At Garum Travel we are especially aware of the importance of maintaining the confidentiality of the personal data provided to us through the website. Through this policy, we inform users about data protection matters, as well as the rights that apply to them.

Therefore, pursuant to the General Data Protection Regulation of the European Union (GDPR), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, and in accordance with the principle of transparency, we make relevant information available to you regarding the processing of personal data, in order to inform you at all times about how we process data, for what purpose, and the corresponding rights.

Data Controller:

ESCUELA DE GASTROTURISMO GARUM SL (hereinafter, THE CONTROLLER), with Tax ID (CIF): B23958887 and registered office at: Calle C. de Alba y Aliste No. 2, 49007 Zamora, Spain.
Email: info@garumtravel.com

Data Protection Officer (DPO) contact: No Data Protection Officer has been appointed; however, you may contact us through any of the means indicated above.

Data Collection:

THE CONTROLLER has obtained the personal data to be processed through different channels:
– Voluntarily provided by the data subject, either through web forms, email, telephone or contract, for the purpose of requesting any type of information or the formalization and/or acquisition of services or products.
– From publicly accessible sources and/or public records, provided that THE CONTROLLER has a legitimate interest in doing so.

Purpose of Data Processing:

THE CONTROLLER will process your data in order to respond to requests made through this website. Additionally, if you give your consent to receive commercial communications, promotions and information of interest, you may be sent commercial and/or advertising information through the usual communication channels.

However, such consent may be withdrawn at any time through the means provided for this purpose. We will process your data for commercial, administrative, accounting and tax management, in accordance with current regulations and based on the information provided and the authorization granted.

Data Retention:

The personal data provided will be retained for as long as the relationship with the entity is maintained and deletion is not requested by the data subject. Data will be kept in accordance with the legally established periods and depending on the purpose for which it was collected.

In the event that the data subject has voluntarily subscribed to any type of commercial communications, newsletter, advertising, etc., the data will be retained until the data subject unsubscribes from such communications.

Lawful Basis for Processing:

The legal basis for the processing of personal data by THE CONTROLLER is supported by:
– The mere request by the data subject for any type of information.
– Possible subscription to receive commercial communications through express consent.
– The formalization of a commercial relationship resulting from the acquisition of products and/or services.
– Lawful basis based on the performance of a contract.

Recipients:

For the duration of the processing of the data subject’s data, THE CONTROLLER will not transfer the data to third parties, unless there is a legal obligation to do so.

In cases where third-party services are used for administrative, tax, accounting and/or commercial processing, the corresponding data processing agreement will be duly formalized, in order to guarantee the security and confidentiality of the data subject’s data vis-à-vis third parties.

Rights:

The data subject, in relation to their personal data, may freely and free of charge exercise the following rights:
– Right of access to their personal data.
– Right to rectification of their personal data when it is incomplete or inaccurate.
– Right to erasure of their personal data when it is no longer necessary for the purposes for which it was collected.
– Right to restriction of processing of all or part of their data.
– Right to object to processing.
– Right to data portability.
– Right to withdraw previously given consent.

If you believe that your rights regarding the protection of your personal data have been violated, especially when you have not obtained satisfaction in the exercise of your rights, you may file a complaint with the competent Data Protection Supervisory Authority.

Supervisory Authority:

If you require more information and/or assistance, in addition to what we can and wish to provide, regarding Data Protection, you should know that the supervisory authority in Spain that ensures compliance with data protection regulations and guarantees and safeguards the fundamental right to the protection of personal data is:

Spanish Data Protection Agency (AEPD)
C/ Jorge Juan No. 6
28001 – Madrid
901 100 099 – 912 663 517
www.agpd.es

You may also contact them through the corresponding online form.

The AEPD informs and assists citizens in exercising their rights, and also helps companies comply with the obligations established by law.

As the holder of your own data, the AEPD safeguards the exercise of the rights of access, rectification, erasure, restriction, portability and objection when these have not been adequately addressed, and guarantees the right to data protection against actions that may be contrary to the law.