Privacy policy

In accordance with Article 13(1)–(2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1) — hereinafter the GDPR — we inform you that this document governs the rules for processing your personal data and using cookies in connection with the use of our website and contact by email or telephone.

Basic details:

• Website address: https://carlatravelservice.com/ (hereinafter the “website”)
• Controller of your personal data: Carla Travel S.L., AV. Gamonal 8, 29630 Benalmadena, NIF B16777906 (hereinafter the “controller”)
• Contact address: info@carlatravelservice.com

Short version — the key information:

• When you contact us, you provide us with your personal data, and we guarantee that your data will remain confidential and secure and will not be shared with any third parties without your explicit consent.
• We entrust the processing of personal data only to vetted and trusted entities providing services related to the processing of personal data.
• We use the Google Analytics tool, which collects information about website visits, such as subpages viewed, time spent on the site and movement between subpages. For this purpose, cookies from Google LLC relating to the Google Analytics service are used.
• We use our own cookies to ensure the website works correctly.

If the above information is not sufficient for you, further details are set out below:

§1. Personal data

1. A person visiting the website or contacting the Controller by email or telephone (hereinafter the “user”) may provide their personal data to the Controller through the available contact forms.
2. The controller of the User’s personal data is the Controller.
3. Data provided to the Controller is processed for the purposes specified in §2.
4. The Controller guarantees the confidentiality of all personal data provided to it.
5. Providing data is always voluntary but necessary for the User to make contact.
6. Personal data is collected with due diligence and appropriately protected against access by unauthorised persons.
7. The user’s personal data will be processed until our communication ends or, where cooperation is established, until the end of the limitation period for potential contractual claims. Data contained in invoices will be processed until the end of the period during which the law requires accounting records to be kept. In addition, some data may also be processed after the periods indicated above, for the duration of our business activity, for archival, analytical and statistical purposes described in more detail in §2.
8. The user has the following rights:
   • the right to request access to their data, to rectify, erase or restrict its processing,
   • the right to object to processing,
   • the right to data portability,
   • the right to withdraw consent to the processing of personal data for a specific purpose, if the User previously gave such consent,
   • the right to lodge a complaint with the supervisory authority in connection with the processing of personal data by the Controller.

§2. Purposes and legal bases of processing

Data is processed for the following purposes:

• replying to an enquiry received in connection with a request for such contact addressed to us — the legal basis for processing is the user’s consent arising from initiating contact with us (Article 6(1)(a) GDPR),
• archiving incoming and outgoing correspondence in case it is necessary to demonstrate its course, which is our legitimate interest (Article 6(1)(f) GDPR); if our contact leads to cooperation, the data will then be processed in order to perform the agreement concluded with us (Article 6(1)(b) GDPR),
• issuing invoices, keeping and storing accounting records (Article 6(1)(c) GDPR),
• archival (evidential) purposes in case of a legal need to demonstrate facts and for the possible establishment, pursuit or defence of claims, which is our legitimate interest (Article 6(1)(f) GDPR),
• analytical purposes, such as tailoring services to our clients, optimising our products or services based on client feedback, and optimising service processes based on the course of sales and after-sales service, which is our legitimate interest (Article 6(1)(f) GDPR),
• measuring customer satisfaction and determining the quality of our service, which is our legitimate interest (Article 6(1)(f) GDPR).

§3. Data recipients / processors of personal data

1. We may share the user’s personal data with our subcontractors, i.e. entities whose services we use when processing personal data.
2. The user’s personal data may be transferred to third countries (located outside the European Union). Appropriate data safeguards are ensured through an approved certification mechanism combined with the data recipient’s enforceable commitments to apply appropriate safeguards.
3. Below is a list of possible recipients of the User’s data:
   • persons cooperating on the basis of civil-law contracts who support the controller’s day-to-day operations,
   • the provider of accounting software,
   • the provider of project-management software,
   • the provider of an office software suite,
   • the company hosting the website on a server (hosting provider),
   • the company maintaining the controller’s email (email server provider),
   • the relevant public authorities, to the extent the Controller is obliged to disclose data to them.

§4. Cookies

Our website uses cookies, among other things to ensure the site works correctly, to create statistics and — after consent is given in the cookie banner — for analytical and advertising purposes. The detailed rules of their use (types of files, purposes and consent management) are described in the Cookie policy.

§5. Server logs

1. Using the website involves sending requests to the server on which the website is stored. Every request sent to the server is recorded in the server logs.
2. The logs include, among other things, the user’s IP address, the server date and time, and information about the web browser and operating system. The logs are saved and stored on the server.
3. The data saved in the server logs is not associated with specific persons using the website and is not used by us to identify the user.
4. The server logs are solely an auxiliary resource used to administer the website, and their content is not disclosed to anyone other than persons authorised to administer the server.