esen+34 689 139 381
+34 689 139 381
esen

Privacy Policy

1.- INTRODUCTION

Premium Plans SL takes the protection of your privacy and personal data very seriously. Therefore, your personal information is kept secure and treated with the utmost care.

This data protection policy regulates the access and use of the service of the website www.verdantexperiences.com (hereinafter, the “Website”), as well as the rest of products and / or services that Premium Plans SL (hereinafter “Verdant Experiences” or “VE”) makes available to people interested (hereinafter “Users” or “User”) in them.

Our data protection policy is subject to Spanish and European legislation, being adapted to the requirements of:

2.- RESPONSIBLE FOR DATA PROCESSING

If you have any questions about this Privacy Policy, you may contact us using the information below:

Identity Premium Plans S.L. (Verdant Experiences)
VAT/ID Number B.32482069
Address Rua Bedoya 27 Bajo – 32004 Ourense (Spain)
Phone +34 689 139 381
Email enquiries@verdantexperiences.com
D.P.O. There is no officer

3.- PURPOSES OF DATA PROCESSING AND DURATION

The information provided by the User can be used for one or more of the following purposes:

  • Management of clients, administration, accounting and taxation. It includes the collection and payment procedures, billing, as well as consultants and advisors. It also includes the management of suppliers: for the contracting of products or in claims to it, so that we can transfer your necessary data for accommodation, flights, transportation and contracted services, to the relevant recipients (wholesalers, reservation centers, airlines and shipping companies, or similar) and, if necessary, depending on the service or trip to be made, to any country in the world, including, in your case, to those who do not offer a level of protection comparable to that required by the GDPR. It is necessary for contracting services.
  • E-commerce. It refers to the transmissions of data necessary to process the transactions of payments of the services and / or products required, always in a secure environment (your information will not be sold, exchanged, transferred or delivered to any other company for any reason, without your consent, other than for the express purpose of providing the requested service). It is necessary for contracting services.
  • Advertising and commercial research. Sending newsletters about our services and news. We use software to send and manage these newsletters. The use for our own promotion, of images or videos where the User can be recognized. To receive this type of information or to authorize its use, you must expressly request it.
  • Statistical purposes. Own elaboration of sales statistics of products and / or services.

Conservation criteria: the personal data provided will be kept for the mandatory time according to applicable legal provisions. Once said period has elapsed, as long as the deletion is not requested by the interested party, we shall keep the same for legitimate purposes of a statistical, historical or scientific nature.

Any of the pieces of information that we collect from you anonymously during navigation may be used for one or more of the following purposes:

  • To improve our Website, its navigation and usability. For this we use software that evaluates anonymously the interaction of users with our websites.
  • Statistical purposes. It has the purpose both of the analysis and the realization of statistics to know the traffic and use of the Website by the Users, as well as to evaluate the web structure, the origin of the visits (never individually and / or identifiable) and the effectiveness of marketing and promotion campaigns.

Conservation criteria: the usability data is eliminated once evaluated and the rest of the data will be kept for legitimate purposes of a statistical, historical or scientific nature.

4.- LEGITIMATION

The legal basis for the treatment of your data is the execution and fulfillment of a package travel contract according to the general terms and conditions of sale that appear on our website, and the particular conditions of each product and / or service; or for the execution of pre-contractual obligations.

The communication of personal data is a legal or contractual requirement necessary to subscribe to the aforementioned contract, the interested party is informed that he/she is obliged to provide personal data, and also that the consequences of not doing so may mean the non-provision of the requested service / product.

Certain treatment activities need your unequivocal consent.

  • The sending of “advertising and commercial research” is based on the consent that is requested before finalizing the contracting of our services, without under any circumstances the withdrawal of this consent will condition the execution of the subscribed contract. You can also request the sending of this type of information through our website.
  • The use for own commercial and / or advertising purposes of “images or videos in which the User appears and can be recognized” is based on the consent that is requested before finalizing the contracting of our services, without under any circumstances the withdrawal of this consent will condition the execution of the subscribed contract.

5.- RECIPIENTS

VE does not sell, exchange or transfer personal data to third parties. This does not include third parties or reliable subcontractors that help us manage our Website, conduct our business or provide service.

Such trusted third parties may have access to personal data for information needs, and shall be contractually bound to maintain the confidentiality of the information.

5.1. Communication of data

  • Tax Office. In compliance with tax regulations.
  • Banks. For the procedures and collections.
  • Consultants and Advisors. Support for the management of tax and legal obligations.
  • Providers of contracted services and / or products. Necessary for making reservations and the execution of the product and / or service contracted.

5.2. Trusted Subcontractors / Third Parties

VE contracts its virtual infrastructure of servers that allows us to promote and sell our products and services to the User. We use the services of Akamai Technologies Spain S.L.U., registered in Spain, and Akamai Technologies GmbH, registered in Germany, which complies with the GDPR, the HIPAA and PCI DSS security standards and is under the EU-US Privacy Shield agreement. More information here. Additional information here.

Our websites are stored in secure servers located in Europe, to comply with RGPD regulations regarding data protection.

Our online store payments are processed through Stripe, that complies with the GDPR and is under the EU-US Privacy Shield agreement. Additional information here.

They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Payments:

If you choose a direct payment gateway to complete your purchase, then Stripe stores your credit card details. It is encrypted through the Standard Payment Card Industry Data Security (PCI-DSS). Your purchase transaction data is stored only to the extent necessary to complete the purchase transaction. After it is completed, the information on your purchase transaction is deleted.

All direct payment gateways adhere to PCI-DSS standards as indicated by the PCI Security Standards Council, which is a joint effort of brands such as Visa, MasterCard, American Express and Discover.

The PCI-DSS requirements help ensure the safe handling of credit card information from stores and their service providers.

Others

We also use the services of Google, Google LLC and affiliates under the EU-US Privacy Shield agreement. – Check here more information about their management of the privacy. As well as services from Zoho Corporation also under the EU-US Privacy Shield agreement, check here more information about their management of the privacy. And the ones from The Rocket Science Group LLC d/b/a MailChimp also under the EU-US Privacy Shield agreement, check here more information about their management of the privacy.

5.3. Revelation

We may disclose your personal information if required by law, to enforce the policies of our site, or to protect our (or others’) rights, our property or our security.

5.4. Other information on third party services

In general, third-party providers used by us will only collect, use and disclose your information when it’s necessary to enable them to perform the services provided to us.

However, some third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies regarding the information we are required to provide them for transactions related to purchases.

For these providers, we encourage you to read the privacy policies (section 5.2) so that you can understand how your personal information will be handled.

In particular, remember that some providers may be located or have facilities that are in a jurisdiction other than yours or ours. So if you want to proceed with a transaction that involves the services of a supplier to third parties, your information may be subject to the laws of the jurisdiction (jurisdictions) in which the service provider or its facilities are located.

As an example, if you are in Canada and your transaction is processed by a payment gateway based in the United States, then your personal information used to complete the transaction may be subject to disclosure under US law, including The Patriot Act.

Once you leave our website or redirect to a third party site or application, you are no longer being regulated by this Privacy Policy or the Terms of Service of our website.

Links

When you click on links from our website, you may be redirected off our site. We are not responsible for the privacy practices of other sites and we encourage you to read their privacy policy.

6.- RIGHTS

The interested party may exercise the following rights:

  • Right to request access to your personal data, and obtain information about whether we are treating personal data that concerns you or not. Being able to request a full copy of the data at any time.
  • Right to request the Rectification of your inaccurate data, or in its case, request its Suppression when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • Right to request the Limitation of the Processing of your Data, in which case we will only keep it for the execution or defense of claims.
  • Right to request the Opposition to the Processing of your Data, in certain circumstances and based on reasons related to your particular situation.
  • Right to the Portability of your Data.
  • Right to Withdraw the Consent Rendered, without this withdrawal affecting the legality of the previous treatments based on such consent.
  • Right to Claim to the Competent Data Protection Control Authority through its website: www.agpd.es.

You can direct your communications and exercise your rights at the email address enquriries@verdantexperiences.com, or by ordinary mail addressed to:

  • Premium Plans SL (Verdant Experiences) – Ref. GDPR – C / Bedoya 27 Bajo – 32004 Ourense (Spain).

To exercise these rights you must prove your identity by sending a photocopy of your National Identity Document / Passport or any other document legally valid in the Law.

7.- ORIGIN OF THE DATA

The personal data we treat in VE come directly from the User, obtained through any of the following means: registration forms located on our website, web chat, email, telephone, business whatsapp or printed forms.

The categories of data that are treated are:

  • Identification data (name and surname, ID / passport)
  • Postal and / or email
  • Phone

Specially protected data is not processed.

The rest of the data comes from the user’s browsing when the cookies are accepted, in the case of anonymous data for statistical purposes.

8.- SAFETY MEASURES

VE maintains the levels of security of personal data protection in accordance with the GDPR and has established all the technical means at its disposal to prevent loss, misuse, alteration, unauthorized access and theft of the data that the User provides through the website, without prejudice to inform him that the security measures on the Internet are not impregnable.

VE undertakes to comply with the duty of secrecy and confidentiality with respect to the personal data contained in the automated file in accordance with the applicable law, as well as to confer a safe treatment on the assignments that may occur.

If you provide us with your credit card information that information is processed directly by Stripe, our payment gateway provider, which follows all the industry standard of PCI-DSS requirements. Stripe only provides us with confirmation of the payment authorization, the card model and the last 4 digits of the card to allow you to identify with which card you made the payment.

Availability

Personal data is not stored permanently outside the VE cloud platforms. Physical security is maintained by VE subcontractors (review section 5). Akamai data centers comply with industry standards such as ISO 27001 for physical security and availability; for example, using 24-hour security personnel, two-factor access control through card readers and biometrics, barriers, fences, security cameras and other measures.

Integrity

To ensure integrity, all data transits are encrypted to align with best practices to protect the confidentiality and integrity of data.

Confidentiality

All staff is subject to full confidentiality and any subcontractor and subprocessor must sign a confidentiality agreement if full confidentiality is not part of the main agreement between the parties.

Each time authorized personnel access personal data, access is only possible through an encrypted connection.

Personal data is never stored on mobile devices such as USB and DVD drives.

Transparency

VE will keep you informed at all times about changes in processes to protect the privacy and security of your data, including practices and policies. At any time you can request information about where and how data is stored, protected and used.

Isolation

All access to personal data is blocked by default, using a “zero privileges” policy. Access to personal data is restricted to individually authorized personnel

Ability to intervene

VE enables your rights of access, rectification, deletion, blocking by informing and offer the client the opportunity to object when VE plans to implement changes in relevant practices and policies.

Supervision

VE uses security reports to monitor access patterns and to proactively identify and mitigate potential threats. Administrative operations, including access to the system, are recorded to provide an audit trail if unauthorized or accidental changes are made.

Location of personal data

All data is stored in databases and repositories of files hosted in data centers of Akamai, the provider of VE servers located in Europe.

Periodic backups are made to the databases to allow the restoration of the data in case of loss.

8.1. Notice of personal data violation

In the event that your data is compromised, VE will notify you and the competent supervisory authorities within 72 hours by email with information about the extent of the violation, the affected data, any impact on the service and the VE action plan with the measures to protect the data and limit any possible negative effect on the interested parties.

The “breach of personal data” refers to a security breach that leads to the destruction, loss, alteration, unauthorized disclosure or access, accidental or illegal, to the personal data transmitted, stored or processed related to the provision of the Service .

9.- AGE OF CONSENT

By using this site, you declare that you are at least the legal majority in your state or province of residence, or that you are the legal majority in your state or province of residence and that you have given us your consent to allow any of your dependents Minors use this site.

10.- COMPULSORY OR OPTIONAL CHARACTER OF INFORMATION PROVIDED BY THE USER AND DATA ACCURACY

The User guarantees that the personal data provided is truthful and is responsible for communicating to VE any modification of the same. The User will be responsible, in any case, for the veracity of the data provided, and VE reserves the right to exclude from the registered services any User who provided false information, without prejudice to other actions that proceed in Law. It is recommended to have the maximum diligence in Data Protection through the use of security tools, and VE can not be held responsible for subtractions, modifications or loss of illegal data.

11.- CHANGES

VE reserves the right to revise its Privacy Policy at the time it deems appropriate, in which case it will be communicated to the Users. For this reason, please check this privacy statement regularly to read the latest version of the VE Privacy Policy.

12.- ACCEPTANCE AND CONSENT

The User declares to have been informed of the conditions on the protection of personal data, accepting and consenting to the automated processing of the same by VE, in the form and for the purposes indicated in this Privacy Policy.

13.- LAST REVIEW AND VALIDITY PERIOD

This Privacy Policy is valid from January 2, 2024, until the publication of the next update.

REVIEW YOUR COOKIE SETTINGS
We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings

  • Chat Web
  • Google Analytics

Chat Web

Para poder activar el chat de la web necesitamos su aprobación para el uso de información personal que nos pueda proporcionar durante la conversación (como por ejemplo, su nombre, corre electrónico o teléfono).

Seguimos las directrices del Reglamento General de Protección de Datos de la UE.

Google Analytics

Esta web utiliza Google Analytics para recopilar información anónima como por ejemplo el número de visitantes de la web.

Activar esta cookie nos permite mejorar nuestra web y su experiencia sobre ella, siempre con datos anónimos que no le identifican.

Proceed Booking