Privacy Policy

At Granada Incoming Card, we are committed to protecting your privacy. We aim to be transparent about the data we collect, how we use it, and the rights you have to control your information.

1. Information for the user

Granada Incoming Card S.L. is the data controller responsible for processing the User’s personal data and informs you that such data will be processed in accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) on the protection of natural persons, as well as Organic Law 3/2018 of 5 December (LOPDGDD), regarding the processing of personal data and the free movement of such data. Therefore, you are provided with the following information about the processing:

For what purpose do we process your personal data?

We process the data of interested individuals for the management and development of communications, as well as to provide the services requested as an online travel agency and to carry out our business activities.

We process your tour requests and any type of inquiry related to the services offered on our website that is submitted by the user through any of the available contact methods. We collect this data in order to manage your requests.

Management, processing, and payment of reservation requests made by the user or their legal representative.

We manage the contracting of our products in distance sales.

We manage the request to process the introduction of data belonging to a new visitor (name and surname only).

Regarding the publication of personal data on social networks that may be shared by our website, such data is never processed beyond responding to your inquiries or suggestions. The privacy policy applicable is that of the entities responsible for those platforms. We cannot be held responsible for any personal information that users may publish.

Through the processing of cookies, we use your information to provide you with a better service.

We manage requests related to the right of withdrawal submitted by consumers.

We may contact you through the WhatsApp tool if the user so wishes.

What type of data do we process?

In addition to the different means of data collection mentioned above and the various processing purposes described, we inform you that the types of data we may process in our information system include:

  • Email addresses
  • Identification data
  • Telephone numbers
  • National ID (DNI)
  • Passport
  • Banking information
  • Browser type and configuration
  • Operating system information
  • Cookie data
  • Information about the device used
  • The IP address from which the device accesses the website
  • Information about user activity, including visited web pages

How long will we retain your data?

Your personal data will be kept for as long as a relationship with you is maintained—whether as a customer or any other type of interested party—unless you request its deletion, or for as long as there is a legal obligation or requirement to retain it.

When the data is no longer necessary for the purposes for which it was collected, it will be deleted, ensuring its confidentiality.

What is the legal basis for processing your data?

The legal basis for processing your personal data is the relationship maintained with you based on the performance of a contract and/or commercial relationship, as well as the express consent that you may have provided for additional processing activities, such as the website contact form or any other processing that necessarily involves the collection of your personal data. In such cases, a clear affirmative action by the data subject will be required.

Who will your data be shared with?

In some cases, it is necessary to transfer your data to third parties who provide services related to the contract, both for its formalisation and for its management and execution.

In this regard, for the management of the purposes inherent to fulfilling the object of the contract, it may be necessary for your data to be communicated to different service providers, such as other service suppliers, who will be obliged to use the data solely and exclusively to fulfil the purpose of the contract. These third parties only have access to the personal information they need to perform these services. They are required to maintain the confidentiality of your personal information and may not use it for any other purpose than the one we have requested. The data of the data subjects will not be communicated to any other third party unless there is a legal obligation to do so.

What are your rights when you provide us with your data and/or we process it?

As a data subject, you may at any time request the exercise of any of the following rights related to data protection:

  • Right of access: You have the right to access your data to know which personal information concerning you is being processed.
  • Right to rectification or erasure: In certain circumstances, you have the right to rectify personal data you consider inaccurate and that concerns you, as well as the right to request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
  • Right to restriction of processing: In certain circumstances, you have the right to request the restriction of the processing of your data. In such cases, we will only retain the data for the exercise or defence of legal claims.
  • Right to data portability: In certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine‑readable format, as well as to have it transmitted to another data controller.
  • Right to object: In certain circumstances and for reasons related to your particular situation, you have the right to object to the processing of your data. In such cases, we will stop processing your data unless we must continue doing so for compelling legitimate reasons or for the exercise or defence of possible legal claims.
  • Right to lodge a complaint: You have the right to file a complaint with the Supervisory Authority if you are not satisfied with the exercise of your rights. In Spain, this is the Spanish Data Protection Agency: http://www.aepd.es

You may exercise your rights regarding your personal data through any of the following channels:

  • Postal address: C/ Pavaneras N3, (Local Bajo) 18009, Granada, Spain.
  • Email address: info@visitagranada.com

Sending communications or information

Our policy regarding the sending of information through electronic means (email, instant messaging, etc.) is limited to sending only communications that we consider to be of interest to our users and data subjects, related to the company’s functions and activities, or that you have consented to receive.

If you prefer not to receive these messages, we will offer you the option to exercise your right to cancellation and refusal of such communications, in accordance with Title III, Article 22 of Law 34/2002 on Information Society Services and Electronic Commerce.

2. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER

Users, by ticking the corresponding boxes and entering data in the fields of the contact form or download forms, expressly, freely and unequivocally accept that their data is necessary to process their request. The inclusion of data in the remaining fields is voluntary.

If the user provides data belonging to a third party, they guarantee that they have informed said third party of all aspects contained in this Privacy Policy and obtained their consent to provide us with their data for the relevant processing purpose. All of this must occur prior to supplying third‑party data.

If all required data is not provided, we cannot guarantee that the information and services offered will fully meet your needs.