Privacy Policy

Active Tourism Málaga TA | MA | 0066
C/ Cerro del Aguila, 41
29740 Torre del Mar, Málaga
Nuria Montoya Ortega 45297351X

Types of data collected

Modality and place of the processing of the Data collected

Cookie Policy

More information for users in the European Union

Additional information on data collection and processing

Definitions and legal references

Types of data we collect

The Data Controller does not provide a list of categories of Personal Data collected.

Full information concerning each category of Personal Data that is collected is provided in the sections of this privacy policy dedicated to that purpose or through specific explanatory texts displayed prior to the collection of such Data.
Personal Data may be freely provided by the User or, in the case of Usage Data, will be collected automatically when using this Application.
Unless otherwise stated, all Data requested by this Application are mandatory and refusal to provide them may make it impossible for this Application to proceed with the provision of its services. In cases where this Application specifically indicates that certain Data are not mandatory, Users are free not to provide such Data without this having any consequence on the availability or operation of the Service.
Users who are in doubt as to which Data are mandatory may contact the Owner.
The use of Cookies – or other tracking tools – by this Application or by the owners of third party services used by this Application is for the purpose of providing the Service requested by the User, in addition to any other purposes described in this document and in the Cookies Policy.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through this Application.

Modality and place of the processing of the Data collected

Treatment Modalities

The Data Controller shall process Users’ Data in an appropriate manner and shall adopt appropriate security measures to prevent unauthorised access, disclosure, alteration or destruction of the Data.
The processing of Data shall be carried out by means of computers and/or IT tools, following organisational procedures and modalities strictly related to the stated purposes. In addition to the Data Controller, in some cases the Data may be accessed by certain categories of authorised persons related to the operation of this Application (administration, sales, marketing, legal and systems administration departments) or by external contractors providing services to the Data Controller (such as external technical service providers, courier companies, hosting companies, IT companies, communication agencies) who will be appointed by the Data Controller as Data Processors, if necessary. An updated list of such persons may be requested from the Data Controller at any time.

Place

The Data is processed at the Data Controller’s offices, as well as at any other location where the parties involved in such processing are located.
Depending on the location of the Users, transfers of Data may involve the transfer of Users’ Data to a country other than their own. For more information on the place of processing of such transferred Data, Users may refer to the section containing details on the processing of Personal Data.

Conservation period

Unless otherwise stated herein, Personal Data will be processed and retained for as long as necessary and for the purpose for which it was collected and may be retained for a longer period due to a relevant legal obligation or on the basis of the consent of the Users.

Cookie Policy

This Application uses Trackers. For more information, Users can consult the Cookie Policy.

More information for users in the European Union

Legal basis for processing

The Data Controller may process the User’s Personal Data, if one of the following conditions is met:

  • Where Users have given their consent for one or more specific purposes.
  • When the collection of Data is necessary for the performance of a contract with the User and/or any other pre-contractual obligation of the User;
  • When the processing is necessary for the fulfilment of a legal obligation of obligatory compliance by the User;
  • Where the processing is related to a task carried out in the public interest or in the exercise of official powers vested in the Data Controller;
  • Where the processing is necessary for the purposes of a legitimate interest pursued by the Data Subject or a third party.

In any case, the Data Controller is at his disposal to define the specific legal bases that apply to the processing and in particular, whether the collection of the Personal Data is a contractual or statutory requirement or a necessary requirement to conclude a contract.

More information on retention time

Unless otherwise stated herein, Personal Data will be processed and retained for as long as necessary and for the purpose for which it was collected and may be retained for a longer period due to a relevant legal obligation or on the basis of the consent of the Users.

Therefore:

  • Personal Data collected for the conclusion of a contract between the Data Controller and the User shall be retained as such until such contract has been fully concluded.
  • Personal Data collected in the legitimate interest of the Data Controller shall be retained for the time necessary to fulfil that purpose. Users can find specific information related to the legitimate interest of the Data Controller by consulting the relevant sections of this document or by contacting the Data Controller.

The Data Controller may retain Personal Data for an additional period where the User consents to such processing, provided that such consent remains valid. In addition, the Data Controller may be obliged to retain Personal Data for an additional period if this is necessary for compliance with a legal obligation or by order of an authority.

Once the retention period has expired, the Personal Data must be deleted. Therefore, the rights of access, deletion, rectification and data portability may not be exercised after the expiry of the retention period.

Users’ rights based on the General Data Protection Regulation (GDPR)

Users may exercise certain rights in relation to their Data that are processed by the Data Controller.

In particular, Users are entitled to do the following, to the extent permitted by law:

  • Withdraw their consent at any time. Users have the right to withdraw their consent when they have previously given it for the processing of their Personal Data.
  • Objection to the processing of their Data: Users have the right to object to the processing of their Data if such processing is carried out on a legal basis other than consent.
  • Access to their Data: Users have the right to know whether their Data are processed by the Data Controller, to obtain information on certain aspects of the processing, as well as to obtain a copy of the Data undergoing processing.
  • Verify and request rectification: Users have the right to verify the accuracy of their Data and request that it be updated or corrected.
  • Limit the processing of their Data: Users have the right to limit the processing of their Data. In that case, the Data Controller will only process their Data for the purpose of storing them.
  • Erasure or deletion of Personal Data: Users have the right to obtain the deletion of their Personal Data by the Data Controller.
  • Receive their Data and transfer it to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically possible, to have it transferred to another controller without hindrance.
  • Users have the right to lodge acomplaint with the competent authority for the protection of Personal Data.

Users shall also have the right to know the legal basis for transfers of Data abroad, including to any international organisation governed by public international law or consisting of two or more countries, such as the UN, and to know the security measures taken by the Data Controller to safeguard their Data.

Information on the right to object to processing

Where the processing of Personal Data is carried out in the public interest, in the exercise of public powers vested in the Data Controller or on the grounds of a legitimate interest pursued by the Data Controller, Users may object to such processing by providing a reason related to their particular situation to justify their objection.

Users should be aware, however, that in the event that their Personal Data are processed for direct marketing purposes, they may object at any time to such processing, free of charge and without justification. As soon as the User objects to the processing for direct marketing purposes, the Personal Data may no longer be processed for such purposes. To find out whether Users’ Personal Data are being processed by the Data Controller for direct marketing purposes, Users should refer to the relevant sections of this document.

How to exercise these rights

Any request to exercise the User’s rights may be addressed to the Owner through the contact details provided in this document. Such requests are free of charge and the Owner will respond to them as soon as possible and always within one month, providing Users with the information required by law. The Data Controller shall communicate any rectification or erasure of Personal Data or limitation of processing to each recipient, if any, to whom the Personal Data has been communicated, unless this is impossible or would require a disproportionate effort. Upon request, the Data Controller shall inform Users about such recipients.

Additional information on data collection and processing

Legal defence

The User’s Personal Data may be used for the legal defence of the Data Subject in court or in the judicial phases prior to a possible lawsuit arising from the improper use of this Application or the related Services.
The User declares to be aware that the Data Subject may be required by public authorities to disclose Personal Data.

Additional information about the User’s Personal Data

In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information relating to specific Services or to the collection and processing of Personal Data.

System log and maintenance

For operation and maintenance purposes, this Application and any other services provided by third parties that are used may collect a system log, i.e. files that record interaction with this Application and that may contain Personal Data, such as the User’s IP address.

Information not contained in this privacy policy

Additional information about the collection and processing of Personal Data may be requested from the Data Controller at any time. The contact information is indicated at the beginning of this document.

Modification of this privacy policy

The Owner reserves the right to modify this privacy policy at any time by notifying Users through this page and, if possible, through this Application and/or if technically and legally possible by notifying Users directly, in case the Owner has the necessary contact information for this purpose. It is strongly recommended that you check this page frequently, taking as a reference the date of the last update indicated at the bottom of the page.

In the event that the changes affect the processing activities carried out on the basis of the User’s consent, the Data Controller shall, if necessary, obtain the User’s new consent.

Definitions and legal references

Personal Data (or Data)

Personal data is any information which, directly, indirectly or in conjunction with other information – including a personal identification number – makes it possible to identify a natural person.

Usage Data

The information collected automatically by this Application (or by third party services used by this Application), may include: the IP addresses or domain names of the computers used by the User connecting to this Application, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used to make the request to the server, the dimensions of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various time coordinates of the visit (e.g., time spent on each page) and details of the visit (e.g., time spent on each page).), the country of origin, the characteristics of the browser and operating system used by the visitor, the various time coordinates of the visit (e.g. the time spent on individual pages) and details of the path followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the operating system and the User’s computer environment.

User

The individual using this Application, who, unless otherwise indicated, must be the same as the Stakeholder.

Interested

The natural person to whom the Personal Data refers.

Data Processor (or Processor)

The natural or legal person, public administration, agency or any other institution, which processes the Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Data Controller)

The natural or legal person, public administration, agency or any other institution, acting alone or jointly with others, that determines the purposes and measures of the processing of Personal Data, including the security measures relating to the operation and use of this Application. Unless otherwise specified, the Controller is the Data Controller of this Application.

This Application

The means by which the User’s Personal Data has been collected and processed.

Service

The service provided by this Application, as described in the legal definitions and references (where available) and on this page or application.

European Union (or EU)

Unless otherwise stated, all references to the European Union in this document include all current Member States of the European Union and the European Economic Area.