PRIVACY POLICY OF THE WEBSITE https://www.biztrip.es/

 

Identity of the person responsible for the processing of personal data

 

The person responsible for the processing of personal data is: Contracorriente Inversiones, S.L. with NIF/CIF: B84818111 (hereinafter, Data Controller). Its contact details are as follows:

 

Address: Calle San Marcos 9, Bajo Izquierda, Madrid

 

Contact telephone number: + 34 910.888.333

 

Contact email: info@biztrip.es

 

Data Protection Officer (DPD): Mr. Ignacio Vázquez Martínez C/ Constancia 13 Bajo B (Madrid 28.002). ignacio.vazquez@wedatalaw.com

 

Purposes of the processing of personal data

 

Personal data is collected and managed by Contracorriente Inversiones, S.L. in order to facilitate, expedite and fulfil the commitments established between the website and the user or to maintain the relationship established in the forms that the latter fills out or to respond to a request or query.

 

Likewise, the data may be used for the purpose of sending newsletters, as well as informative communications and/or advertising from Contracorriente Inversiones, S.L., as well as for carrying out satisfaction surveys and requesting reviews on those websites where the tourist apartments managed by the company are marketed. Satisfaction surveys, as well as the request for reviews on websites are completely voluntary for the user of the service.

 

Categories of personal data

 

The categories of data processed by Contracorriente Inversiones, S.L. The data used to manage the aforementioned treatments are:

 

Identification: Name, surname, ID or NIE, Passport, address, telephone, email, photographs or voice recordings.

 

Personal: Date and place of birth, age.

 

Economic-financial: Bank details, credit or debit card details.

 

IP address.

 

We inform you that the required data is essential to be able to carry out the requested services, and your refusal to provide them will imply the impossibility of carrying them out.

 

The information that the User provides to Contracorriente Inversiones, S.L. through the forms must be accurate and truthful. The user guarantees the authenticity of all the data that he/she communicates and will keep the information given to Contracorriente Inversiones, S.L. updated so that it corresponds, at all times, with the real situation of the User. In the event of inaccurate, incomplete or false statements communicated by the User, the latter will be solely responsible for any damages that may be caused to Contracorriente Inversiones, S.L. or third parties as a result.

 

Legal basis for the processing of personal data

 

The legal basis for the processing of personal data is the express and explicit consent given by the user in each case, which may be withdrawn at any time.

 

Regarding the management of the contracting of services, payment, billing, the basis for legitimation of the processing of your personal data is established in the need for such processing for the execution of the contract.

 

Regarding the processing of the following personal data: Name. First surname. Second surname. Sex. Identity document number. Document support number. Type of document (DNI, passport, TIE). Nationality. Date of birth. Place of habitual residence. – Full address. – Town. – Country. Landline telephone. Mobile telephone. Email. Number of travelers. Relationship between travelers (if any of them are minors); The legal basis is compliance with the provisions of Art. 4.1 of Royal Decree 933/2021, of October 26, which establishes the documentary and information registration obligations of natural or legal persons who carry out accommodation and motor vehicle rental activities and its Annex I.

 

Regarding the photographs of identity documents and/or passports, as well as “selfies”, to comply with the legal identification obligation contained in Art. 4.3 of the aforementioned Royal Decree 933/2021, of October 26 and 25.1 of Organic Law 4/2015, of March 30, on the protection of citizen security, all under the protection of Art. 9.2.g) of Regulation 2016/679/EU, of April 27, on Data Protection.

 

Regarding the sending of commercial communications and requests for satisfaction surveys, the legitimate basis consists of the legitimate interest of Contracorriente Inversiones, S.L. to improve the quality of the services provided, as well as to update information on the services provided by the company to its clients.

 

Personal data retention periods

 

Personal data will only be retained for the time minimum necessary for the purposes of its treatment and, in any case, until compliance with deadlines derived from legal, administrative or contractual obligations.

 

Recipients of personal data

 

The user’s personal data will be shared with the State Security Forces and Corps for police work and with the corresponding banking entities and payment platforms for billing and collection of the services provided.

 

 

The biometric data, photographs of identity documents or “selfies” necessary for the identification of the client at the time of the Check-in process will be transferred to the company VIPTHINK, S.L., domiciled in Pozuelo de Alarcón, plaza San Juan, number 2, 1º, right, C.P. 28224 and C.I.F. number B-87609418, in charge of managing the HoomVip APP for self check-in and opening of locks and doors of the accommodation. The client expressly agrees to this transfer of personal data.

 

Personal data of minors

 

In compliance with the provisions of articles 8 of the GDPR and 7 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights, only those over 14 years of age may give their consent for the lawful processing of their personal data by Contracorriente Inversiones, S.L. If the client is under 14 years of age, the consent of the parents or guardians will be required for the processing, and this will only be considered lawful to the extent that they have authorized it.

 

Confidentiality and security of personal data

 

Contracorriente Inversiones, S.L. The Data Controller undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, in order to guarantee the security of personal data and to avoid accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorised communication or access to such data.

 

Personal data will be treated as confidential by the Data Controller, who undertakes to inform and guarantee by means of a legal or contractual obligation that such confidentiality is respected by its employees, associates, and any person to whom it makes the information accessible.

 

Rights derived from the processing of personal data

 

The user may exercise the following rights recognised in the GDPR and in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the Guarantee of Digital Rights, against the Data Controller:

 

Right of access: is the right of the user to obtain confirmation of whether Contracorriente Inversiones, S.L.

 

Right to rectification: is the user’s right to have their personal data modified if it is found to be inaccurate or, taking into account the purposes of the processing, incomplete.

 

Right to erasure: is the user’s right, provided that current legislation does not establish otherwise, to obtain the erasure of their personal data when they are no longer necessary for the purposes for which they were collected or processed; the user has withdrawn their consent to the processing and there is no other legal basis for this; the user objects to the processing and there is no other legitimate reason for continuing with it; the personal data has been processed unlawfully; the personal data must be erased in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a minor under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its implementation, must adopt reasonable measures to inform the controllers who are processing the personal data of the interested party’s request to delete any link to that personal data.

 

Right to restriction of processing: is the user’s right to limit the processing of their personal data. The user has the right to obtain the restriction of processing when they contest the accuracy of their personal data; the processing is unlawful; the Data Controller no longer needs the personal data, but the user needs it to make claims; and when the User has objected to the processing.

 

Right to data portability: in the event that the processing is carried out by automated means, the user will have the right to request the restriction of processing.

DISCLAIMER: This is a translation of the official version and binding for contractual purposes of the text in Spanish and is merely informative and has no legal validity.