RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA:
The personal data controller is the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the processing. In this case, the details of the data controller are:
Identity: ROSAMAR SA
Company Tax No.: A-17/014630
Postal Address: Avinguda Pau Casals 8-10 de Lloret de Mar (17310)
Telephone: + 34 972 364 650
Email Address: firstname.lastname@example.org
Other Rosamar Group companies:
ROSAMAR SA as the data controller and person responsible for the website, in accordance with the legislation in force, and specifically, what is laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (GDPR), as well as Spanish Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce (LSSICE), you are informed that we have implemented appropriate technical and organisational measures in accordance with the state of the art and the cost of their implementation with regards to the risks and nature of the personal data processed to guarantee and protect the confidentiality, integrity and availability of the personal data.
Personal data is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. There is a wide range of information that can be classed as personal data, for example: name, contact details, identification number, computer IP address, etc. For further details about this information, you can consult the website of the Spanish Data Protection Agency or the website of the Catalan Data Protection Authority, among others.
“Processing” is defined as any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data.
PURPOSE OF PROCESSING OF DATA:
Why do we process personal data?
Personal data provided by data subjects will be processed for the following purposes:
The company informs you that it will not process your personal data for any purpose other than those listed in this section, except where there is a legal obligation or injunction. Personal data will not be subject to automated decision-making that produces legal effects for the data subject.
How long will we keep your personal data?
The personal data you provide will be stored for the time required to provide the service requested or contracted and for a maximum period of 5 years from the last confirmation by you of the existence of an interest in us keeping your data. This is without prejudice to possible longer retention for the purpose of compliance with possible legal obligations and for the exercise and monitoring of any legal and judicial actions that might be relevant. After the periods mentioned have elapsed, we will delete the personal data.
BASICS FOR PROCESSING OF DATA:
RECIPIENTS OF DATA TRANSFERS:
Personal data will be shared with other companies in the group of undertakings for purposes connected to the processing of the personal data of clients or users. In order to better deliver the services requested from us, we provide certain data to processors with which we have signed the corresponding contracts regarding data protection. In these cases, the data provided is only that strictly necessary for the specific activity to be performed. Services which can be processors include but are not limited to: suppliers of IT services, security companies, tax or legal advice, etc. This list is provided as an example and the company may use services from companies from other business sectors in order to provide quality services. Outside of these cases, no data transfer within or without the EU is foreseen. Information will also be provided to third parties if this is required by the regulations in force or when there is an injunction (public authorities, courts and tribunals, law enforcement agencies and security services, tax agency, etc.)
RIGHTS OF DATA SUBJECTS:
As a data subject you have the following rights:
HOW CAN YOU EXERCISE YOUR RIGHTS?
You can exercise your rights by writing to the postal address Avinguda Pau Casals 8-10 de Lloret de Mar (17310) or the email address email@example.com, with the subject “Personal Data”, attaching a photocopy of your identity document or any similar method established in law.
WHAT COMPLAINT PROCEDURES ARE AVAILABLE?
If the data subject believes his or her rights have not been appropriately respected, he or she has the right to present a claim with the Spanish Data Protection Agency or any competent supervisory authority.
What categories of personal data do we process?
Our company can process the following categories of personal data:
Personal data we collect automatically.
When the data subject visits our web pages, we collect certain information automatically, including whether he or she makes a booking or hires a service in the end. This information may include the IP address, the date and time when our services were accessed, information about the hardware, software or web browser used and the language selected, among others. This information allows us to improve the services and user experience of our website, and identify potential fraudulent use and attacks on the security of our website, as well as preparing statistics on the use and effectiveness of the website. This data will not be kept unless fraudulent use or an attack on the security of the website is detected. In no case will automated decision-making based on this information which produces legal effects for the user be used. For more information, see the cookies section.
Whenever the data subject makes a booking or contracts a service or product, he or she will be sent an email confirming the booking or contracting and giving information about it. In addition, we may contact the data subject for the purpose of informing him or her of any modification or news relating to it. Furthermore, the company may send commercial communications relating to the products or services it offers on condition that the data subject has expressly and specifically given consent for this by ticking the box provided for this purpose or by any express statement of consent for it. The data subject may withdraw his or her consent to receive any type of commercial communication at any time by sending a message in the terms stated in the “Rights of data subjects” section. In addition, this option will also be offered to the data subject in every commercial communication he or she receives via email or SMS.
PROVISION OF PERSONAL DATA BY MINORS:
The services offered through this website are only available to persons of legal age. Persons who are not of legal age must not provide personal data in the website.
LINKS TO THIRD-PARTY WEBSITES:
Our company uses social networks to publicise its services and products and share information and experiences with users and followers.
QUESTIONS AND DOUBTS:
By contracting our services with the "Stay safe with this travel insurance" you are authorizing us to transfer your personal data to the company FLEXMYROOM INSURETECH, S.L., domiciled in Benidorm (03503 – Alicante), Calle Gerona, 13, Local CA 18, and with CIF number B42687616, with the sole purpose of protecting your reservation enjoying the services and insurance products offered. Only the data strictly necessary for the activation of the insurance
(name and surname, identity number, postal address and contact information) will be transferred, in our common interest. This entity will cancel your personal data when the service has ended and the legally established deadlines have been met. You can exercise your rights of access, rectification, deletion, limitation of treatment, data portability, and opposition to treatment and not be subject to automated decisions at the email address firstname.lastname@example.org