Privacy Policy

This privacy policy applies to the processing of personal data of clients and/or users of https://ggcorsairscharter.com/, hereinafter, the WEBSITE, owned by G&G Corsairs Charter S.L., hereinafter, the DATA CONTROLLER.

APPLICABLE REGULATIONS

Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR EU 2016/679, and insofar as it does not contradict the aforementioned Regulation, by the provisions of Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, hereinafter LOPDGDD 3/2018.

By providing their data, the client and/or user declares that they have read and are aware of this Privacy Policy, giving their unequivocal and express consent to the processing of their personal data in accordance with the purposes and terms expressed herein.

BASIC INFORMATION ON DATA PROTECTION

Data Controller:G&G Corsairs Charter S.L. 
Purpose To contact the interested party, respond to information requests, answer inquiries, and send commercial communications about our services via mail, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means, whenever the interested party has consented to the processing of their personal data for this purpose.
Legal BasisPerformance of a contract to which the interested party is a party or in order to take steps at the request of the interested party prior to entering into a contract. Legitimate interest of the data controller. Consent of the interested party.
RecipientsNo data will be transferred to third parties, except where legally required.
RightsYou have the right to access, rectify, and delete your data, as well as other rights indicated in the additional information, which you can exercise by contacting the Data Controller at ggcorsairs@gmail.com.
Additional InformationYou can find additional and detailed information on Data Protection in the attached clauses found at https://ggcorsairscharter.com/privacy_policy

ADDITIONAL INFORMATION ON DATA PROTECTION

  • The data controller is:

    • Identity: G&G Corsairs Charter S.L.
    • Tax ID: B72773468
    • Address: Calle de Castiello de Jaca Nº14, 28050, Madrid, Madrid, Spain
    • Phone: (+34) 649 437 763
    • Email: ggcorsairs@gmail.com

PURPOSES AND LEGAL BASIS OF PROCESSING

a) General

The DATA CONTROLLER processes the personal data provided by its clients and/or users for the following purposes:

  • Purpose: To contact the interested party, respond to information requests, answer inquiries, provide requested services, carry out administrative, commercial, accounting, and tax management of the company, as well as send commercial communications about our services via mail, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means, whenever the interested party has consented to the processing of their personal data for this purpose.
  • Legal basis for this processing: Performance of a contract to which the interested party is a party or in order to take steps at the request of the interested party prior to entering into a contract. Legitimate interest. Consent of the interested party, which may be withdrawn at any time.

b) Electronic forms on the WEBSITE

The DATA CONTROLLER processes the personal data provided by clients and/or users through the electronic data collection forms available on the WEBSITE for the purposes identified below:

Regarding the “Contact Form” (which can be accessed through the email accounts listed on the WEBSITE):

  • Purpose: To contact the interested party, respond to information requests and answer inquiries, as well as send commercial communications about our services via mail, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means, whenever the interested party has consented to the processing of their personal data for this purpose.
  • Legal basis for this processing: Consent of the interested party, which may be withdrawn at any time.

Regarding the “Contact Form” (which can be accessed through the email accounts listed on the WEBSITE):

The website includes an additional form to formalize reservations, accessible only through a password provided by the owner. This form collects identifying and contact information necessary to organize the provision of the contracted service.

  • Purpose: To manage reservation requests, prepare prior documentation, and make communications related to the service.
  • Legal basis for this processing: Consent of the interested party, which may be withdrawn at any time.

Access is restricted and the data collected is processed with the same security and confidentiality guarantees as the rest of the personal data obtained through the WEBSITE. When the data requested in the electronic form is necessary, the DATA CONTROLLER will indicate this mandatory nature at the time of data collection from clients and/or users, and failure to provide it will mean that the corresponding request cannot be fulfilled.

WHAT TYPE OF DATA DO WE PROCESS?

WHAT TYPE OF DATA DO WE PROCESS?

For the purposes set out in the previous section, the Client’s data is processed and can be divided into the following sources and categories:

a) Data provided directly by the client and/or user: data provided directly by the client and/or user, either at the time of requesting the service or through the completion of electronic personal data collection forms or in paper format enabled for this purpose, as well as information provided throughout the contractual relationship through different means such as, for example, information requests. The client and/or user is responsible for its accuracy and updating.

  • Identifying Data (name and surname, Tax ID, passport, postal address, email, telephone, mobile, handwritten or digital signature, image and/or voice, social media profiles, IP addresses, username and password).
  • Economic Data (bank details).

In some cases, the date of birth and nationality of the persons included in the reservation may also be requested when necessary for the organization of the service or to comply with legal requirements regarding navigation.

b) Data obtained from sources other than the client and/or user: data obtained from sources other than the client and/or user, whether with their consent or by any other legal authorization (legitimate interest, fulfillment of a legal obligation…).

c) Data derived from the development of the commercial relationship: data provided indirectly by the client and/or user when deriving from the provision of the contracted service and the maintenance of this activity. This category includes traffic data, browsing data through the public Web page or access to the private area, or other data of a similar nature.

PROCESSING ACTIVITIES REGISTER

We inform you that the personal data obtained from the client and/or user as a result of the completion of the electronic forms on the WEBSITE will form part of the Processing Activities Register (RAT) of the DATA CONTROLLER, which will be updated periodically in accordance with the provisions of GDPR EU 2016/679 and LOPDGDD 3/2018.

RECIPIENTS

The personal data of the interested parties will be communicated to the recipients indicated below:

a) Generally:

  • The DATA CONTROLLER’s suppliers as data processors, within the framework of the corresponding provision of services (lawyers, accounting and tax advisors, consultants, service providers and technology service providers—website hosting and email service).
  • Competent authorities and bodies, to the extent necessary to comply with legal obligations.

b) Regarding the “Contact Form” (which can be accessed through the email accounts listed on the WEBSITE):

  • No data will be transferred to third parties, except where legally required.

Transfers to third countries

  • No data transfers to third countries are planned without an adequate level of protection.

Retention periods

Personal data will be retained:

a) Generally:

  • Data will be retained as long as deletion is not requested, and in any case, for the years necessary to comply with legal obligations.

b) Regarding the “Contact Form” (which can be accessed through the email accounts listed on the WEBSITE):

  • Personal data will be retained until the end of the relationship between the DATA CONTROLLER and the client and/or user, unless the client requests its deletion in advance, or until the interested party withdraws the consent granted at any time, without affecting the legality of the processing based on consent prior to its withdrawal.

For these purposes, the interested party is reminded that they must communicate to the DATA CONTROLLER as the recipient of personal data, any modification or deletion of their personal data, and other data relevant to the DATA CONTROLLER’s liability toward clients and/or users. This data will be duly blocked and made available to the competent judicial authorities or public administrations, for the enforcement of responsibilities arising from the processing, for the limitation period thereof.

RIGHTS OF THE INTERESTED PARTIES

Clients and/or users of the WEBSITE may exercise before the DATA CONTROLLER, to the extent applicable, the following rights: access to personal data, rectification, deletion (right to be forgotten), limitation of processing, data portability, objection to processing, and not to be subject to automated individual decisions, and, when processing is based on consent, the right to withdraw it at any time.

Clients and/or users may exercise these rights by written request signed and sent to the postal address of the DATA CONTROLLER located at Calle Parque Bujaruelo, 43 Bajo – 28924 Alcorcón, Madrid (Spain) or through the email address ggcorsairs@gmail.com, attaching, in both cases, valid proof of identity, such as a photocopy of the Tax ID or equivalent document, and clearly indicating the right they wish to exercise.

Clients and/or users will also have the right to file a complaint with the competent Control Authority (Spanish Data Protection Agency) if they believe that the processing does not comply with current regulations or that their rights regarding the protection of their personal data have been violated, especially when they have not obtained satisfaction in the exercise of their rights, through the website https://www.aepd.es

These rights will be processed by the DATA CONTROLLER within a period of 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received so requires. All of this without prejudice to the duty to retain certain data under legal terms and possible responsibilities derived from a possible processing, or, where applicable, from a contractual relationship.

In addition to the above, and in relation to data protection regulations, Users who request it have the possibility of organizing the destination of their data after their death.

SENDING COMMERCIAL COMMUNICATION

In compliance with the provisions of the second final provision of Law 9/2014, of May 9, on Telecommunications, which amends Law 34/2002, of July 11, on information society services and electronic commerce, commercial communications made electronically must be clearly identifiable as such, and the natural or legal person on whose behalf they are made must also be clearly identifiable, without prejudice to the provisions of regulations issued by the Autonomous Communities with exclusive competencies on consumption.

The client and/or user, who provides their contact details to the DATA CONTROLLER by clicking the “SEND” button on the electronic personal data collection forms on the website and affirmatively checks both consent boxes, “I accept the processing of my data according to the purposes indicated in the basic data protection information” and “I give my consent to receive commercial communications about your services,” expressly, freely, and unequivocally authorizes the DATA CONTROLLER to process their personal data for the purpose of sending commercial communications about our services via mail, telephone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means.

The legal basis that legitimizes this processing is the consent of the interested party, which may be revoked at any time.

In compliance with the provisions of articles 21 and 22 of Law 34/2002, of July 11, on information society services and electronic commerce, the user may oppose the processing of their data for promotional purposes and revoke the consent given to receive commercial communications via email with a simple notification of their will to the person responsible for processing through a simple and free procedure, consisting of sending an email to the email address ggcorsairs@gmail.com, indicating in the subject line “UNSUBSCRIBE” or “DO NOT SEND.”

The data provided will be retained as long as the commercial relationship is maintained or for the years necessary to comply with legal obligations.

SOCIAL MEDIA POLICY

The DATA CONTROLLER has profiles on the following social media networks:

In this regard, it is considered responsible for the processing of the data of its users, including followers, subscribers, fans, or simply people who make comments or inquiries through these channels. In this sense, the DATA CONTROLLER may use this tool to inform its users about news it considers appropriate for the purposes of the services offered, or perhaps it may also share information or articles currently published by other users of social networks. Under no circumstances will personal information of users be used without their consent to maintain relationships other than those expected on the aforementioned social network, requesting their consent if necessary.

ACCURACY OF DATA PROVIDED BY INTERESTED PARTIES

The client and/or user is responsible for ensuring that the information they provide through the completion of electronic forms made available on the WEBSITE or by sending emails from their end to the various existing accounts under the domain ggcorsairscharter.com is accurate, responding to the accuracy of all the data they communicate and will keep it updated to reflect a real situation, being responsible for false or inaccurate information they provide and for damages and problems they could cause to the DATA CONTROLLER or third parties.

SECURITY MEASURES

The DATA CONTROLLER guarantees that it has implemented appropriate technical and organizational policies on the WEBSITE to apply the security measures established by GDPR EU 2016/679 and LOPDGDD 3/2018 in order to protect the rights and freedoms of clients and/or users and has communicated the appropriate information so that they can exercise them.

The DATA CONTROLLER, to protect individual rights, especially in relation to automated processing and with the aim of being transparent with clients and/or users, has established a policy that includes all such processing, the purposes pursued by them, the legitimacy thereof, and also the tools available to the client and/or user so that they can exercise their rights.

The WEBSITE is created with the WordPress content management system using the Elementor plugin and has an SSL encryption certificate for the entire site, which allows the user to securely send their personal data through existing electronic forms.

The WEBSITE is hosted on servers operated by Sered Hosting S.L. with Tax ID: B32496242 and address at C/ Rúa do Progreso 177, 1º A Rúa de Valdeorras, Ourense, Galicia (Spain), offered to G&G Corsairs Charter S.L., with the assigned IP address being of Spanish range.

All information will be stored and managed with due confidentiality, applying the necessary IT security measures to prevent unauthorized access or use of data, manipulation, deterioration, or loss.

However, the client and/or user must keep in mind that the security of computer systems is never absolute. When personal data is provided via the Internet, such information could be collected without their consent and processed by unauthorized third parties. The DATA CONTROLLER declines any type of responsibility for the consequences these acts may have for the User, if they published the information voluntarily.

ACCEPTANCE AND CONSENT

The client and/or user declares that they have been informed of the conditions regarding the protection of personal data, accepting and consenting to the automated processing thereof by the DATA CONTROLLER in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may contain particular conditions with specific provisions regarding the protection of personal data.

CHANGES TO THIS PRIVACY POLICY

The DATA CONTROLLER reserves the right to modify this Privacy Policy to adapt it to legislative, jurisprudential, or interpretative developments by the Spanish Data Protection Agency, as well as industry practices. In such cases, the DATA CONTROLLER will announce the changes introduced on the websites with reasonable advance notice of their implementation.

This privacy policy may be supplemented by the Legal Notice, Cookie Policy, and General Terms and Conditions that, where applicable, are collected for specific products or services, if such access involves any specialty regarding the protection of personal data.