PRESENTATION AND RIGHT OF INFORMATION

The CONSORCIO DE TURISMO RIBEIRA SACRA takes the protection of your privacy and personal data very seriously. Therefore, your personal information is kept safe and treated with the utmost care.


This data protection policy regulates access and use of the website https://entradas.ribeirasacra.org/en (hereinafter, the "Web Platform"), of which the CONSORCIO DE TURISMO RIBEIRA SACRA (hereinafter, "CTRS") is the owner and that makes available to interested people (hereinafter, "Users"). Maintenance and management of that Web Platform, is in charge of the company PREMIUM PLANS SL (hereinafter the "Web Manager") with ID B32482069 and registered office at C/Bedoya 27 Bajo, Ourense, 32004, Galicia, Spain.


Our data protection policy is subject to Spanish and European legislation, being adapted to the requirements of:


RESPONSIBLE

  • Identity: CONSORCIO DE TURISMO RIBEIRA SACRA (CTRS)

  • ID: G27326131

  • Address: Plaza de Galicia, 1, 27500 CHANTADA (LUGO)

  • Telephone: +34 638 823 592

  • Email: turismo@ribeirsacra.org

  • DPO: No Delegate


PURPOSE

The information provided by the User can be used for one or more of the following purposes:

  • Customer, administrative, accounting and tax management. It includes the management of collections and payments, invoicing as well as consultancies, by the Web Manager. It also includes the management of the inputs by the Suppliers or in claims of the same. Necessary for the reservation of tickets.

  • Electronic commerce. It refers to the data transmissions necessary to process the requested reservation collection transactions, always in a secure environment (your information will not be sold, exchanged, transferred or delivered to any other company for any reason, without your consent, other than with the express purpose of providing the requested service). Necessary for the reservation of tickets.

  • Advertising and commercial prospecting. Sending newsletters about our services and news. We use software to send and manage these newsletters. To receive this type of information you have to expressly request it.

  • Statistical purposes. Own compilation of anonymous ticket sales statistics.

  • Health and safety purposes. To perform traceability of contacts if there is a User who has been diagnosed with COVID-19. It will be obligatory to provide the health authorities with the available information regarding the identification and contact details of the potentially affected people. Necessary for the reservation of tickets.


Conservation criteria: the personal data provided will be kept for the mandatory time according to applicable legal provisions. After such period, as long as its deletion is not requested by the interested party, we will keep them for legitimate statistical, historical or scientific purposes.


Any of the pieces of information that we collect from you anonymously during browsing can be used for one or more of the following purposes:

  • To improve the Web Platform, its navigation and usability. For this we use software that evaluates the interaction with our websites of users anonymously.

  • Statistical purposes. It has the purpose of both the analysis and the realization of statistics to know the traffic and use of the Web Platform by the Users, as well as to evaluate the web structure, the origin of the visits (never individually and/or identifiable ) and the effectiveness of marketing and promotional campaigns.


Conservation criteria: usability data is deleted once evaluated and the rest of the data will be kept for legitimate statistical, historical or scientific purposes.


LEGITIMATION

The legal basis for the treatment of your data is the execution of a contract and/or contractual obligations according to the general terms and conditions of contract that appear on the Web Platform.


The communication of personal data is a contractual requirement necessary to book tickets, the interested party is informed that he is obliged to provide personal data, and likewise that the consequences of not doing so, may suppose the non-provision of the requested service.


Certain treatment activities require your unequivocal consent.

  • The sending of "advertising and commercial prospecting" is based on the consent that is requested before finalizing a reservation, without in any case the withdrawal of this consent conditioning the execution of confirmed reservations. You can also expressly request the sending of this type of information through the Web Platform.


RECIPIENTS

The CTRS does not sell, exchange or transfer personal data to third parties. This does not include reliable third parties or subcontractors who manage or help us manage the Web Platform, such as the Web Manager.


Such trusted third parties may have access to personal data for information needs, and will be contractually bound to maintain confidentiality of the information.


1 - DATA COMMUNICATIONS

  • Web Manager - Responsible for the management and maintenance of the Web Platform.

  • Tax administration. In compliance with tax regulations.

  • Banks and Banking Entities. For management and collections of payments.

  • Management and Advisory. Support for the management of tax and legal obligations.

  • suppliers of services and/or contracted products. Necessary for reservations and execution of the contracted product and/or service.


2 - TRUSTED SUBCONTRACTORS/THIRD PARTIES

The CTRS contracts the services of the Web Manager for the management and maintenance of the Web Platform.


The Web Manager has a virtual server infrastructure that allows it to offer and sell tickets to Users, to access various resources in the Ribeira Sacra, which are managed by different suppliers. For this they use the services of Linode LLC, based in the USA, which complies with the RGPD, the HIPAA and PCI DSS security standards and is under the protection of the EU-US Privacy Shield agreement. More information here.


The Web Platform is stored on secure servers located in the US, but customer and supplier databases are stored on servers located in Europe, in order to comply with the GDPR regarding data protection.


Our online payments are processed through Ceca, which complies with the RGPD and ABanca, which complies with the RGPD .


They provide us with the online electronic commerce platform that allows us to sell our products and services to the User, in accordance with Directive (EU) 2015/2366 of the European Parliament and of the Council, of November 25, 2015 on payment services in the internal market , also known as PSD2 regulations.


Others

We also use the services of Google, Google LLC and subsidiaries under the EU-US Privacy Shield agreement . - See here more information about the management of your privacy. And those of The Rocket Science Group LLC d/b/a MailChimp also under the EU-US Privacy Shield agreement , see here more information about the management of your privacy.


3 - DISCLOSURE

We may disclose your personal information if required by law, to enforce the policies of the Web Platform, or to protect our rights (or that of others), our property or our security.


4 - OTHER INFORMATION ABOUT THIRD PARTY SERVICES

In general, the suppliers used by us will only collect, use and disclose your information when necessary to enable them to perform the services they provide to us.

However, some third-party service suppliers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we must provide to them for purchase-related transactions.


For these suppliers, we recommend that you read the privacy policies (section 2) so that you can understand how your personal information is handled.


Once you leave our website or redirect you to a third-party site or application, you are no longer regulated by this Privacy Policy or the Terms of Service of our website.


Links

By clicking on the links on our website, you may be redirected off of our site. We are not responsible for the privacy practices of other sites and we encourage you to read their privacy policy.


RIGHTS

The User can exercise the following rights:

  • Right to request Access to their personal data, and obtain information on whether we are treating personal data that concerns them or not. Being able to request a copy of the complete data at any time.

  • Right to request the Rectification of inaccurate data, or where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.

  • Right to request the Limitation of the Treatment of your Data, in which case we will only keep them for the exercise or defense of claims.

  • Right to request Opposition to the Treatment of your Data, in certain circumstances and based on reasons related to your particular situation.

  • Right to the Portability of your Data.

  • Right to Withdraw the Provided Consent, without said withdrawal affecting the legality of the previous treatments based on said consent.

  • Right to claim to the competent Control Authority in Data Protection through its website: www.agpd.es.


You can direct your communications and exercise your rights at the email address turismo@ribeirasacra.org, or by ordinary mail addressed to:


  • CONSORCIO DE TURISMO RIBEIRA SACRA Estrada a Nogueira, nº 3 - Luintra, 32160 Nogueira de Ramuín - OURENSE (Spain )


In order to exercise these rights, it is necessary to prove your identity by sending a photocopy of your National Identity Document / Passport or any other valid document in the Law.


PROVENANCE OF DATA

The personal data that we treat at CTRS comes directly from the User, obtained through any of the following means: ticket reservation forms located on our Web Platform, email or telephone.


The categories of data that are processed are:

  • Identification data (name and surname, ID / passport / CIF)

  • Postal and / or electronic addresses

  • Telephone


No specially protected data is processed.


The rest of the data comes from the user's navigation when the cookies are accepted, being anonymous data for statistical purposes.


NOTICE OF VIOLATION OF PERSONAL DATA

In the event that your data is compromised, CTRS will notify you and the competent supervisory authorities within 72 hours by email with information about the scope of the violation, the data affected, any CTRS service impact and action plan with measures to protect data and limit any possible negative effects on data subjects.


The "personal data breach" refers to a security breach that leads to the destruction, loss, alteration, unauthorized disclosure or access, accidental or illegal, to the personal data transmitted, stored or processed related to the provision of the Service.


MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER AND ACCURACY OF THE DATA

The User guarantees that the personal data provided is true and is responsible for communicating to CTRS of any modification thereof. The User will be responsible, in any case, for the veracity of the data provided, and CTRS keeps the right to exclude from the registered services any User who has provided false information, without prejudice to other actions that may be in Law. It is recommended to have the maximum diligence in data protection through the use of security tools, and CTRS is not responsible for the theft, modification or loss of illegal data.


CHANGES

CTRS keeps the right to revise its Privacy Policy at the time it deems appropriate, in which case Users will be notified. For this reason, please review this privacy statement regularly to read the latest version of the CTRS Privacy Policy.


ACCEPTANCE AND CONSENT

The User declares to have been informed of the conditions of protection of personal data, accepting and authorizing the automated treatment of it by CTRS, in the manner and for the purposes indicated in this Privacy Policy.


LAST REVIEW AND VALIDITY PERIOD

This Privacy Policy is valid from July 1st, 2020, until the publication of the next update.


Cookies Policy

Cookies policy for this Web Platform owned by CTRS.


1. What are cookies?

Cookies are small data files that are downloaded and stored in the terminal (computer / smartphone / tablet or any other device) of the user when accessing a particular website. This allows the website to remember browsing preferences and navigate efficiently, facilitating and improving the interaction between the user and the website.


The information collected by cookies is anonymous and does not contain confidential information (such as name, address and bank details).


2. What are cookies used for?

The Web Platform uses cookies or other information storage and retrieval devices to track user interactions with the products and services offered on the website.


We inform you that in entradas.ribeirasacra.org we use cookies in order to facilitate the user's next visit and make the website or applications more useful.


3. Types of Cookies

Below we offer information on the types of cookies we use and their purpose:


According to the duration, we can classify cookies as:

  • Session cookies: they are a type of cookies designed to collect and store data while the user accesses to a web page. These cookies are stored in the terminal until the user's browsing session ends.

  • Temporary cookies: these types of cookies store data even after the user has left the site. These types of cookies are used, for example, to store and remember the user's browsing preferences. Temporary cookies expire once they achieve their goal or when they are manually disabled.

  • Permanent cookies: these are a type of cookie in which the data continues to be stored in the terminal and can be accessed and processed during a period defined by the entity responsible for the cookie, and this can last from a few minutes to several years.


According to its objective, we can classify the cookies as:

  • Own cookies: they are those that are sent to the user's terminal from entradas.ribeirasacra.org.

  • Third-party: these are cookies that are sent to the user's terminal from a computer or a domain that is not managed by CTRS, but by another entity that processes the data obtained through cookies. As these are third parties that carry out the implementation of cookies, the blocking and uninstallation of cookies is regulated by the conditions and specific mechanisms of the third party.

  • Analytical: these cookies allow us to quantify the number of users and also perform statistical measurements and analyzes on the use of our website by our users. To do this, browsing our website is analyzed with the aim of improving it.

  • Behavioral advertising: these cookies store information on user behavior obtained through continuous observation. Thanks to this, we can learn about Internet browsing habits and show you advertising related to your browsing profile.


4. Cookie management

You can allow, block or disable the cookies installed on your device through the settings of your Internet browser options. In case of blocking them, it is possible that certain services that need their use are not available to you in entradas.ribeirasacra.org


In the following links, you have all the information available to configure or deactivate your cookies in your browser:

  • Google Chrome: https: //support.google.com/chrome/answer/95647

  • Mozilla Firefox: https://support.mozilla.org/es/kb/habilitar-y-deshabilitar-cookies-sitios-web-rastrear-preferencia

  • Safari: https: / /support.apple.com/kb/PH19214?locale=es_ES


CTRS can modify this Cookies Policy in accordance with regulatory or legislative requirements, or in order to adapt this policy to the instructions issued by the Spanish Agency for Data Protection .

In the event that significant changes are made to this Cookie Privacy, we will notify users through a message on the websites managed by CTRS


ACCEPTANCE OF COOKIES

If you continue browsing, we understand that you accept the use of cookies by the Web Platform.


We inform you that in the case of blocking or not accepting the installation of cookies, certain services may not be available without the use of these or you may not be able to access certain services or take full advantage of everything that this website offers you.


For more information, you can consult the guide on the use of cookies by the Spanish Agency for Data Protection.


LAST REVISION OF THE COOKIES POLICY

July 1st, 2020