RESPONSIBLE
FOR THE TREATMENT
The Treatment
Manager is FeliSol Destination Travel Partner S.L. Hesperides Street 1 Floor 5
Door 551, Arona, Tenerife, 38630 T: +36 20 989 3823 info@felisoldmc.com
Privacy
Principles
From FELISOL
SL we are committed to you to work continuously to guarantee privacy in the
processing of your personal data, and to offer you at all times the most
complete and clear information we can. We encourage you to read this section
carefully before providing your personal information.
If you are
under fourteen years of age, please do not provide us with your information
without the consent of your parents.
In this
section we inform you of how we treat the data of the people who are related to
our organization. Starting with our principles:
- We do not
request personal information, unless it is necessary to provide you with the
services you require.
- We never
share personal information with anyone, except to comply with the law, or we
have your express authorization.
- We will
never use your personal data for purposes other than those expressed in this
privacy policy.
- Your data
will always be treated with a level of protection appropriate to the
legislation on data protection, and we will not submit them to automated
decisions.
We have
drafted this privacy policy taking into account the requirements of the current
data protection legislation:
- Regulation
(EU) 2016/679 of the European Parliament and of the Council of April 27, 2016
on the protection of natural persons (GDPR).
- Organic Law
3/2018, of December 5, on the Protection of Personal Data and guarantee of
digital rights (LOPD).
- Royal Decree
1720/2007, of December 21 (RLOPD).
This privacy
policy is written on December 6, 2018.
On the
occasion of the modification of treatment criteria, in order to facilitate its
understanding or adapt it to current legislation, we may modify this privacy
policy. We will update the date of it, so you can check its validity.
Treatments we
perform
EMPLOYEE
TREATMENT
Legal Basis:
GDPR: 6.1.b) Necessary treatment for the execution of a contract in which the
interested party is a party or for the application at the request of the latter
of pre-contractual measures.
GDPR: 6.1.c)
Treatment necessary for the fulfillment of a legal obligation applicable to the
person responsible for the treatment.
Royal
Legislative Decree 2/2015, of October 23, which approves the consolidated text
of the Workers' Statute Law.
Purposes of
the Treatment: - Management of contracted personnel.
- Personal
file. Time control Training. Pension plans. Prevention of occupational hazards.
- Issuance of
staff payroll.
- Management
of union activity.
Collective:
Employees
Data
Categories: Name and surname, DNI / CIF / Identification document, personnel
registration number, Social Security / Mutuality number, address, signature and
telephone.
Special
categories of data: health data (sick leave, occupational accidents and degree
of disability, not including diagnoses), union membership, for the exclusive
purposes of paying union dues (if applicable), union representative (if
applicable) ), proof of assistance from own and third parties.
Personal
characteristics data: Sex, marital status, nationality, age, date and place of
birth and family data. Family circumstances data: Date of registration and
withdrawal, licenses, permits and authorizations.
Academic and
professional data: Degrees, training and professional experience.
Details of
employment and administrative career. Incompatibilities
Presence
control data: date / time entry and exit, reason for absence.
Economic-financial
data: Economic payroll data, credits, loans, guarantees, low tax deductions
from salaries corresponding to the previous job position (if applicable),
judicial withholdings (if applicable), other withholdings (if applicable). Bank
data.
Categories of
Recipients: - Entity entrusted with the management of occupational hazards.
- General
Treasury of the Social Security.
- Trade union
organizations.
- Financial
entities.
- State Tax
Administration Agency.
- Main
contractors to whom we provide services as subcontractors.
International
Transfers: No international transfers of data are planned.
Term of
Suppression: They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities
that could arise from said purpose and the processing of the data.
The economic
data of this treatment activity will be kept under the provisions of Law
58/2003, of December 17, General Tax.
Security
Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data
Protection Regulation.
CONTACT
TREATMENT
Legal Basis:
Consent of the interested party
Purposes of
Treatment: Respond to your request, send you information and track the request.
Collective:
Contact persons, customers, suppliers
Data
Categories: Name and surname, telephone, email address
Recipient
Categories: No transfers of data to third parties are contemplated.
International
Transfers: No international transfers of data are planned.
Term of
Deletion: The contact data will be kept for an indefinite period, or until the
interested party requests its deletion.
Security
Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data
Protection Regulation.
TREATMENT OF
CARE RIGHTS OF PERSONS (ARC)
Legal Basis:
GDPR: 6.1.c) Treatment necessary for the fulfillment of a legal obligation
applicable to the person responsible for the treatment.
General Data
Protection Regulation.
Purposes of
the Treatment: Address the requests in the exercise of the rights established
by the General Data Protection Regulation.
Collective:
Individuals who request it (employees, customers, suppliers, contact persons)
Data
Categories: Name, address, signature and telephone.
Categories of
Recipients: They may be communicated to the Control Authority (Spanish Agency
for Data Protection) within the framework of an investigation for protection of
rights initiated by the interested party.
International
Transfers: No international transfers of data are planned.
Term of
Suppression: They will be kept for a period of five years from the moment of
the request.
Security
Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data
Protection Regulation.
CANDIDATE
TREATMENT SELECTION PROCESSES (HR)
Legal Basis:
GDPR: 6.1.b) Necessary treatment for the execution of a contract in which the
interested party is a party or for the application at the request of this
pre-contractual measures.
Purposes of
Treatment: Personnel selection and provision of jobs.
Collective:
Candidates submitted to procedures for the provision of jobs.
Data
Categories: Name and surname, DNI / CIF / Identification document, personnel
registration number, address, signature and telephone.
Special
categories of data: health data (disabilities).
Personal
characteristics data: Sex, marital status, nationality, age, date and place of
birth and family data.
Academic and
professional data: Degrees, training and professional experience.
Job detail
data.
Recipient
Categories: No transfers of data to third parties are planned.
International
Transfers: No international transfers of data are planned.
Term of
Suppression: They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities
that could arise from said purpose and the processing of the data.
Security
Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data
Protection Regulation.
SUPPLIER
TREATMENT
Legal Basis:
GDPR: 6.1.b) Necessary treatment for the execution of a contract in which the
interested party is a party or for the application at the request of the latter
of pre-contractual measures.
GDPR: 6.1.c)
Treatment necessary for the fulfillment of a legal obligation applicable to the
person responsible for the treatment.
Royal
Legislative Decree 2/2015, of October 23, which approves the consolidated text
of the Workers' Statute Law.
Law 58/2003,
of December 17, General Tax.
Purposes of
the Treatment: - Acquisition of products and / or services that we need for the
development of our activity.
- Control of
subcontractors if applicable.
Collective: -
Suppliers.
- Workers of
our suppliers.
Data
Categories: - Name and surname, DNI / NIF / Identification document, address,
signature and telephone.
- Employment
detail data: job position. Training in occupational safety.
- Financial
and insurance economic data: Bank details
Recipient
Categories: - Financial institutions. (Bill Payment)
- State Tax
Administration Agency.
International
Transfers: No international transfers of data are planned.
Term of
Suppression: They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities
that could be derived from said purpose and the processing of the data, in
accordance with Law 58/2003, of 17 December, General Tax,
Security
Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data
Protection Regulation.
CUSTOMER
TREATMENT
Legal Basis:
GDPR: 6.1.a) The interested party gave his consent for the processing of his
personal data for one or several specific purposes.
GDPR: 6.1.b)
Necessary treatment for the execution of a contract in which the interested
party is a party or for the application at the request of the latter of
pre-contractual measures.
GDPR: 6.1.c)
Treatment necessary for the fulfillment of a legal obligation applicable to the
person responsible for the treatment.
Royal
Legislative Decree 2/2015, of October 23, which approves the consolidated text
of the Workers' Statute Law.
Law 58/2003,
of December 17, General Tax.
Purposes of
the Treatment: Supply of our services (Booking engine and similar)
Collective:
Customers
Data
Categories: - Name and surname, DNI / NIF / Identification document, address,
signature and telephone.
- Financial
and insurance economic data: Bank details
Recipient
Categories: - Financial institutions.
- State Tax
Administration Agency.
International
Transfers: No international transfers of data are planned.
Term of
Suppression: They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities
that could be derived from said purpose and the processing of the data, in
accordance with Law 58/2003, of 17 December, General Tax,
Security
Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data
Protection Regulation.
RESERVATION
MOTOR TREATMENT
Legal Basis: GDPR:
6.1.a) The interested party gave his consent for the processing of his personal
data for one or several specific purposes.
GDPR: 6.1.b)
Necessary treatment for the execution of a contract in which the interested
party is a party or for the application at the request of the latter of
pre-contractual measures.
GDPR: 6.1.c)
Treatment necessary for the fulfillment of a legal obligation applicable to the
person responsible for the treatment.
Royal
Legislative Decree 2/2015, of October 23, which approves the consolidated text
of the Workers' Statute Law.
Law 58/2003,
of December 17, General Tax.
Purposes of
the Treatment: The purpose is to manage reservations by internet users, of
tourist establishments within the websites of customers who use our booking engine.
Collective:
Customers
Data
Categories: - Name and surname, DNI / NIF / Identification document, address,
signature and telephone.
- Financial
and insurance economic data: Bank details
Recipient
Categories: No data is communicated to third parties.
International
Transfers: No international transfers of data are planned.
Term of
Suppression: They will be kept for the time necessary to fulfill the purpose
for which they were collected and to determine the possible responsibilities
that could arise from said purpose and the processing of the data.
Security
Measures: Adapted to the requirements of Regulation (EU) 2016/679, General Data
Protection Regulation.
YOUR RIGHTS
You have the
right to request a copy of your personal data, to rectify inaccurate data or
complete them if they are incomplete, or if necessary delete them, when they
are no longer necessary for the purposes for which they were collected.
You also have
the right to limit the processing of your personal data and to obtain your
personal data in a structured and readable format.
You can object
to the processing of your personal data in some circumstances (in particular,
when we do not have to process them to comply with a contractual or other legal
requirement, or when the object of the processing is direct marketing).
When you have
given us your consent, you can withdraw it at any time. At that time we will
stop processing your data or, where appropriate, we will stop doing so for that
specific purpose. If you decide to withdraw your consent, this will not affect
any treatment that has taken place while your consent was in effect.
These rights
may be limited; For example, if to fulfill your request we had to reveal data
about another person, or if you ask us to delete some records that we are
required to keep for a legal obligation or for a legitimate interest, such as
the exercise of defense against claims. Or even in those cases where the right
to freedom of expression and information should prevail.
You can
contact us by any of the means indicated in the section Responsible for the
Treatment of this privacy policy, providing a copy of a document that proves
your identity (usually the DNI).
Another of
your rights is that of not being the subject of a decision based solely on
automated processing, including the elaboration of profiles that produce legal
effects or affect you.
In the event
of any violation of your rights, such as, for example, that we have not
responded to your request, you have the right to file a claim with the Data
Protection Authority. This may be that of your country (if you live outside
Spain) or the Spanish Agency for Data Protection (if you live in Spain).
Additional
Information
Treatment of
your data outside the European Economic Area.
For the
indicated treatments we can use service from the following suppliers outside
the European Economic Area, but under the Privacy Shield agreement, approved by
the data protection authorities of the European Union.
Amazon: More
information: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4
Apple iOS: More
information: https://www.privacyshield.gov/participant?id=a2zt0000000GnZjAAK
Dropbox: More
information: https://www.privacyshield.gov/participant?id=a2zt0000000GnCLAA0
Facebook /
Instagram (FB Messenger): More information: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
Google (Drive
/ Mail ...): More information:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
Linkedin: More
information: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0
Mailchimp:
More information:
https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG
Microsoft
(Drive, Skype ...): More information:
https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK
monday.com:
Work teams collaboration More information: https://www.privacyshield.gov/participant?id=a2zt0000000GnZjAAK
Twitter:
Micromensajes social network More information:
https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Whatsapp:
Mobile instant messaging More information: https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG
Zoho: CRM
(Relationship management with current and potential customers) More
information: https://www.privacyshield.gov/participant?id=a2zt0000000TOJbAAO
Links to third
party websites.
Our website
may sometimes contain links to other websites. It is your responsibility to
make sure you read the data protection policy and legal conditions that apply
to each site.
Third party
data.
If you provide
us with third-party data, you assume the responsibility of informing them in
advance as established in article 14 of the GDPR.