Security Policy and Protection of Personal Data

GALEOTA TOURISM SL, adapted it’s privacy and data protection policy to the requirements of the current regulations on the protection of personal data, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, relative to protection of natural persons regarding to the processing of personal data and the free circulation of such data and repealing Directive 95/46 / EC (General Data Protection Regulation, RGPD) and other related regulations.

1.    Responsible for the Treatment

  • Social Adress: C/ El cruce 3 29550 Ardales – Málaga
  • CIF: B93587848
  • Phone: 677324386
  • E-mail:


2.    Purpose of Data Processing.

GALEOTA TOURISM, within the framework of its activities, will treat the user’s data, manually and / or automatically, for the following specific purposes:

  • To execute the benefits derived from the fulfillment of the purpose of the assignment you gave to GALEOTA TOURISM SL
  • Periodically send electronic messages regarding services, events and news related to the professional activity of GALEOTA TOURISM, unless otherwise indicated, or user’s opposition or revocation of their consent.
  • To contact the user individually to manage the hired services or to inform them about activities that may be of interest to them within the framework of the business services of GALEOTA TOURISM, unless otherwise indicated or the user objection.
  • To accomplish the legally established obligations, as well as verify compliance with contractual obligations, including the prevention of fraud.
  • • To perform the administrative and billing activities of the commercial relationship between GALEOTA TOURISM and the person or company that contracts or requests information about our services.
  • Realizar las actividades administrativas y de facturación propias de la relación comercial que exista entre GALEOTA TOURISM y la persona o empresa que contrata o solicita información sobre nuestros servicios.
  • Activities and benefits derived from the services and access via web.

3.    Types of data treated.

In view of the aforementioned purposes, GALEOTA TOURISM addresses the following types of data:

  • Identification data: name, surnames, ID, postal address, email address, zip code and telephone number.
  • Professional data: position, company, CIF, sector and subsector.
  • Data of the contracted service: Type of service, object, legitimacy, date of beginning and end of services.
  • Metadata and electronic communications cookies and used in

The identification and professional data will be requested to the users through registration form, information request form and, service request form or contract.

The user guarantees that the information provided is true, accurate, complete and up-to-date, and is responsible for any damage or loss, direct or indirect, that may be caused as a result of breach of such obligation.

In case the user provides data of third parties, he / she declares to have the consent of the same, exempting GALEOTA TOURISM from any responsibility in this regard.

4.    Data retention period

The personal data provided will be kept for the necessary time to fulfill the purpose for which they were collected, to determine the possible liabilities which may arise from the said purpose and the treatment of the data and during the legally established deadlines to comply with the obligations established by the Spanish legal system.

5.    Legitimation of treatment

The legal basis for the treatment of the data resides in the consent expressed by you, by the existence of a legal obligation or by the existence of a contract of which you are a party.

6.   Data destination

GALEOTA TOURISM may communicate your data, exclusively for the purposes indicated in the Purpose of Treatment section or when a legal obligation falls on it.

GALEOTA TOURISM informs the user that their data will only be communicated to the following companies:

  • Google, Inc. handles data for web analytics and data storage and processing in the cloud, a Delaware company whose head office is at 1600 Amphitheater Parkway, Mountain View (California), CA 94043, United States. Google complies with the framework agreement EU – US Privacy Shield. UU as established by the Department of Commerce of the United States with respect to collecting, using and retaining personal information of member countries of the European Union(
  • • Mailchimp: an email marketing service provided by The Rocket Science Group LLC d / b / a, with address in Atlanta, Georgia 30308, USA. The Rocket Science Group LLC d / b / a complies with the framework agreement EU – US as established by the Department of Commerce of the United States with regard to collecting, using and retaining personal information of member countries of the European Union ( we inform you that certain data, within the framework of the current regulations or the relationship you have with GALEOTA TOURISM, can be communicated to:
  • Competent public administrations.
  • The State Security Forces and Corps in accordance with the provisions of the Law.

7.    Rights of the interested party

You can send us an email to exercise the following rights:

  • Revoke the consents granted.
  • Obtain confirmation as to whether GALEOTA TOURISM is treating personal data concerning you or not.
  • To Access to your personal data.
  • To rectify inaccurate or incomplete data.
  • To request the deletion of your data when, among other reasons, the data is no longer necessary for the purposes that were collected.
  • To obtain from GALEOTA TOURISM the limitation of the data processing when any of the conditions stipulated in the data protection regulations are met.
  • In certain circumstances and for reasons related to their particular situation, to the processing of their data, the interested parties may object to the processing of their data.
  • Request the portability of your data.
  • Claim before the Spanish Agency for Data Protection, when the interested party considers that GALEOTA TOURISM has violated the rights that are recognized by the applicable regulations on data protection.

8.   Privacy and Security

GALEOTA TOURISM is committed to the use and treatment of personal data to respect their confidentiality and use them in accordance with the purpose for which they were collected, as well as to comply with their obligation to save them and adapt all measures to avoid alteration, loss, treatment or unauthorized access, in accordance with the provisions of current data protection regulations.

Regarding the confidentiality of the processing, GALEOTA TOURISM will ensure that any person who is authorized to process personal data (including its staff, collaborators and providers), will be under the appropriate obligation of confidentiality (either a contractual or legal duty).

When a security incident occurs, you will be notified without undue delay and providing timely information related to the Security Incident as it is known or when reasonably requested by the interested party.

9.    Changes in privacy policy

GALEOTA TOURISM reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as industry practices. In these cases, GALEOTA TOURISM, will announce on this page the changes introduced with reasonable anticipation of its implementation.

This policy has been updated on May 25, 2018. The updated version of this policy is the only one valid until there is another that replaces it.