INTRODUCTION

At 48h-in-Spain SLU we are committed to protecting the privacy of our customers and we take our responsibility for the security of our customers’ information with the utmost rigour. We will be clear and transparent about what information we are getting and what we will do with that information.

This policy states the following:

  • What personal data we collect and treat in relation to you as a customer and your use of our website, our mobile applications and ouronline services.
  • Where do we get that data?
  • What do we do with that data?
  • How we store them.
  • Towhom we transfer/disclose this data.
  • How we manage yourdata protection rights.
  • And how we comply withdata protection regulations.

All personal data is collected and processed in accordance with the General Data Protection Regulations (RGPD).

DATA CONTROLLER

Responsible: Identity: 48h-in-Spain SLU Postal Address: C/ PP Antoni Torrandel 1-7 – 07003 Palma – CIF: B57803603    E-mail: info@48h-in.de

WHAT PERSONAL DATA DO WE COLLECT?

By “personal data” we mean any information about you that enables us to identify you, such as your name, your contact information, your payment details and information about your access to our website.

In particular, we can obtain the following categories of information:

  • Name, address,e-mail address, telephone number, passport or other recognised personal identification number and information, and credit/debit card or other payment details.
  • Advanced information, including your name, nationality, date of birth, sex, and number, expiration date andcountry of issuance of your passport or identity card.
  • History of contracted works
  • Information about your purchases of products and services from our trusted partners.
  • Information about your use of our website and/or ourmobile application.
  • The communications you exchange with us or direct to us by letter, email, chat service, calls and social networks.

FOR WHAT, WHY AND FOR HOW LONG DO WE USE YOUR PERSONAL DATA?

There is no obligation to have a Data Protection Officer in accordance with Regulation (EU) 2016/679, 37. In 48h-in-Spain SLU we treat the information you provide us with the aim of providing services and / or sell the products contracted by you through our website and manage the sending of information and commercial prospecting. In order to be able to offer you services according to your interests, we will prepare a commercial profile, based on the information provided. No automated decisions will be made based on that profile.

Your data can be used for the following purposes:

  • Provide the products and services you request from us: we use your information to provide the services you have requested from us.
  • Contact you in the event of a change in the contracted service: we send you communications about the services you have ordered and any changes in those services. These communications are for non-commercial purposes and there is no option to stop receiving them.
  • Verify/check credit card or any other payment card: we use your payment details for accounting, billing and auditing purposes and to detect and/or prevent any fraudulent activity.
  • Administrative or Legal Purposes: We use your data to perform statistical and marketing analysis, test systems, conduct customer surveys, perform maintenance and development operations, or to resolve a dispute or claim. Please note thatwe may perform data profiling based on data we have collected from you for the purpose of statistical and marketing analysis. Any profiling activity will be carried out only with your prior consent and making every effort to ensure that all data on which it is based is correct. By providing us with any personal information, you explicitly agree that we may use it to conduct profiling activities in accordance with this Privacy Policy.
  • Security, health, administrative and crime prevention/detection reasons: we may provide your data to government authorities or law enforcement agencies in compliance with legal requirements.
  • CustomerService Communications: We use your data to manage our relationship with you as our customer and to improve our services and your experience with us.
  • Marketing: From time to time we will contact you via electronic communications to provide you with information regarding promotions and complementary products. However,you will have the option of accepting or rejecting such communications by indicating so at the time of booking. In all electronic communications we send you, you will also have the opportunity to indicate that you no longer wish to receive our direct marketing material.

We will only process your personal data when we have the legal basis to do so. The legal basis will depend on the reasons why we have obtained them and why we need to use your personal data.

We may also process your personal data for one or more of the following reasons:

  • To comply with alegal obligation
  • Because you have agreed that we may use your personal data (e.g. for marketing purposes).
  • To satisfy ourlegitimate interests in our operation (e.g., for administrative purposes).

Only children over the age of 16 (included) can give their own consent. For children under that age, the consent of the child’s parents or legal guardians is required.

We will not retain your data longer than is strictly necessary to fulfill the purposes for which it is being processed. In determining the appropriate retention period, we will take into account the amount, nature and confidentiality of personal data, the purposes for which we treat them and whether we can achieve those purposes through other means.

We must also take into account periods during which it may be necessary to retain personal data in order to fulfil our legal obligations (e.g. in connection with complaints) or to resolve complaints or queries and to protect our legal rights in the event of a complaint.

When we no longer need your personal data, we will securely delete or destroy it. We will also consider whether, over time, we may reduce the personal data we use and how we may do so, and whether we may make your personal data anonymous so that they can no longer be associated with or identify you, in which case we may use such information without notice.

SECURITY OF YOUR PERSONAL DATA

We follow strict security procedures when storing and disclosing your personal data, as well as to protect it from accidental loss, damage or destruction. The data you provide to us is protected by SSL (Secure Socket Layer) technology. SSL is the industry standard method for encrypting personal data and credit card information so that it can be transferred securely over the Internet.

We may disclose your information to trusted third parties for the purposes set forth in this Privacy Policy. We require that all third parties have in place appropriate technical and operational security measures to protect your personal data, in accordance with The RGPD.

HOW IS YOUR PERSONAL DATA SHARED?

The entity guarantees the confidentiality of personal data. Nevertheless, the Company and/or Entity will reveal to the competent public authorities the personal data and any other information in its possession or accessible through its systems and required in accordance with the legal and regulatory provisions applicable to the case. Personal data may be stored in files owned by 48h-in-Spain SLU even after the relations formalised through the company’s website have ended, exclusively for the purposes indicated above and, in any case, during the legally established periods, at the disposal of administrative or judicial authorities.

No data will be transferred to third parties, unless legally obliged to do so. There are no plans to transfer data to third countries. No adequacy decisions, warranties, binding corporate standards or specific applicable situations are made.

YOUR DATA PROTECTION RIGHTS

Under certain circumstances, by law you have the right to:

– Request information about whether we have personal data about you and, if so, what that data is and why we have or are using it.

– Request access to your personal data (a request commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and to check that we are treating them lawfully.

– Request the correction of personal data we have about you. This allows you to correct any incomplete or incorrect information we have about you.

– Request the deletion of your personal data. This allows you to ask us to delete or erase your personal data when other legitimate reasons for further processing do not prevail. You also have the right to ask us to delete or erase your personal data when you have exercised your right to object to the processing (see next section).

– ¢ Oppose the processing of your personal data when such processing is based on our (or a third party’s) legitimate interests and there is something about your particular situation that makes you want to oppose processing on that basis. You also have the right to object when we are processing your personal data for direct marketing purposes.

– To oppose automated decision making, including profiling, i.e. not to be the subject of any automated decision making by us using your personal data or profiling you.

– Request the limitation of the processing of your personal data. This allows you to ask us to suspend the processing of your personal data, for example, if you want us to determine its accuracy or the reason for processing it.

– Request the transfer to you or a third party of your personal data in an electronic and structured format (commonly known as the right to “data portability”). This allows you to take the data we have about you in a commonly used electronic format and to transfer your data to a third party in a commonly used electronic format.

– Withdraw your consent. In the limited circumstances in which you have given your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right at any time to withdraw your consent for that specific processing. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for continuing to do so in accordance with the law.

If you wish to exercise any of these rights, please contact by post or post, with our Manager: Identity: 48h-in-Spain SLU Dir Postal: C / PP Antoni Torrandel 1-7 – 07003 Palma – CIF: B57803603    Email: info@48h-in.de attaching in both cases photocopy of the ID of the client.

You will not have to pay any fees to access your personal data (or to exercise any other of your rights). However, we may charge you a reasonable fee if your request for access is unfounded or excessive. If not, in those circumstances, we may also deny your request.

We may need to ask you for specific information to help us confirm your identity and to ensure your right of access to the information (or to exercise any other of your rights). This is another appropriate security measure to ensure that personal data are not disclosed to anyone who is not entitled to receive them.

CHANGES TO THE PRIVACY POLICY

Our Privacy Policy is subject to change from time to time and any changes will be communicated to you via email or a notice on our website.