Information on the processing of personal data
In compliance with the principles of lawfulness and transparency in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR), PROMOCIÓN EXTERIOR DE LANZAROTE with Tax Identification Number A35955798 and email address https://turismolanzarote.com/ informs you of the characteristics of the processing of personal data carried out under its responsibility:
Processing: (I) Web queries (II) Sending newsletters (III) Activities to promote tourism at the destination (IV) Management of the different tourism products (V) Presence on social networks (VI) Organisation of events (VII) Administrative management (VII) Invoicing, accounting, tax and commercial management (IX) Attention to the privacy rights of the data subjects.
Purpose: (I) Main contact channel for general enquiries that will subsequently be forwarded to the corresponding departments.
(II) Subscription management, mailing of the destination’s promotional Newsletter
(III) Activities to promote the destination as a tourist destination, such as attending trade fairs, organising tours for professionals or social media campaigns.
(IV) Actions necessary for the management of the different products, such as issuing filming permits, etc.
(V) Actions to promote the presence of the Lanzarote brand on social networks, sometimes sharing publications or stories from the profiles of third parties whose profiles are configured as public or without privacy limits when it comes to sharing content.
(VI) Organisation of musical, cultural, gastronomic or other events as a means of promoting the brand.
(VII) Administrative management of services requested by users, such as cash control and relationships with suppliers.
(VIII) Fulfilment of legal obligations regarding invoicing, accounting, tax and commercial actions.
(IX) Handling of requests for the exercise of rights related to personal data, as well as management of security breaches that may affect the rights and freedoms of data subjects.
Legitimation: (I) and (II) Consent of the data subject, (III), (IV), (VI) and (VII) Performance of the provision of services, (V) Legitimate interest and consent of data subjects, (VIII) Legal obligation, (IX) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data.
International Transfers and Safeguards: Data processed by Mailchimp is subject to additional security measures established through Standard Contractual Clauses: https://mailchimp.com/es/help/mailchimp-european-data-transfers/
Retention period: (I), (III), (IV), (VI), (VII) and (IX) The period necessary to deal with matters related to the services requested, normally two years. (II) and (V) Until the data subject withdraws consent, the revocation of which will have ex novo effects (from that moment onwards), although it should be borne in mind that the information uploaded onto the Internet is liable to fall outside the control of the data controller. (VIII) Six years.
The time necessary to meet the liabilities that may arise from all of the above processing.
Exercise of rights: You may exercise your right of access, rectification, suppression, limitation and opposition to processing, under the terms and conditions established in the GDPR, by sending a request by email to firstname.lastname@example.org indicating in all cases the Reference: “Data Protection” together with some means of accrediting your identity. You may also file a complaint with the Spanish Data Protection Agency, https://www.aepd.es/es, especially if your initial request has not been answered.