Privacy Policy

This privacy policy applies to the processing of personal data of clients and/or users of https://ggcorsairscharter.com/ (hereinafter, the “WEBSITE”), owned by G&G Corsairs Charter S.L. (hereinafter, the “DATA CONTROLLER”).

APPLICABLE REGULATIONS

Our Privacy Policy has been designed in accordance with REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT and of the COUNCIL, of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter GDPR EU 2016/679, and where it does not contradict the mentioned Regulation, by the provisions of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights, hereinafter LOPDGDD 3/2018.

By providing us with your data, the client and/or user declares that they have read and understood this Privacy Policy, expressly and unequivocally consenting to the processing of their personal data in accordance with the purposes and terms outlined here.

BASIC INFORMATION ABOUT DATA PROTECTION

Data ControllerG&G Corsairs Charter S.L. 
PurposeContacting the interested party, responding to received information requests, answering queries, and sending commercial communications about our services via letter, phone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic means, provided the interested party has consented to the processing of their personal data for this purpose.
LegitimacyExecution of a contract to which the interested party is a party or at their request to apply pre-contractual measures. Legitimate interest of the data controller. Consent of the interested party.
RecipientsNo data will be transferred to third parties, except where required by law.
RightsThe interested party has the right to access, rectify, and delete data, as well as other rights as indicated in the additional information, which can be exercised by contacting the Data Controller at ggcorsairs@gmail.com.
Additional InformationYou can consult the additional and detailed information on Data Protection in the clauses attached at https://ggcorsairscharter.com/en/privacy-policy/

ADDITIONAL INFORMATION ABOUT DATA PROTECTION

The data controller is:

  • Identity: G&G Corsairs Charter S.L.
  • Tax ID (CIF): B72773468
  • Address: Calle de Castiello de Jaca Nº14, 28050, Madrid, Spain
  • Phone: (+34) 649 437 763
  • Email: ggcorsairs@gmail.com

PURPOSES AND LEGAL BASIS FOR DATA PROCESSING

a) General Purpose
The DATA CONTROLLER processes the personal data provided by clients and/or users for the following purposes:

  • Purpose: Contacting the interested party, responding to information requests, answering queries, providing requested services, carrying out administrative, commercial, accounting, and fiscal management of the company, and sending commercial communications about our services through letter, phone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic means, provided the interested party has consented to the processing of their personal data for this purpose.
  • Legal basis: Execution of a contract in which the interested party is a part or at their request to apply pre-contractual measures. Legitimate interest. The consent of the interested party, which can be withdrawn at any time.

b) Electronic Forms on the WEBSITE
The DATA CONTROLLER processes the personal data provided by clients and/or users through the electronic forms for the purposes identified below:

  • Contact Form:
    • Purpose: Contacting the interested party, responding to information requests, answering queries, and sending commercial communications about our services through letter, phone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic means, provided the interested party has consented to the processing of their personal data for this purpose.
    • Legal basis: Consent of the interested party, which can be withdrawn at any time.

WHAT TYPE OF DATA DO WE PROCESS?

For the purposes mentioned above, the personal data of the Client can be divided into the following categories and sources:

a) Data provided directly by the client and/or user: Data provided directly by the client and/or user, either at the time of service request via the completion of electronic forms or paper forms, or during the contractual relationship through different means such as information requests. The client and/or user is responsible for the accuracy and updating of such data.

  • Identification Data: (name, surname, ID, NIE, passport, address, email, phone, mobile, signature, image and/or voice, social media profiles, IP addresses, username, and password).
  • Economic Data: (bank details).

b) Data obtained from other sources apart from the client and/or user: Data obtained from sources other than the client and/or user, either with their consent or by other legal authorization (legitimate interest, compliance with a legal obligation, etc.).

c) Data derived from the development of the commercial relationship: Data provided indirectly by the client and/or user as a result of the performance of the contracted service. This category includes traffic data, browsing data through the public website, or access to private areas.

ACTIVITY LOG

We inform you that the personal data obtained from the client and/or user through the electronic forms on the WEBSITE are part of the Activity Log of the DATA CONTROLLER, which will be updated periodically in accordance with the GDPR EU 2016/679 and LOPDGDD 3/2018.

RECIPIENTS

The personal data of the interested parties will be communicated to the following recipients:
a) Generally:
The DATA CONTROLLER’s service providers as data processors, in the context of providing services (lawyers, accounting and fiscal advisors, consultants, service providers, and IT service providers).
Competent authorities and public bodies as necessary for legal compliance.

b) Regarding the “Contact Form”:
No data will be transferred to third parties, except as required by law.

International Transfers
No international data transfers are planned without adequate protection levels.

Retention Period
Personal data will be retained:
a) Generally:
Data will be retained until deletion is requested and, in any case, for the necessary years to comply with legal obligations.
b) Regarding the “Contact Form”:
Personal data will be retained until the relationship between the DATA CONTROLLER and the client and/or user ends, unless the client requests earlier deletion or the interested party withdraws consent.

RIGHTS OF THE DATA SUBJECTS

Customers and/or users of the WEBSITE may exercise, before the DATA CONTROLLER, the following rights, where applicable: access to personal data, rectification, erasure (right to be forgotten), limitation of processing, data portability, opposition to processing, and not to be subject to automated individual decisions. When processing is based on consent, the right to withdraw consent at any time also applies.

Customers and/or users can exercise these rights by submitting a signed written request to the address of the DATA CONTROLLER at Calle Parque Bujaruelo, 43 Bajo – 28924 Alcorcón, Madrid (Spain) or via the email address ggcorsairs@gmail.com, attaching, in both cases, a valid identity proof, such as a photocopy of the ID card (NIF/NIE) or equivalent document, and clearly indicating the right they wish to exercise.

Customers and/or users also have the right to file a complaint with the competent Control Authority (Spanish Data Protection Agency) if they believe the processing does not comply with current legislation or their rights regarding the protection of personal data have been violated, especially if they have not been satisfied in the exercise of their rights. Complaints can be made through the website https://www.aepd.es.

These rights will be addressed by the DATA CONTROLLER within 1 month, which may be extended to 2 months if the complexity of the request or the number of requests received requires it. This is without prejudice to the obligation to retain certain data as legally required and until the potential responsibilities from possible processing or contractual relationships expire.

In addition, and in accordance with data protection regulations, Users who request it have the option to organize the fate of their data after their death.

SENDING COMMERCIAL COMMUNICATIONS

n compliance with the provisions of the Second Final Provision of Law 9/2014, of May 9, Telecommunications Act, which modifies Law 34/2002, of July 11, on information society services and electronic commerce, electronic commercial communications must be clearly identifiable as such, and the individual or legal entity on whose behalf they are made must also be clearly identifiable, without prejudice to the regulations established by Autonomous Communities with exclusive powers on consumer protection.

The client and/or user who provides their contact information to the DATA CONTROLLER by clicking the “SEND” button on the electronic personal data collection forms on the website and affirmatively checking the two consent boxes, “I accept the processing of my data according to the purposes indicated in the basic data protection information” and “I consent to receiving commercial communications about their services,” explicitly authorizes and gives their express, free, and unequivocal consent to the DATA CONTROLLER to process their personal data for the purpose of sending them commercial communications about our services via mail, phone, email, SMS/MMS, WhatsApp, Telegram, or other equivalent electronic communication means.
The legal basis legitimizing this processing is the consent of the data subject, which may be revoked at any time.

In compliance with Articles 21 and 22 of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, the user can object to the processing of their data for promotional purposes and revoke the consent provided for receiving commercial communications by email by simply notifying their will to the data controller through a simple and free procedure, consisting of sending an email to ggcorsairs@gmail.com, with “UNSUBSCRIBE” or “DO NOT SEND” in the subject line.

The data provided will be retained as long as the commercial relationship is maintained or for the necessary years to comply with legal obligations.

SOCIAL MEDIA POLICY

he DATA CONTROLLER has profiles on the following social networks:
Instagram: https://www.instagram.com/ggcorsairs/

In this case, the DATA CONTROLLER is considered responsible for processing the data of its users, which includes followers, subscribers, fans, or simply individuals who make comments or inquiries through these channels. In this sense, the DATA CONTROLLER may use this profile to inform its users about news it considers relevant for the purposes of the services offered, or may also share information or articles published by other social media users. In no case will personal information of users be used without their consent for purposes other than those expected on the mentioned social network, and, if necessary, the user’s consent will be requested.

ACCURACY OF THE DATA PROVIDED BY THE DATA SUBJECTS

The client and/or user is responsible for ensuring that the information they provide through the completion of the electronic forms available on the WEBSITE or by sending emails to the various accounts under the domain ggcorsairscharter.com is true. They are responsible for the accuracy of all data communicated and will keep it updated to reflect the real situation. They are also responsible for any false or inaccurate information provided and the damage, inconvenience, or issues it may cause to the DATA CONTROLLER or third parties.

SECURITY MEASURES

The DATA CONTROLLER guarantees that appropriate technical and organizational policies have been implemented on the WEBSITE to apply the security measures established by the EU GDPR 2016/679 and the Spanish Data Protection and Digital Rights Act 3/2018 to protect the rights and freedoms of customers and/or users.

The DATA CONTROLLER has established a policy that outlines all automated treatments, their purposes, their legitimacy, and the instruments available to the customer and/or user to exercise their rights.

The WEBSITE is created using the WordPress content management system with the Elementor plugin and has an SSL encryption certificate activated for the entire domain, allowing users to send their personal data securely through the electronic forms.

The WEBSITE is hosted on servers provided by Sered Hosting S.L. (C.I.F.: B32496242), located at C/ Rúa do Progreso 177, 1º A Rúa de Valdeorras, Ourense, Galicia (Spain), and the IP address assigned is from the Spanish range.
All information will be stored and managed with due confidentiality, applying the necessary IT security measures to prevent unauthorized access or misuse of the data, its manipulation, deterioration, or loss.

However, the client and/or user should be aware that the security of IT systems is never absolute. When personal data is provided over the Internet, such information may be collected without consent and processed by unauthorized third parties. The DATA CONTROLLER disclaims any responsibility for the consequences of such actions if the user has voluntarily published the information.

ACCEPTANCE AND CONSENT

The client and/or user declares that they have been informed of the conditions regarding personal data protection, accepting and consenting to the automated processing of their data by the DATA CONTROLLER in the manner and for the purposes indicated in this Privacy Policy. Certain services provided on the WEBSITE may include specific conditions regarding personal data protection.

CHANGES TO THIS PRIVACY POLICY

The DATA CONTROLLER reserves the right to modify this Privacy Policy to adapt it to legislative, jurisprudential, or interpretation changes by the Spanish Data Protection Agency, or industry practices. In such cases, the DATA CONTROLLER will notify the changes on the website with reasonable notice before their implementation.

This privacy policy may be supplemented by the Legal Notice, Cookies Policy, and General Terms and Conditions of Sale that, if applicable, apply to certain products or services if such access involves specific data protection provisions.