Botiga online

Privacy Policy

KAYAKING COSTA BRAVA, S.L. is committed to protecting the privacy of users who access this website and/or any of its services. The use of the website and/or any of the services offered by KAYAKING COSTA BRAVA, S.L. implies the user’s acceptance of the provisions contained in this Privacy Policy and that their personal data will be processed as stipulated herein. Please note that, although there may be links from our website to other websites, this Privacy Policy does not apply to other companies or organisations to which the website is redirected. KAYAKING COSTA BRAVA, S.L. does not control the content of third-party websites and accepts no responsibility for the content or privacy policies of such websites.

1) OWNER INFORMATION

In compliance with Article 10 of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, the identification details of the Owner are provided below:

Web:

WWW.KAYAKINGCOSTABRAVA.COM

Owner:

KAYAKING COSTA BRAVA, S.L.

Address:

CARRER ENRIC SERRA 42. 17130-L’ESCALA

VAT NUMB.

ESB55291355

Phone:

972773806

E-mail

Registration details:

Commercial Registry of Girona, Book 3143, Page 122, Sheet GI-62100, Entry 2017/314 dated March 15, 2017.


2) APPLICABLE LAWS

This Privacy Policy has been drafted in accordance with the current Spanish and European legislation on personal data protection on the internet. In particular, it complies with the following regulations:

– Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).

– Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights (LOPDGDD).

– Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).

3) PRIVACY QUESTIONS

In compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 (GDPR) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights, we provide the following information regarding the processing of personal data you may provide to us:

Data Controller:
KAYAKING COSTA BRAVA, S.L.
Our details can be found at the top of this legal notice.

Personal Data Registration
In compliance with the GDPR and the LOPDGDD, we inform you that the personal data collected by KAYAKING COSTA BRAVA, S.L., through the forms provided on its web pages, will be incorporated into and processed in our database in order to facilitate, expedite and fulfil the commitments established between KAYAKING COSTA BRAVA, S.L. and the User or to maintain the relationship established in the forms they fill out, or to respond to a request or inquiry. Likewise, and unless the exception set forth in Article 30.5 of the GDPR applies, a record of processing activities is maintained, specifying, according to its purposes, the processing activities carried out and the other circumstances established in the GDPR.

Legal Basis for Processing
The legal basis for the processing of personal data is consent. KAYAKING COSTA BRAVA, S.L. undertakes to obtain the User’s express and verifiable consent for the processing of their personal data for one or more specific purposes.

The User will have the right to withdraw their consent at any time. Withdrawing consent will be as easy as giving it. As a general rule, the withdrawal of consent will not affect the use of the website.

In cases where the User must or may provide their data through forms to make inquiries, request information, or for reasons related to the content of the website, they will be informed if completing any of these forms is mandatory due to being essential for the correct execution of the operation performed.

Other legal bases:

  • Compliance with legal obligations.

  • Legitimate interest: sending our own advertising.


Categories of data
The categories of data processed by KAYAKING COSTA BRAVA, S.L. are solely identifying data. No special categories of personal data, as defined in Article 9 of the GDPR, are processed.

Retention period
Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: The time necessary to manage your information requests and service bookings or product purchases. Data will also be properly blocked once no longer necessary for their original purposes and retained for the time required for legal matters, or until the User requests its deletion, opposition, or limitation of processing. However, certain identifying and traffic data will be kept for a maximum of 2 years if required by judges and courts or to initiate internal actions resulting from misuse of the website.

When personal data is obtained, the User will be informed of the period during which their personal data will be retained or, when this is not possible, the criteria used to determine this period.

We also inform you that our information retention policies comply with the time limits set by different legal responsibilities for limitation purposes:

a) General Rule:
Under Article 30 of the Commercial Code, unless otherwise specified, all company documents and/or information will be retained for 6 years. This includes all accounting, tax, labor, or commercial documentation, including correspondence.

b) Specific periods:
Our company also sets minimum retention periods depending on the type of data processed and the various limitation periods, which must be known by each department.

No automated decision-making will take place that produces legal effects on your data.

Purposes of Processing

We detail below the purposes of the data processing activities carried out:

  • CUSTOMER MANAGEMENT: To provide the contracted services within the normal business activity and to invoice them. The data provided will be kept for as long as the business relationship is maintained or for the years necessary to comply with legal obligations.

  • QUOTATION MANAGEMENT: To send potential clients quotations for services and/or products. The data provided will be kept until the data subject requests the cessation of this processing.

  • PROSPECT MANAGEMENT: To send people with a legitimate interest information related to our products and services by any available means, and to invite them to events of their interest. The data provided will be kept until the data subject requests the cessation of this processing and will be collected with prior express consent.

  • EVENT ORGANISATION: To organise events (courses, talks, competitions and other outreach activities) by any of the Data Controllers. The data provided will be kept until the data subject requests the cessation of the activity or for the years necessary for the justification of the activity.

  • OFFER MAILING: If you are a customer of the Data Controller and subject to the offers policy, you will periodically receive, at the start of each promotion, an advertising email indicating the products on offer and their prices, along with a link to download them for your own promotion if desired.

  • NEWSLETTER: We use your data to send you our newsletter with news and topics of interest whenever you give us your consent.


Data Recipients

The User’s personal data will not be shared with third parties. In any case, when personal data is obtained, the User will be informed about the recipients or categories of recipients of the personal data.

Children’s Personal Data

In accordance with Articles 8 of the GDPR and 7 of Organic Law 3/2018, of December 5, only individuals over 14 years old can lawfully give their consent for the processing of their personal data by KAYAKING COSTA BRAVA, S.L.. If the individual is under 14 years of age, parental or guardian consent will be required, and processing will only be lawful if authorised by them. If not, the legal representative must inform us as soon as possible.

Rights related to the processing of personal data

The User may exercise the following rights before the Data Controller, as recognised in the GDPR and Organic Law 3/2018:

  • Right of access: The right to obtain confirmation as to whether KAYAKING COSTA BRAVA, S.L. is processing their personal data and, if so, to obtain information about such data and processing.

  • Right to rectification: The right to have inaccurate or incomplete personal data corrected.

  • Right to erasure (“right to be forgotten”): The right to have personal data deleted when no longer necessary for the purposes collected, when consent is withdrawn, when processing is unlawful, or in other cases provided by law.

  • Right to restriction of processing: The right to request the limitation of data processing in certain cases (e.g., disputing accuracy, unlawful processing, legal claims).

  • Right to data portability: If processing is carried out by automated means, the right to receive personal data in a structured, commonly used and machine-readable format and to transmit it to another controller, where technically feasible.

  • Right to object: The right to object to the processing of their personal data.

  • Right not to be subject to automated decision-making, including profiling.

Finally, data subjects have the right to file a complaint with the competent Supervisory Authority (AEPD) if they consider that their personal data is being processed in breach of current regulations.

You may exercise these rights by sending us a written request, along with a copy of a document identifying you, to our postal address or email address indicated at the beginning of this text.


4) PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The processing of users’ personal data will be subject to the following principles, as set out in Article 5 of the GDPR and Articles 4 and following of the LOPDGDD:

  • Lawfulness, fairness, and transparency: User consent will always be required, following transparent information about the purposes of data collection.

  • Purpose limitation: Personal data will be collected for specific, explicit, and legitimate purposes.

  • Data minimisation: Only the strictly necessary personal data will be collected.

  • Accuracy: Personal data must be accurate and kept up to date.

  • Storage limitation: Data will be kept only for as long as necessary for processing purposes.

  • Integrity and confidentiality: Data will be processed to guarantee its security and confidentiality.

  • Accountability: The website controller will maintain sufficient technical and logistical means to ensure compliance with all applicable principles.


5) WHAT SECURITY MEASURES DO WE APPLY?

In compliance with Article 32 of the GDPR, we have adopted the necessary technical and organisational measures to ensure a level of security appropriate to the risk, with mechanisms that guarantee the confidentiality, integrity, availability, and resilience of processing systems and services.

Some of these measures include:

  • Informing staff of data processing policies.

  • Regular backups.

  • Access controls to data.

  • Regular verification, evaluation, and assessment processes.

6) CONFIDENTIALITY AND SECURITY OF PERSONAL DATA

KAYAKING COSTA BRAVA, S.L. undertakes to adopt technical and organisational measures appropriate to the level of risk to prevent the destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

The website has an SSL (Secure Socket Layer) certificate to ensure that personal data is transmitted securely and confidentially, with all data transferred between the server and the User being fully encrypted.

However, since KAYAKING COSTA BRAVA, S.L. cannot guarantee the absolute security of the internet or the total absence of hackers, the Data Controller undertakes to inform the User without undue delay of any personal data breach likely to result in a high risk to the rights and freedoms of natural persons.

Personal data will be treated as confidential, and KAYAKING COSTA BRAVA, S.L. will ensure that this confidentiality is respected by employees, partners, and any person with access to the information.

7) LINKS TO THIRD-PARTY WEBSITES

The website may contain links to third-party websites not operated by KAYAKING COSTA BRAVA, S.L.. The owners of those websites will have their own privacy policies and will be responsible for their own data protection practices.

8) ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY

The User must have read and agree with the conditions on the protection of personal data contained in this Privacy Policy, as well as accept the processing of their personal data so that the Data Controller may proceed with it in the manner, for the periods and for the purposes indicated.

The use of the website implies acceptance of this Privacy Policy.

KAYAKING COSTA BRAVA, S.L. reserves the right to modify its Privacy Policy, either due to its own decision or a legislative, jurisprudential, or doctrinal change from the Spanish Data Protection Agency. Changes or updates will not be explicitly notified to the User. Users are advised to periodically review this page to be aware of the latest changes.

 

Last update: 15/02/23