserved exceptionally for a period longer than indicated. After the deadline, the data will be destroyed.

7- Outsourcing

The Client expressly authorizes the Responsible to contract the services totally or partially with third parties whose intervention deems appropriate for the proper development of the services. In this case, the Responsible undertakes to sign a contract with the subcontracted third party stipulating the obligations that it must fulfill in relation to the protection of personal data, in particular it will be required to comply with the same protection obligations of data to which the Responsible Party is committed with its clients, as well as sufficient guarantees of application of appropriate technical and organizational measures so that the treatment is in accordance with the applicable regulations.

The Responsible will be diligent in the selection of suppliers by applying mechanisms to verify the level of compliance with data protection regulations, with the aim of mitigating the risks that may affect the security of the information.

8- Rights of Users

The RGPD gathers a series of rights in favor of the people whose data are treated. This section provides information on how to exercise your rights as a Client regarding your personal data. All the rights mentioned below can be exercised by sending your request to the email address: directorcomercial@flyforvacations.com, along with a copy of your identity document. Please note that we may request additional information to verify your identity before proceeding with your request. The interested party, without prejudice to any other administrative appeal or legal action, will have the right to file a claim with the Spanish Agency for Data Protection through the electronic office at www.agpd.es.

Right of access:

The right of access allows the interested party to know and obtain free information about their personal data submitted to treatment. You may ask us to indicate the information we keep about you.

Right of rectification:

This right is characterized because it allows correcting errors, modifying the data that prove to be inaccurate or incomplete and guaranteeing the certainty of the information being treated. You must inform us of any change in your data and you will be responsible for updating your information.

Right to cancel / delete / forget:

The right of suppression allows the deletion of data that prove to be inadequate or excessive, unless the data must be preserved by legal imperative or be subject to legal or judicial actions.

Right of opposition:

The right of opposition is the right of the interested party not to carry out the processing of their personal data or to cease it for certain purposes. You can object to the processing of your data indicating the object of the specific purpose of opposition.

Right of Portability:

The right to portability will allow you to request a copy in a structured format, for common use and mechanical reading of your personal data.

Right of Limitation:

The right to limit data allows you to limit the use and request restriction to the processing of your personal data.

Security measures
 
In the treatment of your information we apply adequate security measures according to the type of data. Our goal is to prevent unauthorized third-party access, theft, loss or unauthorized disclosure of your information. However, even if we apply all the possible security measures, the risk of a technical or human failure regarding the information will never disappear completely, for this reason we ask that if you detect any incident or have indications that your information may be in risk, contact us so we can investigate the fact and offer solutions. The measures we apply to protect your information are mainly the following:

• We maintain a record of treatment activities referred to in Article 30 of Regulation (EU) 2016/679.
• We have implemented identification and authentication systems to prevent unauthorized access;
• We implement when possible and the resources allow pseudonymization.
• We encrypt personal data and confidential information for those sensitive data that we access because of the service provided;
• We implement measures to guarantee the confidentiality, integrity, availability and permanent resilience of systems and treatment services such as antivirus, firewalls;
• We implement backup and recovery system to restore the availability and access to personal data quickly in case of physical or technical incident;
• We keep track of the accesses made to the information that may be processed during the services;
• We implement an effective incident management procedure, which allows detecting incidents related to the confidentiality of information, and its immediate resolution;
• We inform and adequately train employees and managers in the obligations of confidentiality and in the maintenance of the technical and organizational measures implemented, gathering their confidentiality and compliance commitments in writing.
• We have approved a Policy on Data Protection and Management of Business Resources, known and accepted by all members of the organization.

Applicable law and jurisdiction
This Policy will be governed by Spanish and European legislation, especially by the RGPD. Any dispute will be resolved before the courts corresponding to the domicile of Madrid.