Privacy Policy

CORDOBA EMBRUJADA SL provides you, through the websites andaluciapie.es, cordobapie.es, sevillapie.es, malagapie.es and granadatours.com.es, with this privacy policy in order to inform you, in a detailed manner, about how we process your personal data and how we protect your privacy and the information you provide to us. Should any future modifications be introduced, we will inform you through the website or through other means, so that you may be aware of the new privacy conditions.

In compliance with Regulation (EU) 2016/679, General Data Protection Regulation (GDPR), and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights, we inform you of the following:

Data Controller

Owner: CORDOBA EMBRUJADA SL
Tax ID (NIF): B14993489
Registered address: Plaza de Los Carrillos, 5 – 14001, Córdoba
Telephone: 625085254
Email: administracion@cordobaembrujada.com
Websites: andaluciapie.es, cordobapie.es, sevillapie.es, malagapie.es and granadatours.com.es

For what purpose do we process your personal data?

We generally collect and process your personal information in order to manage the relationship we maintain with you, with the main identified purposes being the following:

• Management and provision of the services offered by our company

• Handling requests for information, suggestions, and complaints that you may submit

• Keeping you informed about events, offers, products and services that may be of interest to you through various communication channels, provided that you have given your consent

• Management of employment relationships, in the case of our employees

• Management of the commercial relationship maintained with our suppliers

• Management of personnel recruitment

• Guaranteeing the security of individuals and facilities

How do we collect your information?

We collect your personal information through various means, but you will always be informed at the time of collection through information clauses regarding the data controller, the purpose and legal basis of the processing, the recipients of the data, the retention period, and the way you can exercise your data protection rights.

In general, the personal information we process is limited to identification data (name and surname, date of birth, address, ID number, telephone number and email), contracted services, and payment and billing details.

We obtain data from potential customers/users relating to identification (name, surname, ID number, postal address, telephone, email), professional data (position, place of work, business sector), directly from them when they request information or submit enquiries.

In cases of personnel management and recruitment, we collect academic and professional data in order to fulfil obligations arising from maintaining the employment relationship or, where appropriate, for the purpose of joining our workforce.

We use social networks, which is another way of reaching you. The information collected through the messages and communications you publish may contain personal data that is publicly available online. These social networks have their own privacy policies explaining how they use and share your information, which we recommend reviewing before using them to ensure you agree with how your information is collected, processed and shared.

Through our website we collect personal information related to your browsing through the use of cookies. To clearly and precisely understand the cookies we use, their purposes, and how you can configure or disable them, please consult our Cookie Policy.

In addition, our facilities are equipped with a video surveillance system whose function is to ensure the safety of individuals and property, which means your image may be recorded simply by accessing the premises. These images are kept for a maximum period of 1 month from the time they are captured and would only be disclosed to Law Enforcement Agencies if necessary.

User responsibility

By providing your data through electronic channels, the user guarantees that they are over 14 years old and that the data provided are true, accurate, complete, and up to date. For these purposes, the user confirms that they are responsible for the accuracy of the data submitted and that they will keep such information duly updated to reflect their real situation, being responsible for any false or inaccurate data provided, as well as for any damages, whether direct or indirect, that may arise.

How long do we retain your information?

We only retain your information for the period necessary to fulfil the purpose for which it was collected, comply with legal obligations imposed on us, and address possible liabilities arising from the fulfilment of the purpose for which the data were collected.

If you wish to become part of our workforce and apply for one of our job positions, the data provided will become part of our employment pool and will be kept for the duration of the selection process and for a maximum of two years, or until you exercise your right to erasure.

If at any time we collected your data to contact you as a potential user of our services or to respond to an information request, such data will be retained for a maximum of two years from collection and will be deleted after that period if no contractual relationship has been formalised, or as soon as you request it.

In any case, and as a general rule, we will keep your personal information as long as a contractual relationship exists or until you exercise your right to erasure and/or restriction of processing, in which case the information will be blocked and retained only for the purpose of exercising or defending potential claims or addressing any liability that may arise.

To whom do we disclose your data?

In general, we do not share your personal information except for those disclosures that must be made due to legal obligations.

However, on some occasions and to develop and provide the requested service, we may communicate your data to collaborating companies.

You may inform us of your opposition to such disclosure; however, in that case, it would not be possible to provide the requested service. Although not considered a data disclosure, for the provision of the requested service, it may be necessary for third-party companies acting as our service providers to access your information in order to perform the contracted services. These processors access your data following our instructions, without being allowed to use them for any other purpose, and maintaining strict confidentiality.

If necessary as a result of an incident captured by our security cameras, your images may be communicated to Law Enforcement Agencies, in accordance with legal provisions.

Likewise, your personal information will be made available to Public Administrations, Judges, and Courts for the handling of possible liabilities arising from the processing.

International data transfers

There are no international transfers of your data to countries outside the European Economic Area (EEA).

With our service providers, we have agreed that, for the provision of the contracted service, they must use servers located within the EEA. If in the future it becomes necessary to use servers located outside the EU, appropriate measures will be adopted, which will be incorporated into this Privacy Policy, ensuring that these providers comply with the Privacy Shield or that adequate guarantees exist.

What are your rights regarding the processing of your data and how can you exercise them?

Data protection regulations allow you to exercise your rights of access, rectification, erasure, and data portability, as well as the right to object to and restrict processing, and the right not to be subject to decisions based solely on automated processing of your data, where applicable.

These rights are characterised by the following:

• Their exercise is free of charge, except for manifestly unfounded or excessive requests (e.g., repetitive), in which case we may charge a fee proportional to the administrative costs incurred or refuse to act.

• You may exercise these rights directly or through your legal or voluntary representative.

• We must respond to your request within one month; this period may be extended by an additional two months considering the complexity and number of requests.

• We are obliged to inform you about the means to exercise these rights, which must be accessible, and we cannot refuse your request simply because you choose another means. If the request is made electronically, the information will be provided through the same channel where possible, unless you request otherwise.

• If we do not act on your request, we will inform you within one month of the reasons for our inaction and the possibility of lodging a complaint with a Supervisory Authority.

To facilitate the exercise of your rights, we provide links to the corresponding request forms:

• Right of access request form

• Right of rectification request form

• Right of objection request form

• Right of erasure request form (“right to be forgotten”)

• Right to restriction of processing request form

• Right to data portability request form

• Right not to be subject to automated individual decision-making request form

To exercise your rights, we provide the following means:

1. A written, signed request addressed to the company, Ref. Exercise of Data Protection Rights (LOPD).

2. Sending a scanned, signed form to the email address indicated above, stating in the subject line “Exercise of Data Protection Rights (LOPD)”.

In both cases, you must verify your identity by attaching a photocopy or scanned copy of your ID or equivalent document, so that we can ensure we only respond to the data subject or their legal representative. In the latter case, documentation proving representation must also be provided.

Likewise, and particularly if you believe you have not obtained full satisfaction in the exercise of your rights, you may file a complaint with the national supervisory authority, the Spanish Data Protection Agency, at C/ Jorge Juan, 6 – 28001 Madrid.

How do we protect your information?

We are committed to protecting your personal information.

We use physical, organisational and technological measures, controls and procedures that are reasonably reliable and effective, aimed at preserving the integrity and security of your data and ensuring your privacy.

Additionally, all personnel with access to personal data have received training and are aware of their obligations regarding the processing of such data.

In the contracts we sign with our suppliers, we include clauses requiring them to maintain the duty of confidentiality regarding personal data to which they have access as part of the contracted service, as well as to implement the necessary technical and organisational security measures to ensure the confidentiality, integrity, availability and permanent resilience of personal data processing systems and services.

All these security measures are reviewed periodically to ensure their suitability and effectiveness.

However, absolute security cannot be guaranteed and no security system is impenetrable. Therefore, if any information under our control were compromised due to a security breach, we would take appropriate steps to investigate the incident, notify the Supervisory Authority, and, where applicable, inform those users who may have been affected so that they can take appropriate measures.