NEW WAVE SERVEIS TURISTICS, SL makes this privacy policy available to you through the website www.newwavest.com in order to inform you, in detail, about how we process your personal data and protect your privacy and the information you provide us with. Should any changes be made to this policy in the future, we will notify you via the website or other means so that you are aware of the new privacy conditions that have been introduced.
In compliance with Regulation (EU) 2016/679, General Data Protection Regulation, and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights, we inform you of the following:
Data Controller
Identification: NEW WAVE SERVEIS TURISTICS, SL
Trade name: NEW WAVE
Tax ID number: B17915778
Address: Carrer dels Rossinyols 33, 17310 – Lloret de Mar, province of Girona, Spain
Email: info@newwavest.com
Website: www.newwavest.com
What are the principles for processing?
When processing personal data, we will apply the following principles, which comply with the requirements of the regulations on personal data protection:
(i) Principle of lawfulness, fairness and transparency: we will request your consent to process your personal data for one or more specific purposes, which we will inform you of in advance with complete transparency.
(ii) Principle of data minimisation: we will only request data that is strictly necessary in relation to the purposes for which it is required.
(iii) Principle of storage limitation: the data will not be stored for longer than is necessary for the purposes of the processing. Depending on the purpose, we will inform you of the relevant storage period.
(iv) Principle of integrity and confidentiality: the data will be processed in such a way as to ensure adequate security and confidentiality of the personal data. All possible measures are taken to prevent unauthorised access to or improper use of user data by third parties.
For what purpose do we process your personal data?
NEW WAVE collects and processes your personal data in general to manage the relationship we have with you, the main purposes we have identified being the following:
– Services offered by our company
– Channelling requests for information, suggestions and complaints that you may send us
– Managing the commercial relationship with our suppliers
– Monitoring the facilities
How do we collect your information?
You will always be informed at the time of collection through information clauses about the data controller, the purpose and legal basis of the processing, the recipients of the data and the retention period of your information, as well as how you can exercise your data protection rights.
You can contact us using the contact details provided on the website; our response will be to process the user’s request for information, with the customer’s consent as the basis for legitimacy.
In general, the personal information we process on the website is limited to identifying data (name and surname and email address). In the event of a contract being entered into, the relevant information will be provided.
We use social media, which is another way of reaching you. The information collected through the messages and communications you post may contain personal information that is available online and accessible to the public. These social networks have their own privacy policies explaining how they use and share your information, so we recommend that you consult them before using them to confirm that you agree with the way your information is collected, processed and shared.
This website also collects cookies, which you can consult at the following link Cookie Policy.
Who do we share your data with?
In general, we do not share your personal information, except for those transfers that we must make based on legal obligations imposed on us.
Although this does not constitute a transfer of data, in order to provide you with the requested service, third-party companies acting as our suppliers may access your information to perform the service we have contracted them to provide. These processors access your data in accordance with our instructions and may not use it for any other purpose, maintaining the strictest confidentiality.
• ARSYS INTERNET, S.L.U (identified by the trademark Arsys), with registered office at C/ Madre de Dios nº 21, 26004 Logroño (La Rioja), Spain, Spain, with Tax Identification Number B-85294916, which provides web hosting services. The privacy policy and other legal aspects of this company can be consulted at the following link: https://www.arsys.es/terms/politica-proteccion-datos
• Google LLC, with registered office at 1600 Amphitheatre Parkway, 94043, Mountain View (California), USA, which provides services consisting of measurement, surveys and email services. They have adopted standard data processing clauses approved by the European Commission, which can be consulted at: https://cloud.google.com/security/gdpr/resource-center. The privacy policy and other legal aspects of this company can be consulted at the following link: https://www.google.com/intl/es/policies/privacy/. The data controller is Google Ireland Limited, with registered office at Gordon House, Barrow Street, Dublin 4, Ireland.
Likewise, your personal information will be available to public administrations, judges and courts for the purpose of addressing any liabilities arising from the processing.
International data transfers
We have agreed with our suppliers that, in order to provide the contracted service, they will use servers located in the EEA and if, in the future, we need to use servers located outside the EU, we will
What are your rights regarding the processing of your data and how can you exercise them?
Data protection regulations allow you to exercise your rights of access, rectification, erasure and portability of data, and to object to and restrict the processing of your data, as well as not to be subject to decisions based solely on the automated processing of your data, where applicable.
These rights are characterised by the following:
– Their exercise is free of charge, except in the case of manifestly unfounded or excessive requests (e.g. repetitive nature), in which case NEW WAVE SERVEIS TURISTICS, SL may charge a fee proportional to the administrative costs incurred or refuse to act.
– You may exercise your rights directly or through your legal or voluntary representative.
– We must respond to your request within one month, although, taking into account the complexity and number of requests, the deadline may be extended by a further two months.
– We are obliged to inform you of the means of exercising these rights, which must be accessible, and we cannot deny you the exercise of your rights simply because you have chosen another means. If the request is submitted electronically, the information will be provided by electronic means whenever possible, unless you request otherwise.
– If we do not process the request, you will be informed, within one month at the latest, of the reasons for our decision and the possibility of lodging a complaint with a supervisory authority.
To facilitate the exercise of your rights, we provide links to the application form for each of the rights:
Form for exercising the right of access
Form for exercising the right of rectification
Form for exercising the right to object
Form for exercising the right to erasure (right to be forgotten)
Form for exercising the right to restriction of processing
Form for exercising the right to data portability
Form for exercising the right not to be subject to automated individual decision-making
To exercise your rights, we provide you with the following means:
1. By sending a written and signed request to NEW WAVE SERVEIS TURISTICS, SL, Carrer dels Rossinyols 33, 17310 – Lloret de Mar, province of Girona, Spain. Ref. Exercise of LOPD Rights.
2. By sending a scanned and signed form to the email address info@newwavest.com, indicating in the subject line Exercise of LOPD Rights.
In both cases, you must prove your identity by attaching a photocopy or, where applicable, a scanned copy of your ID card or equivalent document so that we can verify that we only respond to the interested party or their legal representative, in which case you must provide proof of representation.
Likewise, and especially if you consider that you have not obtained full satisfaction in the exercise of your rights, we inform you that you may lodge a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency, C/ Jorge Juan, 6 – 28001 Madrid.
How do we protect your information?
We are committed to protecting your personal information. We use reasonably reliable and effective physical, organisational and technological measures, controls and procedures designed to preserve the integrity and security of your data and guarantee your privacy. In addition, all staff with access to personal data have been trained and are aware of their obligations regarding the processing of your personal data.
In the contracts we sign with our suppliers, we include clauses requiring them to maintain confidentiality with regard to the personal data to which they have had access by virtue of the assignment carried out, as well as to implement the necessary technical and organisational security measures to guarantee the ongoing confidentiality, integrity, availability and resilience of the personal data processing systems and services.
All these security measures are reviewed periodically to ensure their adequacy and effectiveness.
However, absolute security cannot be guaranteed and no security system is impenetrable. Therefore, in the event that any information being processed and under our control is compromised as a result of a security breach, we will take appropriate measures to investigate the incident, notify the Supervisory Authority and, where appropriate, those
